From c8a204b3b165479ef63cc6f9e96cad68ee48f424 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 5 Aug 2023 17:53:22 +0200 Subject: [PATCH 1/6] refactor: move to podman container setup --- defaults/main.yml | 67 ++++++---- handlers/main.yml | 7 +- meta/main.yml | 8 +- molecule/centos7/converge.yml | 9 -- molecule/centos7/molecule.yml | 24 ---- molecule/default | 2 +- molecule/requirements.yml | 10 +- molecule/rocky8/converge.yml | 5 - molecule/rocky8/create.yml | 120 ------------------ molecule/rocky8/destroy.yml | 78 ------------ molecule/rocky8/prepare.yml | 15 --- molecule/rocky8/tests/test_default.py | 18 --- molecule/rocky9/converge.yml | 9 ++ molecule/{centos7 => rocky9}/create.yml | 0 molecule/rocky9/default | 1 + molecule/{centos7 => rocky9}/destroy.yml | 0 molecule/{rocky8 => rocky9}/molecule.yml | 4 +- molecule/{centos7 => rocky9}/prepare.yml | 0 .../{centos7 => rocky9}/tests/test_default.py | 0 tasks/main.yml | 64 ++++++++-- tasks/overwrites.yml | 5 - tasks/setup.yml | 29 ----- .../etc/containers/systemd/redis.container.j2 | 37 ++++++ templates/etc/containers/systemd/redis.env.j2 | 17 +++ .../etc/containers/systemd/redis.network.j2 | 19 +++ templates/etc/redis.conf.j2 | 61 --------- vars/redhat-7.yml | 3 - vars/redhat-8.yml | 3 - 28 files changed, 193 insertions(+), 422 deletions(-) delete mode 100644 molecule/centos7/converge.yml delete mode 100644 molecule/centos7/molecule.yml delete mode 100644 molecule/rocky8/converge.yml delete mode 100644 molecule/rocky8/create.yml delete mode 100644 molecule/rocky8/destroy.yml delete mode 100644 molecule/rocky8/prepare.yml delete mode 100644 molecule/rocky8/tests/test_default.py create mode 100644 molecule/rocky9/converge.yml rename molecule/{centos7 => rocky9}/create.yml (100%) create mode 120000 molecule/rocky9/default rename molecule/{centos7 => rocky9}/destroy.yml (100%) rename molecule/{rocky8 => rocky9}/molecule.yml (91%) rename molecule/{centos7 => rocky9}/prepare.yml (100%) rename molecule/{centos7 => rocky9}/tests/test_default.py (100%) delete mode 100644 tasks/overwrites.yml delete mode 100644 tasks/setup.yml create mode 100644 templates/etc/containers/systemd/redis.container.j2 create mode 100644 templates/etc/containers/systemd/redis.env.j2 create mode 100644 templates/etc/containers/systemd/redis.network.j2 delete mode 100644 templates/etc/redis.conf.j2 delete mode 100644 vars/redhat-7.yml delete mode 100644 vars/redhat-8.yml diff --git a/defaults/main.yml b/defaults/main.yml index b5316a5..89a2ad9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,30 +1,53 @@ --- -# @var redis_packages:description: > -# Define a list of packages to install. The default packages depend on the OS version. +redis_image: "docker.io/library/redis:latest" +redis_url: "http://localhost:3000" + +# @var redis_volumes:description: > Define required docker volumes. # @end -# @var redis_packages:default: $ "_unset_" +# @var redis_volumes:example: > +# redis_volumes: +# - name: data +# # target location inside the container +# dest: /data +# type: volume +# @end +redis_volumes: + - name: "redis-data" + dest: /data -# @var redis_packages_extra:description: Can be used to install other dependency packages. -redis_packages_extra: [] +# @var redis_network:description: > +# Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration. +# Otherwise, the network must already exist and the container will be attached to the network. +# @end +redis_network: "redis.network" +redis_network_ipv6_enabled: False +# @var redis_network_ipv6_subnet:value: $ "_unset_" +# @var redis_network_ipv6_subnet:example: $ "fd00:0:0:2::/64" +# @var redis_network_ipv6_gateway:value: $ "_unset_" +# @var redis_network_ipv6_gateway:example: $ "fd00:0:0:2::1" -redis_daemon: redis +# @var redis_network_ipv4_subnet:value: $ "_unset_" +# @var redis_network_ipv4_gateway:value: $ "_unset_" -redis_conf_path: /etc/redis.conf -redis_dbdir: /var/lib/redis -redis_logfile: /var/log/redis/redis.log -redis_pidfile: "/var/run/redis_{{ redis_port }}.pid" +# @var redis_exposed_ports:description: > +# Ports you want to publish outside of Docker. Redis is running on `6379` inside of the container. +# @end +redis_exposed_ports: [] -redis_daemonize: "no" -redis_supervised: "no" +redis_cap_add: [] +redis_cap_drop: [] -redis_port: 6379 -redis_bind_interface: 127.0.0.1 -# @var redis_unixsocket:value: $ "_unset_" -redis_timeout: 300 +redis_podman_args: + - --pids-limit=-1 + - --health-cmd='["redis-cli ping | grep PONG"]' + - --health-interval=5s + - --health-timeout=5s + - --health-retries=6 + - --health-on-failure=kill redis_loglevel: "notice" -# @var redis_logfile:description: Can be used to change the redis log file path +redis_timeout: 300 redis_databases: 16 # @var redis_save:description: Set to an empty set to disable persistence (saving the DB to disk). @@ -34,19 +57,9 @@ redis_save: - 60 10000 redis_rdbcompression: "yes" -redis_dbfilename: dump.rdb -# @var redis_dbdir:description: Can be used to change the redis dbdir path - -redis_maxmemory: 0 -redis_maxmemory_policy: "noeviction" -redis_maxmemory_samples: 5 - redis_appendonly: "no" redis_appendfsync: "everysec" -# @var redis_includes:description: Add extra include files for local configuration/overrides. -redis_includes: [] - # @var redis_requirepass:description: Require authentication to Redis with a password. # @var redis_requirepass:value: $ "_unset_" diff --git a/handlers/main.yml b/handlers/main.yml index ac5fbdd..216ac62 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,10 +1,7 @@ --- - name: Restart Redis service: - name: "{{ redis_daemon }}" + name: redis state: restarted - daemon_reload: yes - enabled: yes + daemon_reload: True listen: __redis_restart - become: True - become_user: root diff --git a/meta/main.yml b/meta/main.yml index c700d01..445d06b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -14,10 +14,14 @@ galaxy_info: # @end description: Setup Redis server license: MIT - min_ansible_version: # + min_ansible_version: "2.10" platforms: - name: EL versions: - - 7 + - "9" galaxy_tags: [] dependencies: [] +collections: + - xoxys.general + - community.general + - containers.podman diff --git a/molecule/centos7/converge.yml b/molecule/centos7/converge.yml deleted file mode 100644 index 26c16d1..0000000 --- a/molecule/centos7/converge.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Converge - hosts: all - vars: - redis_packages_extra: - - https://repo.ius.io/ius-release-el7.rpm - - https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - roles: - - role: xoxys.redis diff --git a/molecule/centos7/molecule.yml b/molecule/centos7/molecule.yml deleted file mode 100644 index 2318956..0000000 --- a/molecule/centos7/molecule.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -dependency: - name: galaxy - options: - role-file: molecule/requirements.yml - requirements-file: molecule/requirements.yml - env: - ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false" -driver: - name: delegated -platforms: - - name: centos7-redis - image: centos-7 - server_type: cx11 -lint: | - /usr/local/bin/flake8 -provisioner: - name: ansible - env: - ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter} - ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library} - log: False -verifier: - name: testinfra diff --git a/molecule/default b/molecule/default index 62ea184..afa9fc6 120000 --- a/molecule/default +++ b/molecule/default @@ -1 +1 @@ -rocky8 \ No newline at end of file +rocky9 \ No newline at end of file diff --git a/molecule/requirements.yml b/molecule/requirements.yml index 46da115..927757f 100644 --- a/molecule/requirements.yml +++ b/molecule/requirements.yml @@ -1,6 +1,12 @@ --- collections: - - name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz + - name: https://gitea.rknet.org/ansible/xoxys.general + type: git - name: community.general + - name: containers.podman -roles: [] +roles: + - src: https://gitea.rknet.org/ansible/xoxys.podman + name: xoxys.podman + scm: git + version: main diff --git a/molecule/rocky8/converge.yml b/molecule/rocky8/converge.yml deleted file mode 100644 index 2b6715f..0000000 --- a/molecule/rocky8/converge.