├── .editorconfig
├── .envrc
├── .gitattributes
├── .github
├── CODEOWNERS
├── lock.yml
└── workflows
│ ├── ci.yml
│ └── stale.yml
├── .gitignore
├── .markdownlint-cli2.yaml
├── .mdlrc
├── .overcommit.yml
├── .vscode
└── extensions.json
├── .yamllint
├── Berksfile
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── Dangerfile
├── LICENSE
├── README.md
├── TESTING.md
├── attributes
├── default.rb
├── redis_gem.rb
└── redis_sentinel.rb
├── chefignore
├── documentation
└── .gitkeep
├── files
└── sudo
├── kitchen.dokken.yml
├── kitchen.exec.yml
├── kitchen.global.yml
├── kitchen.yml
├── libraries
├── matchers.rb
└── redisio.rb
├── metadata.rb
├── providers
├── configure.rb
├── install.rb
└── sentinel.rb
├── recipes
├── _install_prereqs.rb
├── configure.rb
├── default.rb
├── disable.rb
├── disable_os_default.rb
├── enable.rb
├── install.rb
├── redis_gem.rb
├── sentinel.rb
├── sentinel_enable.rb
└── ulimit.rb
├── renovate.json
├── resources
├── configure.rb
├── install.rb
└── sentinel.rb
├── spec
└── .gitkeep
├── templates
└── default
│ ├── domain.erb
│ ├── redis-sentinel@.service
│ ├── redis.conf.erb
│ ├── redis.init.erb
│ ├── redis.rcinit.erb
│ ├── redis.upstart.conf.erb
│ ├── redis@.service.erb
│ ├── sentinel.conf.erb
│ ├── sentinel.init.erb
│ ├── sentinel.rcinit.erb
│ ├── sentinel.upstart.conf.erb
│ ├── su.erb
│ └── ulimit.erb
└── test
├── integration
├── default
│ └── serverspec
│ │ └── redisio_spec.rb
├── helpers
│ └── serverspec
│ │ ├── redisio_examples.rb
│ │ ├── sentinel_examples.rb
│ │ └── spec_helper.rb
├── multisentinel
│ └── serverspec
│ │ └── multiple_sentinels_spec.rb
└── sentinel
│ └── serverspec
│ └── sentinel_spec.rb
└── unit
└── spec
├── sentinel_spec.rb
└── spec_helper.rb
/.editorconfig:
--------------------------------------------------------------------------------
1 | # https://EditorConfig.org
2 |
3 | # top-most EditorConfig file
4 | root=true
5 |
6 | # Unix-style newlines with a newline ending every file
7 | [*]
8 | end_of_line = lf
9 | insert_final_newline = true
10 |
11 | # 2 space indentation
12 | indent_style = space
13 | indent_size = 2
14 |
15 | # Avoid issues parsing cookbook files later
16 | charset = utf-8
17 |
18 | # Avoid cookstyle warnings
19 | trim_trailing_whitespace = true
20 |
--------------------------------------------------------------------------------
/.envrc:
--------------------------------------------------------------------------------
1 | use chefworkstation
2 | export KITCHEN_GLOBAL_YAML=kitchen.global.yml
3 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | * text=auto eol=lf
2 |
--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | * @sous-chefs/maintainers
2 |
--------------------------------------------------------------------------------
/.github/lock.yml:
--------------------------------------------------------------------------------
1 | ---
2 | daysUntilLock: 365
3 | exemptLabels: []
4 | lockLabel: false
5 | lockComment: >
6 | This thread has been automatically locked since there has not been
7 | any recent activity after it was closed. Please open a new issue for
8 | related bugs.
9 |
--------------------------------------------------------------------------------
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
1 | ---
2 | name: ci
3 |
4 | "on":
5 | pull_request:
6 | push:
7 | branches:
8 | - main
9 |
10 | jobs:
11 | lint-unit:
12 | uses: sous-chefs/.github/.github/workflows/lint-unit.yml@3.1.1
13 | permissions:
14 | actions: write
15 | checks: write
16 | pull-requests: write
17 | statuses: write
18 | issues: write
19 |
20 | integration:
21 | needs: lint-unit
22 | runs-on: ubuntu-latest
23 | strategy:
24 | matrix:
25 | os:
26 | - almalinux-8
27 | - centos-stream-8
28 | - debian-10
29 | - debian-11
30 | - rockylinux-8
31 | - ubuntu-1804
32 | - ubuntu-2004
33 | - ubuntu-2204
34 | suite:
35 | - "default"
36 | - "sentinel"
37 | - "multisentinel"
38 | redis_version:
39 | - "6.2.14"
40 | - "7.0.15"
41 | - "7.2.4"
42 | fail-fast: false
43 |
44 | steps:
45 | - name: Check out code
46 | uses: actions/checkout@v4
47 | - name: Install Chef
48 | uses: actionshub/chef-install@3.0.1
49 | - name: Dokken
50 | uses: actionshub/test-kitchen@3.0.0
51 | env:
52 | CHEF_LICENSE: accept-no-persist
53 | KITCHEN_LOCAL_YAML: kitchen.dokken.yml
54 | REDIS_VERSION: ${{ matrix.redis_version }}
55 | with:
56 | suite: ${{ matrix.suite }}
57 | os: ${{ matrix.os }}
58 |
--------------------------------------------------------------------------------
/.github/workflows/stale.yml:
--------------------------------------------------------------------------------
1 | ---
2 | name: Mark stale issues and pull requests
3 |
4 | "on":
5 | schedule: [cron: "0 0 * * *"]
6 |
7 | jobs:
8 | stale:
9 | runs-on: ubuntu-latest
10 | steps:
11 | - uses: actions/stale@v9
12 | with:
13 | repo-token: ${{ secrets.GITHUB_TOKEN }}
14 | close-issue-message: >
15 | Closing due to inactivity.
16 | If this is still an issue please reopen or open another issue.
17 | Alternatively drop by the #sous-chefs channel on the [Chef Community Slack](http://community-slack.chef.io/) and we'll be happy to help!
18 | Thanks, Sous-Chefs.
19 | days-before-close: 7
20 | days-before-stale: 365
21 | stale-issue-message: >
22 | Marking stale due to inactivity.
23 | Remove stale label or comment or this will be closed in 7 days.
24 | Alternatively drop by the #sous-chefs channel on the [Chef Community Slack](http://community-slack.chef.io/) and we'll be happy to help!
25 | Thanks, Sous-Chefs.
26 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.rbc
2 | .config
3 | InstalledFiles
4 | pkg
5 | test/tmp
6 | test/version_tmp
7 | tmp
8 | _Store
9 | *~
10 | *#
11 | .#*
12 | \#*#
13 | *.un~
14 | *.tmp
15 | *.bk
16 | *.bkup
17 |
18 | # editor files
19 | .idea
20 | .*.sw[a-z]
21 |
22 | # ruby/bundler/rspec files
23 | .ruby-version
24 | .ruby-gemset
25 | .rvmrc
26 | Gemfile.lock
27 | .bundle
28 | *.gem
29 | coverage
30 | spec/reports
31 |
32 | # YARD / rdoc artifacts
33 | .yardoc
34 | _yardoc
35 | doc/
36 | rdoc
37 |
38 | # chef infra stuff
39 | Berksfile.lock
40 | .kitchen
41 | kitchen.local.yml
42 | vendor/
43 | .coverage/
44 | .zero-knife.rb
45 | Policyfile.lock.json
46 |
47 | # vagrant stuff
48 | .vagrant/
49 | .vagrant.d/
50 |
--------------------------------------------------------------------------------
/.markdownlint-cli2.yaml:
--------------------------------------------------------------------------------
1 | config:
2 | ul-indent: false # MD007
3 | line-length: false # MD013
4 | no-duplicate-heading: false # MD024
5 | reference-links-images: false # MD052
6 | ignores:
7 | - .github/copilot-instructions.md
8 |
--------------------------------------------------------------------------------
/.mdlrc:
--------------------------------------------------------------------------------
1 | rules "~MD013", "~MD024"
2 |
--------------------------------------------------------------------------------
/.overcommit.yml:
--------------------------------------------------------------------------------
1 | ---
2 | PreCommit:
3 | TrailingWhitespace:
4 | enabled: true
5 | YamlLint:
6 | enabled: true
7 | required_executable: "yamllint"
8 | ChefSpec:
9 | enabled: true
10 | required_executable: "chef"
11 | command: ["chef", "exec", "rspec"]
12 | Cookstyle:
13 | enabled: true
14 | required_executable: "cookstyle"
15 | command: ["cookstyle"]
16 | MarkdownLint:
17 | enabled: false
18 | required_executable: "npx"
19 | command: ["npx", "markdownlint-cli2", "'**/*.md'"]
20 | include: ["**/*.md"]
21 |
22 | CommitMsg:
23 | HardTabs:
24 | enabled: true
25 |
--------------------------------------------------------------------------------
/.vscode/extensions.json:
--------------------------------------------------------------------------------
1 | {
2 | "recommendations": [
3 | "chef-software.chef",
4 | "rebornix.ruby",
5 | "editorconfig.editorconfig",
6 | "DavidAnson.vscode-markdownlint"
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/.yamllint:
--------------------------------------------------------------------------------
1 | ---
2 | extends: default
3 | rules:
4 | line-length:
5 | max: 256
6 | level: warning
7 | document-start: disable
8 | braces:
9 | forbid: false
10 | min-spaces-inside: 0
11 | max-spaces-inside: 1
12 | min-spaces-inside-empty: -1
13 | max-spaces-inside-empty: -1
14 | comments:
15 | min-spaces-from-content: 1
16 |
--------------------------------------------------------------------------------
/Berksfile:
--------------------------------------------------------------------------------
1 | source 'https://supermarket.chef.io'
2 |
3 | metadata
4 |
5 | group :integration do
6 | cookbook 'yum-epel'
7 | cookbook 'yum-remi-chef'
8 | end
9 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 |
2 | # redisio
3 |
4 | This file is used to list changes made in each version of the redisio cookbook.
5 |
6 | ## Unreleased
7 |
8 | ## 7.2.3 - *2024-11-18*
9 |
10 | Standardise files with files in sous-chefs/repo-management
11 |
12 | Standardise files with files in sous-chefs/repo-management
13 |
14 | Standardise files with files in sous-chefs/repo-management
15 |
16 | Standardise files with files in sous-chefs/repo-management
17 |
18 | Standardise files with files in sous-chefs/repo-management
19 |
20 | ## 7.2.2 - *2024-05-03*
21 |
22 | ## 7.2.1 - *2024-05-03*
23 |
24 | ## 7.2.0 - *2024-04-30*
25 |
26 | - Add option to specify `cluster-port`
27 |
28 | ## 7.1.1 - *2024-04-21*
29 |
30 | - Fix default `tls*` attribute names
31 |
32 | ## 7.1.0 - *2024-04-18*
33 |
34 | - Add an option to manage all TLS related attributes
35 |
36 | ## 7.0.1 - *2024-04-04*
37 |
38 | ## 7.0.0 - *2024-04-04*
39 |
40 | - Breaking: support only Redis v6+
41 | - Removed obsolete version checks
42 | - Removed option to configure Virtual Memory, deprecated in 2.4
43 | - Removed deprecated options `list-max-ziplist-entries`, `list-max-ziplist-value`
44 | - Renamed references from "slave" to "replica" across configuration attribute names to align with Redis terminology updates
45 | - Removed redis-package test suite, most of Linux distributions does not provide packages for Redis v6+
46 | - Set default Redis version to 6.2.14
47 | - Extend CI workflow to verify multiple Redis versions
48 | - Upgrade suidelines:
49 | - Ensure all Redis instances are upgraded to version 6.2.14 or higher.
50 | - Update configuration files to reflect the terminology change from "slave" to "replica."
51 | - Remove any references to deprecated options `list-max-ziplist-entries` and `list-max-ziplist-value`.
52 | - Test the compatibility of your Chef cookbook with Redis v6+ before deploying the upgrade.
53 |
54 | ## 6.7.1 - *2024-01-11*
55 |
56 | - Add `includes` option to sentinel configuration file.
57 |
58 | ## 6.7.0 - *2024-01-04*
59 |
60 | - Add `aclfile` option to sentinel configuration file.
61 | - Update Github Actions
62 |
63 | ## 6.6.0 - *2023-11-11*
64 |
65 | - Add `aclfile` option to redis configuration file.
66 |
67 | ## 6.5.0 - *2023-10-31*
68 |
69 | - Add `maxclients` option to sentinel configuration file.
