kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Set up Redis using the latest version of redisio

Browse Source 
This replaces the deprecated redis cookbook. Compiles the latest version
of Redis, currently 7.0.11

Refs #488
This commit is contained in:
Greg Karékinian
2023-06-19 16:02:58 +02:00
parent b164d7a444
commit 6116729907
119 changed files with 2568 additions and 7343 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cookbooks/redisio/.markdownlint-cli2.yaml Normal file
View File

@@ -0,0 +1,5 @@
config:
ul-indent: false # MD007
line-length: false # MD013
no-duplicate-heading: false # MD024
reference-links-images: false # MD052

97
cookbooks/redisio/CHANGELOG.md
View File

@@ -1,9 +1,106 @@
# redisio
This file is used to list changes made in each version of the redisio cookbook.
## 6.4.1 - *2023-05-16*
## 6.4.0 - *2023-04-26*
- Simplify `configure` and `sentinel` resources, making them idempotent
## 6.3.7 - *2023-04-25*
- Standardise files with files in sous-chefs/repo-management
## 6.3.6 - *2023-04-04*
- Standardise files with files in sous-chefs/repo-management
## 6.3.5 - *2023-04-01*
- Update workflows
## 6.3.5 - *2023-04-01*
- Standardise files with files in sous-chefs/repo-management
## 6.3.5 - *2023-04-01*
- Standardise files with files in sous-chefs/repo-management
## 6.3.4 - *2023-03-15*
- Standardise files with files in sous-chefs/repo-management
## 6.3.3 - *2023-02-15*
- Standardise files with files in sous-chefs/repo-management
## 6.3.2 - *2023-02-14*
- Standardise files with files in sous-chefs/repo-management
## 6.3.1 - *2022-12-06*
- Standardise files with files in sous-chefs/repo-management
## 6.3.0 - *2022-09-10*
- Version check fix for some Redis default settings to support Redis v4 and above.
## 6.2.4 - *2022-08-13*
- Fix systemd entry to ensure listening on all network interfaces ([#440](https://github.com/brianbianco/redisio/pull/440))
## 6.2.3 - *2022-08-12*
- Fix grammar in README.md
- Use latest instead of current channel with dokken
## 6.2.2 - *2022-04-25*
- Standardise files with files in sous-chefs/repo-management
## 6.2.1 - *2022-04-25*
- Fixes configdir permissions. Similar to [451](https://github.com/sous-chefs/redisio/pull/451)
- Deprecated `.foodcritic` configfile removed
## 6.2.0 - *2022-02-14*
- Adds support for Rocky Linux
## 6.1.3 - *2022-02-04*
- Remove references to selinux_policy cookbook
## 6.1.2 - *2022-02-03*
- Fixes configdir permissions preventing Sentinel to update the config file
## 6.1.1 - *2022-02-03*
- Remove delivery and move to calling RSpec directly via a reusable workflow
## 6.1.0 - *2021-09-15*
- Add protected mode to sentinel configuration file
## 6.0.0 - *2021-09-09*
- Set unified_mode true for Chef 17+ support
- Require Chef 15.3+ for unified_mode
- Require Chef 16 for user_ulimit resource
- Remove dependency on the ulimit cookbook
- Switch from using the selinux_policy cookbook to the selinux cookbook
- The selinux_policy cookbook is now deprecated. The resources have been moved
to the selinux cookbook
## 5.0.0 - *2021-09-08*
- resolved cookstyle error: attributes/default.rb:74:40 refactor: `Chef/Modernize/UseChefLanguageSystemdHelper`
## 4.3.2 - *2021-08-30*
- Standardise files with files in sous-chefs/repo-management

17
cookbooks/redisio/README.md
View File

@@ -49,7 +49,7 @@ Tested on:
The redisio cookbook contains LWRP for installing, configuring and managing redis and redis_sentinel.
The install recipe can build, compile and install redis from sources or install from packages. The configure recipe will configure redis and setup service resources. These resources will be named for the port of the redis server, unless a "name" attribute was specified. Example names would be: service["redis6379"] or service["redismaster"] if the name attribute was "master".
The install recipe can build, compile and install redis from sources or install from packages. The configure recipe will configure redis and set up service resources. These resources will be named for the port of the redis server, unless a "name" attribute was specified. Example names would be: service["redis6379"] or service["redismaster"] if the name attribute was "master".
_NOTE: currently installation from source is not supported for FreeBSD_
The most common use case for the redisio cookbook is to use the default recipe, followed by the enable recipe.
@@ -81,7 +81,7 @@ Redis-sentinel will write configuration and state data back into its configurati
### Role File Examples
#### Install redis and setup an instance with default settings on default port, and start the service through a role file
#### Install redis and set up an instance with default settings on default port, and start the service through a role file
```ruby
run_list *%w[
@@ -92,7 +92,7 @@ run_list *%w[
default_attributes({})
```
##### Install redis with packages and setup an instance with default settings on default port, and start the service through a role file
##### Install redis with packages and set up an instance with default settings on default port, and start the service through a role file
```ruby
run_list *%w[
@@ -151,7 +151,7 @@ default_attributes({
}
```
##### Install redis and setup two instances on the same server, on different ports, with one slaved to the other through a role file
##### Install redis and set up two instances on the same server, on different ports, with one slaved to the other through a role file
```ruby
run_list *%w[
@@ -169,7 +169,7 @@ default_attributes({
})
```
##### Install redis and setup two instances, on the same server, on different ports, with the default data directory changed to /mnt/redis, and the second instance named
##### Install redis and set up two instances, on the same server, on different ports, with the default data directory changed to /mnt/redis, and the second instance named
```ruby
run_list *%w[
@@ -185,7 +185,7 @@ default_attributes({
})
```
##### Install redis and setup three instances on the same server, changing the default data directory to /mnt/redis, each instance will use a different backup type, and one instance will use a different data dir
##### Install redis and set up three instances on the same server, changing the default data directory to /mnt/redis, each instance will use a different backup type, and one instance will use a different data dir
```ruby
run_list *%w[
@@ -230,7 +230,7 @@ run_list *%w[
]
```
#### Install redis and setup two instances, on the same server, on different ports, the second instance configuration file will be overwriten by chef
#### Install redis and set up two instances, on the same server, on different ports, the second instance configuration file will be overwriten by chef
```ruby
run_list *%w[
@@ -413,7 +413,8 @@ The sentinel recipe's use their own attribute file.
'logfile' => nil,
'syslogenabled' => 'yes',
'syslogfacility' => 'local0',
'quorum_count' => 2
'quorum_count' => 2,
'protected-mode' => nil,
```
* `redisio['redisio']['sentinel']['manage_config']` - Should the cookbook manage the redis and redis sentinel config files. This is best set to false when using redis_sentinel as it will write state into both configuration files.

