fix templating with blockinline and include within redis.conf

2024-11-24 23:36:40 +00:00 · 2021-11-16 13:42:55 +03:00 · 2021-11-16 13:42:55 +03:00 · c020c98f27
commit c020c98f27
parent b05fb8a3f7
12 changed files with 141 additions and 57 deletions
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -2,8 +2,10 @@ redis_debian_version: "6:6.2.6-1rl1~focal1"
 redis_debian_package: redis-server
 redis_sentinel_debian_package: redis-sentinel
 redis_sentinel_debian_version: "6:6.2.6-1rl1~focal1"
+redis_requirepass: P@ssw0rd
 redis_masterauth: P@ssw0rd
 redis_masteruser: masteruser
+redis_mastername: mymaster

 redis_debian_apt_key:
  - name: redis.io.gpg
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@ -0,0 +1,16 @@
+---
+- name: Restart redis
+  throttle: 1
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: yes
+    name: redis-server
+  when: start_redis is not changed
+
+- name: Restart redis-sentinel
+  throttle: 1
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: yes
+    name: redis-sentinel
+  when: start_redis_sentinel is not changed
--- a/tasks/Debian/install.yaml
+++ b/tasks/Debian/install.yaml
@ -12,7 +12,7 @@

 - name: Add redis.list to sources
  template:
-    src: "redis.list.j2"
+    src: "etc/apt/sources.list.d/redis.list.j2"
    dest: /etc/apt/sources.list.d/redis.list

 #- name: Add redis repository from PPA
@ -34,10 +34,16 @@

 - name: Install redis {{ redis_debian_version }}
  apt:
-    name: "{{ redis_debian_package }}={{ redis_debian_version }}"
+    name: 
+     - "{{ redis_debian_package }}={{ redis_debian_version }}"
+     - "redis-tools={{ redis_debian_version }}"
    update_cache: yes
  when: is_redis.rc != 0

+- name: Move default config file to /etc/redis/redis.conf.orig
+  command: mv /etc/redis/redis.conf /etc/redis/redis.conf.orig
+  when: is_redis.rc != 0
+
 - name: Check if redis-sentinel is installed
  ansible.builtin.shell: dpkg-query -W {{ redis_sentinel_debian_package }} 2>&1 | grep {{ redis_sentinel_debian_version }}
  ignore_errors: True
@ -56,3 +62,7 @@
    name: "{{ redis_sentinel_debian_package }}={{ redis_sentinel_debian_version }}"
    update_cache: yes
  when: is_redis_sentinel != 0
+
+- name: Move default config file to /etc/redis/sentinel.conf.orig
+  command: mv /etc/redis/sentinel.conf /etc/redis/sentinel.conf.orig
+  when: is_redis_sentinel.rc != 0
--- a/tasks/configure-sentinel.yaml
+++ b/tasks/configure-sentinel.yaml
@ -1,5 +1,16 @@
 ---
- name: Add redis-sentinel config
-  template:
-    src: sentinel.conf.j2
+- name: Ensure sentinel config exists
+  copy:
+    content: ""
    dest: "/etc/redis/sentinel.conf"
+    force: no
+    owner: redis
+    group: redis
+    mode: 0640
+
+- name: Template redis-sentinel config
+  blockinfile:
+    block: "{{ lookup('template', 'etc/redis/sentinel.conf.j2') }}"
+    path: "/etc/redis/sentinel.conf"
+  notify:
+    - Restart redis-sentinel
--- a/tasks/configure.yaml
+++ b/tasks/configure.yaml
@ -1,5 +1,42 @@
 ---
- name: Add redis config
-  template:
-    src: redis.conf.j2
-    dest: "/etc/redis/redis.conf"
+- name: Check if redis is running
+  command: systemctl status redis-server
+  ignore_errors: yes
+  changed_when: False
+  register: service_redis_status
+  failed_when: False
+
+- block:
+  - name: Ensure redis config exists
+    copy:
+      content: ""
+      dest: "/etc/redis/redis.conf"
+      force: no
+      owner: redis
+      group: redis
+      mode: 0640
+  
+  - name: Template redis config
+    blockinfile:
+      block: "{{ lookup('template', 'etc/redis/redis.conf.j2') }}"
+      path: "/etc/redis/redis.conf"
+    notify:
+      - Restart redis
+
+  when: service_redis_status.rc != 0 
+
+- name: Ensure redis auth config exists
+  copy:
+    content: ""
+    dest: "/etc/redis/redis-auth.conf"
+    force: no
+    owner: redis
+    group: redis
+    mode: 0640
+
+- name: Template redis auth config
+  blockinfile:
+    block: "{{ lookup('template', 'etc/redis/redis-auth.conf.j2') }}"
+    path: "/etc/redis/redis-auth.conf"
+  notify:
+    - Restart redis
--- a/tasks/discover_master.yaml
+++ b/tasks/discover_master.yaml
@ -0,0 +1,23 @@
+---
+- name: Discover redis with master role
+  shell: redis-cli --pass {{ redis_requirepass }} info replication | grep 'role:master'
+  register: redis_master
+  changed_when: False
+  failed_when: False
+
+- name: Set fact about redis master
+  set_fact:
+    redis_master_ip: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address | default(hostvars[play_hosts[0]].ansible_default_ipv4.address) }}"
+  delegate_to: "{{ item }}"
+  delegate_facts: true
+  loop: "{{ play_hosts }}"
+  when: redis_master.rc == 0
+
+- name: Set fact about redis master
+  set_fact:
+    redis_master_ip: "{{ hostvars[play_hosts[0]].ansible_default_ipv4.address }}"
+  when: redis_master_ip is not defined
+
+- debug:
+    msg: "Master redis IP is {{ redis_master_ip }}"
+    verbosity: 2
--- a/tasks/redis.yaml
+++ b/tasks/redis.yaml
@ -1,28 +1,15 @@
 ---
- name: Set fact about redis master
-  set_fact:
-    redis_master_ip: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}"
-  delegate_to: "{{ item }}"
-  loop: "{{ play_hosts }}"
-  run_once: yes
-  when: hostvars[inventory_hostname].master is defined
-   
- debug:
-    msg: "{{ redis_master_ip }}"
+- name: Include redis master discover
+  include: discover_master.yaml
+
+#- debug:
+#    msg: "{{ redis_master_ip }}"

