Test Redis Sentinel mode with VC-AuthN OIDC

docker-compose-sentinel.yaml

# Redis Sentinel test configuration
# Usage: docker compose -f docker-compose.yaml -f docker-compose-sentinel.yaml up
#
# This replaces the single Redis instance with a Sentinel setup:
# - redis-master: Primary Redis node
# - redis-replica: Replica node
# - sentinel-1, sentinel-2, sentinel-3: Sentinel nodes for HA
#
# Set these environment variables before starting:
#   REDIS_MODE=sentinel
#   REDIS_HOST=sentinel-1:26379,sentinel-2:26379,sentinel-3:26379
#   REDIS_SENTINEL_MASTER_NAME=mymaster

services:
  # Override controller to depend on sentinel services instead of single redis
  controller:
    environment:
      - REDIS_MODE=sentinel
      - REDIS_HOST=sentinel-1:26379,sentinel-2:26379,sentinel-3:26379
      - REDIS_SENTINEL_MASTER_NAME=mymaster
    depends_on:
      sentinel-1:
        condition: service_healthy
      sentinel-2:
        condition: service_healthy
      sentinel-3:
        condition: service_healthy
      controller-db:
        condition: service_started

  # Replace the single redis service with a stub
  # (can't remove it entirely due to compose merge behavior)
  # Must have healthcheck since controller depends on redis:service_healthy
  redis:
    image: busybox
    command: ["sh", "-c", "while true; do sleep 3600; done"]
    restart: "no"
    networks:
      - vc_auth
    healthcheck:
      test: ["CMD", "true"]
      interval: 1s
      timeout: 1s
      retries: 1

  # Redis Master
  redis-master:
    image: redis:8-alpine
    command: redis-server --appendonly yes
    volumes:
      - redis-master-data:/data
    networks:
      - vc_auth
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 3

  # Redis Replica
  redis-replica:
    image: redis:8-alpine
    command: redis-server --appendonly yes --replicaof redis-master 6379
    volumes:
      - redis-replica-data:/data
    networks:
      - vc_auth
    depends_on:
      redis-master:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 3

  # Sentinel 1
  sentinel-1:
    image: redis:8-alpine
    command: >
      sh -c "cp /etc/redis/sentinel-template.conf /data/sentinel.conf &&
             redis-sentinel /data/sentinel.conf"
    volumes:
      - ./redis-sentinel/sentinel.conf:/etc/redis/sentinel-template.conf:ro
      - sentinel-1-data:/data
    networks:
      - vc_auth
    depends_on:
      redis-master:
        condition: service_healthy
      redis-replica:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "redis-cli", "-p", "26379", "ping"]
      interval: 5s
      timeout: 3s
      retries: 3

  # Sentinel 2
  sentinel-2:
    image: redis:8-alpine
    command: >
      sh -c "cp /etc/redis/sentinel-template.conf /data/sentinel.conf &&
             redis-sentinel /data/sentinel.conf"
    volumes:
      - ./redis-sentinel/sentinel.conf:/etc/redis/sentinel-template.conf:ro
      - sentinel-2-data:/data
    networks:
      - vc_auth
    depends_on:
      redis-master:
        condition: service_healthy
      redis-replica:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "redis-cli", "-p", "26379", "ping"]
      interval: 5s
      timeout: 3s
      retries: 3

  # Sentinel 3
  sentinel-3:
    image: redis:8-alpine
    command: >
      sh -c "cp /etc/redis/sentinel-template.conf /data/sentinel.conf &&
             redis-sentinel /data/sentinel.conf"
    volumes:
      - ./redis-sentinel/sentinel.conf:/etc/redis/sentinel-template.conf:ro
      - sentinel-3-data:/data
    networks:
      - vc_auth
    depends_on:
      redis-master:
        condition: service_healthy
      redis-replica:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "redis-cli", "-p", "26379", "ping"]
      interval: 5s
      timeout: 3s
      retries: 3

volumes:
  redis-master-data:
  redis-replica-data:
  sentinel-1-data:
  sentinel-2-data:
  sentinel-3-data:

test-sentinel.sh

#!/bin/bash
#
# Test Redis Sentinel mode with VC-AuthN OIDC
#
# Usage:
#   ./test-sentinel.sh start    - Start sentinel test environment
#   ./test-sentinel.sh stop     - Stop all services
#   ./test-sentinel.sh logs     - View logs
#   ./test-sentinel.sh status   - Check Redis/Sentinel status
#   ./test-sentinel.sh failover - Trigger manual failover for testing
#

set -e

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
cd "$SCRIPT_DIR"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo_info() { echo -e "${YELLOW}$1${NC}"; }
echo_success() { echo -e "${GREEN}$1${NC}"; }
echo_error() { echo -e "${RED}$1${NC}"; }

# Check for .env file
check_env() {
    if [[ ! -f ".env" ]]; then
        echo_error "ERROR: .env file not found!"
        echo_info "Please copy .env.example to .env first:"
        echo "  cp .env.example .env"
        exit 1
    fi
}

