[major] Implement Redis-Based Distributed Locking for GitOps Operations#2189
Open
Hardik-Prajapati-10 wants to merge 29 commits intomasterfrom
Open
[major] Implement Redis-Based Distributed Locking for GitOps Operations#2189Hardik-Prajapati-10 wants to merge 29 commits intomasterfrom
Hardik-Prajapati-10 wants to merge 29 commits intomasterfrom
Conversation
image/cli/mascli/functions/gitops_suite_app_config - Migrated image/cli/mascli/functions/gitops_mas_config - Migrated image/cli/mascli/functions/gitops_deprovision_app_config - Migrated
Hardik-Prajapati-10
requested review from
amitpandey0217,
mnivedithaa and
rbinns
whitfiea
changed the title
whitfiea
requested changes
Apr 17, 2026
| --mount=type=secret,id=GITHUB_REF_TYPE,env=GITHUB_REF_TYPE \ | ||
| umask 0002 && \ | ||
| ls /tmp/install && \ | ||
| bash /tmp/install/install-redis-cli.sh && \ |
Member
There was a problem hiding this comment.
normally the third party cli packages are installed as part of the cli-base image at https://github.com/ibm-mas/cli-base so we should move this redis-cli install to that
| ### Required Runtime Requirement | ||
|
|
||
| For migrated GitOps flows: | ||
| - `GITOPS_USE_REDIS_LOCKING` must be `true` |
Member
There was a problem hiding this comment.
It seems that GITOPS_USE_REDIS_LOCKING has to be true, so i am not sure what the value is of having an env var anyway?
Comment on lines
+89
to
+112
| ### Step 2: Configure IBM Toolchain Environment Variables | ||
|
|
||
| Add these environment variables to your IBM Toolchain pipeline. | ||
|
|
||
| #### In IBM Toolchain → Pipeline → Environment Properties: | ||
|
|
||
| | Variable Name | Type | Value | Description | | ||
| |--------------|------|-------|-------------| | ||
| | `REDIS_USERNAME` | Secure | `ibm_cloud_user` | Redis username from credentials | | ||
| | `REDIS_HOST` | Text | `c-abc123.databases.appdomain.cloud` | Redis hostname | | ||
| | `REDIS_PORT` | Text | `31234` | Redis port | | ||
| | `REDIS_PASSWORD` | Secure | `your-redis-password` | Redis password | | ||
| | `REDIS_TLS_CA_CERT_B64` | Secure | `LS0tLS1CRUdJTi...` | Base64-encoded TLS certificate | | ||
| | `GITOPS_USE_REDIS_LOCKING` | Text | `true` | Required for migrated locking flows | | ||
| | `REDIS_TLS` | Text | `true` | Enable TLS (required for IBM Cloud) | | ||
| | `REDIS_DB` | Text | `0` | Redis database number | | ||
|
|
||
| #### Optional Tuning Parameters | ||
|
|
||
| | Variable Name | Default | Description | | ||
| |--------------|---------|-------------| | ||
| | `GITOPS_LOCK_TTL` | `300` | Lock expires after N seconds | | ||
| | `GITOPS_LOCK_RETRY_MAX` | `100` | Maximum retry attempts | | ||
| | `GITOPS_LOCK_RETRY_DELAY` | `20` | Seconds between retry attempts | |
Member
There was a problem hiding this comment.
Using the IBM toolchain to call the functions is optional. We should update the docs in https://ibm-mas.github.io/gitops/main/ so state these env vars should be set when executing the functions, and also add that to this file.
Comment on lines
+400
to
+434
| ### Adding redis-cli to Custom Images | ||
|
|
||
| If you're building a custom CLI image, add redis-cli installation. | ||
|
|
||
| **1. Create installation script** (`image/cli/install/install-redis-cli.sh`): | ||
| ```bash | ||
| #!/bin/bash | ||
| set -e | ||
|
|
||
| echo "Installing redis-cli..." | ||
|
|
||
| if command -v microdnf &> /dev/null; then | ||
| microdnf install -y redis && microdnf clean all | ||
| elif command -v dnf &> /dev/null; then | ||
| dnf install -y redis && dnf clean all | ||
| elif command -v yum &> /dev/null; then | ||
| yum install -y redis && yum clean all | ||
| elif command -v apt-get &> /dev/null; then | ||
| apt-get update && apt-get install -y redis-tools && rm -rf /var/lib/apt/lists/* | ||
| elif command -v apk &> /dev/null; then | ||
| apk add --no-cache redis | ||
| else | ||
| echo "ERROR: No supported package manager found" | ||
| exit 1 | ||
| fi | ||
|
|
||
| redis-cli --version | ||
| ``` | ||
|
|
||
| **2. Update Dockerfile** (`image/cli/Dockerfile`): | ||
| ```dockerfile | ||
| COPY install /tmp/install | ||
| RUN bash /tmp/install/install-redis-cli.sh && \ | ||
| bash /tmp/install/install-python-packages.sh | ||
| ``` |
Member
There was a problem hiding this comment.
We shouldn't need this section as we don't allow a custom cli image
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue
https://jsw.ibm.com/browse/MASCORE-13109
Description
This PR implements a comprehensive Redis-based distributed locking mechanism to replace the legacy Git branch-based locking system for GitOps operations. The change addresses critical issues with concurrent pipeline executions that previously caused race conditions, merge conflicts, and branch pollution.
Key Changes
1. Redis Locking Infrastructure (
image/cli/mascli/functions/gitops_utils)SET NXoperations2. Container Image Updates
redis-cliinstallation script (image/cli/install/install-redis-cli.sh)3. Migrated GitOps Functions (10 functions)
All functions now use
gitops_lock_and_modifywith Redis locking:gitops_cp4d_servicegitops_suite_app_configgitops_deprovision_app_configgitops_mas_configgitops_suite_workspacegitops_deprovision_suite_workspacegitops_deprovision_cp4d_servicegitops_db2u_databasegitops_rds_db2_databasegitops_deprovision_db2u_database4. Documentation
docs/redis-locking-setup.md)docs/ibm-toolchain-redis-setup.sh)Impact
Reliability Improvements:
Breaking Change:
GITOPS_USE_REDIS_LOCKING=truemust be setTest Results
Manual Testing
Integration Testing
Configuration Testing
ibm-toolchain-redis-setup.sh)Backporting
Related Pull Requests
https://github.ibm.com/maximoappsuite/saas-deploy-py/pull/262
docs/redis-locking-setup.mddocs/ibm-toolchain-redis-setup.shfor IBM Cloud integration