fix templating with blockinline and include within redis.conf

defaults/main.yaml

@@ -2,8 +2,10 @@ redis_debian_version: "6:6.2.6-1rl1~focal1"
 redis_debian_package: redis-server
 redis_sentinel_debian_package: redis-sentinel
 redis_sentinel_debian_version: "6:6.2.6-1rl1~focal1"
+redis_requirepass: P@ssw0rd
 redis_masterauth: P@ssw0rd
 redis_masteruser: masteruser
+redis_mastername: mymaster
 
 redis_debian_apt_key:
   - name: redis.io.gpg

handlers/main.yaml

@@ -0,0 +1,16 @@
+---
+- name: Restart redis
+  throttle: 1
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: yes
+    name: redis-server
+  when: start_redis is not changed
+
+- name: Restart redis-sentinel
+  throttle: 1
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: yes
+    name: redis-sentinel
+  when: start_redis_sentinel is not changed

tasks/Debian/install.yaml

@@ -12,7 +12,7 @@
 
 - name: Add redis.list to sources
   template:
-    src: "redis.list.j2"
+    src: "etc/apt/sources.list.d/redis.list.j2"
     dest: /etc/apt/sources.list.d/redis.list
 
 #- name: Add redis repository from PPA
@@ -34,10 +34,16 @@
 
 - name: Install redis {{ redis_debian_version }}
   apt:
-    name: "{{ redis_debian_package }}={{ redis_debian_version }}"
+    name: 
+     - "{{ redis_debian_package }}={{ redis_debian_version }}"
+     - "redis-tools={{ redis_debian_version }}"
     update_cache: yes
   when: is_redis.rc != 0
 
+- name: Move default config file to /etc/redis/redis.conf.orig
+  command: mv /etc/redis/redis.conf /etc/redis/redis.conf.orig
+  when: is_redis.rc != 0
+
 - name: Check if redis-sentinel is installed
   ansible.builtin.shell: dpkg-query -W {{ redis_sentinel_debian_package }} 2>&1 | grep {{ redis_sentinel_debian_version }}
   ignore_errors: True
@@ -56,3 +62,7 @@
     name: "{{ redis_sentinel_debian_package }}={{ redis_sentinel_debian_version }}"
     update_cache: yes
   when: is_redis_sentinel != 0
+
+- name: Move default config file to /etc/redis/sentinel.conf.orig
+  command: mv /etc/redis/sentinel.conf /etc/redis/sentinel.conf.orig
+  when: is_redis_sentinel.rc != 0

tasks/configure-sentinel.yaml

@@ -1,5 +1,16 @@
 ---
-- name: Add redis-sentinel config
+- name: Ensure sentinel config exists
-  template:
+  copy:
-    src: sentinel.conf.j2
+    content: ""
     dest: "/etc/redis/sentinel.conf"
+    force: no
+    owner: redis
+    group: redis
+    mode: 0640
+
+- name: Template redis-sentinel config
+  blockinfile:
+    block: "{{ lookup('template', 'etc/redis/sentinel.conf.j2') }}"
+    path: "/etc/redis/sentinel.conf"
+  notify:
+    - Restart redis-sentinel

tasks/configure.yaml

@@ -1,5 +1,42 @@
 ---
-- name: Add redis config
+- name: Check if redis is running
-  template:
+  command: systemctl status redis-server
-    src: redis.conf.j2
+  ignore_errors: yes
-    dest: "/etc/redis/redis.conf"
+  changed_when: False
+  register: service_redis_status
+  failed_when: False
+
+- block:
+  - name: Ensure redis config exists
+    copy:
+      content: ""
+      dest: "/etc/redis/redis.conf"
+      force: no
+      owner: redis
+      group: redis
+      mode: 0640
+  
+  - name: Template redis config
+    blockinfile:
+      block: "{{ lookup('template', 'etc/redis/redis.conf.j2') }}"
+      path: "/etc/redis/redis.conf"
+    notify:
+      - Restart redis
+
+  when: service_redis_status.rc != 0 
+
+- name: Ensure redis auth config exists
+  copy:
+    content: ""
+    dest: "/etc/redis/redis-auth.conf"
+    force: no
+    owner: redis
+    group: redis
+    mode: 0640
+
+- name: Template redis auth config
+  blockinfile:
+    block: "{{ lookup('template', 'etc/redis/redis-auth.conf.j2') }}"
+    path: "/etc/redis/redis-auth.conf"
+  notify:
+    - Restart redis

