On a distinct Redis Host, when generating resque.yml, redis['password'] is ignored in favor of gitlab_rails['redis_password']

Summary

When setting up a Redis server using the redis_master_role, the redis[] settings in gitlab.rb are used to generate resque.yml, but the password isn't and is instead picked from the rails settings.

Steps to reproduce

Setup a Redis Host using Omnibus with the redis_master_role, and specify:

redis['enable'] = true
redis['bind'] = SOME_IP
redis['port'] = SOME_PORT
redis['password'] = 'foo'

Run a reconfigure, which will fail with the error given in #8642 (closed) (NOAUTH error during gitlab-rake cache:clear, see below)

Check the content of /var/opt/gitlab/gitlab-rails/etc/resque.yml:

production:
  url: redis://SOME_IP:SOME_PORT/
  secret_file: /var/opt/gitlab/gitlab-rails/shared/encrypted_settings/redis.yml.enc

The password is missing from the URL. But if you add this line to gitlab.rb: gitlab_rails['redis_password'] = 'bar' ... and then reconfigure, the new content of resque.yml is:

production:
  url: redis://:bar@SOME_IP:SOME_PORT/
  secret_file: /var/opt/gitlab/gitlab-rails/shared/encrypted_settings/redis.yml.enc

... and gitlab-rake cache:clear doesn't give an error anymore.

What is the current bug behavior?

The password from redis['password'] is ignored in favor of the one from gitlab_rails['redis_password'].

What is the expected correct behavior?

The password should be treated like the other elements of the redis[] config. Note that redis['password'] is appropriately used by the rest of the reconfigure process, the problem only seems to occur when generating resque.yml.

Relevant logs

Error when running gitlab-rails cache:clear

Redis::CommandError: NOAUTH Authentication required. (redis://172.16.0.52:6379) /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/redis_client_middleware.rb:14:in `block in call' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/redis_helper.rb:17:in `instrument_call' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/redis_client_middleware.rb:13:in `call' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/patch/redis_client.rb:12:in `ensure_connected' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:18:in `block (7 levels) in ' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:17:in `loop' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:17:in `block (6 levels) in ' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:15:in `each' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:15:in `block (5 levels) in ' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/redis/wrapper.rb:25:in `block in with' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/redis/wrapper.rb:25:in `with' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:11:in `block (4 levels) in ' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:10:in `each' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:10:in `block (3 levels) in ' /opt/gitlab/embedded/bin/bundle:25:in `load' /opt/gitlab/embedded/bin/bundle:25:in `'

Caused by: RedisClient::CommandError: NOAUTH Authentication required. (redis://172.16.0.52:6379) /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/redis_client_middleware.rb:14:in block in call' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/redis_helper.rb:17:in instrument_call' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/redis_client_middleware.rb:13:in call' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/patch/redis_client.rb:12:in ensure_connected' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:18:in block (7 levels) in <top (required)>' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:17:in loop' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:17:in block (6 levels) in <top (required)>' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:15:in each' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:15:in block (5 levels) in <top (required)>' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/redis/wrapper.rb:25:in block in with' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/redis/wrapper.rb:25:in with' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:11:in block (4 levels) in <top (required)>' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:10:in each' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/cache.rake:10:in block (3 levels) in <top (required)>' /opt/gitlab/embedded/bin/bundle:25:in load' /opt/gitlab/embedded/bin/bundle:25:in ' Tasks: TOP => cache:clear => cache:clear:redis (See full trace by running task with --trace)

Details of package version

17.2.2-ce.0.amd64

Environment details

Debian 12 on an Openstack Cloud

Configuration details

See reproduction steps.