# Apply sentinel environment overrides
apply_sentinel_env() {
    # Export sentinel-specific settings
    export REDIS_MODE=sentinel
    export REDIS_HOST="sentinel-1:26379,sentinel-2:26379,sentinel-3:26379"
    export REDIS_SENTINEL_MASTER_NAME=mymaster
    export REDIS_PORT=6379  # Not used in sentinel mode, but compose references it
    export REDIS_PASSWORD=
    export REDIS_DB=0

    # Set dummy values for unused variables to suppress compose warnings
    export AGENT_ENDPOINT="${AGENT_ENDPOINT:-http://localhost:8030}"
    export AGENT_ADMIN_MODE="${AGENT_ADMIN_MODE:-admin-insecure-mode}"
    export CONTROLLER_URL="${CONTROLLER_URL:-http://localhost:5000}"
    export ACAPY_TENANT_WALLET_ID="${ACAPY_TENANT_WALLET_ID:-}"
    export ACAPY_TENANT_WALLET_KEY="${ACAPY_TENANT_WALLET_KEY:-}"

    echo_info "Redis Sentinel configuration:"
    echo "  REDIS_MODE=$REDIS_MODE"
    echo "  REDIS_HOST=$REDIS_HOST"
    echo "  REDIS_SENTINEL_MASTER_NAME=$REDIS_SENTINEL_MASTER_NAME"
}

# Compose command for sentinel
compose_sentinel() {
    docker compose -f docker-compose.yaml -f docker-compose-sentinel.yaml "$@"
}

case "${1:-help}" in
    start)
        check_env
        apply_sentinel_env

        echo_info "Building images if needed..."
        docker build -t 'acapy-vc-authn-oidc-controller' -f './oidc-controller/Dockerfile' '..'

        echo_info "Starting Redis Sentinel test environment..."
        echo_info "(This is a minimal setup - no ngrok/agent for quick testing)"

        # Start only the minimal services needed for testing Redis
        compose_sentinel up -d \
            redis-master \
            redis-replica \
            sentinel-1 \
            sentinel-2 \
            sentinel-3 \
            controller-db \
            controller \
            controller-lb

        echo ""
        echo_success "Sentinel test environment started!"
        echo ""
        echo "Services running:"
        echo "  - Redis Master (redis-master:6379)"
        echo "  - Redis Replica (redis-replica:6379)"
        echo "  - Sentinel 1-3 (sentinel-{1,2,3}:26379)"
        echo "  - Controller (http://localhost:5000)"
        echo ""
        echo "Useful commands:"
        echo "  ./test-sentinel.sh logs     - View logs"
        echo "  ./test-sentinel.sh status   - Check Redis/Sentinel status"
        echo "  ./test-sentinel.sh failover - Test failover"
        echo "  ./test-sentinel.sh stop     - Stop all services"
        ;;

    stop)
        echo_info "Stopping sentinel test environment..."
        compose_sentinel down -v
        echo_success "Stopped."
        ;;

    logs)
        compose_sentinel logs -f controller sentinel-1 sentinel-2 sentinel-3 redis-master redis-replica
        ;;

    status)
        echo_info "=== Sentinel Status ==="
        echo ""
        echo "Sentinel 1 - Master info:"
        docker compose -f docker-compose.yaml -f docker-compose-sentinel.yaml exec sentinel-1 \
            redis-cli -p 26379 sentinel master mymaster 2>/dev/null | head -20 || echo "Sentinel 1 not ready"

        echo ""
        echo "Sentinel 1 - Replicas:"
        docker compose -f docker-compose.yaml -f docker-compose-sentinel.yaml exec sentinel-1 \
            redis-cli -p 26379 sentinel replicas mymaster 2>/dev/null | head -10 || echo "No replicas found"

        echo ""
        echo "Redis Master - Replication info:"
        docker compose -f docker-compose.yaml -f docker-compose-sentinel.yaml exec redis-master \
            redis-cli info replication 2>/dev/null | grep -E "role|connected_slaves" || echo "Master not ready"
        ;;

    failover)
        echo_info "Triggering manual failover..."
        docker compose -f docker-compose.yaml -f docker-compose-sentinel.yaml exec sentinel-1 \
            redis-cli -p 26379 sentinel failover mymaster

        echo_info "Waiting for failover to complete..."
        sleep 5

        echo_success "Failover triggered. Checking new master:"
        docker compose -f docker-compose.yaml -f docker-compose-sentinel.yaml exec sentinel-1 \
            redis-cli -p 26379 sentinel master mymaster | grep -A1 "ip\|port"
        ;;

    *)
        echo "Redis Sentinel Test Environment"
        echo ""
        echo "Usage: $0 <command>"
        echo ""
        echo "Commands:"
        echo "  start    - Start sentinel test environment (minimal services)"
        echo "  stop     - Stop all services and remove volumes"
        echo "  logs     - View logs from sentinel and controller"
        echo "  status   - Show Redis master/replica/sentinel status"
        echo "  failover - Trigger manual failover to test HA"
        echo ""
        ;;
esac