70 |
71 | ## 6.4.4 - *2023-09-28*
72 |
73 | ## 6.4.3 - *2023-09-04*
74 |
75 | ## 6.4.2 - *2023-07-10*
76 |
77 | ## 6.4.1 - *2023-05-16*
78 |
79 | ## 6.4.0 - *2023-04-26*
80 |
81 | - Simplify `configure` and `sentinel` resources, making them idempotent
82 |
83 | ## 6.3.7 - *2023-04-25*
84 |
85 | - Standardise files with files in sous-chefs/repo-management
86 |
87 | ## 6.3.6 - *2023-04-04*
88 |
89 | - Standardise files with files in sous-chefs/repo-management
90 |
91 | ## 6.3.5 - *2023-04-01*
92 |
93 | - Update workflows
94 |
95 | ## 6.3.5 - *2023-04-01*
96 |
97 | - Standardise files with files in sous-chefs/repo-management
98 |
99 | ## 6.3.5 - *2023-04-01*
100 |
101 | - Standardise files with files in sous-chefs/repo-management
102 |
103 | ## 6.3.4 - *2023-03-15*
104 |
105 | - Standardise files with files in sous-chefs/repo-management
106 |
107 | ## 6.3.3 - *2023-02-15*
108 |
109 | - Standardise files with files in sous-chefs/repo-management
110 |
111 | ## 6.3.2 - *2023-02-14*
112 |
113 | - Standardise files with files in sous-chefs/repo-management
114 |
115 | ## 6.3.1 - *2022-12-06*
116 |
117 | - Standardise files with files in sous-chefs/repo-management
118 |
119 | ## 6.3.0 - *2022-09-10*
120 |
121 | - Version check fix for some Redis default settings to support Redis v4 and above.
122 |
123 | ## 6.2.4 - *2022-08-13*
124 |
125 | - Fix systemd entry to ensure listening on all network interfaces ([#440](https://github.com/brianbianco/redisio/pull/440))
126 |
127 | ## 6.2.3 - *2022-08-12*
128 |
129 | - Fix grammar in README.md
130 | - Use latest instead of current channel with dokken
131 |
132 | ## 6.2.2 - *2022-04-25*
133 |
134 | - Standardise files with files in sous-chefs/repo-management
135 |
136 | ## 6.2.1 - *2022-04-25*
137 |
138 | - Fixes configdir permissions. Similar to [451](https://github.com/sous-chefs/redisio/pull/451)
139 | - Deprecated `.foodcritic` configfile removed
140 |
141 | ## 6.2.0 - *2022-02-14*
142 |
143 | - Adds support for Rocky Linux
144 |
145 | ## 6.1.3 - *2022-02-04*
146 |
147 | - Remove references to selinux_policy cookbook
148 |
149 | ## 6.1.2 - *2022-02-03*
150 |
151 | - Fixes configdir permissions preventing Sentinel to update the config file
152 |
153 | ## 6.1.1 - *2022-02-03*
154 |
155 | - Remove delivery and move to calling RSpec directly via a reusable workflow
156 |
157 | ## 6.1.0 - *2021-09-15*
158 |
159 | - Add protected mode to sentinel configuration file
160 |
161 | ## 6.0.0 - *2021-09-09*
162 |
163 | - Set unified_mode true for Chef 17+ support
164 | - Require Chef 15.3+ for unified_mode
165 | - Require Chef 16 for user_ulimit resource
166 | - Remove dependency on the ulimit cookbook
167 | - Switch from using the selinux_policy cookbook to the selinux cookbook
168 | - The selinux_policy cookbook is now deprecated. The resources have been moved
169 | to the selinux cookbook
170 |
171 | ## 5.0.0 - *2021-09-08*
172 |
173 | - resolved cookstyle error: attributes/default.rb:74:40 refactor: `Chef/Modernize/UseChefLanguageSystemdHelper`
174 |
175 | ## 4.3.2 - *2021-08-30*
176 |
177 | - Standardise files with files in sous-chefs/repo-management
178 |
179 | ## 4.3.1 - *2021-06-01*
180 |
181 | - Standardise files with files in sous-chefs/repo-management
182 |
183 | ## 4.3.0 - *2021-05-19*
184 |
185 | - Fix disable recipe service naming for systemd
186 |
187 | ## 4.2.0 (2020-09-14)
188 |
189 | - New server option 'permissions' to override default (0644) unix permissions on config file
190 |
191 | ## 4.1.2 (2020-09-11)
192 |
193 | - Pull the disable_os_default recipe from the default one
194 |
195 | ## 4.1.1 (2020-08-14)
196 |
197 | - Properly perform version check when needed in redis.conf template
198 |
199 | ## 4.1.0 (2020-05-05)
200 |
201 | - Simplify platform check logic
202 | - Remove the deprecated ChefSpec coverage report
203 | - Migrate to actions for testing
204 |
205 | ## 4.0.0 (2019-09-19)
206 |
207 | - Enable testing in CircleCI
208 | - Removed build essentials cookbook dependancy
209 | - Minimum Chef is now 14
210 | - Removed tests for Debian 8
211 | - Added support for chef 15
212 | - configure recipe now sets `['redisio']['servers']` using override instead of normal in line with new chef best practices
213 |
214 | ## 3.0.0 (2018-11-27)
215 |
216 | - This cookbook is now maintained by the Sous Chefs. If you're interested in helping with maintenance or learning more check out Thank you Brian Bianco for the work you've done over the years on this cookbook. We'll be sure to take good care of it.
217 | - This cookbook now requires Chef 13 or later
218 | - Incompatibilities with the latest selinux_policy cookbook have been resolved by using Chef's built in selinux helpers
219 | - All Chefstyle warnings have been resolved
220 | - Contributing.md and CODE_OF_CONDUCT.md files have been added
221 | - The build_essential resource is now directly used so that the built in resource in Chef 14+ can be used. This increases the required build-essential cookbook to 5.0+
222 | - Duplicate dependencies in the Berksfile have been removed
223 | - The chefignore file has been updated to prevent more unnecessary files from being uploaded to the chef server
224 | - Data bags are now loaded with the data_bag_item helper instead of Chef::EncryptedDataBagItem.load directly
225 | - Testing has been updated to use Delivery Local Mode which is built into ChefDK. The legacy Rakefile, Vagrantfile, Thorfile, and Cheffile have been removed
226 | - Platforms in Test Kitchen configurations have been updated and dokken images are now used in dokken
227 |
228 | ## 2.7.2 (2018-09-30)
229 |
230 | - fixes sentinal cluster init script by providing missing LSB statements ([#374])
231 |
232 | ## 2.7.1 (2018-03-30)
233 |
234 | - fixes sentinal config where `announce-ip` was being given the value of `announce-port` improperly ([#354])
235 |
236 | ## 2.7.0 (2018-03-28)
237 |
238 | - enables diskless replication configuration for versions `~> 2.6 || ~> 3.0` [#340](https://github.com/brianbianco/redisio/pull/340)
239 | - adds chef 13 compatability [#350](https://github.com/brianbianco/redisio/pull/350)
240 |
241 | ## 2.6.1 (2017-05-10)
242 |
243 | - Restrict aof-load-truncated to redis 3+ ([#343](https://github.com/brianbianco/redisio/pull/343))
244 | - Fix Redis 2.4.x config ([#344](https://github.com/brianbianco/redisio/pull/344))
245 |
246 | ## 2.6.0 (2017-05-09)
247 |
248 | - Update 'bind' config comments ([#293](https://github.com/brianbianco/redisio/pull/293))
249 | - Add disable_os_default recipe ([#224](https://github.com/brianbianco/redisio/pull/224))
250 | - Use the config's ulimits if set and is > max_clients ([#234](https://github.com/brianbianco/redisio/pull/234))
251 | - Add Travis config ([#299](https://github.com/brianbianco/redisio/pull/299))
252 | - Fix test failures (FoodCritic and Rubocop) ([#298](https://github.com/brianbianco/redisio/pull/298))
253 | - Fix TravisCI builds ([#300](https://github.com/brianbianco/redisio/pull/300))
254 | - Add repl-backlog-size, repl-backlog-ttl, and aof-load-truncated options ([#278](https://github.com/brianbianco/redisio/pull/278))
255 | - Add sentinel_bind to bind sentinel to different IPs ([#306](https://github.com/brianbianco/redisio/pull/306))
256 | - Cleanup deprecation warnings ([#301](https://github.com/brianbianco/redisio/pull/301))
257 | - Fix version detection with epoch version numbers from deb/ubuntu ([#294](https://github.com/brianbianco/redisio/pull/294))
258 | - Restrict VM redis config to <= 2.4 ([#322](https://github.com/brianbianco/redisio/pull/322))
259 | - Rename_commands should be checked for nil before empty ([#311](https://github.com/brianbianco/redisio/pull/311))
260 | - Fixup foodcritic, rubocop, and kitchen testing ([#324](https://github.com/brianbianco/redisio/pull/324))
261 | - Note: this drops support for Chef < 11
262 | - Add min-slaves redis options ([#313](https://github.com/brianbianco/redisio/pull/313))
263 | - Allow /etc/init start after sigterm from system or user ([#310](https://github.com/brianbianco/redisio/pull/310))
264 | - Check user existence with Etc, not ohai node attributes ([#303](https://github.com/brianbianco/redisio/pull/303))
265 | - Various systemd-related improvements ([#302](https://github.com/brianbianco/redisio/pull/302))
266 | - Update serverspec testing with correct OS's for systemd ([#329](https://github.com/brianbianco/redisio/pull/329))
267 | - Add kitchen-dokken testing to Travis ([#330](https://github.com/brianbianco/redisio/pull/330))
268 | - Add fedora-25 to kitchen testing and clean up kitchen config ([#331](https://github.com/brianbianco/redisio/pull/331))
269 | - Fix systemd paths for sentinel service ([#332](https://github.com/brianbianco/redisio/pull/332))
270 | - Add redis-package and sentinel to Travis kitchen verify ([#334](https://github.com/brianbianco/redisio/pull/334))
271 | - Add breadcrumb-file creation condition as attribute ([#268](https://github.com/brianbianco/redisio/pull/268))
272 | - Fix cluster options in README ([#333](https://github.com/brianbianco/redisio/pull/333))
273 | - Fix systemd loader to use descriptors instead of max_clients+32 ([#338](https://github.com/brianbianco/redisio/pull/338))
274 | - Add SELinux support ([#305](https://github.com/brianbianco/redisio/pull/305))
275 | - Make source of redis.conf template configurable ([#341](https://github.com/brianbianco/redisio/pull/341))
276 | - Support sentinel notification-script and client-reconfig-script ([#342](https://github.com/brianbianco/redisio/pull/342))
277 |
278 | ## 2.5.0 (2016-09-15)
279 |
280 | - Ubuntu 14 added as tested platform. (#264)
281 | - FreeBSD-10.3 support added. (#279)
282 | - installation from source is not supported
283 | - setting ulimits is not supported
284 | - Encrypted databag support added. (#228)
285 | - Systemd nofile limit fixed. (#228)
286 | - Announce-ip and announce-port directives for sentinel added. (#228)
287 | - Disabling safe_install in the install recipe allowed. (#284)
288 | - Protected-mode added as optional (#275, #289)
289 | - Fixes nil exception when installing sentinel on non-debian and non-rhel platforms (#288)
290 |
291 | ## 2.4.2 (2016-04-08)
292 |
293 | - Created a 2.4.1 tag but somehow the metadata file wasn't updated. Instead
294 | of deleting a pushed tag, creating a new tag and updating metdatafile. Aside
295 | from the version number, this is an identical release to 2.4.1
296 |
297 | ## 2.4.1
298 |
299 | - Increases default clusternodetimeout value from 5 to 5000
300 | - Allows you to set version for package based install
301 | - Sets UID of redis data directory if it is present
302 | - Install resource should now only notify when an installation actually occurs
303 | - Adds config options
304 | - tcpbacklog
305 | - rdbcompression
306 | - rdbchecksum
307 | - dbfilename
308 | - slavereadyonly
309 | - repldisabletcpnodelay
310 | - slavepriority
311 | - listmaxziplistentries
312 | - listmaxziplistvalue
313 | - hllsparsemaxbytes
314 | - Add CentOS 7 support with systemd configs
315 | - Fixes bug in ulimit resource guard
316 | - Fixes bug in sentinel required parameters sanity check
317 | - Adds --no-same-owner to untar command during install to fix NFS related issues
318 | - Adds support for rename_commands config option
319 | - Adds option to stop chef from managing sentinel configs after writing once
320 | - Adds config option rename_commands
321 | - Allow instance 'save' to be string or array
322 | - Adds sources_url and issues_url with guards to be Chef 12 compatible
323 | - Bumps Redis source version to 2.8.20
324 | - Fixes cluster settings with wrong attribute names
325 | - Monitor multiple masters with sentinel
326 | - Add support in sentinel resource for an array of masters to monitor, with backwards compatibility for the older attributes, fixes #73. Replaces #87.
327 | - Introduce a test-kitchen test for sentinel watching multiple masters.
328 | - Incidentally, fixes #193 as well, since it adds a master name attribute for each master.
329 | - Fixes path for pidfile in sentinel init script
330 | - Additional error checking and backwards compatibility for sentinel attribute keys
331 |
332 | ## 2.3.0 (2015-04-08)
333 |
334 | - Add support for installing by distribution package for CentOS (#180)
335 | - Add conditionals to check for redis 3 that was released recently (#183)
336 | - Prevent `usermod: user redis is currently logged in` (#176)
337 | - Use correct sentinel port in default sentinel instance (#157)
338 | - Sentinel instances attribute (`node['redisio']['sentinels']`) should behave like Redis instances attribute (#160)
339 | - Add Rakefile and unit tests for verifying issues fixed are actually resolved (#158)
340 | - Fix serverspec tests to properly use sysv-init scripts on systemd distributions (#185)
341 | - Update documentation to reflect correct current redis version used for source installs (#151)
342 | - Update documentation to indicate that ulimit and build-essential are both dependencies (#165)
343 | - Update documentation to reflect that uninstall recipe is no longer available
344 | - Update documentation to reflect correct mirror in README.md, change was from 2.1.0 (#175)
345 | - Update documentation to reflect that cookbook uses `node['redisio']`, not `node['redis']` (#174)
346 | - Markdown formatting improvements in the README.md (#168, #172)
347 |
348 | ## 2.2.4 (2014-10-04)
349 |
350 | - Updates installed version of redis to the latest stable (2.8.17)
351 | - Fixes backwards compatability bug with older version of redis (namely 2.6.x series) related to keyspaces
352 |
353 | ## 2.2.3 (2014-08-25)
354 |
355 | - Bug Fix: Repackages the chef supermarket releaes with gnutar instead of BSD tar
356 |
357 | ## 2.2.2 (2014-08-22)
358 |
359 | - Please refer to changelog for 2.0.0.
360 | - If moving from 1.7.x this release has many breaking changes. You will likely need to update your wrapper cookbook or role.
361 | - Added test-kitchen and serverspec coverage for both redis and redis_sentinel
362 | - Added cookbook testing information to readme
363 | - Bug fix for a fix that was introduced to resolve foodcritic rule fc002
364 | - Fix init script to use su instead of sudo for ubuntu debian fedora
365 | - Fix sentinel_enable recipe to properly run if using default attributes
366 | - Save property for redis config now is defined by using an array
367 | - Small changes to default configuration options to bring in line with redis defaults.
368 | - Added options for the following
369 | - tcp-keepalive
370 |
371 | ## 2.2.1
372 |
373 | - Allow sentinel to control both redis and redis-sentinel configs depending on attribute `redisio.sentinel.manage_config` state.
374 |
375 | ## 2.2.0
376 |
377 | - Adds behavior to allow the cookbook to NOT manage the redis config files as redis itself will write to them now if you are using sentinel
378 |
379 | ## 2.1.0
380 |
381 | - Adds options for the following
382 | - lua-time-limit
383 | - slowlog-logs-slower-than
384 | - slowlog-max-len
385 | - notify-keyspace-events
386 | - client-output-buffer-limit
387 | - hz
388 | - aof-rewrite-incremental-fsync
389 | - Removes the uninstall recipe and resource.
390 | - Adds the ability to skip the default recipe calling install and configure by setting redisio bypass_setup attribute to true
391 | - Adds support for redis sentinel [Thanks to rcleere, Ryan Walker]
392 | - Splits up the install resource into separate install and configure resources [Thanks to rcleere]
393 | - By default now calls _install_prereqs, install, and configure in the default recipe.
394 | - Changes default version of redis to install to 2.8.5
395 | - Now depends on the build-essential cookbook.
396 | - Fixes issue #76 - Default settings save as empty string breaks install
397 | - Switches mirror server from googlefiles to redis.io. If you are using version of redis before 2.6.16 you will need to override the mirror server attribute
398 | to use the old site with archived versions.
399 | - Adds a Vagrant file!
400 | - maxmemory will be rounded when calculated as a percentage
401 | - Add stop-writes-on-bgsave-error config option
402 | - Changes default log level from verbose to notice
403 | - Adds configuration options for ziplists and active rehashing
404 | - Adds support for passing the address attribute as an array. This is to support the redis 2.8 series which allows binding to multiple addresses
405 | - Fixes a bug where multiple redis instances were using the same swapfile (only for version of redis 2.4 and below)
406 | - Changes the job_control per instance attribute to a global one.
407 | - Adds a status command to the init.d script, uses this in the initd based service for checking status
408 |
409 | ## 2.0.0
410 |
411 | ! THIS RELEASE HAS MANY BREAKING CHANGES !
412 | ! Your old role file will most likely not work !
413 |
414 | - Supports redis 2.8 and its use of the empty string for stdout in the logfile option
415 | - Allows the user to specify required_start and required_start when using the init scripts
416 | - Warns a user if they have syslogenabled set to yes and also have logfile set
417 |
418 | ## 1.7.1 (2014-02-10)
419 |
420 | - Bumps default version of redis to 2.6.17
421 | - Changes the redis download mirror to redis.io
422 | - Fixes #76 - Default settings save as empty string breaks install. [Thanks to astlock]
423 | - Fixes bug with nil file resource for logfile. [Thanks to chrismoos]
424 |
425 | ## 1.7.0 (2013-07-25)
426 |
427 | - Adds support for address attribute as an array or string. This is to support the feature that will be introduced in redis 2.8
428 |
429 | ## 1.6.0 (2013-06-27)
430 |
431 | - Fixes a bug when using a percentage for max memory. [Thanks to organicveggie]
432 | - Allows installation of redis into custom directory. [Thanks to organicveggie, rcleere]
433 | - Bumps the default installed version of redis to the new stable, 2.6.14
434 |
435 | ## 1.5.0 (2013-03-30)
436 |
437 | - Forces maxmemory to a string inside of install provider so it will not explode if you pass in an int. [Thanks to sprack]
438 | - Strips leading directory from downloaded tarball, and extracts into a newly created directory. This allows more versatility for where the package can be installed from (Github / BitBucket) [Thanks to dim]
439 | - Adds options for Redis Cluster [Thanks to jrallison]
440 | - Adds a call to ulimit into the init script, it was not honoring the limits set by the ulimit cookbook for some users. [Thanks to mike-yesware]
441 |
442 | ## 1.4.1 (2013-02-27)
443 |
444 | - Removes left over debugging statement
445 |
446 | ## 1.4.0 (2013-02-27)
447 |
448 | - ACTUALLY fixes the use of upstart and redis. Redis no longer daemonizes itself when using job_control type upstart and allows upstart to handle this
449 | - Adds dependency on the ulimit cookbook and allows you to set the ulimits for the redis instance users.
450 | - Adds associated node attribute for the ulimit. It defaults to the special value 0, which causes the cookbook to use maxclients + 32. 32 is the number of file descriptors redis needs itself
451 | - You can disable the use of the ulimits by setting the node attribute for it to "false" or "nil"
452 | - Comments out the start on by default in the upstart script. This will get uncommented by the upstart provider when the :enable action is called on it
453 |
454 | ## 1.3.2 (2013-02-26)
455 |
456 | - Changes calls to Chef::ShellOut to Mixlib::ShellOut
457 |
458 | ## 1.3.1 (2013-02-26)
459 |
460 | - Fixes bug in upstart script to create pid directory if it does not exist
461 |
462 | ## 1.3.0 (2013-02-20)
463 |
464 | - Adds upstart support. This was a much requested feature.
465 | - Fixes bug in uninstall resource that would have prevented it from uninstalling named servers.
466 | - Reworks the init script to take into account the IP redis is listening on, and if it is listening on a socket.
467 | - Adds an attribute called "shutdown_save" which will explicitly call save on redis shutdown
468 | - Updates the README.md with a shorter and hopefully equally as useful usage section
469 | - maxmemory attribute now allows the use of percentages. You must include a % sign after the value.
470 | - Bumps default version of redis to install to the current stable, 2.6.10
471 |
472 | ## 1.2.0 (2013-02-06)
473 |
474 | - Fixes bug related to where the template source resides when using the LWRP outside of the redisio cookbook
475 | - Fixes bug where the version method was not properly parsing version strings in redis 2.6.x, as the version string from redis-server -v changed
476 | - Fixes bug in default attributes for fedora default redis data directory
477 | - Now uses chefs service resource for each redis instance instead of using a custom redisio_service resource. This cleans up many issues, including a lack of updated_by_last_action
478 | - The use of the redisio_service resource is deprecated. Use the redis port_number instead.
479 | - The default version of redis has been bumped to the current stable, which is 2.6.9
480 | - Adds metadata.json to the gitignore file so that the cookbook can be submoduled.
481 | - Adds the ability to handle non standard bind address in the init scripts stop command
482 | - Adds attributes to allow redis to listen on a socket
483 | - Adds an attribute to allow redis service accounts to be created as system users, defaults this to true
484 | - Adds a per server "name" attribute that allows a server to use that instead of the port for its configuration files, service resource, and init script.
485 | - Shifts the responsbility for handling the case of default redis instances into the install recipe due to the behavior of arrays and deep merge
486 |
487 | ## 1.1.0 (2012-08-21)
488 |
489 | ! Warning breaking change !: The redis pidfile directory by default has changed, if you do not STOP redis before upgrading to the new version
490 | of this cookbook, it will not be able to stop your instance properly via the redis service provider, or the init script.
491 | If this happens to you, you can always log into the server and manually send a SIGTERM to redis
492 |
493 | - Changed the init script to run redis as the specified redis user
494 | - Updated the default version of redis to 2.4.16
495 | - Setup a new directory structure for redis pid files. The install provider will now nest its pid directories in base_piddir/port number/redis_port.pid.
496 | - Added a RedisioHelper module in libraries. The recipe_eval method inside is used to wrap nested resources to allow for the proper resource update propigation. The install provider uses this.
497 | - The init script now properly respects the configdir attribute
498 | - Changed the redis data directories to be 775 instead of 755 (this allows multiple instances with different owners to write their data to the same shared dir so long as they are in a common group)
499 | - Changed default for maxclients to be 10000 instead of 0. This is to account for the fact that maxclients no longer supports 0 as 'unlimited' in the 2.6 series
500 | - Added logic to replace hash-max-ziplist-entries, hash-max-ziplist-value with hash-max-zipmap-entires, hash-max-zipmap-value when using 2.6 series
501 | - Added the ability to log to any file, not just syslog. Please do make sure after you set your file with the logfile attribute you also set syslogenabled to 'no'
502 |
503 | ## 1.0.3 (2012-05-02)
504 |
505 | - Added changelog.md
506 | - Added a bunch more configuration options that were left out (default values left as they were before):
507 | - databases
508 | - slaveservestaledata
509 | - replpingslaveperiod
510 | - repltimeout
511 | - maxmemorysamples
512 | - noappendfsynconwrite
513 | - aofrewritepercentage
514 | - aofrewriteminsize
515 |
516 | It is worth nothing that since there is a configurable option for conf include files, and the fact that redis uses the most recently read configuration option... even if a new option where to show up, or and old one was not included they could be added using that pattern.
517 |
518 | ## 1.0.2 (2012-04-25)
519 |
520 | - Merged in pull request from meskyanichi which improved the README.md and added a .gitignore
521 | - Added a "safe_install" node attribute which will prevent redis from installing anything if it exists already. Defaults to true.
522 | - Addedd a "redis_gem" recipe which will install the redis gem from ruby gems, added associated attributes. See README for me
523 |
524 | ## 1.0.1 (2012-04-08)
525 |
526 | - Added some prequisite checks for RHEL based distributions
527 | - Minor typos and formatting fixes in metadata.rb and README.md
528 |
529 | ## 1.0.0 (2012-04-08)
530 |
531 | Initial Release
532 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Community Guidelines
2 |
3 | This project follows the Chef Community Guidelines
4 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing
2 |
3 | Please refer to
4 | [https://github.com/chef-cookbooks/community_cookbook_documentation/blob/main/CONTRIBUTING.MD](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/main/CONTRIBUTING.MD)
5 |
--------------------------------------------------------------------------------
/Dangerfile:
--------------------------------------------------------------------------------
1 | # Reference: http://danger.systems/reference.html
2 |
3 | # A pull request summary is required. Add a description of the pull request purpose.
4 | # Changelog must be updated for each pull request that changes code.
5 | # Warnings will be issued for:
6 | # Pull request with more than 400 lines of code changed
7 | # Pull reqest that change more than 5 lines without test changes
8 | # Failures will be issued for:
9 | # Pull request without summary
10 | # Pull requests with code changes without changelog entry
11 |
12 | def code_changes?
13 | code = %w(libraries attributes recipes resources files templates)
14 | code.each do |location|
15 | return true unless git.modified_files.grep(/#{location}/).empty?
16 | end
17 | false
18 | end
19 |
20 | def test_changes?
21 | tests = %w(spec test kitchen.yml kitchen.dokken.yml)
22 | tests.each do |location|
23 | return true unless git.modified_files.grep(/#{location}/).empty?
24 | end
25 | false
26 | end
27 |
28 | failure 'Please provide a summary of your Pull Request.' if github.pr_body.length < 10
29 |
30 | warn 'This is a big Pull Request.' if git.lines_of_code > 400
31 |
32 | warn 'This is a Table Flip.' if git.lines_of_code > 2000
33 |
34 | # Require a CHANGELOG entry for non-test changes.
