rewrite systemd unit, separate configuration files
This commit is contained in:
parent
d0111f9a4f
commit
d972c6c794
|
@ -5,9 +5,13 @@ redis_conf_dir: /etc/redis
|
||||||
|
|
||||||
redis_port: 6379
|
redis_port: 6379
|
||||||
redis_bind_interface: 127.0.0.1
|
redis_bind_interface: 127.0.0.1
|
||||||
|
|
||||||
|
redis_socket_enabled: True
|
||||||
redis_socket_dir: '/var/run/redis'
|
redis_socket_dir: '/var/run/redis'
|
||||||
redis_socket_perms: 770
|
redis_socket_perms: 770
|
||||||
|
|
||||||
redis_pid_dir: "/var/run/redis"
|
redis_pid_dir: "/var/run/redis"
|
||||||
|
|
||||||
redis_timeout: 300
|
redis_timeout: 300
|
||||||
|
|
||||||
# for client authorization
|
# for client authorization
|
||||||
|
@ -52,4 +56,4 @@ redis_disabled_commands: []
|
||||||
|
|
||||||
redis_sentinel_install: False
|
redis_sentinel_install: False
|
||||||
|
|
||||||
redis_default_server_disabled: True
|
redis_default_server_disabled: False
|
||||||
|
|
|
@ -3,17 +3,35 @@ Description=Advanced key-value store
|
||||||
After=network.target
|
After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStartPre=/bin/mkdir -m 0755 -p /var/run/redis-%i
|
|
||||||
ExecStartPre=/bin/chown redis-%i: /var/run/redis-%i
|
|
||||||
PermissionsStartOnly=yes
|
|
||||||
|
|
||||||
Type=forking
|
Type=forking
|
||||||
ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf --unixsocket /var/run/redis-%i/redis.sock --pidfile /var/run/redis-%i/redis-server.pid
|
ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf
|
||||||
ExecStop=/usr/bin/redis-cli -s /var/run/redis-%i/redis.sock shutdown
|
PIDFile=/var/run/redis-%i/redis-server.pid
|
||||||
|
TimeoutStopSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
User=redis-%i
|
User=redis-%i
|
||||||
Group=redis-%i
|
Group=redis-%i
|
||||||
LimitNOFILE=65535
|
RuntimeDirectory=redis-%i
|
||||||
|
|
||||||
|
ExecStartPre=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-up.d
|
||||||
|
ExecStartPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-up.d
|
||||||
|
ExecStop=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-down.d
|
||||||
|
ExecStop=/bin/kill -s TERM $MAINPID
|
||||||
|
ExecStopPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-down.d
|
||||||
|
|
||||||
|
UMask=007
|
||||||
|
PrivateTmp=yes
|
||||||
|
LimitNOFILE=65535
|
||||||
|
PrivateDevices=yes
|
||||||
|
ProtectHome=yes
|
||||||
|
ReadOnlyDirectories=/
|
||||||
|
ReadWriteDirectories=-/var/lib/redis-%i
|
||||||
|
ReadWriteDirectories=-/var/log/redis-%i
|
||||||
|
ReadWriteDirectories=-/var/run/redis-%i
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_PTRACE
|
||||||
|
|
||||||
|
# redis-server writes its own config file when in cluster mode so we allow
|
||||||
|
# writing there (NB. ProtectSystem=true over ProtectSystem=full)
|
||||||
|
ProtectSystem=true
|
||||||
|
ReadWriteDirectories=-/etc/redis-%i
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -3,8 +3,10 @@
|
||||||
- name: Redis is configured.
|
- name: Redis is configured.
