rewrite systemd unit, separate configuration files
This commit is contained in:
parent
d0111f9a4f
commit
d972c6c794
|
@ -5,9 +5,13 @@ redis_conf_dir: /etc/redis
|
|||
|
||||
redis_port: 6379
|
||||
redis_bind_interface: 127.0.0.1
|
||||
|
||||
redis_socket_enabled: True
|
||||
redis_socket_dir: '/var/run/redis'
|
||||
redis_socket_perms: 770
|
||||
|
||||
redis_pid_dir: "/var/run/redis"
|
||||
|
||||
redis_timeout: 300
|
||||
|
||||
# for client authorization
|
||||
|
@ -52,4 +56,4 @@ redis_disabled_commands: []
|
|||
|
||||
redis_sentinel_install: False
|
||||
|
||||
redis_default_server_disabled: True
|
||||
redis_default_server_disabled: False
|
||||
|
|
|
@ -3,17 +3,35 @@ Description=Advanced key-value store
|
|||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/bin/mkdir -m 0755 -p /var/run/redis-%i
|
||||
ExecStartPre=/bin/chown redis-%i: /var/run/redis-%i
|
||||
PermissionsStartOnly=yes
|
||||
|
||||
Type=forking
|
||||
ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf --unixsocket /var/run/redis-%i/redis.sock --pidfile /var/run/redis-%i/redis-server.pid
|
||||
ExecStop=/usr/bin/redis-cli -s /var/run/redis-%i/redis.sock shutdown
|
||||
ExecStart=/usr/bin/redis-server /etc/redis-%i/redis.conf
|
||||
PIDFile=/var/run/redis-%i/redis-server.pid
|
||||
TimeoutStopSec=0
|
||||
Restart=always
|
||||
User=redis-%i
|
||||
Group=redis-%i
|
||||
LimitNOFILE=65535
|
||||
RuntimeDirectory=redis-%i
|
||||
|
||||
ExecStartPre=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-up.d
|
||||
ExecStartPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-up.d
|
||||
ExecStop=-/bin/run-parts --verbose /etc/redis-%i/redis-server.pre-down.d
|
||||
ExecStop=/bin/kill -s TERM $MAINPID
|
||||
ExecStopPost=-/bin/run-parts --verbose /etc/redis-%i/redis-server.post-down.d
|
||||
|
||||
UMask=007
|
||||
PrivateTmp=yes
|
||||
LimitNOFILE=65535
|
||||
PrivateDevices=yes
|
||||
ProtectHome=yes
|
||||
ReadOnlyDirectories=/
|
||||
ReadWriteDirectories=-/var/lib/redis-%i
|
||||
ReadWriteDirectories=-/var/log/redis-%i
|
||||
ReadWriteDirectories=-/var/run/redis-%i
|
||||
CapabilityBoundingSet=~CAP_SYS_PTRACE
|
||||
|
||||
# redis-server writes its own config file when in cluster mode so we allow
|
||||
# writing there (NB. ProtectSystem=true over ProtectSystem=full)
|
||||
ProtectSystem=true
|
||||
ReadWriteDirectories=-/etc/redis-%i
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -3,8 +3,10 @@
|
|||
- name: Redis is configured.
|
||||
template:
|
||||
src: redis.conf.j2
|
||||
dest: "{{ redis_conf_dir }}"
|
||||
mode: "0644"
|
||||
dest: "{{ redis_conf_dir }}/redis.conf"
|
||||
mode: "0640"
|
||||
owner: redis
|
||||
group: redis
|
||||
notify: "{{ redis_restart_handler_name }}"
|
||||
tags:
|
||||
- redis
|
||||
|
|
|
@ -18,16 +18,32 @@
|
|||
tags:
|
||||
- redis
|
||||
|
||||
- name: "Instances '{{ redis_instance_name }}' directories are present"
|
||||
- name: "Instances '{{ redis_instance_name }}' config directories are present"
|
||||
file:
|
||||
dest: "{{ item }}"
|
||||
mode: "0755"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
follow: yes
|
||||
state: directory
|
||||
with_items:
|
||||
- "{{ redis_conf_dir }}"
|
||||
- "{{ redis_conf_dir }}/redis-server.pre-up.d"
|
||||
- "{{ redis_conf_dir }}/redis-server.post-up.d"
|
||||
- "{{ redis_conf_dir }}/redis-server.pre-down.d"
|
||||
- "{{ redis_conf_dir }}/redis-server.post-down.d"
|
||||
tags:
|
||||
- redis
|
||||
|
||||
- name: "Instances '{{ redis_instance_name }}' other directories are present"
|
||||
file:
|
||||
dest: "{{ item }}"
|
||||
mode: "0750"
|
||||
owner: "redis-{{ redis_instance_name }}"
|
||||
group: "redis-{{ redis_instance_name }}"
|
||||
follow: yes
|
||||
state: directory
|
||||
with_items:
|
||||
- "{{ redis_conf_dir }}"
|
||||
- "{{ redis_pid_dir }}"
|
||||
- "{{ redis_socket_dir }}"
|
||||
- "{{ redis_data_dir }}"
|
||||
|
@ -39,7 +55,9 @@
|
|||
template:
|
||||
src: redis.conf.j2
|
||||
dest: "{{ redis_conf_dir }}/redis.conf"
|
||||
mode: "0644"
|
||||
mode: "0640"
|
||||
owner: redis-{{ redis_instance_name }}
|
||||
group: redis-{{ redis_instance_name }}
|
||||
tags:
|
||||
- redis
|
||||
|
||||
|
@ -48,6 +66,8 @@
|
|||
src: 'redis-server@.service'
|
||||
dest: '/etc/systemd/system/'
|
||||
mode: "0644"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
tags:
|
||||
- redis
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@
|
|||
when:
|
||||
- _munin_installed.stat.exists
|
||||
- _munin_installed.stat.isdir
|
||||
- redis_instance_name is not defined
|
||||
- redis_instance_name is undefined
|
||||
tags:
|
||||
- redis
|
||||
- munin
|
||||
|
@ -87,7 +87,8 @@
|
|||
|
||||
- include: nrpe_stretch.yml
|
||||
when:
|
||||
- ansible_distribution_release == "stretch"
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version | version_compare('9', '>=')
|
||||
- nrpe_evolix_config.stat.exists == true
|
||||
tags:
|
||||
- redis
|
||||
|
|
|
@ -3,7 +3,7 @@ pidfile {{ redis_pid_dir }}/redis-server.pid
|
|||
port {{ redis_port }}
|
||||
bind {{ redis_bind_interface }}
|
||||
|
||||
{% if redis_unixsocket %}
|
||||
{% if redis_socket_enabled %}
|
||||
unixsocket {{ redis_socket_dir }}/redis.sock
|
||||
unixsocketperm {{ redis_socket_perms }}
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in a new issue