35 | if !git.modified_files.include?('CHANGELOG.md') && code_changes?
36 | failure 'Please include a CHANGELOG entry.'
37 | end
38 |
39 | # Require Major Minor Patch version labels
40 | unless github.pr_labels.grep /minor|major|patch/i
41 | warn 'Please add a release label to this pull request'
42 | end
43 |
44 | # A sanity check for tests.
45 | if git.lines_of_code > 5 && code_changes? && !test_changes?
46 | warn 'This Pull Request is probably missing tests.'
47 | end
48 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "{}"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright {yyyy} {name of copyright owner}
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Redisio Cookbook
2 |
3 | [](https://supermarket.chef.io/cookbooks/redisio)
4 | [](https://circleci.com/gh/sous-chefs/redisio)
5 | [](#backers)
6 | [](#sponsors)
7 | [](https://opensource.org/licenses/Apache-2.0)
8 |
9 | Please read the changelog when upgrading from the 1.x series to the 2.x series
10 |
11 | ## Description
12 |
13 | Website:: [https://github.com/sous-chefs/redisio](https://github.com/sous-chefs/redisio)
14 |
15 | Installs and configures Redis server instances
16 |
17 | ## Maintainers
18 |
19 | This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
20 |
21 | ## Requirements
22 |
23 | This cookbook builds redis from source or install it from packages, so it should work on any architecture for the supported distributions. Init scripts are installed into /etc/init.d/
24 |
25 | It depends on the ulimit cookbook: [https://github.com/bmhatfield/chef-ulimit](https://github.com/bmhatfield/chef-ulimit) and the build-essentials cookbook: [https://github.com/chef-cookbooks/build-essential](https://github.com/opscode-cookbooks/build-essential)
26 |
27 | ### Platforms
28 |
29 | * Debian, Ubuntu
30 | * CentOS, Red Hat, Fedora, Scientific Linux
31 | * FreeBSD
32 |
33 | ### Testing
34 |
35 | This cookbook is tested with Delivery's local mode run under Chef-DK and Test Kitchen
36 |
37 | * delivery local all
38 | * kitchen test
39 |
40 | Tested on:
41 |
42 | * Centos 6
43 | * Centos 7
44 | * Debian 8
45 | * Fedora 28
46 | * Ubuntu 16.04
47 |
48 | ## Usage
49 |
50 | The redisio cookbook contains LWRP for installing, configuring and managing redis and redis_sentinel.
51 |
52 | The install recipe can build, compile and install redis from sources or install from packages. The configure recipe will configure redis and set up service resources. These resources will be named for the port of the redis server, unless a "name" attribute was specified. Example names would be: service["redis6379"] or service["redismaster"] if the name attribute was "master".
53 | _NOTE: currently installation from source is not supported for FreeBSD_
54 |
55 | The most common use case for the redisio cookbook is to use the default recipe, followed by the enable recipe.
56 |
57 | Another common use case is to use the default, and then call the service resources created by it from another cookbook.
58 |
59 | It is important to note that changing the configuration options of redis does not make them take effect on the next chef run. Due to how redis works, you cannot reload a configuration without restarting the redis service. Redis does not offer a reload option, in order to have new options be used redis must be stopped and started.
60 |
61 | You should make sure to set the ulimit for the user you want to run redis as to be higher than the max connections you allow.
62 | _NOTE: setting ulimit is not supported on FreeBSD since the ulimit cookbook doesn't support FreeBSD_
63 |
64 | The disable recipe just stops redis and removes it from run levels.
65 |
66 | The cookbook also contains a recipe to allow for the installation of the redis ruby gem.
67 |
68 | Redis-sentinel will write configuration and state data back into its configuration file. This creates obvious problems when that config is managed by chef. By default, this cookbook will create the config file once, and then leave a breadcrumb that will guard against the file from being updated again.
69 |
70 | ### Recipes
71 |
72 | * configure - This recipe is used to configure redis.
73 | * default - This is used to install the pre-requisites for building redis, and to make the LWRPs available
74 | * disable - This recipe can be used to disable the redis service and remove it from runlevels
75 | * enable - This recipe can be used to enable the redis services and add it to runlevels
76 | * install - This recipe is used to install redis.
77 | * redis_gem - This recipe can be used to install the redis ruby gem
78 | * sentinel - This recipe can be used to install and configure sentinel
79 | * sentinel_enable - This recipe can be used to enable the sentinel service(s)
80 | * disable_os_default - This recipe can be used to disable the default OS redis init script
81 |
82 | ### Role File Examples
83 |
84 | #### Install redis and set up an instance with default settings on default port, and start the service through a role file
85 |
86 | ```ruby
87 | run_list *%w[
88 | recipe[redisio]
89 | recipe[redisio::enable]
90 | ]
91 |
92 | default_attributes({})
93 | ```
94 |
95 | ##### Install redis with packages and set up an instance with default settings on default port, and start the service through a role file
96 |
97 | ```ruby
98 | run_list *%w[
99 | recipe[redisio]
100 | recipe[redisio::enable]
101 | ]
102 |
103 | default_attributes({
104 | 'redisio' => {
105 | package_install: true
106 | version:
107 | }
108 | })
109 | ```
110 |
111 | ##### Install redis, give the instance a name, and use a unix socket
112 |
113 | ```ruby
114 | run_list *%w[
115 | recipe[redisio]
116 | recipe[redisio::enable]
117 | ]
118 |
119 | default_attributes({
120 | 'redisio' => {
121 | 'servers' => [
122 | {'name' => 'master', 'port' => '6379', 'unixsocket' => '/tmp/redis.sock', 'unixsocketperm' => '755'},
123 | ]
124 | }
125 | })
126 | ```
127 |
128 | ##### Install redis and pull the password from an encrypted data bag
129 |
130 | ```ruby
131 | run_list *%w[
132 | recipe[redisio]
133 | recipe[redisio::enable]
134 | ]
135 |
136 | default_attributes({
137 | 'redisio' => {
138 | 'servers' => [
139 | {'data_bag_name' => 'redis', 'data_bag_item' => 'auth', 'data_bag_key' => 'password'},
140 | ]
141 | }
142 | })
143 | ```
144 |
145 | ###### Data Bag
146 |
147 | ```ruby
148 | {
149 | "id": "auth",
150 | "password": "abcdefghijklmnopqrstuvwxyz"
151 | }
152 | ```
153 |
154 | ##### Install redis and set up two instances on the same server, on different ports, with one slaved to the other through a role file
155 |
156 | ```ruby
157 | run_list *%w[
158 | recipe[redisio]
159 | recipe[redisio::enable]
160 | ]
161 |
162 | default_attributes({
163 | 'redisio' => {
164 | 'servers' => [
165 | {'port' => '6379'},
166 | {'port' => '6380', 'replicaof' => { 'address' => '127.0.0.1', 'port' => '6379' }}
167 | ]
168 | }
169 | })
170 | ```
171 |
172 | ##### Install redis and set up two instances, on the same server, on different ports, with the default data directory changed to /mnt/redis, and the second instance named
173 |
174 | ```ruby
175 | run_list *%w[
176 | recipe[redisio]
177 | recipe[redisio::enable]
178 | ]
179 |
180 | default_attributes({
181 | 'redisio' => {
182 | 'default_settings' => {'datadir' => '/mnt/redis'},
183 | 'servers' => [{'port' => '6379'}, {'port' => '6380', 'name' => "MyInstance"}]
184 | }
185 | })
186 | ```
187 |
188 | ##### Install redis and set up three instances on the same server, changing the default data directory to /mnt/redis, each instance will use a different backup type, and one instance will use a different data dir
189 |
190 | ```ruby
191 | run_list *%w[
192 | recipe[redisio]
193 | recipe[redisio::enable]
194 | ]
195 |
196 | default_attributes({
197 | 'redisio' => {
198 | 'default_settings' => { 'datadir' => '/mnt/redis/'},
199 | 'servers' => [
200 | {'port' => '6379','backuptype' => 'aof'},
201 | {'port' => '6380','backuptype' => 'both'},
202 | {'port' => '6381','backuptype' => 'rdb', 'datadir' => '/mnt/redis6381'}
203 | ]
204 | }
205 | })
206 | ```
207 |
208 | ##### Install redis 2.4.11 (lower than the default version) and turn safe install off, for the event where redis is already installed This will use the default settings. Keep in mind the redis version will not actually be updated until you restart the service (either through the LWRP or manually)
209 |
210 | ```ruby
211 | run_list *%w[
212 | recipe[redisio]
213 | recipe[redisio::enable]
214 | ]
215 |
216 | default_attributes({
217 | 'redisio' => {
218 | 'safe_install' => false,
219 | 'version' => '2.4.11'
220 | }
221 | })
222 | ```
223 |
224 | ##### Install a single redis-sentinel to listen for a master on localhost and default port number
225 |
226 | ```ruby
227 | run_list *%w[
228 | recipe[redisio::sentinel]
229 | recipe[redisio::sentinel_enable]
230 | ]
231 | ```
232 |
233 | #### Install redis and set up two instances, on the same server, on different ports, the second instance configuration file will be overwriten by chef
234 |
235 | ```ruby
236 | run_list *%w[
237 | recipe[redisio]
238 | recipe[redisio::enable]
239 | ]
240 |
241 | default_attributes({
242 | 'redisio' => {
243 | 'servers' => [{'port' => '6379'}, {'port' => '6380', 'breadcrumb' => false}]
244 | }
245 | })
246 | ```
247 |
248 | ## LWRP Examples
249 |
250 | Instead of using my provided recipes, you can simply depend on the redisio cookbook in your metadata and use the LWRP's yourself. I will show a few examples of ways to use the LWRPS, detailed breakdown of options are below
251 | in the resources/providers section
252 |
253 | ### Install Resource
254 |
255 | It is important to note that this call has certain expectations for example, it expects the redis package to be in the format `redis-VERSION.tar.gz'.
256 |
257 | ```ruby
258 | redisio_install "redis-installation" do
259 | version '2.6.9'
260 | download_url 'http://redis.googlecode.com/files/redis-2.6.9.tar.gz'
261 | safe_install false
262 | install_dir '/usr/local/'
263 | end
264 | ```
265 |
266 | ### Configure Resource
267 |
268 | The servers resource expects an array of hashes where each hash is required to contain at a key-value pair of 'port' => 'port numbers'.
269 |
270 | ```ruby
271 | redisio_configure "redis-servers" do
272 | version '2.6.9'
273 | default_settings node['redisio']['default_settings']
274 | servers node['redisio']['servers']
275 | base_piddir node['redisio']['base_piddir']
276 | end
277 | ```
278 |
279 | ### Sentinel Resource
280 |
281 | The sentinel resource installs and configures all of your redis_sentinels defined in sentinel_instances
282 |
283 | Using the sentinel resources:
284 |
285 | ```ruby
286 | redisio_sentinel "redis-sentinels" do
287 | version '2.6.9'
288 | sentinel_defaults node['redisio']['sentinel_defaults']
289 | sentinels sentinel_instances
290 | base_piddir node['redisio']['base_piddir']
291 | end
292 | ```
293 |
294 | ## Attributes
295 |
296 | Configuration options, each option corresponds to the same-named configuration option in the redis configuration file; default values listed
297 |
298 | * `redisio['mirror']` - mirror server with path to download redis package, default is [http://download.redis.io/releases/](http://download.redis.io/releases/)
299 | * `redisio['base_name']` - the base name of the redis package to be downloaded (the part before the version), default is 'redis-'
300 | * `redisio['artifact_type']` - the file extension of the package. currently only .tar.gz and .tgz are supported, default is 'tar.gz'
301 | * `redisio['version']` - the version number of redis to install (also appended to the `base_name` for downloading), default is '2.8.17'
302 | * `redisio['safe_install']` - prevents redis from installing itself if another version of redis is installed, default is true
303 | * `redisio['base_piddir']` - This is the directory that redis pidfile directories and pidfiles will be placed in. Since redis can run as non root, it needs to have proper
304 | permissions to the directory to create its pid. Since each instance can run as a different user, these directories will all be nested inside this base one.
305 | * `redisio['bypass_setup']` - This attribute allows users to prevent the default recipe from calling the install and configure recipes.
306 | * `redisio['job_control']` - This deteremines what job control type will be used. Currently supports 'initd' or 'upstart' options. Defaults to 'initd'.
307 |
308 | Default settings is a hash of default settings to be applied to to ALL instances. These can be overridden for each individual server in the servers attribute. If you are going to set logfile to a specific file, make sure to set syslog-enabled to no.
