From adc1aad8839a7d8ade2fccd80461e597dc65a0da Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 17 Jan 2020 14:54:05 +0100
Subject: [PATCH] redis: data directory is configurable

---
 redis/defaults/main.yml                       | 10 ++---
 redis/files/redis-server@jessie.service       | 19 ---------
 redis/files/redis-server@stretch.service      | 38 ------------------
 redis/tasks/instance-server.yml               |  8 ++--
 redis/tasks/main.yml                          | 16 +++++---
 .../templates/redis-server@jessie.service.j2  | 19 +++++++++
 .../templates/redis-server@stretch.service.j2 | 39 +++++++++++++++++++
 7 files changed, 78 insertions(+), 71 deletions(-)
 delete mode 100644 redis/files/redis-server@jessie.service
 delete mode 100644 redis/files/redis-server@stretch.service
 create mode 100644 redis/templates/redis-server@jessie.service.j2
 create mode 100644 redis/templates/redis-server@stretch.service.j2

diff --git a/redis/defaults/main.yml b/redis/defaults/main.yml
index 38faa67c..7fa9bf90 100644
--- a/redis/defaults/main.yml
+++ b/redis/defaults/main.yml
@@ -1,16 +1,16 @@
 ---
 redis_systemd_name: redis-server
 
-redis_conf_dir: /etc/redis
+redis_conf_dir_prefix: /etc/redis
 
 redis_port: 6379
 redis_bind_interface: 127.0.0.1
 
 redis_socket_enabled: True
-redis_socket_dir: '/var/run/redis'
+redis_socket_dir_prefix: '/var/run/redis'
 redis_socket_perms: 770
 
-redis_pid_dir: "/var/run/redis"
+redis_pid_dir_prefix: "/var/run/redis"
 
 redis_timeout: 300
 
@@ -19,7 +19,7 @@ redis_password: NULL
 # for slave authorization on master
 redis_password_master: "{{ redis_password }}"
 
-redis_log_dir: /var/log/redis
+redis_log_dir_prefix: /var/log/redis
 redis_log_level: "notice"
 
 redis_databases: 16
@@ -31,7 +31,7 @@ redis_save:
   - 60 10000
 
 redis_rdbcompression: True
-redis_data_dir: /var/lib/redis
+redis_data_dir_prefix: /var/lib/redis
 redis_data_file: dump.rdb
 
 redis_maxclients: 10000
diff --git a/redis/files/redis-server@jessie.service b/redis/files/redis-server@jessie.service
deleted file mode 100644
index 9ba89b73..00000000
--- a/redis/files/redis-server@jessie.service
+++ /dev/null
@@ -1,19 +0,0 @@
-[Unit]
-Description=Advanced key-value store
-After=network.target
-
-[Service]
-Type=forking
-PermissionsStartOnly=True
-User=redis-%i
-Group=redis-%i
-ExecStartPre=/bin/mkdir /var/run/redis-%i
-ExecStartPre=/bin/chown redis-%i:redis-%i /var/run/redis-%i
-ExecStartPre=/bin/chmod 0750 /var/run/redis-%i
-ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf --unixsocket /var/run/redis-%i/redis.sock --pidfile /var/run/redis-%i/redis-server.pid
-ExecStop=/usr/bin/redis-cli -s /var/run/redis-%i/redis.sock shutdown
-ExecStopPost=/bin/rm -rf /var/run/redis-%i
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/redis/files/redis-server@stretch.service b/redis/files/redis-server@stretch.service
deleted file mode 100644
index 0708da9b..00000000
--- a/redis/files/redis-server@stretch.service
+++ /dev/null
@@ -1,38 +0,0 @@
-[Unit]
-Description=Advanced key-value store
-After=network.target
-
-[Service]
-Type=forking
-ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf
-PIDFile=/var/run/redis-%i/redis-server.pid
-TimeoutStopSec=0
-Restart=always
-User=redis-%i
-Group=redis-%i
-RuntimeDirectory=redis-%i
-
-ExecStartPre=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-up.d
-ExecStartPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-up.d
-ExecStop=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-down.d
-ExecStop=/bin/kill -s TERM $MAINPID
-ExecStopPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-down.d
-
-UMask=007
-PrivateTmp=yes
-LimitNOFILE=65535
-PrivateDevices=yes
-ProtectHome=yes
-ReadOnlyDirectories=/
-ReadWriteDirectories=-/var/lib/redis-%i
-ReadWriteDirectories=-/var/log/redis-%i
-ReadWriteDirectories=-/var/run/redis-%i
-CapabilityBoundingSet=~CAP_SYS_PTRACE
-
-# redis-server writes its own config file when in cluster mode so we allow
-# writing there (NB. ProtectSystem=true over ProtectSystem=full)
-ProtectSystem=true
-ReadWriteDirectories=-/etc/redis-%i
-
-[Install]
-WantedBy=multi-user.target
diff --git a/redis/tasks/instance-server.yml b/redis/tasks/instance-server.yml
index 446da397..ff187f45 100644
--- a/redis/tasks/instance-server.yml
+++ b/redis/tasks/instance-server.yml
@@ -91,8 +91,8 @@
     - redis
 
 - name: Systemd template for redis instances is installed (Debian 8)
-  copy:
-    src: 'redis-server@jessie.service'
+  template:
+    src: 'redis-server@jessie.service.j2'
     dest: '/etc/systemd/system/redis-server@.service'
     mode: "0644"
     owner: "root"
@@ -104,8 +104,8 @@
     - redis
 
