Redis: Add support for TLS
Closed, ResolvedPublic
Actions

Description

For some setups, it's necessary to access Redis through TLS. This is already supported by phpredis 5.x, but the option handling in RedisConnectionPool.php doesn't support specifying Redis TLS endpoints, like tls://redis.server.example

I'd like to add support for that style of Redis hosts in RedisConnectionPool, what do you think?

Details

	Subject	Repo	Branch	Lines +/-
	objectcache: Adds support for TLS to RedisConnectionPool	mediawiki/core	master	+15 -4

Customize query in gerrit

Related Objects

Mentioned In: T170323: encrypt fundraising redis communications

Event Timeline

osorio-juan-microsoft created this task.Nov 5 2019, 10:21 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 5 2019, 10:21 PM

Tagging Platform Engineering to provide feedback on this proposal, as per https://www.mediawiki.org/wiki/Developers/Maintainers

Anomie moved this task from Inbox to Triage Meeting Inbox on the Platform Engineering board.Nov 8 2019, 4:13 PM

tagging Performance for @aaron to provide input into the proposal.

• kchapman triaged this task as Medium priority.Nov 13 2019, 7:15 PM

• kchapman moved this task from Triage Meeting Inbox to Feature Requests to Review on the Platform Engineering board.

We think this makes sense. Watching for a patch.

• Gilles moved this task from Inbox, needs triage to Radar on the Performance-Team board.Dec 2 2019, 9:14 PM

• Gilles edited projects, added Performance-Team (Radar); removed Performance-Team.

Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.Dec 4 2019, 9:29 PM

The RedisConnectionPool patch idea seems reasonable to me.

Change 554966 had a related patch set uploaded (by Juan Osorio (Microsoft); owner: Juan Osorio (Microsoft)):
[mediawiki/core@master] Adds support for TLS to RedisConnectionPool

https://gerrit.wikimedia.org/r/554966

gerritbot added a project: Patch-For-Review.Dec 5 2019, 11:23 PM

hashar mentioned this in T170323: encrypt fundraising redis communications.Dec 17 2019, 10:20 AM

A patch has appeared.

daniel removed a project: Platform Engineering.Feb 5 2020, 7:41 PM

daniel moved this task from Inbox to External Code Review Needed on the Platform Team Workboards (Clinic Duty Team) board.Feb 5 2020, 7:50 PM

Anomie moved this task from External Code Review Needed to External Code Review In Progress on the Platform Team Workboards (Clinic Duty Team) board.Mar 11 2020, 4:54 PM

It looks like the patch has received some review and is awaiting updating. Untagging for now, but please feel free to re-tag Platform Engineering when additional code review is needed.

Paladox subscribed.Feb 9 2021, 9:36 PM

Krinkle moved this task from libs/objectcache to General on the MediaWiki-libs-BagOStuff board.Jan 22 2022, 11:25 PM

Krinkle edited projects, added Performance-Team; removed Performance-Team (Radar).Jul 27 2022, 12:16 AM

Krinkle moved this task from Inbox, needs triage to Backlog: Maintenance, non-prioritized on the Performance-Team board.Jul 27 2022, 12:18 AM

Change 554966 merged by jenkins-bot:

[mediawiki/core@master] objectcache: Adds support for TLS to RedisConnectionPool

https://gerrit.wikimedia.org/r/554966

Maintenance_bot removed a project: Patch-For-Review.Aug 1 2022, 8:30 PM

ReleaseTaggerBot added a project: MW-1.39-notes (1.39.0-wmf.23; 2022-08-01).Aug 1 2022, 9:00 PM

Krinkle closed this task as Resolved.Aug 3 2022, 4:11 AM