evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 33 Wiki Activity

rewrite systemd unit, separate configuration files

Browse source
This commit is contained in:
Jérémy Lecour 2019-09-05 09:41:58 +02:00 committed by Jérémy Lecour
parent d0111f9a4f
commit d972c6c794
6 changed files with 61 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
redis/defaults/main.yml
View file

@ -5,9 +5,13 @@ redis_conf_dir: /etc/redis
redis_port: 6379 redis_port: 6379
redis_bind_interface: 127.0.0.1 redis_bind_interface: 127.0.0.1
redis_socket_enabled: True
redis_socket_dir: '/var/run/redis' redis_socket_dir: '/var/run/redis'
redis_socket_perms: 770 redis_socket_perms: 770
redis_pid_dir: "/var/run/redis" redis_pid_dir: "/var/run/redis"
redis_timeout: 300 redis_timeout: 300
# for client authorization # for client authorization
@ -52,4 +56,4 @@ redis_disabled_commands: []
redis_sentinel_install: False redis_sentinel_install: False
redis_default_server_disabled: True redis_default_server_disabled: False

32
redis/files/redis-server@.service
View file

@ -3,17 +3,35 @@ Description=Advanced key-value store
After=network.target After=network.target
[Service] [Service]
ExecStartPre=/bin/mkdir -m 0755 -p /var/run/redis-%i
ExecStartPre=/bin/chown redis-%i: /var/run/redis-%i
PermissionsStartOnly=yes
Type=forking Type=forking
ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf --unixsocket /var/run/redis-%i/redis.sock --pidfile /var/run/redis-%i/redis-server.pid ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf
ExecStop=/usr/bin/redis-cli -s /var/run/redis-%i/redis.sock shutdown PIDFile=/var/run/redis-%i/redis-server.pid
TimeoutStopSec=0
Restart=always Restart=always
User=redis-%i User=redis-%i
Group=redis-%i Group=redis-%i
LimitNOFILE=65535 RuntimeDirectory=redis-%i
ExecStartPre=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-up.d
ExecStartPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-up.d
ExecStop=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-down.d
ExecStop=/bin/kill -s TERM $MAINPID
ExecStopPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-down.d
UMask=007
PrivateTmp=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/redis-%i
ReadWriteDirectories=-/var/log/redis-%i
ReadWriteDirectories=-/var/run/redis-%i
CapabilityBoundingSet=~CAP_SYS_PTRACE
# redis-server writes its own config file when in cluster mode so we allow
# writing there (NB. ProtectSystem=true over ProtectSystem=full)
ProtectSystem=true
ReadWriteDirectories=-/etc/redis-%i
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

6
redis/tasks/default-server.yml
View file

@ -3,8 +3,10 @@
- name: Redis is configured. - name: Redis is configured.
template: template:
src: redis.conf.j2 src: redis.conf.j2
dest: "{{ redis_conf_dir }}" dest: "{{ redis_conf_dir }}/redis.conf"
mode: "0644" mode: "0640"
owner: redis
group: redis
notify: "{{ redis_restart_handler_name }}" notify: "{{ redis_restart_handler_name }}"
tags: tags:
- redis - redis

26
redis/tasks/instance-server.yml
View file

@ -18,16 +18,32 @@
tags: tags:
- redis - redis
- name: "Instances '{{ redis_instance_name }}' directories are present" - name: "Instances '{{ redis_instance_name }}' config directories are present"
file: file:
dest: "{{ item }}" dest: "{{ item }}"
mode: "0755" mode: "0755"
owner: "root"
group: "root"
follow: yes
state: directory
with_items:
- "{{ redis_conf_dir }}"
- "{{ redis_conf_dir }}/redis-server.pre-up.d"
- "{{ redis_conf_dir }}/redis-server.post-up.d"
- "{{ redis_conf_dir }}/redis-server.pre-down.d"
- "{{ redis_conf_dir }}/redis-server.post-down.d"
tags:
- redis
- name: "Instances '{{ redis_instance_name }}' other directories are present"
file:
dest: "{{ item }}"
mode: "0750"
owner: "redis-{{ redis_instance_name }}" owner: "redis-{{ redis_instance_name }}"
group: "redis-{{ redis_instance_name }}" group: "redis-{{ redis_instance_name }}"
follow: yes follow: yes
state: directory state: directory
with_items: with_items:
- "{{ redis_conf_dir }}"
- "{{ redis_pid_dir }}" - "{{ redis_pid_dir }}"
- "{{ redis_socket_dir }}" - "{{ redis_socket_dir }}"
- "{{ redis_data_dir }}" - "{{ redis_data_dir }}"
@ -39,7 +55,9 @@
template: template:
src: redis.conf.j2 src: redis.conf.j2
dest: "{{ redis_conf_dir }}/redis.conf" dest: "{{ redis_conf_dir }}/redis.conf"
mode: "0644" mode: "0640"
owner: redis-{{ redis_instance_name }}
group: redis-{{ redis_instance_name }}
tags: tags:
- redis - redis
@ -48,6 +66,8 @@
src: 'redis-server@.service' src: 'redis-server@.service'
dest: '/etc/systemd/system/' dest: '/etc/systemd/system/'
mode: "0644" mode: "0644"
owner: "root"
group: "root"
tags: tags:
- redis - redis

5
redis/tasks/main.yml
View file

@ -62,7 +62,7 @@
when: when:
- _munin_installed.stat.exists - _munin_installed.stat.exists
- _munin_installed.stat.isdir - _munin_installed.stat.isdir
- redis_instance_name is not defined - redis_instance_name is undefined
tags: tags:
- redis - redis
- munin - munin
@ -87,7 +87,8 @@
- include: nrpe_stretch.yml - include: nrpe_stretch.yml
when: when:
- ansible_distribution_release == "stretch" - ansible_distribution == "Debian"
- ansible_distribution_major_version | version_compare('9', '>=')
- nrpe_evolix_config.stat.exists == true - nrpe_evolix_config.stat.exists == true
tags: tags:
- redis - redis

2
redis/templates/redis.conf.j2
View file

@ -3,7 +3,7 @@ pidfile {{ redis_pid_dir }}/redis-server.pid
port {{ redis_port }} port {{ redis_port }}
bind {{ redis_bind_interface }} bind {{ redis_bind_interface }}
{% if redis_unixsocket %} {% if redis_socket_enabled %}
unixsocket {{ redis_socket_dir }}/redis.sock unixsocket {{ redis_socket_dir }}/redis.sock
unixsocketperm {{ redis_socket_perms }} unixsocketperm {{ redis_socket_perms }}
{% endif %} {% endif %}