From 5a3c8b8fdd335d371ba6aebd3cad8cc9531b1cc3 Mon Sep 17 00:00:00 2001
From: ikerbs <ikerbs@croc.ru>
Date: Wed, 10 Nov 2021 12:28:32 +0300
Subject: [PATCH] add redis role

---
 README.md                     |  5 +++
 defaults/main.yaml            | 12 ++++++
 tasks/Debian/install.yaml     | 58 ++++++++++++++++++++++++++
 tasks/configure-sentinel.yaml |  5 +++
 tasks/configure.yaml          |  5 +++
 tasks/main.yaml               |  5 +++
 tasks/redis.yaml              | 50 ++++++++++++++++++++++
 templates/redis.conf.j2       | 78 +++++++++++++++++++++++++++++++++++
 templates/redis.list.j2       |  1 +
 templates/sentinel.conf.j2    | 17 ++++++++
 10 files changed, 236 insertions(+)
 create mode 100644 README.md
 create mode 100644 defaults/main.yaml
 create mode 100644 tasks/Debian/install.yaml
 create mode 100644 tasks/configure-sentinel.yaml
 create mode 100644 tasks/configure.yaml
 create mode 100644 tasks/main.yaml
 create mode 100644 tasks/redis.yaml
 create mode 100644 templates/redis.conf.j2
 create mode 100644 templates/redis.list.j2
 create mode 100644 templates/sentinel.conf.j2

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c9f32e3
--- /dev/null
+++ b/README.md
@@ -0,0 +1,5 @@
+Setup redis service. 
+Supported modes:
+- Redis sentinel cluster
+
+Tested only with Ubuntu 20.04
diff --git a/defaults/main.yaml b/defaults/main.yaml
new file mode 100644
index 0000000..184c4fb
--- /dev/null
+++ b/defaults/main.yaml
@@ -0,0 +1,12 @@
+redis_debian_version: "6:6.2.6-1rl1~focal1"
+redis_debian_package: redis-server
+redis_sentinel_debian_package: redis-sentinel
+redis_sentinel_debian_version: "6:6.2.6-1rl1~focal1"
+redis_masterauth: P@ssw0rd
+redis_masteruser: masteruser
+
+redis_debian_apt_key:
+  - name: redis.io.gpg
+    url: https://packages.redis.io/gpg
+    keyring: /etc/apt/trusted.gpg.d/redis.io.gpg
+
diff --git a/tasks/Debian/install.yaml b/tasks/Debian/install.yaml
new file mode 100644
index 0000000..9624ab5
--- /dev/null
+++ b/tasks/Debian/install.yaml
@@ -0,0 +1,58 @@
+---
+- name: Add gpg keys for redis
+  ansible.builtin.apt_key:
+    url: "{{ item.url }}"
+    keyring: "{{ item.keyring }}"
+  loop: "{{ redis_debian_apt_key }}"
+
+- name: Enable https transport for apt
+  apt:
+    name: apt-transport-https
+    update_cache: yes
+
+- name: Add redis.list to sources
+  template:
+    src: "redis.list.j2"
+    dest: /etc/apt/sources.list.d/redis.list
+
+#- name: Add redis repository from PPA
+#  ansible.builtin.apt_repository:
+#    repo: ppa:redislabs/redis
+
+- name: Check if redis is installed
+  ansible.builtin.shell: dpkg-query -l {{ redis_debian_package }} 2>&1 | grep {{ redis_debian_version }}
+  ignore_errors: True
+  register: is_redis
+  changed_when: is_redis.rc != 0
+  failed_when: False
+
+- name: Mask redis before install
+  ansible.builtin.systemd:
+    name: "{{ redis_debian_package }}"
+    masked: yes
+  when: is_redis.rc != 0
+
+- name: Install redis {{ redis_debian_version }}
+  apt:
+    name: "{{ redis_debian_package }}={{ redis_debian_version }}"
+    update_cache: yes
+  when: is_redis.rc != 0
+
+- name: Check if redis-sentinel is installed
+  ansible.builtin.shell: dpkg-query -W {{ redis_sentinel_debian_package }} 2>&1 | grep {{ redis_sentinel_debian_version }}
+  ignore_errors: True
+  register: is_redis_sentinel
+  changed_when: is_redis_sentinel.rc != 0
+  failed_when: False
+
+- name: Mask redis-sentinel before install 
+  ansible.builtin.systemd:
+    name: "{{ redis_sentinel_debian_package }}"
+    masked: yes
+  when: is_redis_sentinel.rc != 0
+
+- name: Install redis-sentinel {{ redis_sentinel_debian_version }}
+  apt:
+    name: "{{ redis_sentinel_debian_package }}={{ redis_sentinel_debian_version }}"
+    update_cache: yes
+  when: is_redis_sentinel != 0
diff --git a/tasks/configure-sentinel.yaml b/tasks/configure-sentinel.yaml
new file mode 100644
index 0000000..8eb2338
--- /dev/null
+++ b/tasks/configure-sentinel.yaml
@@ -0,0 +1,5 @@
+---
+- name: Add redis-sentinel config
+  template:
+    src: sentinel.conf.j2
+    dest: "/etc/redis/sentinel.conf"
diff --git a/tasks/configure.yaml b/tasks/configure.yaml
new file mode 100644
index 0000000..31c2e78
--- /dev/null
+++ b/tasks/configure.yaml
@@ -0,0 +1,5 @@
+---
+- name: Add redis config
+  template:
+    src: redis.conf.j2
+    dest: "/etc/redis/redis.conf"
diff --git a/tasks/main.yaml b/tasks/main.yaml
new file mode 100644
index 0000000..b8607ce
--- /dev/null
+++ b/tasks/main.yaml
@@ -0,0 +1,5 @@
+---
+- include: redis.yaml
+  tags:
+  - redis
+
diff --git a/tasks/redis.yaml b/tasks/redis.yaml
new file mode 100644
index 0000000..797a22f
--- /dev/null
+++ b/tasks/redis.yaml
@@ -0,0 +1,50 @@
+---
+- name: Set fact about redis master
+  set_fact:
+    redis_master_ip: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}"
+  delegate_to: "{{ item }}"
+  loop: "{{ play_hosts }}"
+  run_once: yes
+  when: hostvars[inventory_hostname].master is defined
+   
+- debug:
+    msg: "{{ redis_master_ip }}"
+
+- name: Include redis installation tasks
+  include: "{{ ansible_os_family }}/install.yaml"
+
+- name: Check if redis is running
+  command: systemctl status redis-server
+  ignore_errors: yes
+  changed_when: False
+  register: service_redis_status
+  failed_when: False
+
+- name: Configure redis
+  include: configure.yaml
+  when: service_redis_status.rc != 0
+
+- name: Start redis server
+  service:
+    name: redis-server
+    enabled: True
+    state: started
+    masked: no
+
+- name: Check if redis-sentinel is running
+  command: systemctl status redis-sentinel
+  ignore_errors: yes
+  changed_when: False
+  register: service_redis_sentinel_status
+  failed_when: False
+
+- name: Configure redis-sentinel
+  include: configure-sentinel.yaml
+  when: service_redis_sentinel_status.rc != 0
+
+- name: Start redis-sentinel
+  service:
+    name: redis-sentinel
+    enabled: True
+    state: started
+    masked: no
diff --git a/templates/redis.conf.j2 b/templates/redis.conf.j2
new file mode 100644
index 0000000..564fbd7
--- /dev/null
+++ b/templates/redis.conf.j2
@@ -0,0 +1,78 @@
+bind 127.0.0.1 {{ ansible_default_ipv4.address }}
+protected-mode no
+supervised systemd
+{% if master is not defined %}
+replicaof {{ redis_master_ip }} 6379
+{% endif %}
+masterauth {{ redis_masterauth }}
+masteruser {{ redis_masteruser }}
+user {{ redis_masteruser }} +@all on >{{ redis_masterauth }}
+
+port 6379
+tcp-backlog 511
+timeout 0
+tcp-keepalive 300
+daemonize yes
+supervised auto
+pidfile /run/redis/redis-server.pid
+loglevel notice
+logfile /var/log/redis/redis-server.log
+databases 16
+always-show-logo no
+set-proc-title yes
+proc-title-template "{title} {listen-addr} {server-mode}"
+stop-writes-on-bgsave-error yes
+rdbcompression yes
+rdbchecksum yes
+dbfilename dump.rdb
+rdb-del-sync-files no
+dir /var/lib/redis
+replica-serve-stale-data yes
+replica-read-only yes
+repl-diskless-sync no
+repl-diskless-sync-delay 5
+repl-diskless-load disabled
+repl-disable-tcp-nodelay no
+replica-priority 100
+acllog-max-len 128
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+replica-lazy-flush no
+lazyfree-lazy-user-del no
+lazyfree-lazy-user-flush no
+oom-score-adj no
+oom-score-adj-values 0 200 800
+disable-thp yes
+appendonly no
+appendfilename "appendonly.aof"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+aof-load-truncated yes
+aof-use-rdb-preamble yes
+lua-time-limit 5000
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+latency-monitor-threshold 0
+notify-keyspace-events ""
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+list-max-ziplist-size -2
+list-compress-depth 0
+set-max-intset-entries 512
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+hll-sparse-max-bytes 3000
+stream-node-max-bytes 4096
+stream-node-max-entries 100
+activerehashing yes
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit replica 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+hz 10
+dynamic-hz yes
+aof-rewrite-incremental-fsync yes
+rdb-save-incremental-fsync yes
+jemalloc-bg-thread yes
diff --git a/templates/redis.list.j2 b/templates/redis.list.j2
new file mode 100644
index 0000000..602eb03
--- /dev/null
+++ b/templates/redis.list.j2
@@ -0,0 +1 @@
+deb https://packages.redis.io/deb {{ ansible_distribution_release }} main
diff --git a/templates/sentinel.conf.j2 b/templates/sentinel.conf.j2
new file mode 100644
index 0000000..7e39f2b
--- /dev/null
+++ b/templates/sentinel.conf.j2
@@ -0,0 +1,17 @@
+bind {{ ansible_default_ipv4.address }}
+port 26379
+daemonize yes
+supervised auto
+pidfile /run/sentinel/redis-sentinel.pid
+logfile /var/log/redis/redis-sentinel.log
+dir /var/lib/redis
+sentinel monitor mymaster {{ redis_master_ip }} 6379 2
+sentinel auth-pass mymaster {{ redis_masterauth }}
+sentinel auth-user mymaster {{ redis_masteruser }}
+sentinel down-after-milliseconds mymaster 30000
+acllog-max-len 128
+sentinel parallel-syncs mymaster 1
+sentinel failover-timeout mymaster 180000
+sentinel deny-scripts-reconfig yes
+SENTINEL resolve-hostnames no
+SENTINEL announce-hostnames no