Urp deployment issue debug

.github/workflows/build_unittest.yml

@@ -195,12 +195,14 @@ jobs:
         sudo sed -i 's/# tls-cert-file redis.crt/tls-cert-file \/etc\/redis\/redis.crt/' /etc/redis/6379.conf
         sudo sed -i 's/# tls-key-file redis.key/tls-key-file \/etc\/redis\/redis.key/' /etc/redis/6379.conf
         sudo sed -i 's/# tls-ca-cert-file ca.crt/tls-ca-cert-file \/etc\/redis\/ca.crt/' /etc/redis/6379.conf
+        sudo sed -i 's/# requirepass foobared/requirepass redis_password/' /etc/redis/6379.conf
 
         sudo sed -i '0,/port 6380/ s/port 6380/port 0/' /etc/redis/6380.conf
         sudo sed -i 's/# tls-port 6379/tls-port 6380/' /etc/redis/6380.conf
         sudo sed -i 's/# tls-cert-file redis.crt/tls-cert-file \/etc\/redis\/redis.crt/' /etc/redis/6380.conf
         sudo sed -i 's/# tls-key-file redis.key/tls-key-file \/etc\/redis\/redis.key/' /etc/redis/6380.conf
         sudo sed -i 's/# tls-ca-cert-file ca.crt/tls-ca-cert-file \/etc\/redis\/ca.crt/' /etc/redis/6380.conf
+        sudo sed -i 's/# requirepass foobared/requirepass redis_password/' /etc/redis/6380.conf
 
         sudo /etc/init.d/redis_6379 restart
         sleep 10s

.github/workflows/odimra_deployment.yml

@@ -14,6 +14,7 @@ jobs:
     - uses: actions/checkout@v2
     - name: configure pre-req for odimra deployment
       run: |
+        set -x
         echo "[$(date)] -- INFO  -- Start pre req conguration"
         echo
 
@@ -29,6 +30,7 @@ jobs:
         echo
 
         export PASSWD=password
+        export REDIS_PASSWORD=redis_password
         echo "runner:${PASSWD}" > pass
         sudo chpasswd < pass
 
@@ -102,6 +104,7 @@ jobs:
         pip3 install jmespath==0.9.5
         pip3 install ruamel.yaml==0.16.10
         pip3 install pyyaml==5.3.1
+        pip3 install cryptography==3.4.8
         echo
 
         echo "[$(date)] -- INFO  -- installed python version"
@@ -114,6 +117,9 @@ jobs:
         cp kube_deploy_nodes.yaml.tmpl kube_deploy_nodes.yaml
         echo ${PASSWD} > node_pass
         echo ${PASSWD} > vault_pass
+        echo ${REDIS_PASSWORD} > redis_inmemory_pass
+        echo ${REDIS_PASSWORD} > redis_ondisk_pass
+
         ls -ltra
         echo
 
@@ -127,20 +133,25 @@ jobs:
         echo "[$(date)] -- INFO  -- encrypt passwords"
         ./odim-vault -encode ${ODIM_CONTROLLER_PATH}/scripts/vault_pass
         ./odim-vault -key ${ODIM_CONTROLLER_PATH}/scripts/vault_pass -encrypt ${ODIM_CONTROLLER_PATH}/scripts/node_pass
-        echo
+        ./odim-vault -key ${ODIM_CONTROLLER_PATH}/scripts/vault_pass -encrypt ${ODIM_CONTROLLER_PATH}/scripts/redis_inmemory_pass
+        ./odim-vault -key ${ODIM_CONTROLLER_PATH}/scripts/vault_pass -encrypt ${ODIM_CONTROLLER_PATH}/scripts/redis_ondisk_pass
 
         mkdir -p ${cur_path}/k8s_images ${cur_path}/odim_images ${cur_path}/odim_plugins
 
         export rootServiceUUID=$(uuidgen)
         export NODE_PASS_FILEPATH=${ODIM_CONTROLLER_PATH}/scripts/node_pass
         export VAULTKEY_FILEPATH=${ODIM_CONTROLLER_PATH}/scripts/vault_pass
+        export REDIS_INMEMORY_FILEPATH=${ODIM_CONTROLLER_PATH}/scripts/redis_inmemory_pass
+        export REDIS_ONDISK_FILEPATH=${ODIM_CONTROLLER_PATH}/scripts/redis_ondisk_pass        
         export K8S_IMAGE_PATH=${cur_path}/k8s_images
         export ODIM_IMAGE_PATH=${cur_path}/odim_images
         export ODIM_PLUGIN_PATH=${cur_path}/odim_plugins
 
         sed -i "/Node[23]_/d; /kubernetesImagePath:/d; /odimraImagePath:/d; s#.*deploymentID.*#deploymentID: OneNodeDeployment#; \
         s#.*httpProxy.*#httpProxy: \"\"#; s#.*httpsProxy.*#httpsProxy: \"\"#; s#.*noProxy.*#noProxy: \"\"#; \
         s#.*nodePasswordFilePath.*#nodePasswordFilePath: ${NODE_PASS_FILEPATH}#; \
+        s#.*redisInMemoryPasswordFilePath.*#redisInMemoryPasswordFilePath: ${REDIS_INMEMORY_FILEPATH}#; \
+        s#.*redisOnDiskPasswordFilePath.*#redisOnDiskPasswordFilePath: ${REDIS_ONDISK_FILEPATH}#; \
         s#.*odimControllerSrcPath.*#odimControllerSrcPath: ${ODIM_CONTROLLER_PATH}#; \
         s#.*odimVaultKeyFilePath.*#odimVaultKeyFilePath: ${VAULTKEY_FILEPATH}#; \
         s#.*odimCertsPath.*#odimCertsPath: \"\"#; s#.*odimPluginPath.*#odimPluginPath: ${ODIM_PLUGIN_PATH}#; \
@@ -191,7 +202,12 @@ jobs:
         kubectl get pods -n kube-system -o wide
         echo
         cd ${ODIM_SOURCE_PATH}/
+        echo "$(df -h)"
         time ./build_images.sh
+        sleep 30
+        echo "$(docker images)"
+        echo "$(df -h)"
+
 
         cd ${ODIM_CONTROLLER_PATH}/scripts/
         python3 odim-controller.py --deploy odimra --config ${ODIM_CONTROLLER_PATH}/scripts/kube_deploy_nodes.yaml
@@ -206,6 +222,9 @@ jobs:
                 count=$((count+1))
         done
         kubectl get pods -n odim -o wide
+
+        echo "$(df -h)"
+
         echo "============Checking Node status================"
 
         kubectl get node -o wide 
@@ -216,9 +235,11 @@ jobs:
 
 
         echo "$VM_IP"
+
+        echo "$(df -h)"
 
         echo " ====================== Adding URP Plugin ==================================="
-        
+
         sudo mkdir -p /var/log/urplugin_logs/
         sudo chown odimra:odimra /var/log/urplugin_logs/
 
@@ -236,7 +257,12 @@ jobs:
         helm package ${ODIM_CONTROLLER_PATH}/helmcharts/urplugin/urplugin -d ${ODIM_PLUGIN_PATH}/urplugin
         cp urplugin-config.yaml ${ODIM_PLUGIN_PATH}/urplugin
 
+        echo "$(df -h)"
+        echo "$(docker images)"
+        echo "$(docker inspect urplugin:3.0)"
+        echo "$(docker --version)"
         docker save urplugin -o ${ODIM_PLUGIN_PATH}/urplugin/urplugin.tar
+        echo "Docker save command executed successfully"
         cat urplugin-config.yaml
 
         cd ${ODIM_CONTROLLER_PATH}/scripts

install/Docker/dockerfiles/Dockerfile.redis

@@ -23,7 +23,8 @@ RUN if [ -z "$ODIMRA_USER_ID" ] || [ -z "$ODIMRA_GROUP_ID" ]; then \
     && groupadd -r -g $ODIMRA_GROUP_ID odimra \
     && useradd -s /bin/bash -u $ODIMRA_USER_ID -m -d /home/odimra -r -g odimra odimra
 