13
cookbooks/redisio/attributes/default.rb
View File

@@ -2,12 +2,12 @@ package_bin_path = '/usr/bin'
config_dir = '/etc/redis'
default_package_install = false
case node['platform']
when 'ubuntu', 'debian'
case node['platform_family']
when 'debian'
shell = '/bin/false'
homedir = '/var/lib/redis'
package_name = 'redis-server'
when 'centos', 'redhat', 'scientific', 'amazon', 'suse', 'fedora'
when 'rhel', 'fedora'
shell = '/bin/sh'
homedir = '/var/lib/redis'
package_name = 'redis'
@@ -162,3 +162,10 @@ default['redisio']['bin_path'] = if node['redisio']['package_install']
else
'/usr/local/bin'
end
# Ulimit
default['ulimit']['pam_su_template_cookbook'] = nil
default['ulimit']['users'] = Mash.new
default['ulimit']['security_limits_directory'] = '/etc/security/limits.d'
default['ulimit']['ulimit_overriding_sudo_file_name'] = 'sudo'
default['ulimit']['ulimit_overriding_sudo_file_cookbook'] = nil

1
cookbooks/redisio/attributes/redis_sentinel.rb
View File

@@ -26,6 +26,7 @@ default['redisio']['sentinel_defaults'] = {
'announce-port' => nil,
'notification-script' => nil,
'client-reconfig-script' => nil,
'protected_mode' => nil,
}
# Manage Sentinel Config File

2
cookbooks/redisio/chefignore
View File

@@ -61,7 +61,7 @@ Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
kitchen*.yml
mlc_config.json
Procfile
Rakefile

8
cookbooks/redisio/files/sudo Normal file
View File

@@ -0,0 +1,8 @@
#%PAM-1.0
auth required pam_env.so readenv=1 user_readenv=0
auth required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
session required pam_limits.so
@include common-auth
@include common-account
@include common-session-noninteractive

46
cookbooks/redisio/kitchen.dokken.yml
View File

@@ -1,46 +0,0 @@
---
driver:
name: dokken
privileged: true
chef_version: current
env: [CHEF_LICENSE=accept]
transport:
name: dokken
provisioner:
name: dokken
deprecations_as_errors: true
verifier:
name: inspec
platforms:
- name: centos-7
driver:
image: dokken/centos-7
pid_one_command: /usr/lib/systemd/systemd
run_list:
- recipe[yum-epel::default]
- recipe[yum-remi::default]
- name: debian-9
driver:
image: dokken/debian-9
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: ubuntu-16.04
driver:
image: dokken/ubuntu-16.04
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: ubuntu-18.04
driver:
image: dokken/ubuntu-18.04
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update

9
cookbooks/redisio/metadata.json
View File

@@ -6,18 +6,17 @@
"maintainer_email": "help@sous-chefs.org",
"license": "Apache-2.0",
"platforms": {
"amazon": ">= 0.0.0",
"centos": ">= 0.0.0",
"debian": ">= 0.0.0",
"fedora": ">= 0.0.0",
"redhat": ">= 0.0.0",
"rocky": ">= 0.0.0",
"scientific": ">= 0.0.0",
"suse": ">= 0.0.0",
"ubuntu": ">= 0.0.0"
},
"dependencies": {
"ulimit": ">= 0.1.2",
"selinux_policy": ">= 2.2.0"
"selinux": ">= 0.0.0"
},
"providing": {
@@ -25,13 +24,13 @@
"recipes": {
},
"version": "5.0.0",
"version": "6.4.1",
"source_url": "https://github.com/sous-chefs/redisio",
"issues_url": "https://github.com/sous-chefs/redisio/issues",
"privacy": false,
"chef_versions": [
[
">= 15.5"
">= 16"
]
],
"ohai_versions": [

28
cookbooks/redisio/metadata.rb
View File

@@ -3,23 +3,19 @@ maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Installs and configures redis'
version '5.0.0'
version '6.4.1'
source_url 'https://github.com/sous-chefs/redisio'
issues_url 'https://github.com/sous-chefs/redisio/issues'
chef_version '>= 15.5'
chef_version '>= 16'
%w(
amazon
centos
debian
fedora
redhat
scientific
suse
ubuntu
).each do |os|
supports os
end
suports 'amazon'
supports 'centos'
supports 'debian'
supports 'fedora'
supports 'redhat'
supports 'rocky'
supports 'scientific'
supports 'suse'
supports 'ubuntu'
depends 'ulimit', '>= 0.1.2'
depends 'selinux_policy', '>= 2.2.0'
depends 'selinux'

