Add new Redis cookbook

This commit is contained in:
2021-11-16 13:25:30 -06:00
parent 80ec84782b
commit 18f65c4fc5
66 changed files with 5780 additions and 0 deletions

View File

@@ -0,0 +1,9 @@
<%
node.run_state[:ulimit][@domain].each do |item, entries|
entries.each do |type, value|
-%>
<%= @domain %> <%= type %> <%= item %> <%= value %>
<%
end
end
-%>

View File

@@ -0,0 +1,12 @@
[Unit]
Description=Redis persistent key-value database
After=network.target
[Service]
ExecStart=<%= @bin_path %>/redis-server /etc/redis/sentinel_%i.conf --sentinel --daemonize no
User=redis
Group=redis
LimitNOFILE=<%= @limit_nofile %>
[Install]
WantedBy=multi-user.target

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,96 @@
#!/bin/sh
#
# Simple Redis init.d script conceived to work on Linux systems
# as it does use of the /proc filesystem.
#
# description: Redis is an in memory key-value store database
#
### BEGIN INIT INFO
# Provides: redis<%= @port %>
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Required-Start: <%= @required_start %>
# Required-Stop: <%= @required_stop %>
# Description: redis<%= @port %> init script
### END INIT INFO
REDISNAME=<%= @name %>
REDISPORT=<%= @port %>
<% case @platform %>
<% when 'ubuntu','debian','fedora' %>
EXEC="su -s /bin/sh -c '<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${REDISNAME}.conf' <%= @user %>"
<% else %>
EXEC="runuser <%= @user %> -c \"<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${REDISNAME}.conf\""
<% end %>
CLIEXEC=<%= File.join(@bin_path, 'redis-cli') %>
<% connection_string = String.new %>
<% if @unixsocket.nil? %>
<% connection_string << " -p #{@port}" %>
<% connection_string << " -h #{@address.respond_to?(:first) ? @address.first : @address }" if @address %>
<% else %>
<% connection_string << " -s #{@unixsocket}" %>
<% end %>
<% connection_string << " -a '#{@requirepass}'" unless @requirepass.nil? %>
PIDFILE=<%= @piddir %>/redis_${REDISNAME}.pid
if [ ! -d <%= @piddir %> ]; then
mkdir -p <%= @piddir %>
chown <%= @user %> <%= @piddir %>
fi
ulimit -n <%= @ulimit %>
case "$1" in
status)
if [ -f $PIDFILE ]
then
echo "redis$REDISNAME $PIDFILE exists, pid is $(cat $PIDFILE), should be running"
ps -p $(cat $PIDFILE) >/dev/null 2>&1
exit $?
else
echo "redis$REDISNAME $PIDFILE doesn't exist"
exit 3
fi
;;
start)
if [ -f $PIDFILE ]
then
echo "$PIDFILE exists, process is already running or crashed"
PIDNUM=`cat $PIDFILE`
PROCESS_RUNNING=`ps --no-headers -q $PIDNUM | wc -l`
if [ ! $PROCESS_RUNNING -eq 1 ]
then
echo "The PID doesn't exists, restarting it."
rm $PIDFILE
eval $EXEC
fi
else
echo "Starting Redis server..."
eval $EXEC
fi
;;
stop)
if [ ! -f $PIDFILE ]
then
echo "$PIDFILE does not exist, process is not running"
else
PID=$(cat $PIDFILE)
echo "Stopping ..."
<%= "$CLIEXEC #{connection_string} save" if @shutdown_save %>
$CLIEXEC <%= connection_string %> shutdown
while [ -x /proc/${PID} ]
do
echo "Waiting for Redis to shutdown ..."
sleep 1
done
echo "Redis stopped"
fi
;;
*)
echo "Please use start or stop as first argument"
;;
esac