-RUN apt-get install bash sed
+RUN apt-get -y update
+RUN apt-get -y install openssl bash sed
 RUN mkdir /redis-master /redis-slave
 
 COPY --chown=odimra:odimra install/Docker/dockerfiles/scripts/redis-master.conf /redis-master/redis.conf

install/Docker/dockerfiles/scripts/redis-checkdb.sh

@@ -16,14 +16,8 @@
 # Script is for generating certificate and private key
 # for Client mode connection usage only
 sleep 3
-if [[ -n ${REDIS_DEFAULT_PASSWORD} ]]; then
 echo "Checking if default entries already present"
-redis-cli -a ${REDIS_DEFAULT_PASSWORD} -h ${master} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} <<HERE
+redis_password=$(openssl pkeyutl -decrypt -in cipher -inkey ${ODIMRA_RSA_PRIVATE_FILE} -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512)
+redis-cli -a ${redis_password} -h ${master} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} <<HERE
 exists "role:Administrator"
 HERE
-else
-redis-cli -h ${master} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} <<HERE
-exists "role:Administrator"
-HERE
-fi
-

install/Docker/dockerfiles/scripts/redis-createschema.sh

@@ -19,8 +19,8 @@
 RETURN=`/checkdb.sh | grep '0' > /dev/null`
 if [ $? -eq 0 ]; then
 	  echo "Updating the db with default entries"
-  if [[ -n ${REDIS_DEFAULT_PASSWORD} ]]; then
-    redis-cli -a ${REDIS_DEFAULT_PASSWORD} -h ${master} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} <<HERE
+    redis_password=$(openssl pkeyutl -decrypt -in cipher -inkey ${ODIMRA_RSA_PRIVATE_FILE} -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512)
+    redis-cli -a ${redis_password} -h ${master} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} <<HERE
 Set  "registry:assignedprivileges"  '{"List":["Login", "ConfigureManager", "ConfigureUsers", "ConfigureSelf", "ConfigureComponents"]}'
 Set "roles:redfishdefined"  '{"List":["Administrator", "Operator", "ReadOnly"]}'
 Set "User:admin"  '{"UserName":"admin","Password":"O01bKrP7Tzs7YoO3YvQt4pRa2J_R6HI34ZfP4MxbqNIYAVQVt2ewGXmhjvBfzMifM7bHFccXKGmdHvj3hY44Hw==","RoleId":"Administrator", "AccountTypes":["Redfish"]}'
@@ -30,16 +30,4 @@ Set "role:ReadOnly"  '{"@odata.type":"","RoleId":"ReadOnly","Name":"","Descripti
 keys *
 SAVE
 HERE
-  else
-      redis-cli -h ${master} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} <<HERE
-Set  "registry:assignedprivileges"  '{"List":["Login", "ConfigureManager", "ConfigureUsers", "ConfigureSelf", "ConfigureComponents"]}'
-Set "roles:redfishdefined"  '{"List":["Administrator", "Operator", "ReadOnly"]}'
-Set "User:admin"  '{"UserName":"admin","Password":"O01bKrP7Tzs7YoO3YvQt4pRa2J_R6HI34ZfP4MxbqNIYAVQVt2ewGXmhjvBfzMifM7bHFccXKGmdHvj3hY44Hw==","RoleId":"Administrator", "AccountTypes":["Redfish"]}'
-Set "role:Administrator"  '{"@odata.type":"","RoleId":"Administrator","Name":"","Description":"","IsPredefined":true,"AssignedPrivileges":["ConfigureSelf","Login","ConfigureUsers","ConfigureComponents","ConfigureManager"],"OemPrivileges":null,"@odata.context":"","@odata.id":""}'
-Set "role:Operator"  '{"@odata.type":"","RoleId":"Operator","Name":"","Description":"","IsPredefined":true,"AssignedPrivileges":["ConfigureSelf","Login","ConfigureComponents"],"OemPrivileges":null,"@odata.context":"","@odata.id":""}'
-Set "role:ReadOnly"  '{"@odata.type":"","RoleId":"ReadOnly","Name":"","Description":"","IsPredefined":true,"AssignedPrivileges":["ConfigureSelf","Login"],"OemPrivileges":null,"@odata.context":"","@odata.id":""}'
-keys *
-SAVE
-HERE
-  fi
 fi