309 |
310 | * `redisio['default_settings']` - { 'redis-option' => 'option setting' }
311 |
312 | Available options and their defaults
313 |
314 | ```config
315 | 'user' => 'redis' - the user to own the redis datadir, redis will also run under this user
316 | 'group' => 'redis' - the group to own the redis datadir
317 | 'permissions' => '0644' - the unix permissions applied to the server config file
318 | 'homedir' => Home directory of the user. Varies on distribution, check attributes file
319 | 'shell' => Users shell. Varies on distribution, check attributes file
320 | 'systemuser' => true - Sets up the instances user as a system user
321 | 'ulimit' => 0 - 0 is a special value causing the ulimit to be maxconnections +32. Set to nil or false to disable setting ulimits
322 | 'configdir' => '/etc/redis' - configuration directory
323 | 'name' => nil, Allows you to name the server with something other than port. Useful if you want to use unix sockets
324 | 'tcpbacklog' => '511',
325 | 'address' => nil, Can accept a single string or an array. When using an array, the FIRST value will be used by the init script for connecting to redis
326 | 'databases' => '16',
327 | 'backuptype' => 'rdb',
328 | 'datadir' => '/var/lib/redis',
329 | 'unixsocket' => nil - The location of the unix socket to use,
330 | 'unixsocketperm' => nil - The permissions of the unix socket,
331 | 'timeout' => '0',
332 | 'keepalive' => '0',
333 | 'loglevel' => 'notice',
334 | 'logfile' => nil,
335 | 'syslogenabled' => 'yes',
336 | 'syslogfacility' => 'local0',
337 | 'shutdown_save' => false,
338 | 'save' => nil, # Defaults to ['900 1','300 10','60 10000'] inside of template. Needed due to lack of hash subtraction
339 | 'stopwritesonbgsaveerror' => 'yes',
340 | 'rdbcompression' => 'yes',
341 | 'rdbchecksum' => 'yes',
342 | 'dbfilename' => nil,
343 | 'replicaof' => nil,
344 | 'masterauth' => nil,
345 | 'replicaservestaledata' => 'yes',
346 | 'replicareadonly' => 'yes',
347 | 'repldisklesssync' => 'no', # Requires redis 2.8.18+
348 | 'repldisklesssyncdelay' => '5', # Requires redis 2.8.18+
349 | 'replpingreplicaperiod' => '10',
350 | 'repltimeout' => '60',
351 | 'repldisabletcpnodelay => 'no',
352 | 'replicapriority' => '100',
353 | 'requirepass' => nil,
354 | 'rename_commands' => nil, or a hash where each key is a redis command and the value is the command's new name.
355 | 'maxclients' => 10000,
356 | 'maxmemory' => nil,
357 | 'maxmemorypolicy' => nil,
358 | 'maxmemorysamples' => nil,
359 | 'appendfilename' => nil,
360 | 'appendfsync' => 'everysec',
361 | 'noappendfsynconrewrite' => 'no',
362 | 'aofrewritepercentage' => '100',
363 | 'aofrewriteminsize' => '64mb',
364 | 'luatimelimit' => '5000',
365 | 'slowloglogslowerthan' => '10000',
366 | 'slowlogmaxlen' => '1024',
367 | 'notifykeyspaceevents' => '',
368 | 'hashmaxziplistentries' => '512',
369 | 'hashmaxziplistvalue' => '64',
370 | 'listmaxziplistentries' => '512',
371 | 'listmaxziplistvalue' => '64',
372 | 'setmaxintsetentries' => '512',
373 | 'zsetmaxziplistentries' => '128',
374 | 'zsetmaxziplistvalue' => '64',
375 | 'hllsparsemaxbytes' => '3000',
376 | 'activerehasing' => 'yes',
377 | 'clientoutputbufferlimit' => [
378 | %w(normal 0 0 0),
379 | %w(replica 256mb 64mb 60),
380 | %w(pubsub 32mb 8mb 60)
381 | ],
382 | 'hz' => '10',
383 | 'aofrewriteincrementalfsync' => 'yes',
384 | 'clusterenabled' => 'no',
385 | 'clusterconfigfile' => nil, # Defaults to redis instance name inside of template if cluster is enabled.
386 | 'clusternodetimeout' => 5000,
387 | 'clusterport' => nil,
388 | 'includes' => nil,
389 | 'aclfile' => nil, # Requires redis 6+
390 | 'breadcrumb' => true # Defaults to create breadcrumb lock-file.
391 | 'tlsport' => nil,
392 | 'tlscertfile' => nil,
393 | 'tlskeyfile' => nil,
394 | 'tlskeyfilepass' => nil,
395 | 'tlsclientcertfile' => nil,
396 | 'tlsclientkeyfile' => nil,
397 | 'tlsclientkeyfilepass' => nil,
398 | 'tlsdhparamsfile' => nil,
399 | 'tlscacertfile' => nil,
400 | 'tlscacertdir' => nil,
401 | 'tlsauthclients' => nil,
402 | 'tlsreplication' => nil,
403 | 'tlscluster' => nil,
404 | 'tlsprotocols' => nil,
405 | 'tlsciphers' => nil,
406 | 'tlsciphersuites' => nil,
407 | 'tlspreferserverciphers' => nil,
408 | 'tlssessioncaching' => nil,
409 | 'tlssessioncachesize' => nil,
410 | 'tlssessioncachetimeout' => nil,
411 | ```
412 |
413 | * `redisio['servers']` - An array where each item is a set of key value pairs for redis instance specific settings. The only required option is 'port'. These settings will override the options in 'default_settings', if it is left `nil` it will default to `[{'port' => '6379'}]`. If set to `[]` (empty array), no instances will be created.
414 |
415 | The redis_gem recipe will also allow you to install the redis ruby gem, these are attributes related to that, and are in the redis_gem attributes file.
416 |
417 | * `redisio['gem']['name']` - the name of the gem to install, defaults to 'redis'
418 | * `redisio['gem']['version']` - the version of the gem to install. if it is nil, the latest available version will be installed.
419 |
420 | The sentinel recipe's use their own attribute file.
421 |
422 | * `redisio['sentinel_defaults']` - { 'sentinel-option' => 'option setting' }
423 |
424 | ```config
425 | 'user' => 'redis',
426 | 'configdir' => '/etc/redis',
427 | 'sentinel_bind' => nil,
428 | 'sentinel_port' => 26379,
429 | 'monitor' => nil,
430 | 'down-after-milliseconds' => 30000,
431 | 'can-failover' => 'yes',
432 | 'parallel-syncs' => 1,
433 | 'failover-timeout' => 900000,
434 | 'loglevel' => 'notice',
435 | 'logfile' => nil,
436 | 'syslogenabled' => 'yes',
437 | 'syslogfacility' => 'local0',
438 | 'quorum_count' => 2,
439 | 'protected-mode' => nil,
440 | 'maxclients' => 10000,
441 | 'aclfile' => nil, # Requires redis 6+
442 | 'includes' => nil,
443 | ```
444 |
445 | * `redisio['redisio']['sentinel']['manage_config']` - Should the cookbook manage the redis and redis sentinel config files. This is best set to false when using redis_sentinel as it will write state into both configuration files.
446 |
447 | * `redisio['redisio']['sentinels']` - Array of sentinels to configure on the node. These settings will override the options in 'sentinel_defaults', if it is left `nil` it will default to `[{'port' => '26379', 'name' => 'mycluster', 'master_ip' => '127.0.0.1', 'master_port' => 6379}]`. If set to `[]` (empty array), no instances will be created.
448 |
449 | You may also pass an array of masters to monitor like so:
450 |
451 | ```ruby
452 | [{
453 | 'sentinel_port' => '26379',
454 | 'name' => 'mycluster_sentinel',
455 | 'masters' => [
456 | { 'master_name' => 'master6379', 'master_ip' => '127.0.0.1', 'master_port' => 6379 },
457 | { 'master_name' => 'master6380', 'master_ip' => '127.0.0.1', 'master_port' => 6380 }
458 | ]
459 |
460 | }]
461 | ```
462 |
463 | ## Resources/Providers
464 |
465 | ### `install`
466 |
467 | Actions:
468 |
469 | * `run` - perform the install (default)
470 | * `nothing` - do nothing
471 |
472 | Attribute Parameters
473 |
474 | * `version` - the version of redis to download / install
475 | * `download_url` - the URL plus filename of the redis package to install
476 | * `download_dir` - the directory to store the downloaded package
477 | * `artifact_type` - the file extension of the package
478 | * `base_name` - the name of the package minus the extension and version number
479 | * `safe_install` - a true or false value which determines if a version of redis will be installed if one already exists, defaults to true
480 |
481 | This resource expects the following naming conventions:
482 |
483 | package file should be in the format base_nameVersion_number.artifact_type
484 |
485 | package file after extraction should be inside of the directory base_nameVersion_number
486 |
487 | ```ruby
488 | install "redis" do
489 | action [:run,:nothing]
490 | end
491 | ```
492 |
493 | ### `configure`
494 |
495 | Actions:
496 |
497 | * `run` - perform the configure (default)
498 | * `nothing` - do nothing
499 |
500 | Attribute Parameters
501 |
502 | * `version` - the version of redis to download / install
503 | * `base_piddir` - directory where pid files will be created
504 | * `user` - the user to run redis as, and to own the redis files
505 | * `group` - the group to own the redis files
506 | * `default_settings` - a hash of the default redis server settings
507 | * `servers` - an array of hashes containing server configurations overrides (port is the only required)
508 |
509 | ```ruby
510 | configure "redis" do
511 | action [:run,:nothing]
512 | end
513 | ```
514 |
515 | ## Contributors
516 |
517 | This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false)
518 |
519 | ### Backers
520 |
521 | Thank you to all our backers!
522 |
523 | 
524 |
525 | ### Sponsors
526 |
527 | Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
528 |
529 | 
530 | 
531 | 
532 | 
533 | 
534 | 
535 | 
536 | 
537 | 
538 | 
539 |
--------------------------------------------------------------------------------
/TESTING.md:
--------------------------------------------------------------------------------
1 | # Testing
2 |
3 | Please refer to [the community cookbook documentation on testing](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/main/TESTING.MD).
4 |
--------------------------------------------------------------------------------
/attributes/default.rb:
--------------------------------------------------------------------------------
1 | package_bin_path = '/usr/bin'
2 | config_dir = '/etc/redis'
3 | default_package_install = false
4 |
5 | case node['platform_family']
6 | when 'debian'
7 | shell = '/bin/false'
8 | homedir = '/var/lib/redis'
9 | package_name = 'redis-server'
10 | when 'rhel', 'fedora'
11 | shell = '/bin/sh'
12 | homedir = '/var/lib/redis'
13 | package_name = 'redis'
14 | when 'freebsd'
15 | shell = '/bin/sh'
16 | homedir = '/var/lib/redis'
17 | package_name = 'redis'
18 | package_bin_path = '/usr/local/bin'
19 | config_dir = '/usr/local/etc/redis'
20 | default_package_install = true
21 | else
22 | shell = '/bin/sh'
23 | homedir = '/redis'
24 | package_name = 'redis'
25 | end
26 |
27 | # Overwite template used for the Redis Server config (not sentinel)
28 | default['redisio']['redis_config']['template_cookbook'] = 'redisio'
29 | default['redisio']['redis_config']['template_source'] = 'redis.conf.erb'
30 |
31 | # Install related attributes
32 | default['redisio']['safe_install'] = true
33 | default['redisio']['package_install'] = default_package_install
34 | default['redisio']['package_name'] = package_name
35 | default['redisio']['bypass_setup'] = false
36 |
37 | # Tarball and download related defaults
38 | default['redisio']['mirror'] = 'http://download.redis.io/releases/'
39 | default['redisio']['base_name'] = 'redis-'
40 | default['redisio']['artifact_type'] = 'tar.gz'
41 | default['redisio']['base_piddir'] = '/var/run/redis'
42 |
43 | # Version
44 | default['redisio']['version'] = if node['redisio']['package_install']
45 | # latest version (only for package install)
46 | nil
47 | else
48 | # force version for tarball
49 | '3.2.11'
50 | end
51 |
52 | # Custom installation directory
53 | default['redisio']['install_dir'] = nil
54 |
55 | # Job control related options (initd, upstart, or systemd)
56 | default['redisio']['job_control'] = if systemd?