576
cookbooks/redisio/providers/configure.rb
View File

@@ -1,9 +1,4 @@
action :run do
configure
new_resource.updated_by_last_action(true)
end
def configure
base_piddir = new_resource.base_piddir
if !new_resource.version
@@ -72,318 +67,311 @@ def configure
current['maxclients']
end
recipe_eval do
server_name = current['name'] || current['port']
piddir = "#{base_piddir}/#{server_name}"
aof_file = current['appendfilename'] || "#{current['datadir']}/appendonly-#{server_name}.aof"
rdb_file = current['dbfilename'] || "#{current['datadir']}/dump-#{server_name}.rdb"
server_name = current['name'] || current['port']
piddir = "#{base_piddir}/#{server_name}"
aof_file = current['appendfilename'] || "#{current['datadir']}/appendonly-#{server_name}.aof"
rdb_file = current['dbfilename'] || "#{current['datadir']}/dump-#{server_name}.rdb"
# Create the owner of the redis data directory
user current['user'] do
comment 'Redis service account'
manage_home true
home current['homedir']
shell current['shell']
system current['systemuser']
uid current['uid'] unless current['uid'].nil?
end
# Create the owner of the redis data directory
user current['user'] do
comment 'Redis service account'
manage_home true
home current['homedir']
shell current['shell']
system current['systemuser']
uid current['uid'] unless current['uid'].nil?
end
# Create the redis configuration directory
directory current['configdir'] do
owner 'root'
group platform_family?('freebsd') ? 'wheel' : 'root'
mode '0755'
recursive true
action :create
end
# Create the instance data directory
directory current['datadir'] do
owner current['user']
group current['group']
mode '0775'
recursive true
action :create
end
# Create the pid file directory
directory piddir do
# Create the redis configuration directory
directory current['configdir'] do
owner 'root'
group platform_family?('freebsd') ? 'wheel' : 'redis'
mode '0775'
recursive true
action :create
end
# Create the instance data directory
directory current['datadir'] do
owner current['user']
group current['group']
mode '0775'
recursive true
action :create
end
# Create the pid file directory
directory piddir do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
end
# Create the log directory if syslog is not being used
if log_directory
directory log_directory do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
end
# Create the log directory if syslog is not being used
end
# Configure SELinux if it is enabled
extend Chef::Util::Selinux
if selinux_enabled?
selinux_install 'install'
selinux_fcontext "#{current['configdir']}(/.*)?" do
secontext 'redis_conf_t'
end
selinux_fcontext "#{current['datadir']}(/.*)?" do
secontext 'redis_var_lib_t'
end
selinux_fcontext "#{piddir}(/.*)?" do
secontext 'redis_var_run_t'
end
if log_directory
directory log_directory do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
selinux_fcontext "#{log_directory}(/.*)?" do
secontext 'redis_log_t'
end
end
# Configure SELinux if it is enabled
extend Chef::Util::Selinux
if selinux_enabled?
selinux_policy_install 'install'
selinux_policy_fcontext "#{current['configdir']}(/.*)?" do
secontext 'redis_conf_t'
end
selinux_policy_fcontext "#{current['datadir']}(/.*)?" do
secontext 'redis_var_lib_t'
end
selinux_policy_fcontext "#{piddir}(/.*)?" do
secontext 'redis_var_run_t'
end
if log_directory
selinux_policy_fcontext "#{log_directory}(/.*)?" do
secontext 'redis_log_t'
end
end
end
# Create the log file if syslog is not being used
if log_file
file current['logfile'] do
owner current['user']
group current['group']
mode '0644'
backup false
action :touch
# in version 2.8 or higher the empty string is used instead of stdout
only_if { !log_file.empty? && log_file != 'stdout' }
end
end
# Set proper permissions on the AOF or RDB files
file aof_file do
end
# Create the log file if syslog is not being used
if log_file
file current['logfile'] do
owner current['user']
group current['group']
mode '0644'
only_if { current['backuptype'] == 'aof' || current['backuptype'] == 'both' }
only_if { ::File.exist?(aof_file) }
end
file rdb_file do
owner current['user']
group current['group']
mode '0644'
only_if { current['backuptype'] == 'rdb' || current['backuptype'] == 'both' }
only_if { ::File.exist?(rdb_file) }
end
# Setup the redis users descriptor limits
# Pending response on https://github.com/brianbianco/redisio/commit/4ee9aad3b53029cc3b6c6cf741f5126755e712cd#diff-8ae42a59a6f4e8dc5b4e6dd2d6a34eab
# TODO: ulimit cookbook v0.1.2 doesn't work with freeBSD
if current['ulimit'] && !platform_family?('freebsd')
user_ulimit current['user'] do
filehandle_limit descriptors
end
end
computed_save = current['save']
if current['save'] && current['save'].respond_to?(:each_line)
computed_save = current['save'].each_line
Chef::Log.warn("#{server_name}: given a save argument as a string, instead of an array.")
Chef::Log.warn("#{server_name}: This will be deprecated in future versions of the redisio cookbook.")
end
# Load password for use with requirepass from data bag if needed
if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
current['requirepass'] = bag[current['data_bag_key']]
current['masterauth'] = bag[current['data_bag_key']]
end
# Lay down the configuration files for the current instance
template "#{current['configdir']}/#{server_name}.conf" do
source node['redisio']['redis_config']['template_source']
cookbook node['redisio']['redis_config']['template_cookbook']
owner current['user']
group current['group']
mode current['permissions']
backup false
action :create
# in version 2.8 or higher the empty string is used instead of stdout
only_if { !log_file.empty? && log_file != 'stdout' }
end
end
# Set proper permissions on the AOF or RDB files
file aof_file do
owner current['user']
group current['group']
mode '0644'
only_if { current['backuptype'] == 'aof' || current['backuptype'] == 'both' }
only_if { ::File.exist?(aof_file) }
end
file rdb_file do
owner current['user']
group current['group']
mode '0644'
only_if { current['backuptype'] == 'rdb' || current['backuptype'] == 'both' }
