diff --git a/roles/redis/README.md b/roles/redis/README.md new file mode 100644 index 0000000..6ec7126 --- /dev/null +++ b/roles/redis/README.md @@ -0,0 +1,13 @@ +--- + +# `finallycoffee.base.redis` ansible role + +Ansible role to deploy redis. Can use systemd or docker, depending on the +value of `redis_deployment_method`. Supports running the role multiple times +by setting `redis_instance` to a unique string to avoid namespace-collisions. + +## Configuration + +Extra configurations keys for redis can be provided as key-value pairs +in `redis_config`. For all configuration keys, consult the upstream example +redis.conf. diff --git a/roles/redis/defaults/main.yml b/roles/redis/defaults/main.yml new file mode 100644 index 0000000..6e931df --- /dev/null +++ b/roles/redis/defaults/main.yml @@ -0,0 +1,51 @@ +--- + +redis_instance: '' +redis_version: "7.2" +redis_user: "redis{{ '-' ~ redis_instance }}" +redis_deployment_method: docker +redis_config_file: "/etc/redis/redis{{ '-' ~ redis_instance }}.conf" +redis_data_directory: "/var/lib/redis/" + +redis_config_dbfilename: "redis{{ '-' ~ redis_instance }}.rdb" +redis_config_dir: "{{ redis_data_directory }}" +redis_config_bind: + - -::1 + - "{{ (redis_deployment_method == 'docker') | ternary('0.0.0.0', '127.0.0.1') }}" + - "{{ (redis_deployment_method == 'docker') | ternary('-::*', '::1') }}" +redis_config_port: "6379" +redis_config_procted_mode: true +#redis_config_maxmemory_bytes: 100mb +#redis_config_maxmemory_policy: noeviction +redis_config_unix_socket: "/run/redis.sock" +redis_config_unix_socket_perm: "700" + +redis_container_name: "redis{{ '_' ~ redis_instance }}" +redis_container_image_flavour: alpine +redis_container_image_registry: "docker.io" +redis_container_image_namespace: ~ +redis_container_image_name: "redis" +redis_container_image_reference: >- + {{ redis_container_image_repository ~ ':' + ~ redis_container_image_tage | default( + redis_version ~ (redis_container_image_flavour | ternary( + '-' ~ redis_container_image_flavour, '')), true) }} +redis_container_image_repository: >- + {{ redis_container_image_registry ~ '/' + ~ (redis_container_image_namespace | ternary(redis_container_image_namespace ~ '/')) + ~ redis_container_image_name }} +redis_container_ports: + - "127.0.0.1:{{ redis_config_port }}:{{ redis_config_port }}" + - "[i::1]:{{ redis_config_port }}:{{ redis_config_port }}" +redis_container_restart_policy: "unless-stopped" +redis_container_state: "started" + +redis_container_base_labels: + version: "{{ redis_version }}" +redis_container_all_labels: >- + {{ redis_container_base_labels | combine(redis_container_labels | default({})) }} +redis_container_base_volumes: + - "{{ redis_config_file }}:/usr/local/etc/redis/redis.conf:ro" + - "{{ redis_data_directory }}:{{ redis_data_directory }}:rw" +redis_container_all_volumes: >- + {{ redis_container_base_volumes + redis_container_volumes | default([]) }} diff --git a/roles/redis/handlers/main.yml b/roles/redis/handlers/main.yml new file mode 100644 index 0000000..25bc04d --- /dev/null +++ b/roles/redis/handlers/main.yml @@ -0,0 +1,11 @@ +--- + +- name: Ensure redis container '{{ redis_container_name }}' is restarted + listen: restart-redis + community.docker.docker_container: + name: "{{ redis_container_image }}" + state: "started" + restart: true + when: + - redis_deployment_method == "docker" + - not redis_container_info.changed diff --git a/roles/redis/tasks/main.yml b/roles/redis/tasks/main.yml new file mode 100644 index 0000000..6e53c99 --- /dev/null +++ b/roles/redis/tasks/main.yml @@ -0,0 +1,50 @@ +--- + +- name: Ensure redis user '{{ redis_user }}' is present + ansible.builtin.user: + name: "{{ redis_user }}" + state: "present" + system: true + create_home: false + groups: "{{ redis_user_groups | default(omit) }}" + append: "{{ redis_user_groups is defined | ternary('true', omit) }}" + register: redis_user_info + +- name: Ensure redis configuration is written out + ansible.builtin.copy: + content: |+ + {% for key, value in redis_config_to_write %} + {{ key }} {{ value }} + {% endfor %} + dest: "{{ redis_config_file }}" + owner: "{{ redis_user_info.uid | default(redis_user) }}" + group: "{{ redis_user_info.group | default(redis_user) }}" + mode: "0640" + notify: + - restart-redis + +- name: Ensure container image is present on host + community.docker.docker_image: + name: "{{ redis_container_image_reference }}" + state: "present" + source: "pull" + force_source: "{{ redis_container_image_tag | bool }}" + when: "redis_deployment_method == 'docker'" + +- name: Ensure redis container '{{ redis_container_name }}' is '{{ redis_container_state }}' + community.docker.docker_container: + name: "{{ redis_container_name }}" + image: "{{ redis_container_image_reference }}" + env: "{{ redis_container_env | default(omit) }}" + ports: "{{ redis_container_ports | default(omit) }}" + labels: "{{ redis_container_all_labels }}" + volumes: "{{ redis_container_all_volumes }}" + networks: "{{ redis_container_networks | default(omit) }}" + purge_networks: "{{ redis_container_purge_networks | default(omit) }}" + etc_hosts: "{{ redis_container_etc_hosts | default(omit) }}" + memory: "{{ redis_container_memory | default(omit) }}" + memory_swap: "{{ redis_container_memory_swap | default(omit) }}" + restart_policy: "{{ redis_container_restart_policy }}" + state: "{{ redis_container_state }}" + register: redis_container_info + when: "redis_deployment_method == 'docker'" diff --git a/roles/redis/vars/main.yml b/roles/redis/vars/main.yml new file mode 100644 index 0000000..3b341b8 --- /dev/null +++ b/roles/redis/vars/main.yml @@ -0,0 +1,13 @@ +--- + +redis_base_config: + dbfilename: "{{ redis_config_dbfilename }}" + dir: "{{ redis_data_directory }}" + bind: "{{ redis_config_bind | join(' ') }}" + port: "{{ redis_config_port }}" + "protected-mode": "{{ redis_config_protected_mode | ternary('yes', 'no') }}" + unixsocket: "{{ redis_config_unix_socket }}" + unixsocketperm: "{{ redis_config_unix_socket_perm }}" + +redis_config_to_write: >- + {{ redis_base_config | combine(redis_config | default({}), recursive=True) }}