install/Docker/dockerfiles/scripts/redis-entrypointsetup.sh

@@ -27,13 +27,10 @@
 #  This method launches redis instance which assumes it self as master
 function launchmaster() {
   echo "Starting Redis instance as Master.."
-  if [[ -n ${REDIS_DEFAULT_PASSWORD} ]]; then
-    echo "while true; do   sleep 2;   export master=\$(hostname -i | cut -d ' ' -f 1);   echo \"Master IP is Me : \${master}\";   echo \"Setting STARTUP_MASTER_IP in redis\";   redis-cli -a ${REDIS_DEFAULT_PASSWORD} -h \${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} set STARTUP_MASTER_IP \${master};   if [ \$? == \"0\" ]; then     echo \"Successfully set STARTUP_MASTER_IP\"; if [ \${REDIS_ONDISK_DB} == \"true\" ]; then     bash \/createschema.sh; fi;   break;   fi;   echo \"Connecting to master \${master} failed.  Waiting...\";   sleep 5; done" > insert_master_ip_and_default_entries.sh
-  else
-    echo "while true; do   sleep 2;   export master=\$(hostname -i | cut -d ' ' -f 1);   echo \"Master IP is Me : \${master}\";   echo \"Setting STARTUP_MASTER_IP in redis\";   redis-cli -h \${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} set STARTUP_MASTER_IP \${master};   if [ \$? == \"0\" ]; then     echo \"Successfully set STARTUP_MASTER_IP\"; if [ \${REDIS_ONDISK_DB} == \"true\" ]; then     bash \/createschema.sh; fi;   break;   fi;   echo \"Connecting to master \${master} failed.  Waiting...\";   sleep 5; done" > insert_master_ip_and_default_entries.sh
-  fi
+  redis_password=$(openssl pkeyutl -decrypt -in cipher -inkey ${ODIMRA_RSA_PRIVATE_FILE} -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512)
+  echo "while true; do   sleep 2;   export master=\$(hostname -i | cut -d ' ' -f 1);   echo \"Master IP is Me : \${master}\";   echo \"Setting STARTUP_MASTER_IP in redis\";   redis-cli -a ${redis_password} -h \${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} set STARTUP_MASTER_IP \${master};   if [ \$? == \"0\" ]; then     echo \"Successfully set STARTUP_MASTER_IP\"; if [ \${REDIS_ONDISK_DB} == \"true\" ]; then     bash \/createschema.sh; fi;   break;   fi;   echo \"Connecting to master \${master} failed.  Waiting...\";   sleep 5; done" > insert_master_ip_and_default_entries.sh
   bash insert_master_ip_and_default_entries.sh &
-  sed -i "s/REDIS_DEFAULT_PASSWORD/${REDIS_DEFAULT_PASSWORD}/" /redis-master/redis.conf
+  sed -i "s/REDIS_DEFAULT_PASSWORD/${redis_password}/" /redis-master/redis.conf
 
   hostname=$(hostname -f)
   sed -i "s/%replica-announce-ip%/${hostname}/" /redis-master/redis.conf
@@ -48,19 +45,20 @@ function launchsentinel() {
   sleep_for_rand_int=$(awk -v min=2 -v max=7 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
   sleep ${sleep_for_rand_int}
 
