diff --git a/roles/icingadb_redis/defaults/main.yml b/roles/icingadb_redis/defaults/main.yml index 0aa4cb1b..19bc6765 100644 --- a/roles/icingadb_redis/defaults/main.yml +++ b/roles/icingadb_redis/defaults/main.yml @@ -1,3 +1,4 @@ +--- icingadb_redis_service_name: icingadb-redis icingadb_redis_config_dir: /etc/icingadb-redis icingadb_redis_user: icingadb-redis @@ -6,62 +7,120 @@ icingadb_redis_pool_size: 64 icingadb_redis_packages: - icingadb-redis -# IcingaDB Redis Conf -icingadb_redis_protected_mode: 'yes' -icingadb_redis_binds: - - "127.0.0.1" - - "-::1" -icingadb_redis_port: 6380 -icingadb_redis_tcp_backlog: 511 -icingadb_redis_timeout: 0 -icingadb_redis_tcp_keepalive: 300 -icingadb_redis_supervised: systemd -icingadb_redis_pidfile: /var/run/icingadb-redis/redis.pid -icingadb_redis_loglevel: notice -icingadb_redis_logfile: /var/log/icingadb-redis/redis.log -icingadb_redis_databases: 16 -icingadb_redis_always_show_logo: 'yes' -icingadb_redis_save: - - 900 1 - - 300 10 - - 60 10000 -icingadb_redis_stop_writes_on_bgsave_error: 'yes' -icingadb_redis_rdbcompression: 'yes' -icingadb_redis_rdbchecksum: 'yes' -icingadb_redis_dbfilename: dump.rdb -icingadb_redis_dir: /var/lib/icingadb-redis -icingadb_redis_replica_serve_stale_data: 'yes' -icingadb_redis_replica_read_only: 'yes' -icingadb_redis_repl_diskless_sync: 'no' -icingadb_redis_repl_diskless_sync_delay: 5 -icingadb_redis_repl_disable_tcp_nodelay: 'no' -icingadb_redis_replica_priority: 100 -icingadb_redis_lazyfree_lazy_eviction: 'no' -icingadb_redis_lazyfree_lazy_expire: 'no' -icingadb_redis_lazyfree_lazy_server_del: 'no' -icingadb_redis_lazy_flush: 'no' -icingadb_redis_appendonly: 'no' -icingadb_redis_appendfilename: appendonly.aof -icingadb_redis_appendfsync: everysec -icingadb_redis_no_appendfsync_on_rewrite: 'no' -icingadb_redis_auto_aof_rewrite_percentage: 100 -icingadb_redis_auto_aof_rewrite_min_size: 64mb -icingadb_redis_aof_load_truncated: 'yes' -icingadb_redis_aof_use_rdb_preamble: 'yes' -icingadb_redis_lua_time_limit: 5000 -icingadb_slowlog_log_slower_than: 10000 -icingadb_slowlog_max_len: 128 -icingadb_redis_latency_monitor_threshold: 0 -icingadb_redis_client_output_buffer_limits: - - normal 0 0 0 - - replica 256mb 64mb 60 - - pubsub 32mb 8mb 60 -icingadb_redis_hz: 10 -icingadb_redis_dynamic_hz: 'yes' -icingadb_redis_aof_rewrite_incremental_fsync: 'yes' -icingadb_redis_rdb_save_incremental_fsync: 'yes' +icingadb_redis_config: {} + +icingadb_redis_order: + - bind + - protected-mode + - port + - tls-port + - tcp-backlog + - timeout + - tcp-keepalive + - supervised + - pidfile + - loglevel + - logfile + - databases + - always-show-logo + - requirepass + - save + - stop-writes-on-bgsave-error + - rdbcompression + - rdbchecksum + - dbfilename + - dir + - replica-serve-stale-data + - replica-read-only + - repl-diskless-sync + - repl-diskless-sync-delay + - repl-disable-tcp-nodelay + - replica-priority + - lazyfree-lazy-eviction + - lazyfree-lazy-expire + - lazyfree-lazy-server-del + - replica-lazy-flush + - appendonly + - appendfilename + - appendfsync + - no-appendfsync-on-rewrite + - auto-aof-rewrite-percentage + - auto-aof-rewrite-min-size + - aof-load-truncated + - aof-use-rdb-preamble + - lua-time-limit + - slowlog-log-slower-than + - slowlog-max-len + - latency-monitor-threshold + - notify-keyspace-events + - hash-max-ziplist-entries + - hash-max-ziplist-value + - list-max-ziplist-size + - list-compress-depth + - set-max-intset-entries + - zset-max-ziplist-entries + - zset-max-ziplist-value + - hll-sparse-max-bytes + - stream-node-max-bytes + - stream-node-max-entries + - activerehashing + - client-output-buffer-limit + - hz + - dynamic-hz + - aof-rewrite-incremental-fsync + - rdb-save-incremental-fsync + - tls-cert-file + - tls-key-file + - tls-ca-cert-file + +icingadb_redis_defaults: + always-show-logo: 'yes' + aof-load-truncated: 'yes' + aof-rewrite-incremental-fsync: 'yes' + aof-use-rdb-preamble: 'yes' + appendfilename: appendonly.aof + appendfsync: everysec + appendonly: 'no' + auto-aof-rewrite-min-size: 64mb + auto-aof-rewrite-percentage: 100 + bind: "127.0.0.1 -::1" + client-output-buffer-limit: + - normal 0 0 0 + - replica 256mb 64mb 60 + - pubsub 32mb 8mb 60 + databases: 16 + dbfilename: dump.rdb + dir: /var/lib/icingadb-redis + dynamic-hz: 'yes' + hz: 10 + latency-monitor-threshold: 0 + replica-lazy-flush: 'no' + lazyfree-lazy-eviction: 'no' + lazyfree-lazy-expire: 'no' + lazyfree-lazy-server-del: 'no' + logfile: /var/log/icingadb-redis/redis.log + loglevel: notice + lua-time-limit: 5000 + no-appendfsync-on-rewrite: 'no' + pidfile: /var/run/icingadb-redis/redis.pid + port: 6380 + protected-mode: 'yes' + rdbchecksum: 'yes' + rdbcompression: 'yes' + rdb-save-incremental-fsync: 'yes' + repl-disable-tcp-nodelay: 'no' + repl-diskless-sync: 'no' + repl-diskless-sync-delay: 5 + replica-priority: 100 + replica-read-only: 'yes' + replica-serve-stale-data: 'yes' + save: + - 900 1 + - 300 10 + - 60 10000 + stop-writes-on-bgsave-error: 'yes' + supervised: systemd + tcp-backlog: 511 + tcp-keepalive: 300 + timeout: 0 -#icingadb_redis_tls_port: -#icingadb_redis_tls_cert: /etc/ssl/certs/host.crt -#icingadb_redis_tls_key: /etc/ssl/private/host.key -#icingadb_redis_tls_ca: /etc/ssl/certs/root-ca.crt diff --git a/roles/icingadb_redis/tasks/install_on_debian.yml b/roles/icingadb_redis/tasks/install_on_debian.yml index 6257666d..9945d569 100644 --- a/roles/icingadb_redis/tasks/install_on_debian.yml +++ b/roles/icingadb_redis/tasks/install_on_debian.yml @@ -6,9 +6,9 @@ - name: Debian - Ensure log directory exists when: - - icingadb_redis_logfile != "" + - icingadb_redis_config.logfile != "" ansible.builtin.file: - path: "{{ icingadb_redis_logfile | dirname }}" + path: "{{ icingadb_redis_config.logfile | dirname }}" state: directory owner: "{{ icingadb_redis_user }}" group: "adm" diff --git a/roles/icingadb_redis/tasks/install_on_redhat.yml b/roles/icingadb_redis/tasks/install_on_redhat.yml index 9e15b824..a92ecfbd 100644 --- a/roles/icingadb_redis/tasks/install_on_redhat.yml +++ b/roles/icingadb_redis/tasks/install_on_redhat.yml @@ -6,9 +6,9 @@ - name: RedHat - Ensure log directory exists when: - - icingadb_redis_logfile != "" + - icingadb_redis_config.logfile != "" ansible.builtin.file: - path: "{{ icingadb_redis_logfile | dirname }}" + path: "{{ icingadb_redis_config.logfile | dirname }}" state: directory owner: "{{ icingadb_redis_user }}" group: "{{ icingadb_redis_user }}" diff --git a/roles/icingadb_redis/tasks/install_on_suse.yml b/roles/icingadb_redis/tasks/install_on_suse.yml index 4c15382d..a468786e 100644 --- a/roles/icingadb_redis/tasks/install_on_suse.yml +++ b/roles/icingadb_redis/tasks/install_on_suse.yml @@ -6,9 +6,9 @@ - name: Suse - Ensure log directory exists when: - - icingadb_redis_logfile != "" + - icingadb_redis_config.logfile != "" ansible.builtin.file: - path: "{{ icingadb_redis_logfile | dirname }}" + path: "{{ icingadb_redis_config.logfile | dirname }}" state: directory owner: "{{ icingadb_redis_user }}" group: "{{ icingadb_redis_user }}" diff --git a/roles/icingadb_redis/tasks/main.yml b/roles/icingadb_redis/tasks/main.yml index cc73a31b..36e9ceec 100644 --- a/roles/icingadb_redis/tasks/main.yml +++ b/roles/icingadb_redis/tasks/main.yml @@ -12,6 +12,9 @@ paths: - "{{ role_path }}/vars" +- set_fact: + icingadb_redis_config: "{{ icingadb_redis_config | combine(icingadb_redis_defaults, recursive=True) }}" + - name: Check supported operatingsystems block: - name: Include OS specific installation diff --git a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 index be1cb9c9..be5ceeec 100644 --- a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 +++ b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 @@ -1,230 +1,19 @@ -{{ ansible_managed | comment }} - -bind {% for host in icingadb_redis_binds %} -{{ host }} -{%- if not loop.last %} {% endif %} +{%- macro picktype(name, obj) -%} +{% if obj.__class__.__name__ == 'list' %} +{% for key in obj %} +{{ name }} {{ key }} {% endfor %} - -protected-mode {{ icingadb_redis_protected_mode | string }} -port {{ icingadb_redis_port }} -{% if icingadb_redis_tls_port is defined %} -tls-port {{ icingadb_redis_tls_port }} +{% else %} +{{ name }} {{ obj }} {% endif %} -tcp-backlog {{ icingadb_redis_tcp_backlog }} -timeout {{ icingadb_redis_timeout }} -tcp-keepalive {{ icingadb_redis_tcp_keepalive }} -supervised {{ icingadb_redis_supervised }} -pidfile {{ icingadb_redis_pidfile }} -loglevel {{ icingadb_redis_loglevel }} -logfile "{{ icingadb_redis_logfile }}" -# syslog-enabled no -# syslog-ident redis -# syslog-facility local0 -databases {{ icingadb_redis_databases }} -always-show-logo {{ icingadb_redis_always_show_logo }} - -{% if icingadb_redis_password is defined %} -requirepass {{ icingadb_redis_password }} -{% endif %} - -################################ SNAPSHOTTING ################################ -# -# Save the DB on disk: -# -# save -# -# Will save the DB if both the given number of seconds and the given -# number of write operations against the DB occurred. -# -# In the example below the behaviour will be to save: -# after 900 sec (15 min) if at least 1 key changed -# after 300 sec (5 min) if at least 10 keys changed -# after 60 sec if at least 10000 keys changed -# -# Note: you can disable saving completely by commenting out all "save" lines. -# -# It is also possible to remove all the previously configured save -# points by adding a save directive with a single empty string argument -# like in the following example: -# -# save "" -{% for save in icingadb_redis_save %} -save {{ save }} -{% endfor %} - -stop-writes-on-bgsave-error {{ icingadb_redis_stop_writes_on_bgsave_error }} -rdbcompression {{ icingadb_redis_rdbcompression }} -rdbchecksum {{ icingadb_redis_rdbchecksum }} -dbfilename {{ icingadb_redis_dbfilename }} -dir {{ icingadb_redis_dir }} -# replicaof -# masterauth -replica-serve-stale-data {{ icingadb_redis_replica_serve_stale_data }} -replica-read-only {{ icingadb_redis_replica_read_only }} -repl-diskless-sync {{ icingadb_redis_repl_diskless_sync }} -repl-diskless-sync-delay {{ icingadb_redis_repl_diskless_sync_delay }} -# repl-ping-replica-period 10 -# repl-timeout 60 -repl-disable-tcp-nodelay {{ icingadb_redis_repl_disable_tcp_nodelay }} -# repl-backlog-size 1mb -# repl-backlog-ttl 3600 -replica-priority {{ icingadb_redis_replica_priority }} -# min-replicas-max-lag is set to 10. -# replica-announce-ip 5.5.5.5 -# replica-announce-port 1234 -# requirepass foobared -# Example: -# -# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 -# -# It is also possible to completely kill a command by renaming it into -# an empty string: -# -# rename-command CONFIG "" -# maxclients 10000 -# maxmemory -# maxmemory-policy noeviction -# maxmemory-samples 5 -# replica-ignore-maxmemory yes -lazyfree-lazy-eviction {{ icingadb_redis_lazyfree_lazy_eviction }} -lazyfree-lazy-expire {{ icingadb_redis_lazyfree_lazy_expire }} -lazyfree-lazy-server-del {{ icingadb_redis_lazyfree_lazy_server_del }} -replica-lazy-flush {{ icingadb_redis_lazy_flush }} - -############################## APPEND ONLY MODE ############################### -appendonly {{ icingadb_redis_appendonly }} -# The name of the append only file (default: "appendonly.aof") -appendfilename "{{ icingadb_redis_appendfilename }}" -# appendfsync always -appendfsync {{ icingadb_redis_appendfsync }} -# appendfsync no -no-appendfsync-on-rewrite {{ icingadb_redis_no_appendfsync_on_rewrite }} -auto-aof-rewrite-percentage {{ icingadb_redis_auto_aof_rewrite_percentage }} -auto-aof-rewrite-min-size {{ icingadb_redis_auto_aof_rewrite_min_size }} -aof-load-truncated {{ icingadb_redis_aof_load_truncated }} -aof-use-rdb-preamble {{ icingadb_redis_aof_use_rdb_preamble }} - -################################ LUA SCRIPTING ############################### -lua-time-limit {{ icingadb_redis_lua_time_limit }} - -################################ REDIS CLUSTER ############################### -# cluster-enabled yes -# cluster-config-file nodes-6379.conf -# cluster-node-timeout 15000 -# cluster-replica-validity-factor 10 -# cluster-migration-barrier 1 -# cluster-require-full-coverage yes -# cluster-replica-no-failover no -########################## CLUSTER DOCKER/NAT support ######################## -# Example: -# -# cluster-announce-ip 10.1.1.5 -# cluster-announce-port 6379 -# cluster-announce-bus-port 6380 - -################################## SLOW LOG ################################### -slowlog-log-slower-than {{ icingadb_slowlog_log_slower_than }} -slowlog-max-len {{ icingadb_slowlog_max_len }} - -################################ LATENCY MONITOR ############################## -latency-monitor-threshold {{ icingadb_redis_latency_monitor_threshold }} - -############################# EVENT NOTIFICATION ############################## - -# Redis can notify Pub/Sub clients about events happening in the key space. -# This feature is documented at http://redis.io/topics/notifications -# -# For instance if keyspace events notification is enabled, and a client -# performs a DEL operation on key "foo" stored in the Database 0, two -# messages will be published via Pub/Sub: -# -# PUBLISH __keyspace@0__:foo del -# PUBLISH __keyevent@0__:del foo -# -# It is possible to select the events that Redis will notify among a set -# of classes. Every class is identified