Fix mutual TLS for Redis connections when using Sentinel

Stan Hurequested to merge
sh-fix-redis-and-sentinel-tls into master

What does this MR do and why?

When using Redis Sentinel, the client certificate and key from [redis.tls] configuration were not being applied to the Redis master connection. As a result, Workhorse would log errors:

keywatcher: remote error: tls: certificate required

The createDialer function was only using the Sentinel TLS config for all connections, including the Redis master.

This fix separates the TLS configurations:

  • sentinelTLSConfig is used for Sentinel connections
  • redisTLSConfig is used for Redis master connections

The createDialer function now accepts both TLS configs and applies the correct one based on whether the connection is to a Sentinel or Redis master. This allows mutual TLS to work properly with Sentinel deployments.

References

Relates to https://gitlab.com/gitlab-org/gitlab/-/work_items/352265

How to set up and validate locally

See the instructions in omnibus-gitlab!9031 (merged).

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Stan Hu

Merge request reports