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: xoxys.redis diff --git a/molecule/rocky8/create.yml b/molecule/rocky8/create.yml deleted file mode 100644 index 719600d..0000000 --- a/molecule/rocky8/create.yml +++ /dev/null @@ -1,120 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - vars: - ssh_port: 22 - ssh_user: root - ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" - tasks: - - name: Create SSH key - user: - name: "{{ lookup('env', 'USER') }}" - generate_ssh_key: true - ssh_key_file: "{{ ssh_path }}" - force: true - register: generated_ssh_key - - - name: Register the SSH key name - set_fact: - ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}" - - - name: Register SSH key for test instance(s) - hcloud_ssh_key: - name: "{{ ssh_key_name }}" - public_key: "{{ generated_ssh_key.ssh_public_key }}" - state: present - - - name: Create molecule instance(s) - hcloud_server: - name: "{{ item.name }}" - server_type: "{{ item.server_type }}" - ssh_keys: - - "{{ ssh_key_name }}" - image: "{{ item.image }}" - location: "{{ item.location | default(omit) }}" - datacenter: "{{ item.datacenter | default(omit) }}" - user_data: "{{ item.user_data | default(omit) }}" - api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}" - state: present - register: server - loop: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: hetzner_jobs - until: hetzner_jobs.finished - retries: 300 - loop: "{{ server.results }}" - - - name: Create volume(s) - hcloud_volume: - name: "{{ item.name }}" - server: "{{ item.name }}" - location: "{{ item.location | default(omit) }}" - size: "{{ item.volume_size | default(10) }}" - api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}" - state: "present" - loop: "{{ molecule_yml.platforms }}" - when: item.volume | default(False) | bool - register: volumes - async: 7200 - poll: 0 - - - name: Wait for volume(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: hetzner_volumes - until: hetzner_volumes.finished - retries: 300 - when: volumes.changed - loop: "{{ volumes.results }}" - - # Mandatory configuration for Molecule to function. - - - name: Populate instance config dict - set_fact: - instance_conf_dict: - { - "instance": "{{ item.hcloud_server.name }}", - "ssh_key_name": "{{ ssh_key_name }}", - "address": "{{ item.hcloud_server.ipv4_address }}", - "user": "{{ ssh_user }}", - "port": "{{ ssh_port }}", - "identity_file": "{{ ssh_path }}", - "volume": "{{ item.item.item.volume | default(False) | bool }}", - } - loop: "{{ hetzner_jobs.results }}" - register: instance_config_dict - when: server.changed | bool - - - name: Convert instance config dict to a list - set_fact: - instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" - when: server.changed | bool - - - name: Dump instance config - copy: - content: | - # Molecule managed - - {{ instance_conf | to_nice_yaml(indent=2) }} - dest: "{{ molecule_instance_config }}" - when: server.changed | bool - - - name: Wait for SSH - wait_for: - port: "{{ ssh_port }}" - host: "{{ item.address }}" - search_regex: SSH - delay: 10 - loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}" - - - name: Wait for VM to settle down - pause: - seconds: 30 \ No newline at end of file diff --git a/molecule/rocky8/destroy.yml b/molecule/rocky8/destroy.yml deleted file mode 100644 index ed0b2ed..0000000 --- a/molecule/rocky8/destroy.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - tasks: - - name: Check existing instance config file - stat: - path: "{{ molecule_instance_config }}" - register: cfg - - - name: Populate the instance config - set_fact: - instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}" - - - name: Destroy molecule instance(s) - hcloud_server: - name: "{{ item.instance }}" - api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}" - state: absent - register: server - loop: "{{ instance_conf }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: hetzner_jobs - until: hetzner_jobs.finished - retries: 300 - loop: "{{ server.results }}" - - - pause: - seconds: 5 - - - name: Destroy volume(s) - hcloud_volume: - name: "{{ item.instance }}" - server: "{{ item.instance }}" - api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}" - state: "absent" - register: volumes - loop: "{{ instance_conf }}" - when: item.volume | default(False) | bool - async: 7200 - poll: 0 - - - name: Wait for volume(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: hetzner_volumes - until: hetzner_volumes.finished - retries: 300 - when: volumes.changed - loop: "{{ volumes.results }}" - - - name: Remove registered SSH key - hcloud_ssh_key: - name: "{{ instance_conf[0].ssh_key_name }}" - state: absent - when: (instance_conf | default([])) | length > 0 - - # Mandatory configuration for Molecule to function. - - - name: Populate instance config - set_fact: - instance_conf: {} - - - name: Dump instance config - copy: - content: | - # Molecule managed - - {{ instance_conf | to_nice_yaml(indent=2) }} - dest: "{{ molecule_instance_config }}" - when: server.changed | bool \ No newline at end of file diff --git a/molecule/rocky8/prepare.yml b/molecule/rocky8/prepare.yml deleted file mode 100644 index 183f4d3..0000000 --- a/molecule/rocky8/prepare.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: false - tasks: - - name: Bootstrap python for Ansible - raw: | - command -v python3 python || ( - (test -e /usr/bin/dnf && sudo dnf install -y python3) || - (test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) || - (test -e /usr/bin/yum && sudo yum -y -qq install python3) || - echo "Warning: Python not boostrapped due to unknown platform." - ) - become: true - changed_when: false diff --git a/molecule/rocky8/tests/test_default.py b/molecule/rocky8/tests/test_default.py deleted file mode 100644 index 9e9f612..0000000 --- a/molecule/rocky8/tests/test_default.py +++ /dev/null @@ -1,18 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ["MOLECULE_INVENTORY_FILE"] -).get_hosts("all") - - -def test_redis_running_and_enabled(host): - redis = host.service("redis") - assert redis.is_running - assert redis.is_enabled - - -def test_redis_socket(host): - # Verify the socket is listening for redis traffic - assert host.socket("tcp://127.0.0.1:6379").is_listening diff --git a/molecule/rocky9/converge.yml b/molecule/rocky9/converge.yml new file mode 100644 index 0000000..844654f --- /dev/null +++ b/molecule/rocky9/converge.yml @@ -0,0 +1,9 @@ +--- +- name: Converge + hosts: all + roles: + - role: xoxys.podman + - role: xoxys.redis + vars: + redis_exposed_ports: + - 127.0.0.1:6379:6379 diff --git a/molecule/centos7/create.yml b/molecule/rocky9/create.yml similarity index 100% rename from molecule/centos7/create.yml rename to molecule/rocky9/create.yml diff --git a/molecule/rocky9/default b/molecule/rocky9/default new file mode 120000 index 0000000..331d858 --- /dev/null +++ b/molecule/rocky9/default @@ -0,0 +1 @@ +default \ No newline at end of file diff --git a/molecule/centos7/destroy.yml b/molecule/rocky9/destroy.yml similarity index 100% rename from molecule/centos7/destroy.yml rename to molecule/rocky9/destroy.yml diff --git a/molecule/rocky8/molecule.yml b/molecule/rocky9/molecule.yml similarity index 91% rename from molecule/rocky8/molecule.yml rename to molecule/rocky9/molecule.yml index 1d18f06..53f8b82 100644 --- a/molecule/rocky8/molecule.yml +++ b/molecule/rocky9/molecule.yml @@ -9,8 +9,8 @@ dependency: driver: name: delegated platforms: - - name: rocky8-redis - image: rocky-8 + - name: rocky9-redis + image: rocky-9 server_type: cx11 lint: | /usr/local/bin/flake8 diff --git a/molecule/centos7/prepare.yml b/molecule/rocky9/prepare.yml similarity index 100% rename from molecule/centos7/prepare.yml rename to molecule/rocky9/prepare.yml diff --git a/molecule/centos7/tests/test_default.py b/molecule/rocky9/tests/test_default.py similarity index 100% rename from molecule/centos7/tests/test_default.py rename to molecule/rocky9/tests/test_default.py diff --git a/tasks/main.yml b/tasks/main.yml index b86f8ff..dfd5042 