only_if { ::File.exist?(rdb_file) }
end
# Setup the redis users descriptor limits
# Pending response on https://github.com/brianbianco/redisio/commit/4ee9aad3b53029cc3b6c6cf741f5126755e712cd#diff-8ae42a59a6f4e8dc5b4e6dd2d6a34eab
# TODO: ulimit cookbook v0.1.2 doesn't work with freeBSD
if current['ulimit'] && !platform_family?('freebsd')
user_ulimit current['user'] do
filehandle_limit descriptors
end
end
computed_save = current['save']
if current['save'] && current['save'].respond_to?(:each_line)
computed_save = current['save'].each_line
Chef::Log.warn("#{server_name}: given a save argument as a string, instead of an array.")
Chef::Log.warn("#{server_name}: This will be deprecated in future versions of the redisio cookbook.")
end
# Load password for use with requirepass from data bag if needed
if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
current['requirepass'] = bag[current['data_bag_key']]
current['masterauth'] = bag[current['data_bag_key']]
end
# Lay down the configuration files for the current instance
template "#{current['configdir']}/#{server_name}.conf" do
source node['redisio']['redis_config']['template_source']
cookbook node['redisio']['redis_config']['template_cookbook']
owner current['user']
group current['group']
mode current['permissions']
action :create
variables(
version: version_hash,
piddir: piddir,
name: server_name,
job_control: node['redisio']['job_control'],
port: current['port'],
tcpbacklog: current['tcpbacklog'],
address: current['address'],
databases: current['databases'],
backuptype: current['backuptype'],
datadir: current['datadir'],
unixsocket: current['unixsocket'],
unixsocketperm: current['unixsocketperm'],
timeout: current['timeout'],
keepalive: current['keepalive'],
loglevel: current['loglevel'],
logfile: current['logfile'],
syslogenabled: current['syslogenabled'],
syslogfacility: current['syslogfacility'],
save: computed_save,
stopwritesonbgsaveerror: current['stopwritesonbgsaveerror'],
rdbcompression: current['rdbcompression'],
rdbchecksum: current['rdbchecksum'],
dbfilename: current['dbfilename'],
slaveof: current['slaveof'],
protected_mode: current['protected_mode'],
masterauth: current['masterauth'],
slaveservestaledata: current['slaveservestaledata'],
slavereadonly: current['slavereadonly'],
replpingslaveperiod: current['replpingslaveperiod'],
repltimeout: current['repltimeout'],
repldisabletcpnodelay: current['repldisabletcpnodelay'],
replbacklogsize: current['replbacklogsize'],
replbacklogttl: current['replbacklogttl'],
slavepriority: current['slavepriority'],
requirepass: current['requirepass'],
rename_commands: current['rename_commands'],
maxclients: current['maxclients'],
maxmemory: maxmemory,
maxmemorypolicy: current['maxmemorypolicy'],
maxmemorysamples: current['maxmemorysamples'],
appendfilename: current['appendfilename'],
appendfsync: current['appendfsync'],
noappendfsynconrewrite: current['noappendfsynconrewrite'],
aofrewritepercentage: current['aofrewritepercentage'],
aofrewriteminsize: current['aofrewriteminsize'],
aofloadtruncated: current['aofloadtruncated'],
luatimelimit: current['luatimelimit'],
slowloglogslowerthan: current['slowloglogslowerthan'],
slowlogmaxlen: current['slowlogmaxlen'],
notifykeyspaceevents: current['notifykeyspaceevents'],
hashmaxziplistentries: current['hashmaxziplistentries'],
hashmaxziplistvalue: current['hashmaxziplistvalue'],
listmaxziplistentries: current['listmaxziplistentries'],
listmaxziplistvalue: current['listmaxziplistvalue'],
setmaxintsetentries: current['setmaxintsetentries'],
zsetmaxziplistentries: current['zsetmaxziplistentries'],
zsetmaxziplistvalue: current['zsetmaxziplistvalue'],
hllsparsemaxbytes: current['hllsparsemaxbytes'],
activerehasing: current['activerehasing'],
clientoutputbufferlimit: current['clientoutputbufferlimit'],
hz: current['hz'],
aofrewriteincrementalfsync: current['aofrewriteincrementalfsync'],
clusterenabled: current['clusterenabled'],
clusterconfigfile: current['clusterconfigfile'],
clusternodetimeout: current['clusternodetimeout'],
includes: current['includes'],
minslavestowrite: current['minslavestowrite'],
minslavesmaxlag: current['minslavesmaxlag'],
repldisklesssync: current['repldisklesssync'],
repldisklesssyncdelay: current['repldisklesssyncdelay']
)
not_if { ::File.exist?("#{current['configdir']}/#{server_name}.conf.breadcrumb") }
end
file "#{current['configdir']}/#{server_name}.conf.breadcrumb" do
content 'This file prevents the chef cookbook from overwritting the redis config more than once'
action :create_if_missing
only_if { current['breadcrumb'] == true }
end
# Setup init.d file
bin_path = if node['redisio']['install_dir']
::File.join(node['redisio']['install_dir'], 'bin')
else
node['redisio']['bin_path']
end
case node['redisio']['job_control']
when 'initd'
template "/etc/init.d/redis#{server_name}" do
source 'redis.init.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0755'
variables(
version: version_hash,
piddir: piddir,
name: server_name,
job_control: node['redisio']['job_control'],
port: current['port'],
tcpbacklog: current['tcpbacklog'],
address: current['address'],
databases: current['databases'],
backuptype: current['backuptype'],
datadir: current['datadir'],
unixsocket: current['unixsocket'],
unixsocketperm: current['unixsocketperm'],
timeout: current['timeout'],
keepalive: current['keepalive'],
loglevel: current['loglevel'],
logfile: current['logfile'],
syslogenabled: current['syslogenabled'],
syslogfacility: current['syslogfacility'],
save: computed_save,
stopwritesonbgsaveerror: current['stopwritesonbgsaveerror'],
rdbcompression: current['rdbcompression'],
rdbchecksum: current['rdbchecksum'],
dbfilename: current['dbfilename'],
slaveof: current['slaveof'],
protected_mode: current['protected_mode'],
masterauth: current['masterauth'],
slaveservestaledata: current['slaveservestaledata'],
slavereadonly: current['slavereadonly'],
replpingslaveperiod: current['replpingslaveperiod'],
repltimeout: current['repltimeout'],
repldisabletcpnodelay: current['repldisabletcpnodelay'],
