From c12559193a7fce1f2f3ce472bc5ecae2d274c073 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 28 Sep 2017 15:02:29 +0200
Subject: [PATCH] Redis: Add the possibility to set an instance password

---
 redis/README.md               |  1 +
 redis/defaults/main.yml       |  2 ++
 redis/tasks/munin.yml         | 10 ++++++++++
 redis/templates/redis.conf.j2 |  4 ++++
 4 files changed, 17 insertions(+)

diff --git a/redis/README.md b/redis/README.md
index 29ff132f..5a7168b7 100644
--- a/redis/README.md
+++ b/redis/README.md
@@ -16,6 +16,7 @@ Main variables are :
 * `redis_conf_path`: config file location ;
 * `redis_port`: listening TCP port ;
 * `redis_bind_interface`: listening IP address ;
+* `redis_password`: password for redis. Empty means no password ;
 * `redis_unixsocket`: Unix socket ;
 * `redis_loglevel`: log verbosity ;
 * `redis_logfile`: log file location.
diff --git a/redis/defaults/main.yml b/redis/defaults/main.yml
index cf4e5fef..268bdd08 100644
--- a/redis/defaults/main.yml
+++ b/redis/defaults/main.yml
@@ -7,6 +7,8 @@ redis_bind_interface: 127.0.0.1
 redis_unixsocket: '/var/run/redis/redis.sock'
 redis_timeout: 300
 
+redis_password: ''
+
 redis_loglevel: "notice"
 redis_logfile: /var/log/redis/redis-server.log
 
diff --git a/redis/tasks/munin.yml b/redis/tasks/munin.yml
index 07473e2f..75d44941 100644
--- a/redis/tasks/munin.yml
+++ b/redis/tasks/munin.yml
@@ -60,3 +60,13 @@
     - used_memory
   notify: restart munin-node
   tags: redis
+
+- name: Add redis password for munin
+  ini_file:
+    dest: /etc/munin/plugin-conf.d/munin-node
+    section: 'redis_*'
+    option: env.password
+    value: '{{ redis_password }}'
+  notify: restart munin-node
+  when: redis_password != ''
+  tags: redis
diff --git a/redis/templates/redis.conf.j2 b/redis/templates/redis.conf.j2
index f7a7c5f0..78dd0c8c 100644
--- a/redis/templates/redis.conf.j2
+++ b/redis/templates/redis.conf.j2
@@ -7,6 +7,10 @@ bind {{ redis_bind_interface }}
 unixsocket {{ redis_unixsocket }}
 {% endif %}
 
+{% if redis_password %}
+requirepass {{ redis_password }}
+{% endif %}
+
 timeout {{ redis_timeout }}
 
 loglevel {{ redis_loglevel }}