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,15 +1,53 @@ --- -- include_vars: "{{ var_files }}" - vars: - var_files: "{{ lookup('first_found', params, errors='ignore') }}" - params: - files: - - "{{ ansible_lsb.id | default('') | lower }}.yml" - - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version }}.yml" - - "{{ ansible_os_family | lower }}.yml" - paths: - - "vars" - when: var_files +- block: + - name: Create network specs + template: + src: etc/containers/systemd/redis.network.j2 + dest: "/etc/containers/systemd/redis.network" + owner: root + group: root + mode: "0640" + when: redis_network | splitext | last == ".network" + notify: __redis_restart -- include_tasks: overwrites.yml -- include_tasks: setup.yml + - name: Create container volumes + containers.podman.podman_volume: + name: "{{ item.name }}" + options: "{{ item.options | default(omit) }}" + state: "{{ item.state | default('present') }}" + loop: "{{ redis_volumes }}" + loop_control: + label: "{{ item.name }}" + when: item.type | default("volume") | lower == "volume" + register: __redis_volumes_raw + + - name: Register container volumes map + set_fact: + __redis_volumes_map: "{{ __redis_volumes_raw.results | json_query('[].volume') | items2dict(key_name='Name', value_name='Mountpoint') }}" + + - name: Deploy redis env file + template: + src: etc/containers/systemd/redis.env.j2 + dest: "/etc/containers/systemd/redis.env" + owner: root + group: root + mode: "0640" + notify: __redis_restart + + - name: Create container specs + template: + src: etc/containers/systemd/redis.container.j2 + dest: "/etc/containers/systemd/redis.container" + owner: root + group: root + mode: "0640" + notify: __redis_restart + + - name: Ensure service state + systemd: + name: "redis.service" + state: started + daemon_reload: True + enabled: True + become: True + become_user: root diff --git a/tasks/overwrites.yml b/tasks/overwrites.yml deleted file mode 100644 index 49dd07b..0000000 --- a/tasks/overwrites.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Define redis_packages - set_fact: - redis_packages: "{{ __redis_packages | list }}" - when: redis_packages is not defined diff --git a/tasks/setup.yml b/tasks/setup.yml deleted file mode 100644 index 2ae49b2..0000000 --- a/tasks/setup.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- block: - - name: Ensure dependencies are installed - package: - name: "{{ item }}" - state: present - loop: "{{ redis_packages_extra }}" - - - name: Ensure Redis is installed - package: - name: "{{ item }}" - state: present - loop: "{{ redis_packages }}" - - - name: Ensure Redis is configured - template: - src: etc/redis.conf.j2 - dest: "{{ redis_conf_path }}" - mode: 0644 - notify: __redis_restart - - - name: Ensure Redis is up and running - service: - name: "{{ redis_daemon }}" - daemon_reload: yes - enabled: yes - state: started - become: True - become_user: root diff --git a/templates/etc/containers/systemd/redis.container.j2 b/templates/etc/containers/systemd/redis.container.j2 new file mode 100644 index 0000000..f2fa5f4 --- /dev/null +++ b/templates/etc/containers/systemd/redis.container.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: True +{{ ansible_managed | comment }} +[Install] +WantedBy=default.target + +[Service] +Restart=on-failure +RestartSec=5s + +EnvironmentFile=/etc/containers/systemd/redis.env +ExecReload=/usr/bin/podman kill --signal=SIGHUP %p + +[Container] +Image={{ redis_image }} +Exec=redis-server $REDIS_ARGS +User=999 +Group=999 +{% for item in redis_volumes %} +Volume={{ item.name }}:{{ item.dest }}{{ ":" + item.opts if item.opts is defined else "" }} +{% endfor %} +{% if (redis_cap_add + redis_cap_drop) | length > 0 %} + +{% if redis_cap_add | length > 0 %} +AddCapability={{ redis_cap_add | join(" ") }} +{% endif %} +{% if redis_cap_drop | length > 0 %} +DropCapability={{ redis_cap_drop | join(" ") }} +{% endif %} +{% endif %} + +Network={{ redis_network }} +{% for item in redis_exposed_ports %} +PublishPort={{ item }} +{% endfor %} +{% for item in