replbacklogsize: current['replbacklogsize'],
replbacklogttl: current['replbacklogttl'],
slavepriority: current['slavepriority'],
requirepass: current['requirepass'],
rename_commands: current['rename_commands'],
maxclients: current['maxclients'],
maxmemory: maxmemory,
maxmemorypolicy: current['maxmemorypolicy'],
maxmemorysamples: current['maxmemorysamples'],
appendfilename: current['appendfilename'],
appendfsync: current['appendfsync'],
noappendfsynconrewrite: current['noappendfsynconrewrite'],
aofrewritepercentage: current['aofrewritepercentage'],
aofrewriteminsize: current['aofrewriteminsize'],
aofloadtruncated: current['aofloadtruncated'],
luatimelimit: current['luatimelimit'],
slowloglogslowerthan: current['slowloglogslowerthan'],
slowlogmaxlen: current['slowlogmaxlen'],
notifykeyspaceevents: current['notifykeyspaceevents'],
hashmaxziplistentries: current['hashmaxziplistentries'],
hashmaxziplistvalue: current['hashmaxziplistvalue'],
listmaxziplistentries: current['listmaxziplistentries'],
listmaxziplistvalue: current['listmaxziplistvalue'],
setmaxintsetentries: current['setmaxintsetentries'],
zsetmaxziplistentries: current['zsetmaxziplistentries'],
zsetmaxziplistvalue: current['zsetmaxziplistvalue'],
hllsparsemaxbytes: current['hllsparsemaxbytes'],
activerehasing: current['activerehasing'],
clientoutputbufferlimit: current['clientoutputbufferlimit'],
hz: current['hz'],
aofrewriteincrementalfsync: current['aofrewriteincrementalfsync'],
clusterenabled: current['clusterenabled'],
clusterconfigfile: current['clusterconfigfile'],
clusternodetimeout: current['clusternodetimeout'],
includes: current['includes'],
minslavestowrite: current['minslavestowrite'],
minslavesmaxlag: current['minslavesmaxlag'],
repldisklesssync: current['repldisklesssync'],
repldisklesssyncdelay: current['repldisklesssyncdelay']
name: server_name,
bin_path: bin_path,
port: current['port'],
address: current['address'],
user: current['user'],
configdir: current['configdir'],
piddir: piddir,
requirepass: current['requirepass'],
shutdown_save: current['shutdown_save'],
platform: node['platform'],
unixsocket: current['unixsocket'],
ulimit: descriptors,
required_start: node['redisio']['init.d']['required_start'].join(' '),
required_stop: node['redisio']['init.d']['required_stop'].join(' ')
)
not_if { ::File.exist?("#{current['configdir']}/#{server_name}.conf.breadcrumb") }
end
when 'upstart'
template "/etc/init/redis#{server_name}.conf" do
source 'redis.upstart.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
variables(
name: server_name,
bin_path: bin_path,
port: current['port'],
user: current['user'],
group: current['group'],
configdir: current['configdir'],
piddir: piddir
)
end
when 'rcinit'
template "/usr/local/etc/rc.d/redis#{server_name}" do
source 'redis.rcinit.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0755'
variables(
name: server_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir
)
end
when 'systemd'
service_name = "redis@#{server_name}"
reload_name = "#{service_name} systemd reload"
file "/etc/tmpfiles.d/#{service_name}.conf" do
content "d #{piddir} 0755 #{current['user']} #{current['group']}\n"
owner 'root'
group 'root'
mode '0644'
end
file "#{current['configdir']}/#{server_name}.conf.breadcrumb" do
content 'This file prevents the chef cookbook from overwritting the redis config more than once'
action :create_if_missing
only_if { current['breadcrumb'] == true }
execute reload_name do
command 'systemctl daemon-reload'
action :nothing
end
# Setup init.d file
bin_path = if node['redisio']['install_dir']
::File.join(node['redisio']['install_dir'], 'bin')
else
node['redisio']['bin_path']
end
case node['redisio']['job_control']
when 'initd'
template "/etc/init.d/redis#{server_name}" do
source 'redis.init.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0755'
variables(
name: server_name,
bin_path: bin_path,
port: current['port'],
address: current['address'],
user: current['user'],
configdir: current['configdir'],
piddir: piddir,
requirepass: current['requirepass'],
shutdown_save: current['shutdown_save'],
platform: node['platform'],
unixsocket: current['unixsocket'],
ulimit: descriptors,
required_start: node['redisio']['init.d']['required_start'].join(' '),
required_stop: node['redisio']['init.d']['required_stop'].join(' ')
)
end
when 'upstart'
template "/etc/init/redis#{server_name}.conf" do
source 'redis.upstart.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
variables(
name: server_name,
bin_path: bin_path,
port: current['port'],
user: current['user'],
group: current['group'],
configdir: current['configdir'],
piddir: piddir
)
end
when 'rcinit'
template "/usr/local/etc/rc.d/redis#{server_name}" do
source 'redis.rcinit.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0755'
variables(
name: server_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir
)
end
when 'systemd'
service_name = "redis@#{server_name}"
reload_name = "#{service_name} systemd reload"
file "/etc/tmpfiles.d/#{service_name}.conf" do
content "d #{piddir} 0755 #{current['user']} #{current['group']}\n"
owner 'root'
group 'root'
mode '0644'
end
execute reload_name do
command 'systemctl daemon-reload'
action :nothing
end
template "/lib/systemd/system/#{service_name}.service" do
source 'redis@.service.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0644'
variables(
bin_path: bin_path,
user: current['user'],
group: current['group'],
limit_nofile: descriptors
)
notifies :run, "execute[#{reload_name}]", :immediately
end
template "/lib/systemd/system/#{service_name}.service" do
source 'redis@.service.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0644'
variables(
bin_path: bin_path,
user: current['user'],
group: current['group'],
limit_nofile: descriptors
)
notifies :run, "execute[#{reload_name}]", :immediately
end
end
end
# servers each loop
end
def load_current_resource
@current_resource = Chef::Resource.resource_for_node(:redisio_configure, node).new(new_resource.name)
@current_resource
end