View File

@@ -0,0 +1,69 @@
#!/bin/sh
#
#
# PROVIDE: redis<%= @name %>
# REQUIRE: LOGIN
# BEFORE: securelevel
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable `redis':
#
#redis<%= @name %>_enable="YES"
#
# Define profiles here to run separate redis instances:
#
#redis_profiles="foo bar" # Script uses /usr/local/etc/redis-NAME.conf respectively.
# For correct script working please update pidfile entries in
# redis-NAME.conf files.
. /etc/rc.subr
name="redis<%= @name %>"
rcvar="${name}_enable"
extra_commands="reload"
command="<%= File.join(@bin_path, 'redis-server') %>"
pidfile="<%= @piddir %>/redis_<%=@name%>.pid"
# read configuration and set defaults
load_rc_config "$name"
: ${redis<%= @name %>_enable="NO"}
: ${redis_user="<%= @user %>"}
: ${redis_config="<%= @configdir %>/<%= @name %>.conf"}
command_args="${redis_config}"
required_files="${redis_config}"
_profile_exists() {
for _p in ${redis_profiles}; do
[ "${_p}" = "$1" ] && return 1;
done
return 0
}
if [ $# -eq 2 ]; then
_profile=$2
_profile_exists $_profile
_exists=$?
[ ${_exists} -ne 1 ] && {
echo "`basename /usr/local/etc/rc.d/redis`: no '$2' in 'redis_profiles'"
exit 1
};
echo "-- Profile: ${name} --"
config_file="/usr/local/etc/redis/${name}.conf"
command_args="${config_file}"
pidfile="<%= @piddir %>/${name}.pid"
required_files="${config_file}"
elif [ -n "${redis_profiles}" ]; then
_swap=$*; shift; _profiles=$*
_profiles=${_profiles:-${redis_profiles}}
set -- ${_swap}
for _profile in ${_profiles}; do
/usr/local/etc/rc.d/redis $1 ${_profile}
done
exit 0
fi
run_rc_command "$1"

View File

@@ -0,0 +1,19 @@
description "Start the redis instance on port <%= @port %>"
author "Installed by chef redisio cookbook"
#start on runlevel [2345]
stop on runlevel [06]
script
if [ ! -d <%= @piddir %> ]; then
mkdir -p <%= @piddir %>
chown <%= @user %>:<%= @group %> <%= @piddir %>
fi
end script
# If the job exits, restart it. Give up with more than 10 restarts in 30 seconds.
respawn
respawn limit 10 30
exec su -s /bin/sh -c 'exec "$0" "$@"' <%= @user %> <%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/<%= @name %>.conf

View File

@@ -0,0 +1,12 @@
[Unit]
Description=Redis (%i) persistent key-value database
After=network.target
[Service]
ExecStart=<%= @bin_path %>/redis-server /etc/redis/%i.conf --daemonize no
User=<%= @user %>
Group=<%= @group %>
LimitNOFILE=<%= @limit_nofile %>
[Install]
WantedBy=multi-user.target