|
||||||
template:
|
template:
|
||||||
src: redis.conf.j2
|
src: redis.conf.j2
|
||||||
dest: "{{ redis_conf_dir }}"
|
dest: "{{ redis_conf_dir }}/redis.conf"
|
||||||
mode: "0644"
|
mode: "0640"
|
||||||
|
owner: redis
|
||||||
|
group: redis
|
||||||
notify: "{{ redis_restart_handler_name }}"
|
notify: "{{ redis_restart_handler_name }}"
|
||||||
tags:
|
tags:
|
||||||
- redis
|
- redis
|
||||||
|
|
|
@ -18,16 +18,32 @@
|
||||||
tags:
|
tags:
|
||||||
- redis
|
- redis
|
||||||
|
|
||||||
- name: "Instances '{{ redis_instance_name }}' directories are present"
|
- name: "Instances '{{ redis_instance_name }}' config directories are present"
|
||||||
file:
|
file:
|
||||||
dest: "{{ item }}"
|
dest: "{{ item }}"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
follow: yes
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- "{{ redis_conf_dir }}"
|
||||||
|
- "{{ redis_conf_dir }}/redis-server.pre-up.d"
|
||||||
|
- "{{ redis_conf_dir }}/redis-server.post-up.d"
|
||||||
|
- "{{ redis_conf_dir }}/redis-server.pre-down.d"
|
||||||
|
- "{{ redis_conf_dir }}/redis-server.post-down.d"
|
||||||
|
tags:
|
||||||
|
- redis
|
||||||
|
|
||||||
|
- name: "Instances '{{ redis_instance_name }}' other directories are present"
|
||||||
|
file:
|
||||||
|
dest: "{{ item }}"
|
||||||
|
mode: "0750"
|
||||||
owner: "redis-{{ redis_instance_name }}"
|
owner: "redis-{{ redis_instance_name }}"
|
||||||
group: "redis-{{ redis_instance_name }}"
|
group: "redis-{{ redis_instance_name }}"
|
||||||
follow: yes
|
follow: yes
|
||||||
state: directory
|
state: directory
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ redis_conf_dir }}"
|
|
||||||
- "{{ redis_pid_dir }}"
|
- "{{ redis_pid_dir }}"
|
||||||
- "{{ redis_socket_dir }}"
|
- "{{ redis_socket_dir }}"
|
||||||
- "{{ redis_data_dir }}"
|
- "{{ redis_data_dir }}"
|
||||||
|
@ -39,7 +55,9 @@
|
||||||
template:
|
template:
|
||||||
src: redis.conf.j2
|
src: redis.conf.j2
|
||||||
dest: "{{ redis_conf_dir }}/redis.conf"
|
dest: "{{ redis_conf_dir }}/redis.conf"
|
||||||
mode: "0644"
|
mode: "0640"
|
||||||
|
owner: redis-{{ redis_instance_name }}
|
||||||
|
group: redis-{{ redis_instance_name }}
|
||||||
tags:
|
tags:
|
||||||
- redis
|
- redis
|
||||||
|
|
||||||
|
@ -48,6 +66,8 @@
|
||||||
src: 'redis-server@.service'
|
src: 'redis-server@.service'
|
||||||
dest: '/etc/systemd/system/'
|
dest: '/etc/systemd/system/'
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
tags:
|
tags:
|
||||||
- redis
|
- redis
|
||||||
|
|
||||||
|
|
|
@ -62,7 +62,7 @@
|
||||||
when:
|
when:
|
||||||
- _munin_installed.stat.exists
|
- _munin_installed.stat.exists
|
||||||
- _munin_installed.stat.isdir
|
- _munin_installed.stat.isdir
|
||||||
- redis_instance_name is not defined
|
- redis_instance_name is undefined
|
||||||
tags:
|
tags:
|
||||||
- redis
|
- redis
|
||||||
- munin
|
- munin
|
||||||
|
@ -87,7 +87,8 @@
|
||||||
|
|
||||||
- include: nrpe_stretch.yml
|
- include: nrpe_stretch.yml
|
||||||
when:
|
when:
|
||||||
- ansible_distribution_release == "stretch"
|
- ansible_distribution == "Debian"
|
||||||
|
- ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
- nrpe_evolix_config.stat.exists == true
|
- nrpe_evolix_config.stat.exists == true
|
||||||
tags:
|
tags:
|
||||||
- redis
|
- redis
|
||||||
|
|
|
@ -3,7 +3,7 @@ pidfile {{ redis_pid_dir }}/redis-server.pid
|
||||||
port {{ redis_port }}
|
port {{ redis_port }}
|
||||||
bind {{ redis_bind_interface }}
|
bind {{ redis_bind_interface }}
|
||||||
|
|
||||||
{% if redis_unixsocket %}
|
{% if redis_socket_enabled %}
|
||||||
unixsocket {{ redis_socket_dir }}/redis.sock
|
unixsocket {{ redis_socket_dir }}/redis.sock
|
||||||
unixsocketperm {{ redis_socket_perms }}
|
unixsocketperm {{ redis_socket_perms }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue