Don't write redis password in world readable config file

Bob Van Landuytrequested to merge
bvl-update-permissions-for-td-agent-redis-conf into master

The meat of this:

This gets the redis password from the environment. The environment is written out in a file that is only readable by root.

For https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/13704

The rest: Trying to make the kitchen specs a little more robust:

The most common failure I saw was dpkg: error: dpkg frontend is locked by another process on the postgres suite. To get around this, I've:

  1. Decreasing concurrency of the specs (this had the biggest effect).
  2. Add the same cloud-init post create verification as we have for the other suite
  3. Add a retry for the kitchen failure, I still saw the same error on the postgres suite at least once. So adding a retry for these seemed like the easiest thing to do in the short term. We don't run these specs often.
Edited by Bob Van Landuyt

Merge request reports