View File

@@ -0,0 +1,203 @@
# Example sentinel.conf
# redisio Cookbook additions
<% if @job_control == 'initd' || @job_control == 'rcinit' %>
daemonize yes
<% end %>
pidfile <%= @piddir %>/sentinel_<%=@name%>.pid
loglevel <%=@loglevel%>
syslog-enabled <%= @syslogenabled %>
syslog-ident redis-<%= @name %>
syslog-facility <%= @syslogfacility %>
<%= "logfile #{@logfile}" unless @logfile.nil? %>
<% if @sentinel_bind %>
bind <%=@sentinel_bind%>
<% end %>
<% if @protected_mode %>
<%= "protected-mode #{@protected_mode}" %>
<% end %>
# port <sentinel-port>
# The port that this sentinel instance will run on
port <%=@sentinel_port%>
# sentinel announce-ip <ip>
# sentinel announce-port <port>
#
# The above two configuration directives are useful in environments where,
# because of NAT, Sentinel is reachable from outside via a non-local address.
#
# When announce-ip is provided, the Sentinel will claim the specified IP address
# in HELLO messages used to gossip its presence, instead of auto-detecting the
# local address as it usually does.
#
# Similarly when announce-port is provided and is valid and non-zero, Sentinel
# will announce the specified TCP port.
#
# The two options don't need to be used together, if only announce-ip is
# provided, the Sentinel will announce the specified IP and the server port
# as specified by the "port" option. If only announce-port is provided, the
# Sentinel will announce the auto-detected local IP and the specified port.
#
# Example:
#
# sentinel announce-ip 1.2.3.4
<%= "sentinel announce-ip #{@announce_ip}" unless @announce_ip.nil? %>
<%= "sentinel announce-port #{@announce_port}" unless @announce_port.nil? %>
# sentinel monitor <master-name> <ip> <redis-port> <quorum>
#
# Tells Sentinel to monitor this slave, and to consider it in O_DOWN
# (Objectively Down) state only if at least <quorum> sentinels agree.
#
# Note: master name should not include special characters or spaces.
# The valid charset is A-z 0-9 and the three characters ".-_".
# sentinel monitor mymaster 127.0.0.1 6379 2
<% @masters.each do |current| %>
<% calc_name = String(current['master_name'] || @name || 'master_name') %>
<%= "sentinel monitor #{calc_name} #{current['master_ip']} #{current['master_port']} #{current['quorum_count']}" %>
<% end %>
# sentinel auth-pass <master-name> <password>
#
# Set the password to use to authenticate with the master and slaves.
# Useful if there is a password set in the Redis instances to monitor.
#
# Note that the master password is also used for slaves, so it is not
# possible to set a different password in masters and slaves instances
# if you want to be able to monitor these instances with Sentinel.
#
# However you can have Redis instances without the authentication enabled
# mixed with Redis instances requiring the authentication (as long as the
# password set is the same for all the instances requiring the password) as
# the AUTH command will have no effect in Redis instances with authentication
# switched off.
#
# Example:
#
# sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
<% @masters.each do |current| %>
<% calc_name = String(current['master_name'] || @name || 'master_name') %>
<%= "sentinel auth-pass #{calc_name} #{current['auth_pass']}" unless current['auth_pass'].nil? %>
<% end %>
# sentinel down-after-milliseconds <master-name> <milliseconds>
#
# Number of milliseconds the master (or any attached slave or sentinel) should
# be unreachable (as in, not acceptable reply to PING, continuously, for the
# specified period) in order to consider it in S_DOWN state (Subjectively
# Down).
#
# Default is 30 seconds.
<% @masters.each do |current| %>
<% calc_name = String(current['master_name'] || @name || 'master_name') %>
<%= "sentinel down-after-milliseconds #{calc_name} #{current['down_after_milliseconds']}" unless current['down_after_milliseconds'].nil? %>
<% end %>
# sentinel parallel-syncs <master-name> <numslaves>
#
# How many slaves we can reconfigure to point to the new slave simultaneously
# during the failover. Use a low number if you use the slaves to serve query
# to avoid that all the slaves will be unreachable at about the same
# time while performing the synchronization with the master.
<% @masters.each do |current| %>
<% calc_name = String(current['master_name'] || @name || 'master_name') %>
<%= "sentinel parallel-syncs #{calc_name} #{current['parallel_syncs']}" unless current['parallel_syncs'].nil? %>
<% end %>
# sentinel failover-timeout <master-name> <milliseconds>
#
# Specifies the failover timeout in milliseconds. When this time has elapsed
# without any progress in the failover process, it is considered concluded by
# the sentinel even if not all the attached slaves were correctly configured
# to replicate with the new master (however a "best effort" SLAVEOF command
# is sent to all the slaves before).
#
# Also when 25% of this time has elapsed without any advancement, and there
# is a leader switch (the sentinel did not started the failover but is now
# elected as leader), the sentinel will continue the failover doing a
# "takeover".
#
# Default is 15 minutes.
<% @masters.each do |current| %>
<% calc_name = String(current['master_name'] || @name || 'master_name') %>
<%= "sentinel failover-timeout #{calc_name} #{current['failover_timeout']}" unless current['failover_timeout'].nil? %>
<% end %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 || @version[:major].to_i > 3 %>
# SCRIPTS EXECUTION
#
# sentinel notification-script and sentinel reconfig-script are used in order
# to configure scripts that are called to notify the system administrator
# or to reconfigure clients after a failover. The scripts are executed
# with the following rules for error handling:
#
# If script exists with "1" the execution is retried later (up to a maximum
# number of times currently set to 10).
#
# If script exists with "2" (or an higher value) the script execution is
# not retried.
#
# If script terminates because it receives a signal the behavior is the same
# as exit code 1.
#
# A script has a maximum running time of 60 seconds. After this limit is
# reached the script is terminated with a SIGKILL and the execution retried.
# NOTIFICATION SCRIPT
#
# sentinel notification-script <master-name> <script-path>
#
# Call the specified notification script for any sentienl event that is
# generated in the WARNING level (for instance -sdown, -odown, and so forth).
# This script should notify the system administrator via email, SMS, or any
# other messaging system, that there is something wrong with the monitored
# Redis systems.
#
# The script is called with just two arguments: the first is the event type
# and the second the event description.
#
# The script must exist and be executable in order for sentinel to start if
# this option is provided.
#
# Example:
#
# sentinel notification-script mymaster /var/redis/notify.sh
<%= "sentinel notification-script #{@name} #{@notification_script}" unless @notification_script.nil? %>
# CLIENTS RECONFIGURATION SCRIPT
#
# sentinel client-reconfig-script <master-name> <script-path>
#
# When the failover starts, ends, or is aborted, a script can be called in
# order to perform application-specific tasks to notify the clients that the
# configuration has changed and the master is at a different address.
#
# The script is called in the following cases:
#
# Failover started (a slave is already promoted)
# Failover finished (all the additional slaves already reconfigured)
# Failover aborted (in that case the script was previously called when the
# failover started, and now gets called again with swapped
# addresses).
#
# The following arguments are passed to the script:
#
# <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port>
#
# <state> is "start", "end" or "abort"
# <role> is either "leader" or "observer"
#
# The arguments from-ip, from-port, to-ip, to-port are used to communicate
# the old address of the master and the new address of the elected slave
# (now a master) in the case state is "start" or "end".
#
# For abort instead the "from" is the address of the promoted slave and
# "to" is the address of the original master address, since the failover
# was aborted.
#
# This script should be resistant to multiple invocations.
#
# Example:
#
# sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
<%= "sentinel client-reconfig-script #{@name} #{@client_reconfig_script}" unless @client_reconfig_script.nil? %>
<% end %>