360
cookbooks/redisio/providers/sentinel.rb
View File

@@ -1,9 +1,4 @@
action :run do
configure
new_resource.updated_by_last_action(true)
end
def configure
base_piddir = new_resource.base_piddir
current_version = if new_resource.version.nil?
@@ -23,200 +18,199 @@ def configure
# Merge the configuration defaults with the provided array of configurations provided
current = current_defaults_hash.merge(current_instance_hash)
recipe_eval do
sentinel_name = current['name'] || current['port']
sentinel_name = "sentinel_#{sentinel_name}"
piddir = "#{base_piddir}/#{sentinel_name}"
sentinel_name = current['name'] || current['port']
sentinel_name = "sentinel_#{sentinel_name}"
piddir = "#{base_piddir}/#{sentinel_name}"
# Create the owner of the redis data directory
user current['user'] do
comment 'Redis service account'
manage_home true
home current['homedir']
shell current['shell']
system current['systemuser']
uid current['uid'] unless current['uid'].nil?
end
# Create the owner of the redis data directory
user current['user'] do
comment 'Redis service account'
manage_home true
home current['homedir']
shell current['shell']
system current['systemuser']
uid current['uid'] unless current['uid'].nil?
end
# Create the redis configuration directory
directory current['configdir'] do
owner 'root'
group platform_family?('freebsd') ? 'wheel' : 'root'
mode '0755'
recursive true
action :create
end
# Create the pid file directory
directory piddir do
# Create the redis configuration directory
directory current['configdir'] do
owner 'root'
group platform_family?('freebsd') ? 'wheel' : 'redis'
mode '0775'
recursive true
action :create
end
# Create the pid file directory
directory piddir do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
end
unless current['logfile'].nil?
# Create the log directory if syslog is not being used
directory ::File.dirname(current['logfile']) do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
only_if { current['syslogenabled'] != 'yes' && current['logfile'] && current['logfile'] != 'stdout' }
end
unless current['logfile'].nil?
# Create the log directory if syslog is not being used
directory ::File.dirname(current['logfile']) do
owner current['user']
group current['group']
mode '0755'
recursive true
action :create
only_if { current['syslogenabled'] != 'yes' && current['logfile'] && current['logfile'] != 'stdout' }
end
# Create the log file is syslog is not being used
file current['logfile'] do
owner current['user']
group current['group']
mode '0644'
backup false
action :touch
only_if { current['logfile'] && current['logfile'] != 'stdout' }
end
end
# <%=@name%> <%=@masterip%> <%=@masterport%> <%= @quorum_count %>
# <%= "sentinel auth-pass #{@name} #{@authpass}" unless @authpass.nil? %>
# sentinel down-after-milliseconds <%=@name%> <%=@downaftermil%>
# sentinel parallel-syncs <%=@name%> <%=@parallelsyncs%>
# sentinel failover-timeout <%=@name%> <%=@failovertimeout%>
# convert from old format (preserve compat)
if !current['masters'] && current['master_ip']
Chef::Log.warn('You are using a deprecated sentinel format. This will be removed in future versions.')
# use old key names if newer key names aren't present (e.g. 'foo' || :foo)
masters = [
{
master_name: current['master_name'] || current[:mastername],
master_ip: current['master_ip'] || current[:masterip],
master_port: current['master_port'] || current[:masterport],
quorum_count: current['quorum_count'] || current[:quorum_count],
auth_pass: current['auth-pass'] || current[:authpass],
down_after_milliseconds: current['down-after-milliseconds'] || current[:downaftermil],
parallel_syncs: current['parallel-syncs'] || current[:parallelsyncs],
failover_timeout: current['failover-timeout'] || current[:failovertimeout],
},
]
else
masters = [current['masters']].flatten
end
# Load password for use with requirepass from data bag if needed
if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
masters.each do |master|
master['auth_pass'] = bag[current['data_bag_key']]
end
end
# merge in default values to each sentinel hash
masters_with_defaults = []
masters.each do |current_sentinel_master|
default_sentinel_master = new_resource.sentinel_defaults.to_hash
sentinel_master = default_sentinel_master.merge(current_sentinel_master || {})
masters_with_defaults << sentinel_master
end
# Don't render a template if we're missing these from any sentinel,
# as these are the minimal settings required to be passed in
masters_with_defaults.each do |sentinel_instance|
%w(master_ip master_port quorum_count).each do |param|
raise "Missing required sentinel parameter #{param} for #{sentinel_instance}" unless sentinel_instance[param]
end
end
# Lay down the configuration files for the current instance
template "#{current['configdir']}/#{sentinel_name}.conf" do
source 'sentinel.conf.erb'
cookbook 'redisio'
# Create the log file is syslog is not being used
file current['logfile'] do
owner current['user']
group current['group']
mode '0644'
action :create
variables(
name: current['name'],
piddir: piddir,
version: version_hash,
job_control: node['redisio']['job_control'],
sentinel_bind: current['sentinel_bind'],
sentinel_port: current['sentinel_port'],
loglevel: current['loglevel'],
logfile: current['logfile'],
syslogenabled: current['syslogenabled'],
syslogfacility: current['syslogfacility'],
masters: masters_with_defaults,
announce_ip: current['announce-ip'],
announce_port: current['announce-port'],
notification_script: current['notification-script'],
client_reconfig_script: current['client-reconfig-script']
)
not_if { ::File.exist?("#{current['configdir']}/#{sentinel_name}.conf.breadcrumb") }
backup false
action :touch
only_if { current['logfile'] && current['logfile'] != 'stdout' }
end
end
file "#{current['configdir']}/#{sentinel_name}.conf.breadcrumb" do
content 'This file prevents the chef cookbook from overwritting the sentinel config more than once'
action :create_if_missing
end
# <%=@name%> <%=@masterip%> <%=@masterport%> <%= @quorum_count %>
# <%= "sentinel auth-pass #{@name} #{@authpass}" unless @authpass.nil? %>
# sentinel down-after-milliseconds <%=@name%> <%=@downaftermil%>
# sentinel parallel-syncs <%=@name%> <%=@parallelsyncs%>
# sentinel failover-timeout <%=@name%> <%=@failovertimeout%>
# Setup init.d file
bin_path = if node['redisio']['install_dir']
::File.join(node['redisio']['install_dir'], 'bin')
else
node['redisio']['bin_path']
end
template "/etc/init.d/redis_#{sentinel_name}" do
source 'sentinel.init.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0755'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir,
platform: node['platform']
)
only_if { node['redisio']['job_control'] == 'initd' }
end
# convert from old format (preserve compat)
if !current['masters'] && current['master_ip']
Chef::Log.warn('You are using a deprecated sentinel format. This will be removed in future versions.')
template "/etc/init/redis_#{sentinel_name}.conf" do
source 'sentinel.upstart.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
group: current['group'],
configdir: current['configdir'],
piddir: piddir
)
only_if { node['redisio']['job_control'] == 'upstart' }
# use old key names if newer key names aren't present (e.g. 'foo' || :foo)
masters = [
{
master_name: current['master_name'] || current[:mastername],
master_ip: current['master_ip'] || current[:masterip],
master_port: current['master_port'] || current[:masterport],
quorum_count: current['quorum_count'] || current[:quorum_count],
auth_pass: current['auth-pass'] || current[:authpass],
down_after_milliseconds: current['down-after-milliseconds'] || current[:downaftermil],
parallel_syncs: current['parallel-syncs'] || current[:parallelsyncs],
failover_timeout: current['failover-timeout'] || current[:failovertimeout],
},
]
else
masters = [current['masters']].flatten
end
# Load password for use with requirepass from data bag if needed
if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
masters.each do |master|
master['auth_pass'] = bag[current['data_bag_key']]
end
# TODO: fix for freebsd
template "/usr/local/etc/rc.d/redis_#{sentinel_name}" do
source 'sentinel.rcinit.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0755'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir
)
only_if { node['redisio']['job_control'] == 'rcinit' }
end
# merge in default values to each sentinel hash
masters_with_defaults = []
masters.each do |current_sentinel_master|
default_sentinel_master = new_resource.sentinel_defaults.to_hash
sentinel_master = default_sentinel_master.merge(current_sentinel_master || {})
masters_with_defaults << sentinel_master
end
# Don't render a template if we're missing these from any sentinel,
# as these are the minimal settings required to be passed in
masters_with_defaults.each do |sentinel_instance|
%w(master_ip master_port quorum_count).each do |param|
raise "Missing required sentinel parameter #{param} for #{sentinel_instance}" unless sentinel_instance[param]
end
end
# Lay down the configuration files for the current instance
template "#{current['configdir']}/#{sentinel_name}.conf" do
source 'sentinel.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
action :create
variables(
name: current['name'],
piddir: piddir,
version: version_hash,
job_control: node['redisio']['job_control'],
sentinel_bind: current['sentinel_bind'],
sentinel_port: current['sentinel_port'],
loglevel: current['loglevel'],
logfile: current['logfile'],
syslogenabled: current['syslogenabled'],
syslogfacility: current['syslogfacility'],
masters: masters_with_defaults,
announce_ip: current['announce-ip'],
announce_port: current['announce-port'],
notification_script: current['notification-script'],
client_reconfig_script: current['client-reconfig-script'],
protected_mode: current['protected_mode']
)
not_if { ::File.exist?("#{current['configdir']}/#{sentinel_name}.conf.breadcrumb") }
end
file "#{current['configdir']}/#{sentinel_name}.conf.breadcrumb" do
content 'This file prevents the chef cookbook from overwritting the sentinel config more than once'
action :create_if_missing
end
# Setup init.d file
bin_path = if node['redisio']['install_dir']
::File.join(node['redisio']['install_dir'], 'bin')
else
node['redisio']['bin_path']
end
template "/etc/init.d/redis_#{sentinel_name}" do
source 'sentinel.init.erb'
cookbook 'redisio'
owner 'root'
group 'root'
mode '0755'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir,
platform: node['platform']
)
only_if { node['redisio']['job_control'] == 'initd' }
end
template "/etc/init/redis_#{sentinel_name}.conf" do
source 'sentinel.upstart.conf.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0644'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
group: current['group'],
configdir: current['configdir'],
piddir: piddir
)
only_if { node['redisio']['job_control'] == 'upstart' }
end
# TODO: fix for freebsd
template "/usr/local/etc/rc.d/redis_#{sentinel_name}" do
source 'sentinel.rcinit.erb'
cookbook 'redisio'
owner current['user']
group current['group']
mode '0755'
variables(
name: sentinel_name,
bin_path: bin_path,
user: current['user'],
configdir: current['configdir'],
piddir: piddir
)
only_if { node['redisio']['job_control'] == 'rcinit' }
end
end
# servers each loop
end
@@ -247,9 +241,3 @@ def version
end
nil
end
def load_current_resource
@current_resource = Chef::Resource.resource_for_node(:redisio_sentinel, node).new(new_resource.name)
@current_resource.version(version)
@current_resource
end

