From ed8149acd5290abe8a9d5aac357dc4bf2125b377 Mon Sep 17 00:00:00 2001
From: Raz Monsonego <74051729+raz-mon@users.noreply.github.com>
Date: Sat, 7 Jun 2025 19:35:33 +0300
Subject: [PATCH 1/2] Add parameter to allow starting a cluster with TLS, that
 does not use TLS for inter-shard communication

---
 README.md           | 4 ++++
 RLTest/env.py       | 8 ++++++--
 RLTest/redis_std.py | 5 +++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 7fbd8cd..7dfbfff 100644
--- a/README.md
+++ b/README.md
@@ -178,6 +178,10 @@ optional arguments:
   --dualTLS             Initialize both TLS and non-TLS ports for all shards.
                         The non-TLS ports will be the TLS ports + 1500.
                         Only effective when TLS is active (see `useTLS`).
+                        (default: False)
+  --tlsCluster          Enable TLS for cluster communication. Only effective
+                        when TLS is active (see `useTLS`) and when running
+                        in cluster mode. (default: True)
 
 ```
 
diff --git a/RLTest/env.py b/RLTest/env.py
index b31a26b..ce9a07d 100644
--- a/RLTest/env.py
+++ b/RLTest/env.py
@@ -153,6 +153,7 @@ class Defaults:
     protocol = 2
     redis_config_file = None
     dualTLS = False
+    tlsCluster = True
 
     def getKwargs(self):
         kwargs = {
@@ -201,7 +202,7 @@ def __init__(self, testName=None, testDescription=None, module=None,
                  tlsCaCertFile=None, tlsPassphrase=None, logDir=None, redisBinaryPath=None, dmcBinaryPath=None,
                  redisEnterpriseBinaryPath=None, noDefaultModuleArgs=False, clusterNodeTimeout = None,
                  freshEnv=False, enableDebugCommand=None, enableModuleCommand=None, enableProtectedConfigs=None, protocol=None,
-                 terminateRetries=None, terminateRetrySecs=None, redisConfigFile=None, dualTLS=False):
+                 terminateRetries=None, terminateRetrySecs=None, redisConfigFile=None, dualTLS=False, tlsCluster=True):
 
         self.testName = testName if testName else Defaults.curr_test_name
         if self.testName is None:
@@ -255,6 +256,8 @@ def __init__(self, testName=None, testDescription=None, module=None,
 
         self.dualTLS = dualTLS if dualTLS else Defaults.dualTLS
 
+        self.tlsCluster = tlsCluster if tlsCluster else Defaults.tlsCluster
+
         if not freshEnv and Env.RTestInstance and Env.RTestInstance.currEnv and self.compareEnvs(Env.RTestInstance.currEnv):
             self.envRunner = Env.RTestInstance.currEnv.envRunner
         else:
@@ -370,7 +373,8 @@ def getEnvKwargs(self):
             'terminateRetries': self.terminateRetries,
             'terminateRetrySecs': self.terminateRetrySecs,
             'redisConfigFile': self.redisConfigFile,
-            'dualTLS': self.dualTLS
+            'dualTLS': self.dualTLS,
+            'tlsCluster': self.tlsCluster,
         }
         return kwargs
 
diff --git a/RLTest/redis_std.py b/RLTest/redis_std.py
index 6b4d01f..82fe7c6 100644
--- a/RLTest/redis_std.py
+++ b/RLTest/redis_std.py
@@ -23,7 +23,7 @@ def __init__(self, redisBinaryPath, port=6379, modulePath=None, moduleArgs=None,
                  useAof=False, useRdbPreamble=True, debugger=None, sanitizer=None, noCatch=False, noLog=False, unix=False, verbose=False, useTLS=False,
                  tlsCertFile=None, tlsKeyFile=None, tlsCaCertFile=None, clusterNodeTimeout=None, tlsPassphrase=None, enableDebugCommand=False, protocol=2,
                  terminateRetries=None, terminateRetrySecs=None, enableProtectedConfigs=False, enableModuleCommand=False, loglevel=None,
-                 redisConfigFile=None, dualTLS=False
+                 redisConfigFile=None, dualTLS=False, tlsCluster=True
                  ):
         self.uuid = uuid.uuid4().hex
         self.redisBinaryPath = os.path.expanduser(redisBinaryPath) if redisBinaryPath.startswith(
@@ -72,6 +72,7 @@ def __init__(self, redisBinaryPath, port=6379, modulePath=None, moduleArgs=None,
         self.terminateRetrySecs = terminateRetrySecs
         self.redisConfigFile = redisConfigFile
         self.dualTLS = dualTLS
+        self.tlsCluster = tlsCluster
 
         if port > 0:
             self.port = port
@@ -230,7 +231,7 @@ def createCmdArgs(self, role):
             # creating .cluster.conf in /tmp as lock fails on NFS
             cmdArgs += ['--cluster-enabled', 'yes', '--cluster-config-file', '/tmp/' + self._getFileName(role, '.cluster.conf'),
                         '--cluster-node-timeout', '5000' if self.clusterNodeTimeout is None else str(self.clusterNodeTimeout)]
-            if self.useTLS:
+            if self.useTLS and self.tlsCluster:
                 cmdArgs += ['--tls-cluster', 'yes']
         if self.useAof:
             cmdArgs += ['--appendonly', 'yes']

From 78b2de4958f6100c8d7fc416197bdec1442c6fbd Mon Sep 17 00:00:00 2001
From: Raz Monsonego <74051729+raz-mon@users.noreply.github.com>
Date: Sat, 7 Jun 2025 19:52:59 +0300
Subject: [PATCH 2/2] Fix initialization

---
 RLTest/env.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RLTest/env.py b/RLTest/env.py
index ce9a07d..19e654a 100644
--- a/RLTest/env.py
+++ b/RLTest/env.py
@@ -256,7 +256,7 @@ def __init__(self, testName=None, testDescription=None, module=None,
 
         self.dualTLS = dualTLS if dualTLS else Defaults.dualTLS
 
-        self.tlsCluster = tlsCluster if tlsCluster else Defaults.tlsCluster
+        self.tlsCluster = tlsCluster if not tlsCluster else Defaults.tlsCluster
 
         if not freshEnv and Env.RTestInstance and Env.RTestInstance.currEnv and self.compareEnvs(Env.RTestInstance.currEnv):
             self.envRunner = Env.RTestInstance.currEnv.envRunner