+  echo -n "${REDIS_DEFAULT_PASSWORD}" | base64 --decode > cipher
+  redis_password=$(openssl pkeyutl -decrypt -in cipher -inkey ${ODIMRA_RSA_PRIVATE_FILE} -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512)
+
   while true; do
     echo "Trying to connect to Sentinel Service"
-    master=$(redis-cli -h ${REDIS_HA_SENTINEL_SERVICE_HOST} -p ${REDIS_HA_SENTINEL_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} --csv SENTINEL get-master-addr-by-name ${REDIS_MASTER_SET} | tr ',' ' ' | cut -d' ' -f1)
+    master=$(redis-cli -a ${redis_password} -h ${REDIS_HA_SENTINEL_SERVICE_HOST} -p ${REDIS_HA_SENTINEL_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} --csv SENTINEL get-master-addr-by-name ${REDIS_MASTER_SET} | tr ',' ' ' | cut -d' ' -f1)
+
     if [[ -n ${master} ]]; then
       echo "Connected to Sentinel Service and retrieved Redis Master IP as ${master}"
       master="${master//\"}"
     else
       echo "Unable to connect to Sentinel Service, probably because I am first Sentinel to start. I will try to find STARTUP_MASTER_IP from the redis service"
-      if [[ -n ${REDIS_DEFAULT_PASSWORD} ]]; then
-        master=$(redis-cli -a ${REDIS_DEFAULT_PASSWORD} -h ${REDIS_HA_REDIS_SERVICE_HOST} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} get STARTUP_MASTER_IP)
-      else
-        master=$(redis-cli -h ${REDIS_HA_REDIS_SERVICE_HOST} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} get STARTUP_MASTER_IP)
-      fi
+      master=$(redis-cli -a ${redis_password} -h ${REDIS_HA_REDIS_SERVICE_HOST} -p ${REDIS_HA_REDIS_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} get STARTUP_MASTER_IP)
+
       if [[ -n ${master} ]]; then
         echo "Retrieved Redis Master IP as ${master}"
       else
@@ -69,12 +67,8 @@ function launchsentinel() {
         continue
       fi
     fi
-      if [[ -n ${REDIS_DEFAULT_PASSWORD} ]]; then
-        redis-cli -a ${REDIS_DEFAULT_PASSWORD} -h ${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} INFO
-      else
-        redis-cli -h ${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} INFO
-      fi
 
+    redis-cli -a ${redis_password} -h ${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} INFO
     if [[ "$?" == "0" ]]; then
       break
     fi
@@ -91,6 +85,8 @@ function launchsentinel() {
   echo "sentinel announce-ip ${hostname}" >> ${sentinel_conf}
   echo "sentinel announce-port ${REDIS_HA_SENTINEL_SERVICE_PORT}" >> ${sentinel_conf}
   echo "sentinel monitor ${REDIS_MASTER_SET} ${MASTER_HOST_NAME} ${REDIS_HA_REDIS_SERVICE_PORT} ${SENTINEL_QUORUM}" >> ${sentinel_conf}
+  echo "sentinel auth-pass ${REDIS_MASTER_SET} ${redis_password}" >> ${sentinel_conf}
+  echo "requirepass ${redis_password}" >> ${sentinel_conf}
   echo "sentinel down-after-milliseconds ${REDIS_MASTER_SET} ${DOWN_AFTER_MILLISECONDS}" >> ${sentinel_conf}
   echo "sentinel failover-timeout ${REDIS_MASTER_SET} ${FAILOVER_TIMEOUT}" >> ${sentinel_conf}
   echo "sentinel parallel-syncs ${REDIS_MASTER_SET} ${PARALLEL_SYNCS}" >> ${sentinel_conf}
@@ -102,9 +98,6 @@ function launchsentinel() {
   echo "tls-cert-file /etc/odimra_certs/odimra_server.crt" >> ${sentinel_conf}
   echo "tls-key-file /etc/odimra_certs/odimra_server.key" >> ${sentinel_conf}
   echo "tls-ca-cert-file /etc/odimra_certs/rootCA.crt" >> ${sentinel_conf}
-  if [[ -n ${REDIS_DEFAULT_PASSWORD} ]]; then
-    echo "sentinel auth-pass ${REDIS_MASTER_SET} ${REDIS_DEFAULT_PASSWORD}" >> ${sentinel_conf}
-  fi
 
   redis-sentinel ${sentinel_conf} --protected-mode no
 }
@@ -113,21 +106,21 @@ function launchsentinel() {
 function launchslave() {
   echo "Starting Redis instance as Slave , Master IP $1"
 