redis_podman_args %} +PodmanArgs={{ item }} +{% endfor %} diff --git a/templates/etc/containers/systemd/redis.env.j2 b/templates/etc/containers/systemd/redis.env.j2 new file mode 100644 index 0000000..53a7e61 --- /dev/null +++ b/templates/etc/containers/systemd/redis.env.j2 @@ -0,0 +1,17 @@ +#jinja2: lstrip_blocks: True +{{ ansible_managed | comment }} +REDIS_ARGS=--timeout {{ redis_timeout }} --loglevel {{ redis_loglevel }} --databases {{ redis_databases }} \ + {% for save in redis_save %} + --save '{{ save }}'\ + {% endfor %} + --rdbcompression {{ redis_rdbcompression | bool | ternary("yes", "no") }} \ + --appendonly {{ redis_appendonly | bool | ternary("yes", "no") }} \ + --appendfsync {{ redis_appendfsync }} \ + --no-appendfsync-on-rewrite no \ + {% if redis_requirepass is defined %} + --requirepass {{ redis_requirepass }} \ + {% endif %} + {% for command in redis_disabled_commands %} + --rename-command '{{ command }} ""' \ + {% endfor %} + --port 6379 diff --git a/templates/etc/containers/systemd/redis.network.j2 b/templates/etc/containers/systemd/redis.network.j2 new file mode 100644 index 0000000..1afc038 --- /dev/null +++ b/templates/etc/containers/systemd/redis.network.j2 @@ -0,0 +1,19 @@ +#jinja2: lstrip_blocks: True +{{ ansible_managed | comment }} +[Network] +{% if redis_network_ipv4_subnet is defined %} +Subnet={{ redis_network_ipv4_subnet }} +{% endif %} +{% if redis_network_ipv4_gateway is defined %} +Gateway={{ redis_network_ipv4_gateway }} +{% endif %} +IPv6={{ redis_network_ipv6_enabled | bool | lower }} +{% if redis_network_ipv6_enabled | bool %} +{% if redis_network_ipv6_subnet is defined %} +Subnet={{ redis_network_ipv6_subnet }} +{% endif %} +{% if redis_network_ipv6_gateway is defined %} +Gateway={{ redis_network_ipv6_gateway }} +{% endif %} +{% endif %} +Label=app=redis diff --git a/templates/etc/redis.conf.j2 b/templates/etc/redis.conf.j2 deleted file mode 100644 index 5f42abf..0000000 --- a/templates/etc/redis.conf.j2 +++ /dev/null @@ -1,61 +0,0 @@ -#jinja2: lstrip_blocks: True -{{ ansible_managed | comment }} - -daemonize {{ redis_daemonize | bool | ternary("yes", "no") }} -supervised {{ redis_supervised }} -pidfile {{ redis_pidfile }} -port {{ redis_port }} -bind {{ redis_bind_interface }} -{% if redis_unixsocket is defined and redis_unixsocket %} - -unixsocket {{ redis_unixsocket }} -{% endif %} - -timeout {{ redis_timeout }} - -loglevel {{ redis_loglevel }} -logfile {{ redis_logfile }} - -# To enable logging to the system logger, just set 'syslog-enabled' to yes, -# and optionally update the other syslog parameters to suit your needs. -# syslog-enabled no -# syslog-ident redis -# syslog-facility local0 - -databases {{ redis_databases }} - -{% for save in redis_save %} -save {{ save }} -{% endfor %} - -rdbcompression {{ redis_rdbcompression | bool | ternary("yes", "no") }} -dbfilename {{ redis_dbfilename }} -dir {{ redis_dbdir }} - -# maxclients 128 -{% if redis_maxmemory %} - -maxmemory {{ redis_maxmemory }} -maxmemory-policy {{ redis_maxmemory_policy }} -maxmemory-samples {{ redis_maxmemory_samples }} -{% endif %} - -appendonly {{ redis_appendonly | bool | ternary("yes", "no") }} -appendfsync {{ redis_appendfsync }} -no-appendfsync-on-rewrite no -{% if redis_includes %} - -{% for include in redis_includes %} -include {{ include }} -{% endfor %} -{% endif %} -{% if redis_requirepass is defined and redis_requirepass %} - -requirepass {{ redis_requirepass }} -{% endif %} -{% if redis_disabled_commands %} - -{% for command in redis_disabled_commands %} -rename-command {{ command }} "" -{% endfor %} -{% endif %} diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml deleted file mode 100644 index aaf8924..0000000 --- a/vars/redhat-7.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -__redis_packages: - - redis6 diff --git a/vars/redhat-8.yml b/vars/redhat-8.yml deleted file mode 100644 index fc755e8..0000000 --- a/vars/redhat-8.