rewrite systemd unit, separate configuration files

This commit is contained in:
Jérémy Lecour 2019-09-05 09:41:58 +02:00 committed by Jérémy Lecour
parent d0111f9a4f
commit d972c6c794
6 changed files with 61 additions and 16 deletions

View File

@ -5,9 +5,13 @@ redis_conf_dir: /etc/redis
redis_port: 6379
redis_bind_interface: 127.0.0.1
redis_socket_enabled: True
redis_socket_dir: '/var/run/redis'
redis_socket_perms: 770
redis_pid_dir: "/var/run/redis"
redis_timeout: 300
# for client authorization
@ -52,4 +56,4 @@ redis_disabled_commands: []
redis_sentinel_install: False
redis_default_server_disabled: True
redis_default_server_disabled: False

View File

@ -3,17 +3,35 @@ Description=Advanced key-value store
After=network.target
[Service]
ExecStartPre=/bin/mkdir -m 0755 -p /var/run/redis-%i
ExecStartPre=/bin/chown redis-%i: /var/run/redis-%i
PermissionsStartOnly=yes
Type=forking
ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf --unixsocket /var/run/redis-%i/redis.sock --pidfile /var/run/redis-%i/redis-server.pid
ExecStop=/usr/bin/redis-cli -s /var/run/redis-%i/redis.sock shutdown
ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf
PIDFile=/var/run/redis-%i/redis-server.pid
TimeoutStopSec=0
Restart=always
User=redis-%i
Group=redis-%i
LimitNOFILE=65535
RuntimeDirectory=redis-%i
ExecStartPre=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-up.d
ExecStartPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-up.d
ExecStop=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-down.d
ExecStop=/bin/kill -s TERM $MAINPID
ExecStopPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-down.d
UMask=007
PrivateTmp=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/redis-%i
ReadWriteDirectories=-/var/log/redis-%i
ReadWriteDirectories=-/var/run/redis-%i
CapabilityBoundingSet=~CAP_SYS_PTRACE
# redis-server writes its own config file when in cluster mode so we allow
# writing there (NB. ProtectSystem=true over ProtectSystem=full)
ProtectSystem=true
ReadWriteDirectories=-/etc/redis-%i
[Install]
WantedBy=multi-user.target

View File

@ -3,8 +3,10 @@
- name: Redis is configured.
template:
src: redis.conf.j2
dest: "{{ redis_conf_dir }}"
mode: "0644"
dest: "{{ redis_conf_dir }}/redis.conf"
mode: "0640"
owner: redis
group: redis
notify: "{{ redis_restart_handler_name }}"
tags:
- redis

View File

@ -18,16 +18,32 @@
tags:
- redis
- name: "Instances '{{ redis_instance_name }}' directories are present"
- name: "Instances '{{ redis_instance_name }}' config directories are present"
file:
dest: "{{ item }}"
mode: "0755"
owner: "root"
group: "root"
follow: yes
state: directory
with_items:
- "{{ redis_conf_dir }}"
- "{{ redis_conf_dir }}/redis-server.pre-up.d"
- "{{ redis_conf_dir }}/redis-server.post-up.d"
- "{{ redis_conf_dir }}/redis-server.pre-down.d"
- "{{ redis_conf_dir }}/redis-server.post-down.d"
tags:
- redis
- name: "Instances '{{ redis_instance_name }}' other directories are present"
file:
dest: "{{ item }}"
mode: "0750"
owner: "redis-{{ redis_instance_name }}"
group: "redis-{{ redis_instance_name }}"
follow: yes
state: directory
with_items:
- "{{ redis_conf_dir }}"
- "{{ redis_pid_dir }}"
- "{{ redis_socket_dir }}"
- "{{ redis_data_dir }}"
@ -39,7 +55,9 @@
template:
src: redis.conf.j2
dest: "{{ redis_conf_dir }}/redis.conf"
mode: "0644"
mode: "0640"
owner: redis-{{ redis_instance_name }}
group: redis-{{ redis_instance_name }}
tags:
- redis
@ -48,6 +66,8 @@
src: 'redis-server@.service'
dest: '/etc/systemd/system/'
mode: "0644"
owner: "root"
group: "root"
tags:
- redis

View File

@ -62,7 +62,7 @@
when:
- _munin_installed.stat.exists
- _munin_installed.stat.isdir
- redis_instance_name is not defined
- redis_instance_name is undefined
tags:
- redis
- munin
@ -87,7 +87,8 @@
- include: nrpe_stretch.yml
when:
- ansible_distribution_release == "stretch"
- ansible_distribution == "Debian"
- ansible_distribution_major_version | version_compare('9', '>=')
- nrpe_evolix_config.stat.exists == true
tags:
- redis

View File

@ -3,7 +3,7 @@ pidfile {{ redis_pid_dir }}/redis-server.pid
port {{ redis_port }}
bind {{ redis_bind_interface }}
{% if redis_unixsocket %}
{% if redis_socket_enabled %}
unixsocket {{ redis_socket_dir }}/redis.sock
unixsocketperm {{ redis_socket_perms }}
{% endif %}