---
# additional altnames
profiles::pki::vault::alt_names:
  - redis.main.unkin.net
  - redis.service.consul
  - redis.query.consul
  - "redis.service.%{facts.country}-%{facts.region}.consul"

profiles::ssh::sign::principals:
  - redis.main.unkin.net
  - redis.service.consul
  - redis.query.consul


hiera_include:
  - redisha

redisha::manage_repo: false
redisha::redisha_members_lookup: true
redisha::redisha_members_role: roles::infra::db::redis
redisha::redis::requirepass: "%{hiera('redisha::masterauth')}"
redisha::redis::masterauth: "%{hiera('redisha::masterauth')}"
redisha::sentinel::master_name: "%{facts.country}-%{facts.region}"
redisha::sentinel::requirepass: "%{hiera('redisha::masterauth')}"
redisha::sentinel::auth_pass: "%{hiera('redisha::masterauth')}"
redisha::tools::requirepass: "%{hiera('redisha::masterauth')}"

sudo::configs:
  consul:
    priority: 20
    content: |
      consul ALL=(ALL) NOPASSWD: /usr/local/sbin/sentineladm info
consul::services:
  redis-replica:
    service_name: "redis-replica-%{facts.environment}"
    tags:
      - 'redis'
      - 'redis-replica'
    address: "%{facts.networking.ip}"
    port: 6379
    checks:
      - id: 'redis-replica_tcp_check'
        name: 'Redis Replica TCP Check'
        tcp: "%{facts.networking.ip}:6379"
        interval: '10s'
        timeout: '1s'
  redis-master:
    service_name: "redis-master-%{facts.environment}"
    tags:
      - 'redis'
      - 'redis-master'
    address: "%{facts.networking.ip}"
    port: 6379
    checks:
      - id: 'redis-master_tcp_check'
        name: "Redis Master Check"
        args:
          - '/usr/local/bin/check_redis_master'
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: "redis-replica-%{facts.environment}"
    disposition: write
  - resource: service
    segment: "redis-master-%{facts.environment}"
    disposition: write