feat(redis): add ansible role

2024-11-02 09:57:00 +01:00
9 changed files with 75 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -4,5 +4,9 @@

 - [`elasticsearch`](roles/elasticsearch/README.md): deploy
  elasticsearch (OSS) in a docker container
+
+- [`redis`](roles/redis/README.md): deploy and configure redis,
+  a fast cache, vector search and NoSQL database.
+
 - [`mariadb`](roles/mariadb/README.md): deploy mariadb
  in a docker container
--- a/galaxy.yml
+++ b/galaxy.yml
@ -14,5 +14,6 @@ repository: https://git.finally.coffee/finallycoffee/databases
 issues: https://codeberg.org/finallycoffee/ansible-collection-databases/issues
 tags:
  - elasticsearch
+  - redis
  - mariadb
  - docker
--- a/roles/redis/README.md
+++ b/roles/redis/README.md
@ -8,3 +8,40 @@ their license to the "Serverside public license" (SSPL).
 Setting the `redis_version` to higher than `7.2.4` means you will deploy
 the SSPL-licensed version to redis.

+## Configuration
+
+All container-related options to the `docker_container` ansible module
+are available under the `redis_container_*` namespace, for example use
+`redis_container_ports: [ '127.0.0.1:6379:6370/tcp' ]` to map the
+containers port 6379 to the docker host.
+
+Redis-related config options are either available in the `redis_config_*`
+namespace or can be specified by setting them as a dictionary in
+`redis_config`
+
+### Authentication and authorization
+
+Redis ACL can be specified as an array in the `redis_config_user` variable
+ - see [the redis documentation](https://github.com/redis/redis/blob/unstable/redis.conf#L869)
+for the format. Per default, the `default` user is able to connect without
+any password. To require a password and use a different user, override
+the variable, for example `redis_config_user: [ 'username on +@all -DEBUG ~* >secret' ]`.
+
+## Redis on a unix socket
+
+To make redis available on a unix socket, a directory must be supplied in which the
+socket lives:
+```yaml
+redis_container_socket: /var/run/redis.sock
+redis_container_volumes:
+  - "/path/to/socket/on/host/redis.sock:{{ redis_container_socket }}:z"
+redis_config_unixsocket: "{{ redis_container_socket }}"
+```
+
+## Container specific information
+
+Redis publishes their official container image in both a debian-based and an
+alpine-based variant. Which image should be used can be configured in
+`redis_container_image_flavour`, which defaults to `alpine`, which is smaller
+in size but also includes less related / debugging tools. To use the debian-
+based image, unset the flavour using `redis_container_image_flavour: ~`.
--- a/roles/redis/defaults/main/config.yml
+++ b/roles/redis/defaults/main/config.yml
@ -4,10 +4,17 @@ redis_config_bind:
  - "-::1"
 redis_config_protected_mode: true
 redis_config_port: 6379
+redis_config_unixsocket: ~
+redis_config_unixsocketperm: '700'
 redis_config_user:
-  - "default on -DEBUG +@all ~* nopass"
+  - "default on +@all -DEBUG ~* nopass"
 redis_config_databases: 16
+redis_config_supervised: false
+redis_config_daemonize: false
 redis_config_dbfilename: dump.rdb
+redis_config_dir: "{{ redis_data_path }}"
+redis_config_save: "3600 1 300 100 60 10000"
+redis_config_appendfsync: everysec

 redis_base_config:
  bind: "{{ redis_config_bind | join(' ') }}"
@ -15,9 +22,20 @@ redis_base_config:
  port: "{{ redis_config_port }}"
  user: "{{ redis_config_user }}"
  databases: "{{ redis_config_databases }}"
+  daemonize: "{{ redis_config_daemonize | bool | ternary('yes', 'no') }}"
+  supervised: "{{ redis_config_supervised | bool | ternary('yes', 'no') }}"
+  save: "{{ redis_config_save }}"
  dbfilename: "{{ redis_config_dbfilename }}"
+  dir: "{{ redis_config_dir }}"
+  appendfsync: "{{ redis_config_appendfsync }}"

 redis_config: ~
-redis_config_merged: >-2
-  {{ redis_config_base
+redis_merged_config: >-2
+  {{ redis_base_config
+  | combine(({
+      'unixsocket': redis_config_unixsocket,
+      'unixsocketperm': redis_config_unixsocketperm,
+    })
+    if (redis_config_unixsocket | default(false, true)) else {},
+    recursive=True)
  | combine(redis_config | default({}, true), recursive=True) }}
--- a/roles/redis/defaults/main/container.yml
+++ b/roles/redis/defaults/main/container.yml
@ -17,7 +17,8 @@ redis_container_image: >-2
    + ':' +
    (redis_container_image_tag | default(
      redis_version + (
-        (redis_container_image_flavour | default(false, true) | bool)
+        ((redis_container_image_flavour is string)
+            and (redis_container_image_flavour | length > 0))
        | ternary('-' + (redis_container_image_flavour | default('')), '')
      ),
      true,
@ -42,7 +43,7 @@ redis_container_etc_hosts: ~
 redis_container_dns_servers: ~
 redis_container_restart_policy: "unless-stopped"
 redis_container_state: >-2
-  {{ (redis_state == 'present') | default('started', 'absent') }}
+  {{ (redis_state == 'present') | ternary('started', 'absent') }}
 redis_container_base_volumes:
  - "{{ redis_config_file }}:{{ redis_config_file }}:ro"
  - "{{ redis_data_path }}:{{ redis_data_path }}:rw"
--- a/roles/redis/defaults/main/main.yml
+++ b/roles/redis/defaults/main/main.yml
@ -1,9 +1,10 @@
 ---
 redis_version: "7.2.4"
+redis_state: "present"
 redis_instance: ~
 redis_instance_suffix: >-2
-  {{ (redis_instance | default(false, true) | bool)
-    | ternary('-' + (redis_instance | default('')), '') }}
+  {{ ((redis_instance is string) and (redis_instance | length > 0))
+    | ternary('-' + (redis_instance | default('', true)), '') }}
 redis_user: >-2
  redis{{ redis_instance_suffix }}

--- a/roles/redis/handlers/main.yml
+++ b/roles/redis/handlers/main.yml
@ -6,5 +6,6 @@
    restart: true
  listen: redis-restart
  when:
-    - deployment_method == 'docker'
+    - redis_deployment_method == 'docker'
    - redis_state == 'present'
+  ignore_errors: "{{ ansible_check_mode }}"
--- a/roles/redis/meta/main.yml
+++ b/roles/redis/meta/main.yml
@ -4,7 +4,7 @@ dependencies: []
 galaxy_info:
  role_name: redis
  description: >-2
-    Deploy and configure redis server
+    Deploy and configure redis, a fast caching, vector-search and NoSQL database.
  galaxy_tags:
    - redis
    - docker
--- a/roles/redis/tasks/main.yml
+++ b/roles/redis/tasks/main.yml
@ -48,13 +48,13 @@
  ansible.builtin.copy:
    content: |+2
      {% for tuple in (redis_merged_config | dict2items) %}
-      {%- if tuple.value is string -%}
+      {% if tuple.value is string  or tuple.value is number %}
      {{ tuple.key }} {{ tuple.value }}
-      {%- elsif -%}
+      {% else %}
      {% for value in tuple.value %}
      {{ tuple.key }} {{ value }}
      {% endfor %}
-      {%- endif -%}
+      {% endif %}
      {% endfor %}
    dest: "{{ redis_config_file }}"
    owner: "{{ redis_run_user_id }}"