View File

@@ -0,0 +1,78 @@
#!/bin/sh
#
# Simple Redis init.d script conceived to work on Linux systems
# as it does use of the /proc filesystem.
#
# description: Redis is an in memory key-value store database
#
### BEGIN INIT INFO
# Provides: redissentinel_<%=@name%>
# Required-Start:
# Required-Stop:
# Should-Start:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description:
# Description: redissentinel_<%=@name%> init script
### END INIT INFO
SENTINELNAME=<%= @name %>
<% case @platform %>
<% when 'ubuntu','debian','fedora' %>
EXEC="su -s /bin/sh -c '<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${SENTINELNAME}.conf --sentinel' <%= @user %>"
<% else %>
EXEC="runuser <%= @user %> -c \"<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${SENTINELNAME}.conf --sentinel\""
<% end %>
CLIEXEC=<%= File.join(@bin_path, 'redis-cli') %>
PIDFILE=<%= @piddir %>/${SENTINELNAME}.pid
if [ ! -d <%= @piddir %> ]; then
mkdir -p <%= @piddir %>
chown <%= @user %> <%= @piddir %>
fi
case "$1" in
status)
if [ -f $PIDFILE ]
then
echo "redis$SENTINELNAME $PIDFILE exists, pid is $(cat $PIDFILE), should be running"
ps -p $(cat $PIDFILE) >/dev/null 2>&1
exit $?
else
echo "redis$SENTINELNAME $PIDFILE doesn't exist"
exit 3
fi
;;
start)
if [ -f $PIDFILE ]
then
echo "$PIDFILE exists, process is already running or crashed"
else
echo "Starting Redis server..."
eval $EXEC
fi
;;
stop)
if [ ! -f $PIDFILE ]
then
echo "$PIDFILE does not exist, process is not running"
else
PID=$(cat $PIDFILE)
echo "Stopping ..."
kill ${PID}
while [ -x /proc/${PID} ]
do
echo "Waiting for Redis to shutdown ..."
sleep 1
done
echo "Redis stopped"
fi
;;
*)
echo "Please use start or stop as first argument"
;;
esac