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -__redis_packages: - - "@redis:6" -- 2.45.2 From ea4df9fc6226abd697b9c64e30b004495c26795f Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 5 Aug 2023 17:58:53 +0200 Subject: [PATCH 2/6] fix ci config --- .drone.jsonnet | 8 +++----- .drone.yml | 42 ++++-------------------------------------- 2 files changed, 7 insertions(+), 43 deletions(-) diff --git a/.drone.jsonnet b/.drone.jsonnet index a4051ea..2f70f7e 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -41,7 +41,7 @@ local PipelineLinting = { }, }; -local PipelineDeployment(scenario='centos7') = { +local PipelineDeployment(scenario='rocky9') = { kind: 'pipeline', name: 'testing-' + scenario, platform: { @@ -115,8 +115,7 @@ local PipelineDocumentation = { ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'], }, depends_on: [ - 'testing-centos7', - 'testing-rocky8', + 'testing-rocky9', ], }; @@ -154,8 +153,7 @@ local PipelineNotification = { [ PipelineLinting, - PipelineDeployment(scenario='centos7'), - PipelineDeployment(scenario='rocky8'), + PipelineDeployment(scenario='rocky9'), PipelineDocumentation, PipelineNotification, ] diff --git a/.drone.yml b/.drone.yml index c890d9f..8050cc6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -36,7 +36,7 @@ trigger: --- kind: pipeline -name: testing-centos7 +name: testing-rocky9 platform: os: linux @@ -53,40 +53,7 @@ steps: - name: ansible-molecule image: thegeeklab/molecule:4 commands: - - molecule test -s centos7 - environment: - HCLOUD_TOKEN: - from_secret: hcloud_token - -trigger: - ref: - - refs/heads/main - - refs/tags/** - - refs/pull/** - -depends_on: - - linting - ---- -kind: pipeline -name: testing-rocky8 - -platform: - os: linux - arch: amd64 - -concurrency: - limit: 1 - -workspace: - base: /drone/src - path: ${DRONE_REPO_NAME} - -steps: - - name: ansible-molecule - image: thegeeklab/molecule:4 - commands: - - molecule test -s rocky8 + - molecule test -s rocky9 environment: HCLOUD_TOKEN: from_secret: hcloud_token @@ -141,8 +108,7 @@ trigger: - refs/pull/** depends_on: - - testing-centos7 - - testing-rocky8 + - testing-rocky9 --- kind: pipeline @@ -182,6 +148,6 @@ depends_on: --- kind: signature -hmac: dec6aa01a8f45bf0df631d884b32a8f54cbec15cf265d35df7e35c123f8bf106 +hmac: 053e75bd2320d802f29f8332d78cdb4b2c838315d678b7d1dc687d58dadc097c ... -- 2.45.2 From 3bebe077a8a105b3e7a7608897c5feb47d97ae61 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 5 Aug 2023 22:38:59 +0200 Subject: [PATCH 3/6] cleanup --- defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 89a2ad9..39cdd85 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,5 @@ --- redis_image: "docker.io/library/redis:latest" -redis_url: "http://localhost:3000" # @var redis_volumes:description: > Define required docker volumes. # @end -- 2.45.2 From 2c2b3f789c560da8e50e2e1bb086c3b88eb185b4 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 5 Aug 2023 23:49:35 +0200 Subject: [PATCH 4/6] use dedicated systemd env file --- defaults/main.yml | 2 +- tasks/main.yml | 9 ++++++--- .../etc/containers/systemd/redis.container.j2 | 3 ++- templates/etc/containers/systemd/redis.env.j2 | 15 --------------- .../etc/containers/systemd/redis.env.sys.j2 | 17 +++++++++++++++++ 5 files changed, 26 insertions(+), 20 deletions(-) create mode 100644 templates/etc/containers/systemd/redis.env.sys.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 39cdd85..443190d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -44,7 +44,7 @@ redis_podman_args: - --health-retries=6 - --health-on-failure=kill -redis_loglevel: "notice" +redis_log_level: "notice" redis_timeout: 300 redis_databases: 16 diff --git a/tasks/main.yml b/tasks/main.yml index dfd5042..fe925b2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -25,13 +25,16 @@ set_fact: __redis_volumes_map: "{{ __redis_volumes_raw.results | json_query('[].volume') | items2dict(key_name='Name', value_name='Mountpoint') }}" - - name: Deploy redis env file + - name: Deploy redis env files template: - src: etc/containers/systemd/redis.env.j2 - dest: "/etc/containers/systemd/redis.env" + src: "etc/containers/systemd/{{ item }}.j2" + dest: "/etc/containers/systemd/{{ item }}" owner: root group: root mode: "0640" + loop: + - redis.env + - redis.sys.env notify: __redis_restart - name: Create container specs diff --git a/templates/etc/containers/systemd/redis.container.j2 b/templates/etc/containers/systemd/redis.container.j2 index f2fa5f4..a0653da 100644 --- a/templates/etc/containers/systemd/redis.container.j2 +++ b/templates/etc/containers/systemd/redis.container.j2 @@ -7,12 +7,13 @@ WantedBy=default.target Restart=on-failure RestartSec=5s -EnvironmentFile=/etc/containers/systemd/redis.env +EnvironmentFile=/etc/containers/systemd/redis.sys.env ExecReload=/usr/bin/podman kill --signal=SIGHUP %p [Container] Image={{ redis_image }} Exec=redis-server $REDIS_ARGS +EnvironmentFile=/etc/containers/systemd/redis.env User=999 Group=999 {% for item in redis_volumes %} diff --git a/templates/etc/containers/systemd/redis.env.j2 b/templates/etc/containers/systemd/redis.env.j2 index 53a7e61..ff34a98 100644 --- a/templates/etc/containers/systemd/redis.env.j2 +++ b/templates/etc/containers/systemd/redis.env.j2 @@ -1,17 +1,2 @@ #jinja2: lstrip_blocks: True {{ ansible_managed | comment }} -REDIS_ARGS=--timeout {{ redis_timeout }} --loglevel {{ redis_loglevel }} --databases {{ redis_databases }} \ - {% for save in redis_save %} - --save '{{ save }}'\ - {% endfor %} - --rdbcompression {{ redis_rdbcompression | bool | ternary("yes", "no") }} \ - --appendonly {{ redis_appendonly | bool | ternary("yes", "no") }} \ - --appendfsync {{ redis_appendfsync }} \ - --no-appendfsync-on-rewrite no \ - {% if redis_requirepass is defined %} - --requirepass {{ redis_requirepass }} \ - {% endif %} - {% for command in redis_disabled_commands %} - --rename-command '{{ command }} ""' \ - {% endfor %} - --port 6379 diff --git a/templates/etc/containers/systemd/redis.env.sys.j2 b/templates/etc/containers/systemd/redis.env.sys.j2 new file mode 100644 index 0000000..67df317 --- /dev/null +++ b/templates/etc/containers/systemd/redis.env.sys.j2 @@ -0,0 +1,17 @@ +#jinja2: lstrip_blocks: True +{{ ansible_managed | comment }} +REDIS_ARGS=--timeout {{ redis_timeout }} --loglevel {{ redis_log_level }} --databases {{ redis_databases }} \ + {% for save in redis_save %} + --save '{{ save }}'\ + {% endfor %} + --rdbcompression {{ redis_rdbcompression | bool | ternary("yes", "no") }} \ + --appendonly {{ redis_appendonly | bool | ternary("yes", "no") }} \ + --appendfsync {{ redis_appendfsync }} \ + --no-appendfsync-on-rewrite no \ + {% if redis_requirepass is defined %} + --requirepass {{ redis_requirepass }} \ + {% endif %} + {% for command in redis_disabled_commands %} + --rename-command '{{ command }} ""' \ + {% endfor %} + --port 6379 -- 2.45.2 From 2e74894d60e94e55e83060f475457e587e2426e6 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sun, 6 Aug 2023 00:05:21 +0200 Subject: [PATCH 5/6] fix template name --- .../etc/containers/systemd/{redis.env.sys.j2 => redis.sys.env.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename templates/etc/containers/systemd/{redis.env.sys.j2 => redis.sys.env.j2} (100%) diff --git a/templates/etc/containers/systemd/redis.env.sys.j2 b/templates/etc/containers/systemd/redis.sys.env.j2 similarity index 100% rename from templates/etc/containers/systemd/redis.env.sys.j2 rename to templates/etc/containers/systemd/redis.sys.env.j2 -- 2.45.2 From a8719e10553122f943c965cd2a5a5d629d169fe5 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 8 Aug 2023 21:47:04 +0200 Subject: [PATCH 6/6] cleanup --- templates/etc/containers/systemd/redis.container.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/etc/containers/systemd/redis.container.j2 b/templates/etc/containers/systemd/redis.container.j2 index a0653da..7d44224 100644 --- a/templates/etc/containers/systemd/redis.container.j2 +++ b/templates/etc/containers/systemd/redis.container.j2 @@ -8,7 +8,6 @@ Restart=on-failure RestartSec=5s EnvironmentFile=/etc/containers/systemd/redis.sys.env -ExecReload=/usr/bin/podman kill --signal=SIGHUP %p [Container] Image={{ redis_image }} -- 2.45.2