feat(redis): 密码随机化改造 #1693

dbm-ui/backend/flow/engine/bamboo/scene/redis/redis_cluster_apply_flow.py

@@ -276,7 +276,6 @@ def deploy_redis_cluster_flow(self):
             "conf": {
                 "maxmemory": str(self.data["maxmemory"]),
                 "databases": str(self.data["databases"]),
-                "requirepass": self.data["redis_pwd"],
             },
             "db_version": self.data["db_version"],
             "domain_name": self.data["domain_name"],
@@ -295,10 +294,13 @@ def deploy_redis_cluster_flow(self):
 
         act_kwargs.cluster = {
             "conf": {
-                "password": self.data["proxy_pwd"],
-                "redis_password": self.data["redis_pwd"],
                 "port": str(self.data["proxy_port"]),
             },
+            "pwd_conf": {
+                "proxy_pwd": self.data["proxy_pwd"],
+                "proxy_admin_pwd": self.data["proxy_pwd"],
+                "redis_pwd": self.data["redis_pwd"],
+            },
             "domain_name": self.data["domain_name"],
         }
         act_kwargs.get_redis_payload_func = RedisActPayload.set_proxy_config.__name__

dbm-ui/backend/flow/engine/bamboo/scene/redis/redis_cluster_backup.py

@@ -55,7 +55,7 @@ def __get_instance_ip_ports(
         return dict(ip_ports)
 
     @staticmethod
-    def __get_domain_and_cloud_id(bk_biz_id: int, cluster_id: int) -> str:
+    def __get_domain_and_cloud_id(bk_biz_id: int, cluster_id: int):
         cluster = Cluster.objects.get(id=cluster_id, bk_biz_id=bk_biz_id)
         return cluster.immute_domain, cluster.bk_cloud_id
 

dbm-ui/backend/flow/engine/bamboo/scene/redis/redis_cluster_migrate_load.py

@@ -191,7 +191,6 @@ def redis_cluster_migrate_load_flow(self):
                 "conf": {
                     "maxmemory": str(params["config"]["maxmemory"]),
                     "databases": str(params["config"]["databases"]),
-                    "requirepass": params["config"]["requirepass"],
                 },
                 "db_version": params["clusterinfo"]["db_version"],
                 "domain_name": params["clusterinfo"]["immute_domain"],
@@ -210,10 +209,13 @@ def redis_cluster_migrate_load_flow(self):
 
             act_kwargs.cluster = {
                 "conf": {
-                    "password": params["config"]["proxypass"],
-                    "redis_password": params["config"]["requirepass"],
                     "port": str(cluster["proxy_port"]),
                 },
+                "pwd_conf": {
+                    "proxy_pwd": params["config"]["proxypass"],
+                    "proxy_admin_pwd": params["config"]["proxypass"],
+                    "redis_pwd": params["config"]["requirepass"],
+                },
                 "domain_name": params["clusterinfo"]["immute_domain"],
             }
             act_kwargs.get_redis_payload_func = RedisActPayload.set_proxy_config.__name__

dbm-ui/backend/flow/engine/bamboo/scene/redis/redis_cluster_shutdown.py

@@ -238,51 +238,7 @@ def redis_cluster_shutdown_flow(self):
             )
         redis_pipeline.add_parallel_acts(acts_list=acts_list)
 
-        acts_list = []
-        # 清理config
-        # TODO 这里等提供新接口后修改
-        if cluster_info["cluster_type"] == ClusterType.TwemproxyTendisSSDInstance.value:
-            act_kwargs.cluster = {
-                "conf": {
-                    "requirepass": "",
-                },
-                "cluster_id": self.data["cluster_id"],
-            }
-        else:
-            act_kwargs.cluster = {
-                "conf": {
-                    "requirepass": "",
-                    "cluster-enabled": "",
-                },
-                "cluster_id": self.data["cluster_id"],
-            }
-
-        act_kwargs.get_redis_payload_func = RedisActPayload.delete_redis_config.__name__
-        acts_list.append(
-            {
-                "act_name": _("清理Redis配置"),
-                "act_component_code": RedisConfigComponent.code,
-                "kwargs": asdict(act_kwargs),
-            }
-        )
-
-        act_kwargs.cluster = {
-            "conf": {
-                "password": "",
-                "redis_password": "",
-                "port": "",
-            },
-            "cluster_id": self.data["cluster_id"],
-        }
-        act_kwargs.get_redis_payload_func = RedisActPayload.delete_proxy_config.__name__
-        acts_list.append(
-            {
-                "act_name": _("清理Proxy配置"),
-                "act_component_code": RedisConfigComponent.code,
-                "kwargs": asdict(act_kwargs),
-            }
-        )
-        redis_pipeline.add_parallel_acts(acts_list=acts_list)
+        # TODO 这里是否要清理配置文件？ dbconf暂时没接口
 
         # 集群元数据删除
         act_kwargs.cluster = {

dbm-ui/backend/flow/engine/bamboo/scene/redis/redis_proxy_scale.py

@@ -31,6 +31,8 @@
 from backend.flow.plugins.components.collections.common.pause import PauseComponent
 from backend.flow.plugins.components.collections.redis.get_redis_payload import GetRedisActPayloadComponent
 from backend.flow.plugins.components.collections.redis.redis_db_meta import RedisDBMetaComponent
+from backend.flow.utils.base.payload_handler import PayloadHandler
+from backend.flow.utils.redis.redis_act_playload import RedisActPayload
 from backend.flow.utils.redis.redis_context_dataclass import ActKwargs, CommonContext
 from backend.flow.utils.redis.redis_db_meta import RedisDBMeta
 from backend.ticket.constants import SwitchConfirmType, TicketType
@@ -91,6 +93,7 @@ def __get_cluster_info(bk_biz_id: int, cluster_id: int) -> dict:
 