57 | 'systemd'
58 | elsif platform_family?('freebsd')
59 | 'rcinit'
60 | else
61 | 'initd'
62 | end
63 |
64 | # Init.d script related options
65 | default['redisio']['init.d']['required_start'] = []
66 | default['redisio']['init.d']['required_stop'] = []
67 |
68 | # Default settings for all redis instances, these can be overridden on a per server basis in the 'servers' hash
69 | default['redisio']['default_settings'] = {
70 | 'user' => 'redis',
71 | 'group' => 'redis',
72 | 'permissions' => '0644',
73 | 'homedir' => homedir,
74 | 'shell' => shell,
75 | 'systemuser' => true,
76 | 'uid' => nil,
77 | 'ulimit' => 0,
78 | 'configdir' => config_dir,
79 | 'name' => nil,
80 | 'tcpbacklog' => '511',
81 | 'address' => nil,
82 | 'databases' => '16',
83 | 'backuptype' => 'rdb',
84 | 'datadir' => '/var/lib/redis',
85 | 'unixsocket' => nil,
86 | 'unixsocketperm' => nil,
87 | 'timeout' => '0',
88 | 'keepalive' => '0',
89 | 'loglevel' => 'notice',
90 | 'logfile' => nil,
91 | 'syslogenabled' => 'yes',
92 | 'syslogfacility' => 'local0',
93 | 'shutdown_save' => false,
94 | 'save' => nil, # Defaults to ['900 1','300 10','60 10000'] inside of template. Needed due to lack of hash subtraction
95 | 'stopwritesonbgsaveerror' => 'yes',
96 | 'rdbcompression' => 'yes',
97 | 'rdbchecksum' => 'yes',
98 | 'dbfilename' => nil,
99 | 'replicaof' => nil,
100 | 'protected_mode' => nil, # unspecified by default but could be set explicitly to 'yes' or 'no'
101 | 'masterauth' => nil,
102 | 'replicaservestaledata' => 'yes',
103 | 'replicareadonly' => 'yes',
104 | 'repldisklesssync' => 'no',
105 | 'repldisklesssyncdelay' => '5',
106 | 'replpingreplicaperiod' => '10',
107 | 'repltimeout' => '60',
108 | 'repldisabletcpnodelay' => 'no',
109 | 'replbacklogsize' => '1mb',
110 | 'replbacklogttl' => 3600,
111 | 'replicapriority' => '100',
112 | 'requirepass' => nil,
113 | 'rename_commands' => nil,
114 | 'maxclients' => 10000,
115 | 'maxmemory' => nil,
116 | 'maxmemorypolicy' => nil,
117 | 'maxmemorysamples' => nil,
118 | 'appendfilename' => nil,
119 | 'appendfsync' => 'everysec',
120 | 'noappendfsynconrewrite' => 'no',
121 | 'aofrewritepercentage' => '100',
122 | 'aofrewriteminsize' => '64mb',
123 | 'aofloadtruncated' => 'yes',
124 | 'luatimelimit' => '5000',
125 | 'slowloglogslowerthan' => '10000',
126 | 'slowlogmaxlen' => '1024',
127 | 'notifykeyspaceevents' => '',
128 | 'hashmaxziplistentries' => '512',
129 | 'hashmaxziplistvalue' => '64',
130 | 'setmaxintsetentries' => '512',
131 | 'zsetmaxziplistentries' => '128',
132 | 'zsetmaxziplistvalue' => '64',
133 | 'hllsparsemaxbytes' => '3000',
134 | 'activerehasing' => 'yes',
135 | 'clientoutputbufferlimit' => [
136 | %w(normal 0 0 0),
137 | %w(replica 256mb 64mb 60),
138 | %w(pubsub 32mb 8mb 60),
139 | ],
140 | 'hz' => '10',
141 | 'aofrewriteincrementalfsync' => 'yes',
142 | 'clusterenabled' => 'no',
143 | 'clusterconfigfile' => nil, # Defaults to redis instance name inside of template if cluster is enabled.
144 | 'clusternodetimeout' => 5000,
145 | 'clusterport' => nil,
146 | 'includes' => nil,
147 | 'aclfile' => nil,
148 | 'data_bag_name' => nil,
149 | 'data_bag_item' => nil,
150 | 'data_bag_key' => nil,
151 | 'minreplicastowrite' => nil,
152 | 'minreplicasmaxlag' => nil,
153 | 'breadcrumb' => true,
154 | 'tlsport' => nil,
155 | 'tlscertfile' => nil,
156 | 'tlskeyfile' => nil,
157 | 'tlskeyfilepass' => nil,
158 | 'tlsclientcertfile' => nil,
159 | 'tlsclientkeyfile' => nil,
160 | 'tlsclientkeyfilepass' => nil,
161 | 'tlsdhparamsfile' => nil,
162 | 'tlscacertfile' => nil,
163 | 'tlscacertdir' => nil,
164 | 'tlsauthclients' => nil,
165 | 'tlsreplication' => nil,
166 | 'tlscluster' => nil,
167 | 'tlsprotocols' => nil,
168 | 'tlsciphers' => nil,
169 | 'tlsciphersuites' => nil,
170 | 'tlspreferserverciphers' => nil,
171 | 'tlssessioncaching' => nil,
172 | 'tlssessioncachesize' => nil,
173 | 'tlssessioncachetimeout' => nil,
174 | }
175 |
176 | # The default for this is set inside of the "install" recipe. This is due to the way deep merge handles arrays
177 | default['redisio']['servers'] = nil
178 |
179 | # Define binary path
180 | default['redisio']['bin_path'] = if node['redisio']['package_install']
181 | package_bin_path
182 | else
183 | '/usr/local/bin'
184 | end
185 |
186 | # Ulimit
187 | default['ulimit']['pam_su_template_cookbook'] = nil
188 | default['ulimit']['users'] = Mash.new
189 | default['ulimit']['security_limits_directory'] = '/etc/security/limits.d'
190 | default['ulimit']['ulimit_overriding_sudo_file_name'] = 'sudo'
191 | default['ulimit']['ulimit_overriding_sudo_file_cookbook'] = nil
192 |
--------------------------------------------------------------------------------
/attributes/redis_gem.rb:
--------------------------------------------------------------------------------
1 | # Allow for a redis ruby gem to be installed
2 | default['redisio']['gem']['name'] = 'redis'
3 | default['redisio']['gem']['version'] = nil
4 |
--------------------------------------------------------------------------------
/attributes/redis_sentinel.rb:
--------------------------------------------------------------------------------
1 | config_dir = if platform_family?('freebsd')
2 | '/usr/local/etc/redis'
3 | else
4 | '/etc/redis'
5 | end
6 |
7 | default['redisio']['sentinel_defaults'] = {
8 | 'user' => 'redis',
9 | 'configdir' => config_dir,
10 | 'sentinel_bind' => nil,
11 | 'sentinel_port' => 26379,
12 | 'monitor' => nil,
13 | 'down_after_milliseconds' => 30000,
14 | 'can-failover' => 'yes',
15 | 'parallel-syncs' => 1,
16 | 'failover_timeout' => 900000,
17 | 'loglevel' => 'notice',
18 | 'logfile' => nil,
19 | 'syslogenabled' => 'yes',
20 | 'syslogfacility' => 'local0',
21 | 'quorum_count' => 2,
22 | 'data_bag_name' => nil,
23 | 'data_bag_item' => nil,
24 | 'data_bag_key' => nil,
25 | 'announce-ip' => nil,
26 | 'announce-port' => nil,
27 | 'notification-script' => nil,
28 | 'client-reconfig-script' => nil,
29 | 'protected_mode' => nil,
30 | 'maxclients' => 10000,
31 | 'aclfile' => nil,
32 | 'includes' => nil,
33 | 'tlsport' => nil,
34 | 'tlscertfile' => nil,
35 | 'tlskeyfile' => nil,
36 | 'tlskeyfilepass' => nil,
37 | 'tlsclientcertfile' => nil,
38 | 'tlsclientkeyfile' => nil,
39 | 'tlsclientkeyfilepass' => nil,
40 | 'tlsdhparamsfile' => nil,
41 | 'tlscacertfile' => nil,
42 | 'tlscacertdir' => nil,
43 | 'tlsauthclients' => nil,
44 | 'tlsreplication' => nil,
45 | 'tlscluster' => nil,
46 | 'tlsprotocols' => nil,
47 | 'tlsciphers' => nil,
48 | 'tlsciphersuites' => nil,
49 | 'tlspreferserverciphers' => nil,
50 | 'tlssessioncaching' => nil,
51 | 'tlssessioncachesize' => nil,
52 | 'tlssessioncachetimeout' => nil,
53 | }
54 |
55 | # Manage Sentinel Config File
56 | ## Will write out the base config one time then no longer manage the config allowing sentinel to take over
57 | default['redisio']['sentinel']['manage_config'] = true # Deprecated
58 |
59 | default['redisio']['sentinels'] = nil
60 |
--------------------------------------------------------------------------------
/chefignore:
--------------------------------------------------------------------------------
1 | # Put files/directories that should be ignored in this file when uploading
2 | # to a Chef Infra Server or Supermarket.
3 | # Lines that start with '# ' are comments.
4 |
5 | # OS generated files #
6 | ######################
7 | .DS_Store
8 | ehthumbs.db
9 | Icon?
10 | nohup.out
11 | Thumbs.db
12 | .envrc
13 |
14 | # EDITORS #
15 | ###########
16 | .#*
17 | .project
18 | .settings
19 | *_flymake
20 | *_flymake.*
21 | *.bak
22 | *.sw[a-z]
23 | *.tmproj
24 | *~
25 | \#*
26 | REVISION
27 | TAGS*
28 | tmtags
29 | .vscode
30 | .editorconfig
31 |
32 | ## COMPILED ##
33 | ##############
34 | *.class
35 | *.com
36 | *.dll
37 | *.exe
38 | *.o
39 | *.pyc
40 | *.so
41 | */rdoc/
42 | a.out
43 | mkmf.log
44 |
45 | # Testing #
46 | ###########
47 | .circleci/*
48 | .codeclimate.yml
49 | .delivery/*
50 | .foodcritic
51 | .kitchen*
52 | .mdlrc
53 | .overcommit.yml
54 | .rspec
55 | .rubocop.yml
56 | .travis.yml
57 | .watchr
58 | .yamllint
59 | azure-pipelines.yml
60 | Dangerfile
61 | examples/*
62 | features/*
63 | Guardfile
64 | kitchen*.yml
65 | mlc_config.json
66 | Procfile
67 | Rakefile
68 | spec/*
69 | test/*
70 |
71 | # SCM #
72 | #######
73 | .git
74 | .gitattributes
75 | .gitconfig
76 | .github/*
77 | .gitignore
78 | .gitkeep
79 | .gitmodules
80 | .svn
81 | */.bzr/*
82 | */.git
83 | */.hg/*
84 | */.svn/*
85 |
86 | # Berkshelf #
87 | #############
88 | Berksfile
89 | Berksfile.lock
90 | cookbooks/*
91 | tmp
92 |
93 | # Bundler #
94 | ###########
95 | vendor/*
96 | Gemfile
97 | Gemfile.lock
98 |
99 | # Policyfile #
100 | ##############
101 | Policyfile.rb
102 | Policyfile.lock.json
103 |
104 | # Documentation #
105 | #############
106 | CODE_OF_CONDUCT*
107 | CONTRIBUTING*
108 | documentation/*
109 | TESTING*
110 | UPGRADING*
111 |
112 | # Vagrant #
113 | ###########
114 | .vagrant
115 | Vagrantfile
116 |
--------------------------------------------------------------------------------
/documentation/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sous-chefs/redisio/a99335cb609d8be0d2c67a2a651152449cd7a505/documentation/.gitkeep
--------------------------------------------------------------------------------
/files/sudo:
--------------------------------------------------------------------------------
1 | #%PAM-1.0
2 |
3 | auth required pam_env.so readenv=1 user_readenv=0
4 | auth required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
5 | session required pam_limits.so
6 | @include common-auth
7 | @include common-account
8 | @include common-session-noninteractive
9 |
--------------------------------------------------------------------------------
/kitchen.dokken.yml:
--------------------------------------------------------------------------------
1 | driver:
2 | name: dokken
3 | privileged: true
4 | chef_version: <%= ENV['CHEF_VERSION'] || 'current' %>
5 |
6 | transport: { name: dokken }
7 | provisioner: { name: dokken }
8 |
9 | platforms:
10 | - name: almalinux-8
11 | driver:
12 | image: dokken/almalinux-8
13 | pid_one_command: /usr/lib/systemd/systemd
14 |
15 | - name: almalinux-9
16 | driver:
17 | image: dokken/almalinux-9
18 | pid_one_command: /usr/lib/systemd/systemd
19 |
20 | - name: almalinux-10
21 | driver:
22 | image: dokken/almalinux-10
23 | pid_one_command: /usr/lib/systemd/systemd
24 |
25 | - name: amazonlinux-2023
26 | driver:
27 | image: dokken/amazonlinux-2023
28 | pid_one_command: /usr/lib/systemd/systemd
29 |
30 | - name: centos-stream-9
31 | driver:
32 | image: dokken/centos-stream-9
33 | pid_one_command: /usr/lib/systemd/systemd
34 |
35 | - name: centos-stream-10
36 | driver:
37 | image: dokken/centos-stream-10
38 | pid_one_command: /usr/lib/systemd/systemd
39 |
40 | - name: debian-11
41 | driver:
42 | image: dokken/debian-11
43 | pid_one_command: /bin/systemd
44 |
45 | - name: debian-12
46 | driver:
47 | image: dokken/debian-12
48 | pid_one_command: /bin/systemd
49 |
50 | - name: fedora-latest
51 | driver:
52 | image: dokken/fedora-latest
53 | pid_one_command: /usr/lib/systemd/systemd
54 |
55 | - name: opensuse-leap-15
56 | driver:
57 | image: dokken/opensuse-leap-15
58 | pid_one_command: /usr/lib/systemd/systemd
59 |
60 | - name: oraclelinux-8
61 | driver:
62 | image: dokken/oraclelinux-8
63 | pid_one_command: /usr/lib/systemd/systemd
64 |
65 | - name: oraclelinux-9
66 | driver:
67 | image: dokken/oraclelinux-9
68 | pid_one_command: /usr/lib/systemd/systemd
69 |
70 | - name: rockylinux-8
71 | driver:
72 | image: dokken/rockylinux-8
73 | pid_one_command: /usr/lib/systemd/systemd
74 |
75 | - name: rockylinux-9
76 | driver:
77 | image: dokken/rockylinux-9
78 | pid_one_command: /usr/lib/systemd/systemd
79 |
80 | - name: ubuntu-20.04
81 | driver:
82 | image: dokken/ubuntu-20.04
83 | pid_one_command: /bin/systemd
84 |
85 | - name: ubuntu-22.04
86 | driver:
87 | image: dokken/ubuntu-22.04
88 | pid_one_command: /bin/systemd
89 |
90 | - name: ubuntu-24.04
91 | driver:
92 | image: dokken/ubuntu-24.04
93 | pid_one_command: /bin/systemd
94 |
--------------------------------------------------------------------------------
/kitchen.exec.yml:
--------------------------------------------------------------------------------
1 | ---
2 | driver: { name: exec }
3 | transport: { name: exec }
4 |
5 | platforms:
6 | - name: macos-latest
7 | - name: windows-latest
8 |
--------------------------------------------------------------------------------
/kitchen.global.yml:
--------------------------------------------------------------------------------
1 | ---
2 | provisioner:
3 | name: chef_infra
4 | product_name: chef
5 | product_version: <%= ENV['CHEF_VERSION'] || 'latest' %>
6 | channel: stable
7 | install_strategy: once
8 | chef_license: accept
9 | enforce_idempotency: <%= ENV['ENFORCE_IDEMPOTENCY'] || true %>
10 | multiple_converge: <%= ENV['MULTIPLE_CONVERGE'] || 2 %>
11 | deprecations_as_errors: true
12 | log_level: <%= ENV['CHEF_LOG_LEVEL'] || 'auto' %>
13 |
14 | verifier:
15 | name: inspec
16 |
17 | platforms:
18 | - name: almalinux-8
19 | - name: almalinux-9
20 | - name: amazonlinux-2023
21 | - name: centos-stream-9
22 | - name: debian-11
23 | - name: debian-12
24 | - name: fedora-latest
25 | - name: opensuse-leap-15
26 | - name: oraclelinux-8
27 | - name: oraclelinux-9
28 | - name: rockylinux-8
29 | - name: rockylinux-9
30 | - name: ubuntu-20.04
31 | - name: ubuntu-22.04
32 | - name: ubuntu-24.04
33 |
--------------------------------------------------------------------------------
/kitchen.yml:
--------------------------------------------------------------------------------
1 | ---
2 | driver:
3 | name: vagrant
4 |
5 | provisioner:
6 | name: chef_infra
7 | product_name: chef
8 | product_version: <%= ENV['CHEF_VERSION'] || 'latest' %>
9 | chef_license: accept-no-persist
10 | multiple_converge: 2
11 | enforce_idempotency: true
12 | deprecations_as_errors: true
13 |
14 | verifier:
15 | name: inspec
16 |
17 | platforms:
18 | - name: almalinux-8
19 | - name: debian-10
20 | - name: debian-11
21 | - name: freebsd-10
22 | - name: freebsd-11
23 | - name: rockylinux-8
24 | - name: ubuntu-18.04
25 | - name: ubuntu-20.04
26 | - name: ubuntu-22.04
27 |
28 | suites:
29 | - name: default
30 | run_list:
31 | - recipe[redisio::default]
32 | - recipe[redisio::enable]
33 | attributes:
34 | redisio:
35 | version: "<%= ENV['REDIS_VERSION'] || '6.2.3' %>"
36 | servers:
37 | - port: 6379
38 | - port: 16379
39 | permissions: '0640'
40 | name: 'savetest'
41 | save: "3600 1\n300 100\n60 10000"
42 | logfile: '/var/log/redis/redis-16379.log'
43 |
44 | - name: sentinel
45 | run_list:
46 | - recipe[redisio::default]
47 | - recipe[redisio::enable]
48 | - recipe[redisio::sentinel]
49 | - recipe[redisio::sentinel_enable]
50 | attributes:
51 | redisio:
52 | version: "<%= ENV['REDIS_VERSION'] || '6.2.3' %>"
53 | servers:
54 | - port: 6379
55 |
56 | - name: multisentinel
57 | run_list:
58 | - recipe[redisio::default]
59 | - recipe[redisio::enable]
60 | - recipe[redisio::sentinel]
61 | - recipe[redisio::sentinel_enable]
62 | attributes:
63 | redisio:
64 | version: "<%= ENV['REDIS_VERSION'] || '6.2.3' %>"
65 | servers:
66 | - port: 6379
67 | - port: 6380
68 | sentinels:
69 | -
70 | name: 'cluster'
71 | sentinel_bind: 0.0.0.0
72 | sentinel_port: 26379
73 | masters:
74 | -
75 | name: 'sentinel6379'
76 | master_name: 'master6379'
77 | master_ip: '127.0.0.1'
78 | master_port: 6379
79 | -
80 | name: 'sentinel6380'
81 | master_name: 'master6380'
82 | master_ip: '127.0.0.1'
83 | master_port: 6380
84 |
--------------------------------------------------------------------------------
/libraries/matchers.rb:
--------------------------------------------------------------------------------
1 | # cookbook/libraries/matchers.rb
2 |
--------------------------------------------------------------------------------
/libraries/redisio.rb:
--------------------------------------------------------------------------------
1 | module RedisioHelper
2 | def recipe_eval
3 | sub_run_context = @run_context.dup
4 | sub_run_context.resource_collection = Chef::ResourceCollection.new
5 | begin
6 | original_run_context = @run_context
7 | @run_context = sub_run_context
8 | yield
9 | ensure
10 | @run_context = original_run_context
11 | end
12 |
13 | begin
14 | Chef::Runner.new(sub_run_context).converge
15 | ensure
16 | new_resource.updated_by_last_action(true) if sub_run_context.resource_collection.any?(&:updated?)
17 | end
18 | end
19 |
20 | def self.version_to_hash(version_string)
21 | version_array = version_string.split('.')
22 | version_array[2] = version_array[2].split('-')
23 | version_array.flatten!
24 |
25 | {
26 | major: version_array[0].include?(':') ? version_array[0].split(':')[1] : version_array[0],
27 | minor: version_array[1],
28 | tiny: version_array[2],
29 | rc: version_array[3],
30 | }
31 | end
32 | end
33 |
--------------------------------------------------------------------------------
/metadata.rb:
--------------------------------------------------------------------------------
1 | name 'redisio'
2 | maintainer 'Sous Chefs'
3 | maintainer_email 'help@sous-chefs.org'
4 | license 'Apache-2.0'
5 | description 'Installs and configures redis'
6 | version '7.2.3'
7 | source_url 'https://github.com/sous-chefs/redisio'
8 | issues_url 'https://github.com/sous-chefs/redisio/issues'
9 | chef_version '>= 16'
10 |
11 | suports 'amazon'
12 | supports 'centos'
13 | supports 'debian'
14 | supports 'fedora'
15 | supports 'redhat'
16 | supports 'rocky'
17 | supports 'scientific'
18 | supports 'suse'
19 | supports 'ubuntu'
20 |
21 | depends 'selinux'
22 |
--------------------------------------------------------------------------------
/providers/configure.rb:
--------------------------------------------------------------------------------
1 | action :run do
2 | base_piddir = new_resource.base_piddir
3 |
4 | if !new_resource.version
5 | redis_output = Mixlib::ShellOut.new("#{node['redisio']['bin_path']}/redis-server -v")
6 | redis_output.run_command
7 | redis_output.error!
8 | current_version = redis_output.stdout.gsub(/.*v=((\d+\.){2}\d+).*/, '\1').chomp
9 | else
10 | current_version = new_resource.version
11 | end
12 | version_hash = RedisioHelper.version_to_hash(current_version)
13 |
14 | # Setup a configuration file and init script for each configuration provided
15 | new_resource.servers.each do |current_instance|
16 | # Retrieve the default settings hash and the current server setups settings hash.
17 | current_instance_hash = current_instance.to_hash
18 | current_defaults_hash = new_resource.default_settings.to_hash
19 |
20 | # Merge the configuration defaults with the provided array of configurations provided
21 | current = current_defaults_hash.merge(current_instance_hash)
22 |
23 | # Merge in the default maxmemory
24 | node_memory_kb = node['memory']['total']
25 | # On BSD platforms Ohai reports total memory as a Fixnum
26 |
27 | node_memory_kb = node_memory_kb.sub('kB', '').to_i if node_memory_kb.is_a?(String)
28 |
29 | # Here we determine what the logfile is. It has these possible states
30 | #
31 | # Redis 2.6 and lower can be
32 | # stdout
33 | # A path
34 | # nil
35 | # Redis 2.8 and higher can be
36 | # empty string, which means stdout)
37 | # A path
38 | # nil
39 |
40 | if current['logfile'].nil?
41 | log_file = nil
42 | log_directory = nil
43 | elsif current['logfile'] == 'stdout' || current['logfile'].empty?
44 | log_directory = nil
45 | log_file = current['logfile']
46 | else
47 | log_directory = ::File.dirname(current['logfile'])
48 | log_file = ::File.basename(current['logfile'])
49 | if current['syslogenabled'] == 'yes'
50 | Chef::Log.warn("log file is set to #{current['logfile']} but syslogenabled is also set to 'yes'")
51 | end
52 | end
53 |
54 | maxmemory = current['maxmemory'].to_s
55 | if !maxmemory.empty? && maxmemory.include?('%')
56 | # Just assume this is sensible like "95%" or "95 %"
57 | percent_factor = current['maxmemory'].to_f / 100.0
58 | # Ohai reports memory in KB as it looks in /proc/meminfo
59 | maxmemory = (node_memory_kb * 1024 * percent_factor / new_resource.servers.length).round.to_s
60 | end
61 |
62 | descriptors = if current['ulimit'] == 0
63 | current['maxclients'] + 32
64 | elsif current['ulimit'] > current['maxclients']
65 | current['ulimit']
66 | else
67 | current['maxclients']
68 | end
69 |
70 | server_name = current['name'] || current['port']
71 | piddir = "#{base_piddir}/#{server_name}"
72 | aof_file = current['appendfilename'] || "#{current['datadir']}/appendonly-#{server_name}.aof"
73 | rdb_file = current['dbfilename'] || "#{current['datadir']}/dump-#{server_name}.rdb"
74 |
75 | # Create the owner of the redis data directory
76 | user current['user'] do
77 | comment 'Redis service account'
78 | manage_home true
79 | home current['homedir']
80 | shell current['shell']
81 | system current['systemuser']
82 | uid current['uid'] unless current['uid'].nil?
83 | end
84 |
85 | # Create the redis configuration directory
86 | directory current['configdir'] do
87 | owner 'root'
88 | group platform_family?('freebsd') ? 'wheel' : 'redis'
89 | mode '0775'
90 | recursive true
91 | action :create
92 | end
93 | # Create the instance data directory
94 | directory current['datadir'] do
95 | owner current['user']
96 | group current['group']
97 | mode '0775'
98 | recursive true
99 | action :create
100 | end
101 | # Create the pid file directory
102 | directory piddir do
103 | owner current['user']
104 | group current['group']
105 | mode '0755'
106 | recursive true
107 | action :create
108 | end
109 | # Create the log directory if syslog is not being used
110 | if log_directory
111 | directory log_directory do
112 | owner current['user']
113 | group current['group']
114 | mode '0755'
115 | recursive true
116 | action :create
117 | end
118 | end
119 | # Configure SELinux if it is enabled
120 | extend Chef::Util::Selinux
121 |
122 | if selinux_enabled?
123 | selinux_install 'install'
124 |
125 | selinux_fcontext "#{current['configdir']}(/.*)?" do
126 | secontext 'redis_conf_t'
127 | end
128 | selinux_fcontext "#{current['datadir']}(/.*)?" do
129 | secontext 'redis_var_lib_t'
130 | end
131 | selinux_fcontext "#{piddir}(/.*)?" do
132 | secontext 'redis_var_run_t'
133 | end
134 | if log_directory
135 | selinux_fcontext "#{log_directory}(/.*)?" do
136 | secontext 'redis_log_t'
137 | end
138 | end
139 | end
140 | # Create the log file if syslog is not being used
141 | if log_file
142 | file current['logfile'] do
143 | owner current['user']
144 | group current['group']
145 | mode '0644'
146 | backup false
147 | action :create
148 | # in version 2.8 or higher the empty string is used instead of stdout
149 | only_if { !log_file.empty? && log_file != 'stdout' }
150 | end
151 | end
152 | # Set proper permissions on the AOF or RDB files
153 | file aof_file do
154 | owner current['user']
155 | group current['group']
156 | mode '0644'
157 | only_if { current['backuptype'] == 'aof' || current['backuptype'] == 'both' }
158 | only_if { ::File.exist?(aof_file) }
159 | end
160 | file rdb_file do
161 | owner current['user']
162 | group current['group']
163 | mode '0644'
164 | only_if { current['backuptype'] == 'rdb' || current['backuptype'] == 'both' }
165 | only_if { ::File.exist?(rdb_file) }
166 | end
167 |
168 | # Setup the redis users descriptor limits
169 | # Pending response on https://github.com/brianbianco/redisio/commit/4ee9aad3b53029cc3b6c6cf741f5126755e712cd#diff-8ae42a59a6f4e8dc5b4e6dd2d6a34eab
170 | # TODO: ulimit cookbook v0.1.2 doesn't work with freeBSD
171 | if current['ulimit'] && !platform_family?('freebsd')
172 | user_ulimit current['user'] do
173 | filehandle_limit descriptors
174 | end
175 | end
176 |
177 | computed_save = current['save']
178 | if current['save'] && current['save'].respond_to?(:each_line)
179 | computed_save = current['save'].each_line
180 | Chef::Log.warn("#{server_name}: given a save argument as a string, instead of an array.")