6
cookbooks/redisio/recipes/_install_prereqs.rb
View File

@@ -1,9 +1,9 @@
packages_to_install = case node['platform']
when 'debian', 'ubuntu'
packages_to_install = case node['platform_family']
when 'debian'
%w(
tar
)
when 'redhat', 'centos', 'fedora', 'scientific', 'suse', 'amazon'
when 'rhel', 'fedora'
%w(
tar
)

2
cookbooks/redisio/recipes/configure.rb
View File

@@ -1,5 +1,5 @@
include_recipe 'redisio::default'
include_recipe 'ulimit::default'
include_recipe 'redisio::ulimit'
redis = node['redisio']

12
cookbooks/redisio/recipes/default.rb
View File

@@ -1,14 +1,4 @@
# debian 6.0.x fails the build_essential recipe without an apt-get update prior to run
if platform?('debian', 'ubuntu')
execute 'apt-get-update-periodic' do
command 'apt-get update'
ignore_failure true
only_if do
!File.exist?('/var/lib/apt/periodic/update-success-stamp') ||
File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - 86400
end
end
end
apt_update
unless node['redisio']['package_install']
include_recipe 'redisio::_install_prereqs'

6
cookbooks/redisio/recipes/disable_os_default.rb
View File

@@ -1,8 +1,8 @@
# disable the default OS redis init script
service_name = case node['platform']
when 'debian', 'ubuntu'
service_name = case node['platform_family']
when 'debian'
'redis-server'
when 'redhat', 'centos', 'fedora', 'scientific', 'suse', 'amazon'
when 'rhel', 'fedora'
'redis'
end

2
cookbooks/redisio/recipes/install.rb
View File

@@ -19,4 +19,4 @@ else
end
end
include_recipe 'ulimit::default'
include_recipe 'redisio::ulimit'

2
cookbooks/redisio/recipes/sentinel.rb
View File

@@ -1,6 +1,6 @@
include_recipe 'redisio::_install_prereqs'
include_recipe 'redisio::install'
include_recipe 'ulimit::default'
include_recipe 'redisio::ulimit'
redis = node['redisio']