by a single character: -# -# K Keyspace events, published with __keyspace@__ prefix. -# E Keyevent events, published with __keyevent@__ prefix. -# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... -# $ String commands -# l List commands -# s Set commands -# h Hash commands -# z Sorted set commands -# x Expired events (events generated every time a key expires) -# e Evicted events (events generated when a key is evicted for maxmemory) -# A Alias for g$lshzxe, so that the "AKE" string means all the events. -# -# The "notify-keyspace-events" takes as argument a string that is composed -# of zero or multiple characters. The empty string means that notifications -# are disabled. -# -# Example: to enable list and generic events, from the point of view of the -# event name, use: -# -# notify-keyspace-events Elg -# -# Example 2: to get the stream of the expired keys subscribing to channel -# name __keyevent@0__:expired use: -# -# notify-keyspace-events Ex -# -# By default all notifications are disabled because most users don't need -# this feature and the feature has some overhead. Note that if you don't -# specify at least one of K or E, no events will be delivered. -notify-keyspace-events "" - -############################### ADVANCED CONFIG ############################### -hash-max-ziplist-entries 512 -hash-max-ziplist-value 64 -list-max-ziplist-size -2 -list-compress-depth 0 -set-max-intset-entries 512 -zset-max-ziplist-entries 128 -zset-max-ziplist-value 64 -hll-sparse-max-bytes 3000 -stream-node-max-bytes 4096 -stream-node-max-entries 100 -activerehashing yes - -{% for buff in icingadb_redis_client_output_buffer_limits %} -client-output-buffer-limit {{ buff }} -{% endfor %} -# client-query-buffer-limit 1gb -# proto-max-bulk-len 512mb -hz {{ icingadb_redis_hz }} -dynamic-hz {{ icingadb_redis_dynamic_hz }} -aof-rewrite-incremental-fsync {{ icingadb_redis_aof_rewrite_incremental_fsync }} -rdb-save-incremental-fsync {{ icingadb_redis_rdb_save_incremental_fsync }} -# lfu-log-factor 10 -# lfu-decay-time 1 - -########################### ACTIVE DEFRAGMENTATION ####################### -# activedefrag yes - -# Minimum amount of fragmentation waste to start active defrag -# active-defrag-ignore-bytes 100mb - -# Minimum percentage of fragmentation to start active defrag -# active-defrag-threshold-lower 10 - -# Maximum percentage of fragmentation at which we use maximum effort -# active-defrag-threshold-upper 100 - -# Minimal effort for defrag in CPU percentage -# active-defrag-cycle-min 5 +{%- endmacro -%} +{{ ansible_managed | comment }} -# Maximal effort for defrag in CPU percentage -# active-defrag-cycle-max 75 +{% for key in icingadb_redis_order if key in icingadb_redis_config %} +{{ picktype(key, icingadb_redis_config[key]) }} +{%- endfor -%} -# Maximum number of set/hash/zset/list fields that will be processed from -# the main dictionary scan -# active-defrag-max-scan-fields 1000 +{% for key, value in icingadb_redis_config.items() if key not in icingadb_redis_order %} +{{ picktype(key, value) }} +{%- endfor -%} -# TLS -{% if icingadb_redis_tls_cert is defined and icingadb_redis_tls_ca is defined and icingadb_redis_tls_key is defined %} -tls-cert-file {{ icingadb_redis_tls_cert }} -tls-key-file {{ icingadb_redis_tls_key }} -tls-ca-cert-file {{ icingadb_redis_tls_ca }} -{% endif %}