     @staticmethod
     def __get_cluster_config(bk_biz_id: int, namespace: str, domain_name: str, db_version: str) -> Any:
+        passwd_ret = PayloadHandler.redis_get_password_by_domain(domain_name)
         data = DBConfigApi.query_conf_item(
             params={
                 "bk_biz_id": str(bk_biz_id),
@@ -103,6 +106,12 @@ def __get_cluster_config(bk_biz_id: int, namespace: str, domain_name: str, db_ve
                 "format": FormatType.MAP,
             }
         )
+        if passwd_ret.get("redis_password"):
+            data["content"]["redis_password"] = passwd_ret.get("redis_password")
+        if passwd_ret.get("redis_proxy_password"):
+            data["content"]["password"] = passwd_ret.get("redis_proxy_password")
+        if passwd_ret.get("redis_proxy_admin_password"):
+            data["content"]["redis_proxy_admin_password"] = passwd_ret.get("redis_proxy_admin_password")
         return data["content"]
 
     def redis_proxy_scale_up_flow(self):
@@ -161,8 +170,8 @@ def redis_proxy_scale_up_flow(self):
                 "spec_config": info["resource_spec"]["proxy"],
             }
             # 如果从config_info中取出了admin_pwd，则说明是predixy，需要补充进params
-            if config_info["predixy_admin_passwd"]:
-                params["proxy_admin_pwd"] = config_info["predixy_admin_passwd"]
+            if config_info["redis_proxy_admin_password"]:
+                params["proxy_admin_pwd"] = config_info["redis_proxy_admin_password"]
             for proxy_info in info["proxy"]:
                 ip = proxy_info["ip"]
                 act_kwargs.cluster = copy.deepcopy(cluster_tpl)

dbm-ui/backend/flow/engine/bamboo/scene/redis/tendis_plus_apply_flow.py

@@ -242,7 +242,6 @@ def deploy_tendisplus_cluster_flow(self):
         acts_list = []
         act_kwargs.cluster = {
             "conf": {
-                "requirepass": self.data["redis_pwd"],
                 "cluster-enabled": ClusterStatus.REDIS_CLUSTER_YES,
             },
             "db_version": self.data["db_version"],
@@ -259,11 +258,13 @@ def deploy_tendisplus_cluster_flow(self):
 
         act_kwargs.cluster = {
             "conf": {
-                "password": self.data["proxy_pwd"],
-                "predixy_admin_passwd": self.data["proxy_admin_pwd"],
-                "redis_password": self.data["redis_pwd"],
                 "port": str(self.data["proxy_port"]),
             },
+            "pwd_conf": {
+                "proxy_pwd": self.data["proxy_pwd"],
+                "proxy_admin_pwd": self.data["proxy_admin_pwd"],
+                "redis_pwd": self.data["redis_pwd"],
+            },
             "domain_name": self.data["domain_name"],
         }
         act_kwargs.get_redis_payload_func = RedisActPayload.set_proxy_config.__name__

dbm-ui/backend/flow/utils/redis/redis_act_playload.py

@@ -344,6 +344,8 @@ def __get_cluster_config(self, domain_name: str, db_version: str, conf_type: str
                 data["content"]["redis_password"] = passwd_ret.get("redis_password")
             if passwd_ret.get("redis_proxy_password"):
                 data["content"]["password"] = passwd_ret.get("redis_proxy_password")
+            if passwd_ret.get("redis_proxy_admin_password"):
+                data["content"]["redis_proxy_admin_password"] = passwd_ret.get("redis_proxy_admin_password")
         elif conf_type == ConfigTypeEnum.DBConf.value:
             if passwd_ret.get("redis_password"):
                 data["content"]["requirepass"] = passwd_ret.get("redis_password")
@@ -354,6 +356,14 @@ def set_proxy_config(self, clusterMap: dict) -> Any:
         """
         集群初始化的时候twemproxy没做变动，直接写入集群就OK
         """
+        # 密码随机化
+        PayloadHandler.redis_save_password_by_domain(
+            immute_domain=clusterMap["domain_name"],
+            redis_password=clusterMap["pwd_conf"]["redis_pwd"],
+            redis_proxy_password=clusterMap["pwd_conf"]["proxy_pwd"],
+            redis_proxy_admin_password=clusterMap["pwd_conf"]["proxy_admin_pwd"],
+        )
+
         conf_items = []
         for conf_name, conf_value in clusterMap["conf"].items():
             conf_items.append({"conf_name": conf_name, "conf_value": conf_value, "op_type": OpType.UPDATE})
@@ -533,6 +543,7 @@ def add_predixy_payload(self, **kwargs) -> dict:
                 "ip": kwargs["ip"],
                 "port": self.cluster["proxy_port"],
                 "predixypasswd": proxy_config["password"],
+                "predixyadminpasswd": proxy_config["redis_proxy_admin_password"],
                 "redispasswd": proxy_config["redis_password"],
                 "servers": self.cluster["servers"],
                 "dbconfig": proxy_config,