View File

@@ -0,0 +1,39 @@
#!/bin/sh
# PROVIDE: sentinel_<%=@name%>
# REQUIRE: LOGIN
# BEFORE: securelevel
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable `sentinel':
#
#redis_<%= @name %>_enable="YES"
#
. /etc/rc.subr
name="redis_<%= @name %>"
rcvar="${name}_enable"
command="<%= File.join(@bin_path, 'redis-sentinel') %>"
pidfile="<%= @piddir %>/<%=@name%>.pid"
# read configuration and set defaults
load_rc_config "$name"
: ${sentinel_enable="NO"}
: ${sentinel_user="<%= @user %>"}
: ${sentinel_config="<%= @configdir %>/<%= @name %>.conf"}
command_args="${sentinel_config} --daemonize yes --pidfile ${pidfile}"
required_files="${sentinel_config}"
start_precmd="sentinel_checks"
restart_precmd="sentinel_checks"
sentinel_checks()
{
if [ x`id -u ${sentinel_user}` != x`stat -f %u ${sentinel_config}` ]; then
err 1 "${sentinel_config} must be owned by user ${sentinel_user}"
fi
}
run_rc_command "$1"

View File

@@ -0,0 +1,19 @@
description "Start the redis-sentinel instance on port <%= @port %>"
author "Installed by chef redisio cookbook"
#start on runlevel [2345]
stop on runlevel [06]
script
if [ ! -d <%= @piddir %> ]; then
mkdir -p <%= @piddir %>
chown <%= @user %>:<%= @group %> <%= @piddir %>
fi
end script
# If the job exits, restart it. Give up with more than 10 restarts in 30 seconds.
respawn
respawn limit 10 30
exec su -s /bin/sh -c 'exec "$0" "$@"' -- <%= @user %> <%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/<%= @name %>.conf --sentinel

View File

@@ -0,0 +1,62 @@
#
# The PAM configuration file for the Shadow `su' service
#
# This file modified by Chef to enable ulimit switching with `su`
#
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth required pam_wheel.so
# Uncomment this if you want wheel members to be able to
# su without a password.
# auth sufficient pam_wheel.so trust
# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth required pam_wheel.so deny group=nosu
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
#
# "nopen" stands to avoid reporting new mail when su'ing to another user
session optional pam_mail.so nopen
# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session

View File

@@ -0,0 +1,32 @@
# Limits settings for <%= @ulimit_user %>
<% unless @filehandle_limit.nil? -%>
<%= @ulimit_user -%> - nofile <%= @filehandle_limit %>
<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%>
<% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%>
<% end -%>
<% unless @process_limit.nil? -%>
<%= @ulimit_user -%> - nproc <%= @process_limit %>
<% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%>
<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%>
<% end -%>
<% unless @memory_limit.nil? -%>
<%= @ulimit_user -%> - memlock <%= @memory_limit %>
<% end -%>
<% unless @core_limit.nil? -%>
<%= @ulimit_user -%> - core <%= @core_limit %>
<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%>
<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%>
<% end -%>
<% unless @stack_limit.nil? -%>
<%= @ulimit_user -%> - stack <%= @stack_limit %>
<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%>
<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%>
<% end -%>
<% unless @rtprio_limit.nil? -%>
<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %>
<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%>
<% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%>
<% end -%>
<% unless @virt_limit.nil? -%>
<%= @ulimit_user -%> - as <%= @virt_limit %>
<% end -%>