 - name: Include redis installation tasks
  include: "{{ ansible_os_family }}/install.yaml"

- name: Check if redis is running
-  command: systemctl status redis-server
-  ignore_errors: yes
-  changed_when: False
-  register: service_redis_status
-  failed_when: False
-
 - name: Configure redis
  include: configure.yaml
-  when: service_redis_status.rc != 0

 - name: Start redis server
  service:
@ -30,17 +17,10 @@
    enabled: True
    state: started
    masked: no
-
- name: Check if redis-sentinel is running
-  command: systemctl status redis-sentinel
-  ignore_errors: yes
-  changed_when: False
-  register: service_redis_sentinel_status
-  failed_when: False
+  register: start_redis

 - name: Configure redis-sentinel
  include: configure-sentinel.yaml
-  when: service_redis_sentinel_status.rc != 0

 - name: Start redis-sentinel
  service:
@ -48,3 +28,8 @@
    enabled: True
    state: started
    masked: no
+  register: start_redis_sentinel
+
+- name: Fix redis-sentinel config
+  include: configure-sentinel.yaml
+
--- a/templates/etc/apt/sources.list.d/redis.list.j2
+++ b/templates/etc/apt/sources.list.d/redis.list.j2
--- a/templates/etc/redis/redis-auth.conf.j2
+++ b/templates/etc/redis/redis-auth.conf.j2
@ -0,0 +1,6 @@
+masterauth {{ redis_masterauth }}
+masteruser {{ redis_masteruser }}
+user {{ redis_masteruser }} +@all on >{{ redis_masterauth }}
+{% if redis_requirepass is defined %}
+requirepass {{ redis_requirepass }}
+{% endif %}
--- a/templates/etc/redis/redis.conf.j2
+++ b/templates/etc/redis/redis.conf.j2
@ -1,13 +1,10 @@
+include /etc/redis/redis-auth.conf
 bind 127.0.0.1 {{ ansible_default_ipv4.address }}
 protected-mode no
 supervised systemd
-{% if master is not defined %}
+{% if redis_master_ip != ansible_default_ipv4.address %}
 replicaof {{ redis_master_ip }} 6379
 {% endif %}
-masterauth {{ redis_masterauth }}
-masteruser {{ redis_masteruser }}
-user {{ redis_masteruser }} +@all on >{{ redis_masterauth }}
-
 port 6379
 tcp-backlog 511
 timeout 0
--- a/templates/etc/redis/sentinel.conf.j2
+++ b/templates/etc/redis/sentinel.conf.j2
@ -0,0 +1,14 @@
+bind 127.0.0.1 {{ ansible_default_ipv4.address }}
+port 26379
+daemonize yes
+supervised systemd
+pidfile "/run/sentinel/redis-sentinel.pid"
+logfile "/var/log/redis/redis-sentinel.log"
+dir "/var/lib/redis"
+sentinel monitor {{ redis_mastername }} {{ redis_master_ip }} 6379 2
+sentinel auth-pass {{ redis_mastername }} {{ redis_masterauth }}
+sentinel auth-user {{ redis_mastername }} {{ redis_masteruser }}
+acllog-max-len 128
+sentinel deny-scripts-reconfig yes
+sentinel resolve-hostnames no
+sentinel announce-hostnames no
--- a/templates/sentinel.conf.j2
+++ b/templates/sentinel.conf.j2
@ -1,17 +0,0 @@
-bind {{ ansible_default_ipv4.address }}
-port 26379
-daemonize yes
-supervised auto
-pidfile /run/sentinel/redis-sentinel.pid
-logfile /var/log/redis/redis-sentinel.log
-dir /var/lib/redis
-sentinel monitor mymaster {{ redis_master_ip }} 6379 2
-sentinel auth-pass mymaster {{ redis_masterauth }}
-sentinel auth-user mymaster {{ redis_masteruser }}
-sentinel down-after-milliseconds mymaster 30000
-acllog-max-len 128
-sentinel parallel-syncs mymaster 1
-sentinel failover-timeout mymaster 180000
-sentinel deny-scripts-reconfig yes
-SENTINEL resolve-hostnames no
-SENTINEL announce-hostnames no