redis: use /run instead or /var/run
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
ddd3e1aa06
commit
3709808fdc
|
@ -27,6 +27,7 @@ The **patch** part changes incrementally at each release.
|
|||
* evoacme: upstream release 21.01
|
||||
* minifirewall: change some defaults
|
||||
* nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
|
||||
* redis: use /run instead or /var/run
|
||||
|
||||
### Fixed
|
||||
|
||||
|
|
|
@ -9,10 +9,10 @@ redis_port: 6379
|
|||
redis_bind_interface: 127.0.0.1
|
||||
|
||||
redis_socket_enabled: True
|
||||
redis_socket_dir_prefix: '/var/run/redis'
|
||||
redis_socket_dir_prefix: '/run/redis'
|
||||
redis_socket_perms: 770
|
||||
|
||||
redis_pid_dir_prefix: "/var/run/redis"
|
||||
redis_pid_dir_prefix: "/run/redis"
|
||||
|
||||
redis_timeout: 300
|
||||
|
||||
|
|
|
@ -110,7 +110,7 @@
|
|||
tags:
|
||||
- redis
|
||||
|
||||
- name: Systemd template for redis instances is installed (Debian 9 or later)
|
||||
- name: Systemd template for redis instances is installed (Debian 9)
|
||||
template:
|
||||
src: 'redis-server@stretch.service.j2'
|
||||
dest: '/etc/systemd/system/redis-server@.service'
|
||||
|
@ -119,7 +119,20 @@
|
|||
group: "root"
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
- ansible_distribution_major_version is version('9', '=')
|
||||
tags:
|
||||
- redis
|
||||
|
||||
- name: Systemd template for redis instances is installed (Debian 10 or later)
|
||||
template:
|
||||
src: 'redis-server@buster.service.j2'
|
||||
dest: '/etc/systemd/system/redis-server@.service'
|
||||
mode: "0644"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('10', '>=')
|
||||
tags:
|
||||
- redis
|
||||
|
||||
|
|
35
redis/templates/redis-server@buster.service.j2
Normal file
35
redis/templates/redis-server@buster.service.j2
Normal file
|
@ -0,0 +1,35 @@
|
|||
[Unit]
|
||||
Description=Advanced key-value store
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/usr/bin/redis-server {{ redis_conf_dir_prefix }}-%i/redis.conf
|
||||
PIDFile=/run/redis-%i/redis-server.pid
|
||||
TimeoutStopSec=0
|
||||
Restart=always
|
||||
User=redis-%i
|
||||
Group=redis-%i
|
||||
RuntimeDirectory=redis-%i
|
||||
|
||||
ExecStop=/bin/kill -s TERM $MAINPID
|
||||
|
||||
UMask=007
|
||||
PrivateTmp=yes
|
||||
LimitNOFILE=65535
|
||||
PrivateDevices=yes
|
||||
ProtectHome={{ redis_data_dir_prefix is match('/home') | ternary('no', 'yes') }}
|
||||
ReadOnlyDirectories=/
|
||||
ReadWriteDirectories=-{{ redis_data_dir_prefix }}-%i
|
||||
ReadWriteDirectories=-{{ redis_log_dir_prefix }}-%i
|
||||
ReadWriteDirectories=-{{ redis_pid_dir_prefix }}-%i
|
||||
ReadWriteDirectories=-{{ redis_socket_dir_prefix }}-%i
|
||||
CapabilityBoundingSet=~CAP_SYS_PTRACE
|
||||
|
||||
# redis-server writes its own config file when in cluster mode so we allow
|
||||
# writing there (NB. ProtectSystem=true over ProtectSystem=full)
|
||||
ProtectSystem=true
|
||||
ReadWriteDirectories=-{{ redis_conf_dir_prefix }}-%i
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -5,7 +5,7 @@ After=network.target
|
|||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/usr/bin/redis-server {{ redis_conf_dir_prefix }}-%i/redis.conf
|
||||
PIDFile=/var/run/redis-%i/redis-server.pid
|
||||
PIDFile=/run/redis-%i/redis-server.pid
|
||||
TimeoutStopSec=0
|
||||
Restart=always
|
||||
User=redis-%i
|
||||
|
|
Loading…
Reference in a new issue