 - name: Systemd template for redis instances is installed (Debian 9 or later)
-  copy:
-    src: 'redis-server@stretch.service'
+  template:
+    src: 'redis-server@stretch.service.j2'
     dest: '/etc/systemd/system/redis-server@.service'
     mode: "0644"
     owner: "root"
diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml
index 90d5677c..460843e4 100644
--- a/redis/tasks/main.yml
+++ b/redis/tasks/main.yml
@@ -39,14 +39,20 @@
 - include: instance-server.yml
   vars:
     redis_systemd_name: "redis-server@{{ redis_instance_name }}"
-    redis_conf_dir: "/etc/redis-{{ redis_instance_name }}"
-    redis_socket_dir: "/var/run/redis-{{ redis_instance_name }}"
-    redis_pid_dir: "/var/run/redis-{{ redis_instance_name }}"
-    redis_log_dir: "/var/log/redis-{{ redis_instance_name }}"
-    redis_data_dir: "/var/lib/redis-{{ redis_instance_name }}"
+    redis_conf_dir: "{{ redis_conf_dir_prefix }}-{{ redis_instance_name }}"
+    redis_socket_dir: "{{ redis_socket_dir_prefix }}-{{ redis_instance_name }}"
+    redis_pid_dir: "{{ redis_pid_dir_prefix }}-{{ redis_instance_name }}"
+    redis_log_dir: "{{ redis_log_dir_prefix }}-{{ redis_instance_name }}"
+    redis_data_dir: "{{ redis_data_dir_prefix }}-{{ redis_instance_name }}"
   when: redis_instance_name is defined
 
 - include: default-server.yml
+  vars:
+    redis_conf_dir: "{{ redis_conf_dir_prefix }}"
+    redis_socket_dir: "{{ redis_socket_dir_prefix }}"
+    redis_pid_dir: "{{ redis_pid_dir_prefix }}"
+    redis_log_dir: "{{ redis_log_dir_prefix }}"
+    redis_data_dir: "{{ redis_data_dir_prefix }}"
   when: redis_instance_name is not defined
 
 - name: Is Munin installed
diff --git a/redis/templates/redis-server@jessie.service.j2 b/redis/templates/redis-server@jessie.service.j2
new file mode 100644
index 00000000..7d2195d7
--- /dev/null
+++ b/redis/templates/redis-server@jessie.service.j2
@@ -0,0 +1,19 @@
+[Unit]
+Description=Advanced key-value store
+After=network.target
+
+[Service]
+Type=forking
+PermissionsStartOnly=True
+User=redis-%i
+Group=redis-%i
+ExecStartPre=/bin/mkdir -p {{ redis_socket_dir_prefix }}-%i {{ redis_pid_dir_prefix }}-%i
+ExecStartPre=/bin/chown redis-%i:redis-%i {{ redis_socket_dir_prefix }}-%i {{ redis_pid_dir_prefix }}-%i
+ExecStartPre=/bin/chmod 0750 {{ redis_socket_dir_prefix }}-%i {{ redis_pid_dir_prefix }}-%i
+ExecStart=/usr/bin/redis-server {{ redis_conf_dir_prefix }}-%i/redis.conf --unixsocket {{ redis_socket_dir_prefix }}-%i/redis.sock --pidfile {{ redis_pid_dir_prefix }}-%i/redis-server.pid
+ExecStop=/usr/bin/redis-cli -s {{ redis_socket_dir_prefix }}-%i/redis.sock shutdown
+ExecStopPost=/bin/rm -rf {{ redis_socket_dir_prefix }}-%i {{ redis_pid_dir_prefix }}-%i
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/redis/templates/redis-server@stretch.service.j2 b/redis/templates/redis-server@stretch.service.j2
new file mode 100644
index 00000000..ea29da5e
--- /dev/null
+++ b/redis/templates/redis-server@stretch.service.j2
@@ -0,0 +1,39 @@
+[Unit]
+Description=Advanced key-value store
+After=network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/redis-server {{ redis_conf_dir_prefix }}-%i/redis.conf
+PIDFile=/var/run/redis-%i/redis-server.pid
+TimeoutStopSec=0
+Restart=always
+User=redis-%i
+Group=redis-%i
+RuntimeDirectory=redis-%i
+
+ExecStartPre=-/bin/run-parts --verbose {{ redis_conf_dir_prefix }}-%i/redis-server.pre-up.d
+ExecStartPost=-/bin/run-parts --verbose {{ redis_conf_dir_prefix }}-%i/redis-server.post-up.d
+ExecStop=-/bin/run-parts --verbose {{ redis_conf_dir_prefix }}-%i/redis-server.pre-down.d
+ExecStop=/bin/kill -s TERM $MAINPID
+ExecStopPost=-/bin/run-parts --verbose {{ redis_conf_dir_prefix }}-%i/redis-server.post-down.d
+
+UMask=007
+PrivateTmp=yes
+LimitNOFILE=65535
+PrivateDevices=yes
+ProtectHome={{ redis_data_dir_prefix | match('/home') | ternary('no', 'yes') }}
+ReadOnlyDirectories=/
+ReadWriteDirectories=-{{ redis_data_dir_prefix }}-%i
+ReadWriteDirectories=-{{ redis_log_dir_prefix }}-%i
+ReadWriteDirectories=-{{ redis_pid_dir_prefix }}-%i
+ReadWriteDirectories=-{{ redis_socket_dir_prefix }}-%i
+CapabilityBoundingSet=~CAP_SYS_PTRACE
+
+# redis-server writes its own config file when in cluster mode so we allow
+# writing there (NB. ProtectSystem=true over ProtectSystem=full)
+ProtectSystem=true
+ReadWriteDirectories=-{{ redis_conf_dir_prefix }}-%i
+
+[Install]
+WantedBy=multi-user.target