25
cookbooks/redisio/recipes/ulimit.rb Normal file
View File

@@ -0,0 +1,25 @@
# Pulled from the now replaced ulimit cookbook
# TODO: find a more tidy way to do this
ulimit = node['ulimit']
if platform_family?('debian')
template '/etc/pam.d/su' do
cookbook ulimit['pam_su_template_cookbook']
end
cookbook_file '/etc/pam.d/sudo' do
cookbook node['ulimit']['ulimit_overriding_sudo_file_cookbook']
source node['ulimit']['ulimit_overriding_sudo_file_name']
mode '0644'
end
end
if ulimit.key?('users')
ulimit['users'].each do |user, attributes|
user_ulimit user do
attributes.each do |a, v|
send(a.to_sym, v)
end
end
end
end

17
cookbooks/redisio/renovate.json Normal file
View File

@@ -0,0 +1,17 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"packageRules": [{
"groupName": "Actions",
"matchUpdateTypes": ["patch", "pin", "digest"],
"automerge": true,
"addLabels": ["Release: Patch", "Skip: Announcements"]
},
{
"groupName": "Actions",
"matchUpdateTypes": ["major"],
"automerge": false,
"addLabels": ["Release: Patch", "Skip: Announcements"]
}
]
}

2
cookbooks/redisio/resources/configure.rb
View File

@@ -1,5 +1,5 @@
actions :run
unified_mode true
default_action :run
# Configuration attributes

2
cookbooks/redisio/resources/install.rb
View File

@@ -1,5 +1,5 @@
actions :run
unified_mode true
default_action :run
# Installation attributes

2
cookbooks/redisio/resources/sentinel.rb
View File

@@ -1,5 +1,5 @@
actions :run
unified_mode true
default_action :run
# Configuration attributes

9
cookbooks/redisio/templates/default/domain.erb Normal file
View File

@@ -0,0 +1,9 @@
<%
node.run_state[:ulimit][@domain].each do |item, entries|
entries.each do |type, value|
-%>
<%= @domain %> <%= type %> <%= item %> <%= value %>
<%
end
end
-%>

10
cookbooks/redisio/templates/default/redis.conf.erb
View File

@@ -26,7 +26,7 @@ pidfile <%= @piddir %>/redis_<%=@name%>.pid
# If port 0 is specified Redis will not listen on a TCP socket.
port <%=@port%>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 5 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 5 || @version[:major].to_i >= 3 %>
# TCP listen() backlog.
#
# In high requests-per-second environments you need an high backlog in order
@@ -185,7 +185,7 @@ stop-writes-on-bgsave-error <%= @stopwritesonbgsaveerror %>
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression <%= @rdbcompression %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %>
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
@@ -320,7 +320,7 @@ repl-diskless-sync <%=@repldisklesssync%>
repl-diskless-sync-delay <%=@repldisklesssyncdelay%>
<% end %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %>
# You can configure a slave instance to accept writes or not. Writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
@@ -353,7 +353,7 @@ repl-ping-slave-period <%=@replpingslaveperiod%>
#
repl-timeout <%=@repltimeout%>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 6 || @version[:major].to_i >= 3 %>
# Disable TCP_NODELAY on the slave socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
@@ -906,7 +906,7 @@ set-max-intset-entries <%= @setmaxintsetentries %>
zset-max-ziplist-entries <%= @zsetmaxziplistentries %>
zset-max-ziplist-value <%= @zsetmaxziplistvalue %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 9 || @version[:major].to_i == 3 %>
<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 && @version[:patch].to_i >= 9 || @version[:major].to_i >= 3 %>
# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.

3
cookbooks/redisio/templates/default/redis@.service.erb
View File

@@ -1,6 +1,7 @@
[Unit]
Description=Redis (%i) persistent key-value database
After=network.target
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=<%= @bin_path %>/redis-server /etc/redis/%i.conf --daemonize no

6
cookbooks/redisio/templates/default/sentinel.conf.erb
View File

@@ -11,10 +11,14 @@ syslog-ident redis-<%= @name %>
syslog-facility <%= @syslogfacility %>
<%= "logfile #{@logfile}" unless @logfile.nil? %>
# bind sentinel IP
<% if @sentinel_bind %>
bind <%=@sentinel_bind%>
<% end %>
<% if @protected_mode %>
<%= "protected-mode #{@protected_mode}" %>
<% end %>
# port <sentinel-port>
# The port that this sentinel instance will run on
port <%=@sentinel_port%>

62
cookbooks/redisio/templates/default/su.erb Normal file
View File

@@ -0,0 +1,62 @@
#
# The PAM configuration file for the Shadow `su' service
#
# This file modified by Chef to enable ulimit switching with `su`
#
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth required pam_wheel.so
# Uncomment this if you want wheel members to be able to
# su without a password.
# auth sufficient pam_wheel.so trust
# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth required pam_wheel.so deny group=nosu
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
#
# "nopen" stands to avoid reporting new mail when su'ing to another user
session optional pam_mail.so nopen
# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session

32
cookbooks/redisio/templates/default/ulimit.erb Normal file
View File

@@ -0,0 +1,32 @@
# Limits settings for <%= @ulimit_user %>
<% unless @filehandle_limit.nil? -%>
<%= @ulimit_user -%> - nofile <%= @filehandle_limit %>
<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%>
<% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%>
<% end -%>
<% unless @process_limit.nil? -%>
<%= @ulimit_user -%> - nproc <%= @process_limit %>
<% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%>
<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%>
<% end -%>
<% unless @memory_limit.nil? -%>
<%= @ulimit_user -%> - memlock <%= @memory_limit %>
<% end -%>
<% unless @core_limit.nil? -%>
<%= @ulimit_user -%> - core <%= @core_limit %>
<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%>
<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%>
<% end -%>
<% unless @stack_limit.nil? -%>
<%= @ulimit_user -%> - stack <%= @stack_limit %>
<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%>
<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%>
<% end -%>
<% unless @rtprio_limit.nil? -%>
<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %>
<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%>
<% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%>
<% end -%>
<% unless @virt_limit.nil? -%>
<%= @ulimit_user -%> - as <%= @virt_limit %>
<% end -%>