tasks/discover_master.yaml

@@ -0,0 +1,23 @@
+---
+- name: Discover redis with master role
+  shell: redis-cli --pass {{ redis_requirepass }} info replication | grep 'role:master'
+  register: redis_master
+  changed_when: False
+  failed_when: False
+
+- name: Set fact about redis master
+  set_fact:
+    redis_master_ip: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address | default(hostvars[play_hosts[0]].ansible_default_ipv4.address) }}"
+  delegate_to: "{{ item }}"
+  delegate_facts: true
+  loop: "{{ play_hosts }}"
+  when: redis_master.rc == 0
+
+- name: Set fact about redis master
+  set_fact:
+    redis_master_ip: "{{ hostvars[play_hosts[0]].ansible_default_ipv4.address }}"
+  when: redis_master_ip is not defined
+
+- debug:
+    msg: "Master redis IP is {{ redis_master_ip }}"
+    verbosity: 2

tasks/redis.yaml

@@ -1,28 +1,15 @@
 ---
-- name: Set fact about redis master
+- name: Include redis master discover
-  set_fact:
+  include: discover_master.yaml
-    redis_master_ip: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}"
+
-  delegate_to: "{{ item }}"
+#- debug:
-  loop: "{{ play_hosts }}"
+#    msg: "{{ redis_master_ip }}"
-  run_once: yes
-  when: hostvars[inventory_hostname].master is defined
-   
-- debug:
-    msg: "{{ redis_master_ip }}"
 
 - name: Include redis installation tasks
   include: "{{ ansible_os_family }}/install.yaml"
 
-- name: Check if redis is running
-  command: systemctl status redis-server
-  ignore_errors: yes
-  changed_when: False
-  register: service_redis_status
-  failed_when: False
-
 - name: Configure redis
   include: configure.yaml
-  when: service_redis_status.rc != 0
 
 - name: Start redis server
   service:
@@ -30,17 +17,10 @@
     enabled: True
     state: started
     masked: no
-
+  register: start_redis
-- name: Check if redis-sentinel is running
-  command: systemctl status redis-sentinel
-  ignore_errors: yes
-  changed_when: False
-  register: service_redis_sentinel_status
-  failed_when: False
 
 - name: Configure redis-sentinel
   include: configure-sentinel.yaml
-  when: service_redis_sentinel_status.rc != 0
 
 - name: Start redis-sentinel
   service:
@@ -48,3 +28,8 @@
     enabled: True
     state: started
     masked: no
+  register: start_redis_sentinel
+
+- name: Fix redis-sentinel config
+  include: configure-sentinel.yaml
+

templates/etc/redis/redis-auth.conf.j2

@@ -0,0 +1,6 @@
+masterauth {{ redis_masterauth }}
+masteruser {{ redis_masteruser }}
+user {{ redis_masteruser }} +@all on >{{ redis_masterauth }}
+{% if redis_requirepass is defined %}
+requirepass {{ redis_requirepass }}
+{% endif %}

templates/etc/redis/redis.conf.j2

@@ -1,13 +1,10 @@
+include /etc/redis/redis-auth.conf
 bind 127.0.0.1 {{ ansible_default_ipv4.address }}
 protected-mode no
 supervised systemd
-{% if master is not defined %}
+{% if redis_master_ip != ansible_default_ipv4.address %}
 replicaof {{ redis_master_ip }} 6379
 {% endif %}
-masterauth {{ redis_masterauth }}
-masteruser {{ redis_masteruser }}
-user {{ redis_masteruser }} +@all on >{{ redis_masterauth }}
-
 port 6379
 tcp-backlog 511
 timeout 0

templates/etc/redis/sentinel.conf.j2

@@ -0,0 +1,14 @@
+bind 127.0.0.1 {{ ansible_default_ipv4.address }}
+port 26379
+daemonize yes
+supervised systemd
+pidfile "/run/sentinel/redis-sentinel.pid"
+logfile "/var/log/redis/redis-sentinel.log"
+dir "/var/lib/redis"
+sentinel monitor {{ redis_mastername }} {{ redis_master_ip }} 6379 2
+sentinel auth-pass {{ redis_mastername }} {{ redis_masterauth }}
+sentinel auth-user {{ redis_mastername }} {{ redis_masteruser }}
+acllog-max-len 128
+sentinel deny-scripts-reconfig yes
+sentinel resolve-hostnames no
+sentinel announce-hostnames no

templates/sentinel.conf.j2

@@ -1,17 +0,0 @@
-bind {{ ansible_default_ipv4.address }}
-port 26379
-daemonize yes
-supervised auto
-pidfile /run/sentinel/redis-sentinel.pid
-logfile /var/log/redis/redis-sentinel.log
-dir /var/lib/redis
-sentinel monitor mymaster {{ redis_master_ip }} 6379 2
-sentinel auth-pass mymaster {{ redis_masterauth }}
-sentinel auth-user mymaster {{ redis_masteruser }}
-sentinel down-after-milliseconds mymaster 30000
-acllog-max-len 128
-sentinel parallel-syncs mymaster 1
-sentinel failover-timeout mymaster 180000
-sentinel deny-scripts-reconfig yes
-SENTINEL resolve-hostnames no
-SENTINEL announce-hostnames no