+  redis_password=$(openssl pkeyutl -decrypt -in cipher -inkey ${ODIMRA_RSA_PRIVATE_FILE} -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512)
+  echo "slave: ${redis_password}"
+
   while true; do
     echo "Trying to retrieve the Master IP again, in case of failover master ip would have changed."
-    master=$(redis-cli -h ${REDIS_HA_SENTINEL_SERVICE_HOST} -p ${REDIS_HA_SENTINEL_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} --csv SENTINEL get-master-addr-by-name ${REDIS_MASTER_SET} | tr ',' ' ' | cut -d' ' -f1)
+    master=$(redis-cli -a ${redis_password} -h ${REDIS_HA_SENTINEL_SERVICE_HOST} -p ${REDIS_HA_SENTINEL_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} --csv SENTINEL get-master-addr-by-name ${REDIS_MASTER_SET} | tr ',' ' ' | cut -d' ' -f1)
+
     if [[ -n ${master} ]]; then
       master="${master//\"}"
     else
       echo "Failed to find master."
       sleep 60
       continue
     fi
-    if [[ -n ${REDIS_DEFAULT_PASSWORD} ]]; then
-      redis-cli -a ${REDIS_DEFAULT_PASSWORD} -h ${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} INFO
-    else
-      redis-cli -h ${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} INFO
-    fi
+    redis-cli -a ${redis_password} -h ${master} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} INFO
     if [[ "$?" == "0" ]]; then
       break
     fi
@@ -138,7 +131,7 @@ function launchslave() {
   hostname=$(hostname -f)
   sed -i "s/%master-ip%/${master}/" /redis-slave/redis.conf
   sed -i "s/%master-port%/${REDIS_HA_REDIS_SERVICE_PORT}/" /redis-slave/redis.conf
-  sed -i "s/REDIS_DEFAULT_PASSWORD/${REDIS_DEFAULT_PASSWORD}/" /redis-slave/redis.conf
+  sed -i "s/REDIS_DEFAULT_PASSWORD/${redis_password}/" /redis-slave/redis.conf
   sed -i "s/%replica-announce-ip%/${hostname}/" /redis-slave/redis.conf
   sed -i "s/%replicaof%/${master}/" /redis-slave/redis.conf
 
@@ -151,11 +144,14 @@ function launchredis() {
   echo "Launching Redis instance"
 
   hostname=$(hostname -f)
+  echo -n "${REDIS_DEFAULT_PASSWORD}" | base64 --decode > cipher
+  redis_password=$(openssl pkeyutl -decrypt -in cipher -inkey ${ODIMRA_RSA_PRIVATE_FILE} -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512)
+
   # Loop till I am able to launch slave or master
   while true; do
     # I will check if sentinel is up or not by connecting to it.
     echo "Trying to connect to sentinel, to retireve master's ip"
-    master=$(redis-cli -h ${REDIS_HA_SENTINEL_SERVICE_HOST} -p ${REDIS_HA_SENTINEL_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} --csv SENTINEL get-master-addr-by-name ${REDIS_MASTER_SET} | tr ',' ' ' | cut -d' ' -f1)
+      master=$(redis-cli -a ${redis_password} -h ${REDIS_HA_SENTINEL_SERVICE_HOST} -p ${REDIS_HA_SENTINEL_SERVICE_PORT} --tls --cert ${TLS_CERT_FILE} --key ${TLS_KEY_FILE} --cacert ${TLS_CA_CERT_FILE} --csv SENTINEL get-master-addr-by-name ${REDIS_MASTER_SET} | tr ',' ' ' | cut -d' ' -f1)
     # Is this instance marked as MASTER, it will matter only when the cluster is starting up for first time.
     if [[ "${MASTER}" == "true" ]]; then
       echo "MASTER is set to true"

install/Docker/dockerfiles/scripts/redis-master.conf

@@ -403,7 +403,7 @@ slave-priority 100
 # 150k passwords per second against a good box. This means that you should
 # use a very strong password otherwise it will be very easy to break.
 #
-#requirepass REDIS_DEFAULT_PASSWORD
+requirepass REDIS_DEFAULT_PASSWORD
 
 # Command renaming.
 #