From 55d31f72887b4d4b4ca7d626cef54a19e0865d6c Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Wed, 27 Dec 2017 15:10:59 +0100
Subject: [PATCH] Redis: configuration for "protected-mode" + tags

---
 redis/defaults/main.yml       |  2 ++
 redis/tasks/main.yml          | 24 ++++++++++++++++++------
 redis/templates/redis.conf.j2 |  2 ++
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/redis/defaults/main.yml b/redis/defaults/main.yml
index 6526c887..b67a6568 100644
--- a/redis/defaults/main.yml
+++ b/redis/defaults/main.yml
@@ -31,5 +31,7 @@ redis_maxmemory_samples: 5
 redis_appendonly: "no"
 redis_appendfsync: "everysec"
 
+redis_protected_mode: "yes"
+
 # Add extra include files for local configuration/overrides.
 redis_includes: []
diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml
index 33a70797..edcb5764 100644
--- a/redis/tasks/main.yml
+++ b/redis/tasks/main.yml
@@ -4,11 +4,11 @@
     name: "{{ item }}"
     state: present
   with_items:
-  - redis-server
-  - redis-tools
+    - redis-server
+    - redis-tools
   tags:
-  - redis
-  - packages
+    - redis
+    - packages
 
 - name: Redis is configured.
   template:
@@ -17,7 +17,7 @@
     mode: "0644"
   notify: restart redis
   tags:
-  - redis
+    - redis
 
 - name: Redis is running and enabled on boot.
   service:
@@ -25,21 +25,33 @@
     enabled: yes
     state: started
   tags:
-  - redis
+    - redis
 
 - name: Is Munin installed
   stat:
     path: /etc/munin/plugins
   register: _munin_installed
+  tags:
+    - redis
+    - munin
 
 - include: munin.yml
   when: _munin_installed.stat.exists and _munin_installed.stat.isdir
+  tags:
+    - redis
+    - munin
 
 - name: is NRPE present ?
   stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
   check_mode: no
   register: nrpe_evolix_config
+  tags:
+    - redis
+    - nrpe
 
 - include: nrpe_stretch.yml
   when: ansible_distribution_release == "stretch" and nrpe_evolix_config.stat.exists == true
+  tags:
+    - redis
+    - nrpe
diff --git a/redis/templates/redis.conf.j2 b/redis/templates/redis.conf.j2
index 78dd0c8c..22b9a78e 100644
--- a/redis/templates/redis.conf.j2
+++ b/redis/templates/redis.conf.j2
@@ -32,6 +32,8 @@ rdbcompression {{ redis_rdbcompression }}
 dbfilename {{ redis_dbfilename }}
 dir {{ redis_dbdir }}
 
+protected-mode {{ redis_protected_mode }}
+
 # maxclients 128
 
 {% if redis_maxmemory %}