181 | Chef::Log.warn("#{server_name}: This will be deprecated in future versions of the redisio cookbook.")
182 | end
183 |
184 | # Load password for use with requirepass from data bag if needed
185 | if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
186 | bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
187 | current['requirepass'] = bag[current['data_bag_key']]
188 | current['masterauth'] = bag[current['data_bag_key']]
189 | end
190 |
191 | # Lay down the configuration files for the current instance
192 | template "#{current['configdir']}/#{server_name}.conf" do
193 | source node['redisio']['redis_config']['template_source']
194 | cookbook node['redisio']['redis_config']['template_cookbook']
195 | owner current['user']
196 | group current['group']
197 | mode current['permissions']
198 | action :create
199 | variables(
200 | version: version_hash,
201 | piddir: piddir,
202 | name: server_name,
203 | job_control: node['redisio']['job_control'],
204 | port: current['port'],
205 | tcpbacklog: current['tcpbacklog'],
206 | address: current['address'],
207 | databases: current['databases'],
208 | backuptype: current['backuptype'],
209 | datadir: current['datadir'],
210 | unixsocket: current['unixsocket'],
211 | unixsocketperm: current['unixsocketperm'],
212 | timeout: current['timeout'],
213 | keepalive: current['keepalive'],
214 | loglevel: current['loglevel'],
215 | logfile: current['logfile'],
216 | syslogenabled: current['syslogenabled'],
217 | syslogfacility: current['syslogfacility'],
218 | save: computed_save,
219 | stopwritesonbgsaveerror: current['stopwritesonbgsaveerror'],
220 | rdbcompression: current['rdbcompression'],
221 | rdbchecksum: current['rdbchecksum'],
222 | dbfilename: current['dbfilename'],
223 | replicaof: current['replicaof'],
224 | protected_mode: current['protected_mode'],
225 | masterauth: current['masterauth'],
226 | replicaservestaledata: current['replicaservestaledata'],
227 | replicareadonly: current['replicareadonly'],
228 | replpingreplicaperiod: current['replpingreplicaperiod'],
229 | repltimeout: current['repltimeout'],
230 | repldisabletcpnodelay: current['repldisabletcpnodelay'],
231 | replbacklogsize: current['replbacklogsize'],
232 | replbacklogttl: current['replbacklogttl'],
233 | replicapriority: current['replicapriority'],
234 | requirepass: current['requirepass'],
235 | rename_commands: current['rename_commands'],
236 | maxclients: current['maxclients'],
237 | maxmemory: maxmemory,
238 | maxmemorypolicy: current['maxmemorypolicy'],
239 | maxmemorysamples: current['maxmemorysamples'],
240 | appendfilename: current['appendfilename'],
241 | appendfsync: current['appendfsync'],
242 | noappendfsynconrewrite: current['noappendfsynconrewrite'],
243 | aofrewritepercentage: current['aofrewritepercentage'],
244 | aofrewriteminsize: current['aofrewriteminsize'],
245 | aofloadtruncated: current['aofloadtruncated'],
246 | luatimelimit: current['luatimelimit'],
247 | slowloglogslowerthan: current['slowloglogslowerthan'],
248 | slowlogmaxlen: current['slowlogmaxlen'],
249 | notifykeyspaceevents: current['notifykeyspaceevents'],
250 | hashmaxziplistentries: current['hashmaxziplistentries'],
251 | hashmaxziplistvalue: current['hashmaxziplistvalue'],
252 | setmaxintsetentries: current['setmaxintsetentries'],
253 | zsetmaxziplistentries: current['zsetmaxziplistentries'],
254 | zsetmaxziplistvalue: current['zsetmaxziplistvalue'],
255 | hllsparsemaxbytes: current['hllsparsemaxbytes'],
256 | activerehasing: current['activerehasing'],
257 | clientoutputbufferlimit: current['clientoutputbufferlimit'],
258 | hz: current['hz'],
259 | aofrewriteincrementalfsync: current['aofrewriteincrementalfsync'],
260 | clusterenabled: current['clusterenabled'],
261 | clusterconfigfile: current['clusterconfigfile'],
262 | clusternodetimeout: current['clusternodetimeout'],
263 | clusterport: current['clusterport'],
264 | includes: current['includes'],
265 | aclfile: current['aclfile'],
266 | minreplicastowrite: current['minreplicastowrite'],
267 | minreplicasmaxlag: current['minreplicasmaxlag'],
268 | repldisklesssync: current['repldisklesssync'],
269 | repldisklesssyncdelay: current['repldisklesssyncdelay'],
270 | tlsport: current['tlsport'],
271 | tlscertfile: current['tlscertfile'],
272 | tlskeyfile: current['tlskeyfile'],
273 | tlskeyfilepass: current['tlskeyfilepass'],
274 | tlsclientcertfile: current['tlsclientcertfile'],
275 | tlsclientkeyfile: current['tlsclientkeyfile'],
276 | tlsclientkeyfilepass: current['tlsclientkeyfilepass'],
277 | tlsdhparamsfile: current['tlsdhparamsfile'],
278 | tlscacertfile: current['tlscacertfile'],
279 | tlscacertdir: current['tlscacertdir'],
280 | tlsauthclients: current['tlsauthclients'],
281 | tlsreplication: current['tlsreplication'],
282 | tlscluster: current['tlscluster'],
283 | tlsprotocols: current['tlsprotocols'],
284 | tlsciphers: current['tlsciphers'],
285 | tlsciphersuites: current['tlsciphersuites'],
286 | tlspreferserverciphers: current['tlspreferserverciphers'],
287 | tlssessioncaching: current['tlssessioncaching'],
288 | tlssessioncachesize: current['tlssessioncachesize'],
289 | tlssessioncachetimeout: current['tlssessioncachetimeout']
290 | )
291 | not_if { ::File.exist?("#{current['configdir']}/#{server_name}.conf.breadcrumb") }
292 | end
293 |
294 | file "#{current['configdir']}/#{server_name}.conf.breadcrumb" do
295 | content 'This file prevents the chef cookbook from overwritting the redis config more than once'
296 | action :create_if_missing
297 | only_if { current['breadcrumb'] == true }
298 | end
299 |
300 | # Setup init.d file
301 | bin_path = if node['redisio']['install_dir']
302 | ::File.join(node['redisio']['install_dir'], 'bin')
303 | else
304 | node['redisio']['bin_path']
305 | end
306 |
307 | case node['redisio']['job_control']
308 | when 'initd'
309 | template "/etc/init.d/redis#{server_name}" do
310 | source 'redis.init.erb'
311 | cookbook 'redisio'
312 | owner 'root'
313 | group 'root'
314 | mode '0755'
315 | variables(
316 | name: server_name,
317 | bin_path: bin_path,
318 | port: current['port'],
319 | address: current['address'],
320 | user: current['user'],
321 | configdir: current['configdir'],
322 | piddir: piddir,
323 | requirepass: current['requirepass'],
324 | shutdown_save: current['shutdown_save'],
325 | platform: node['platform'],
326 | unixsocket: current['unixsocket'],
327 | ulimit: descriptors,
328 | required_start: node['redisio']['init.d']['required_start'].join(' '),
329 | required_stop: node['redisio']['init.d']['required_stop'].join(' ')
330 | )
331 | end
332 | when 'upstart'
333 | template "/etc/init/redis#{server_name}.conf" do
334 | source 'redis.upstart.conf.erb'
335 | cookbook 'redisio'
336 | owner current['user']
337 | group current['group']
338 | mode '0644'
339 | variables(
340 | name: server_name,
341 | bin_path: bin_path,
342 | port: current['port'],
343 | user: current['user'],
344 | group: current['group'],
345 | configdir: current['configdir'],
346 | piddir: piddir
347 | )
348 | end
349 | when 'rcinit'
350 | template "/usr/local/etc/rc.d/redis#{server_name}" do
351 | source 'redis.rcinit.erb'
352 | cookbook 'redisio'
353 | owner current['user']
354 | group current['group']
355 | mode '0755'
356 | variables(
357 | name: server_name,
358 | bin_path: bin_path,
359 | user: current['user'],
360 | configdir: current['configdir'],
361 | piddir: piddir
362 | )
363 | end
364 | when 'systemd'
365 | service_name = "redis@#{server_name}"
366 | reload_name = "#{service_name} systemd reload"
367 |
368 | file "/etc/tmpfiles.d/#{service_name}.conf" do
369 | content "d #{piddir} 0755 #{current['user']} #{current['group']}\n"
370 | owner 'root'
371 | group 'root'
372 | mode '0644'
373 | end
374 |
375 | execute reload_name do
376 | command 'systemctl daemon-reload'
377 | action :nothing
378 | end
379 |
380 | template "/lib/systemd/system/#{service_name}.service" do
381 | source 'redis@.service.erb'
382 | cookbook 'redisio'
383 | owner 'root'
384 | group 'root'
385 | mode '0644'
386 | variables(
387 | bin_path: bin_path,
388 | user: current['user'],
389 | group: current['group'],
390 | limit_nofile: descriptors
391 | )
392 | notifies :run, "execute[#{reload_name}]", :immediately
393 | end
394 | end
395 | end
396 | # servers each loop
397 | end
398 |
--------------------------------------------------------------------------------
/providers/install.rb:
--------------------------------------------------------------------------------
1 | action :run do
2 | # Package install
3 | if node['redisio']['package_install']
4 | package_resource = package 'redisio_package_name' do
5 | package_name node['redisio']['package_name']
6 | version node['redisio']['version']
7 | action :nothing
8 | end
9 |
10 | package_resource.run_action(:install)
11 | new_resource.updated_by_last_action(true) if package_resource.updated_by_last_action?
12 |
13 | # freeBSD does not support from source since ports does not support versioning (without a lot of hassle)
14 | elsif platform_family?('freebsd')
15 | raise 'Source install not supported for freebsd'
16 | # Tarball install
17 | else
18 | @tarball = "#{new_resource.base_name}#{new_resource.version}.#{new_resource.artifact_type}"
19 |
20 | unless current_resource.version == new_resource.version || (redis_exists? && new_resource.safe_install)
21 | Chef::Log.info("Installing Redis #{new_resource.version} from source")
22 | download
23 | unpack
24 | build
25 | install
26 | new_resource.updated_by_last_action(true)
27 | end
28 | end
29 | end
30 |
31 | def download
32 | Chef::Log.info("Downloading redis tarball from #{new_resource.download_url}")
33 | remote_file "#{new_resource.download_dir}/#{@tarball}" do
34 | source new_resource.download_url
35 | end
36 | end
37 |
38 | def unpack
39 | install_dir = "#{new_resource.base_name}#{new_resource.version}"
40 | case new_resource.artifact_type
41 | when 'tar.gz', '.tgz'
42 | execute %(cd #{new_resource.download_dir} ; mkdir -p '#{install_dir}' ; tar zxf '#{@tarball}' --strip-components=1 -C '#{install_dir}' --no-same-owner)
43 | else
44 | raise Chef::Exceptions::UnsupportedAction, "Current package type #{new_resource.artifact_type} is unsupported"
45 | end
46 | end
47 |
48 | def build
49 | execute "cd #{new_resource.download_dir}/#{new_resource.base_name}#{new_resource.version} && make clean && make"
50 | end
51 |
52 | def install
53 | install_prefix = if new_resource.install_dir
54 | "PREFIX=#{new_resource.install_dir}"
55 | else
56 | ''
57 | end
58 | execute "cd #{new_resource.download_dir}/#{new_resource.base_name}#{new_resource.version} && make #{install_prefix} install"
59 | new_resource.updated_by_last_action(true)
60 | end
61 |
62 | def redis_exists?
63 | bin_path = if node['redisio']['install_dir']
64 | ::File.join(node['redisio']['install_dir'], 'bin')
65 | else
66 | node['redisio']['bin_path']
67 | end
68 | redis_server = ::File.join(bin_path, 'redis-server')
69 | ::File.exist?(redis_server)
70 | end
71 |
72 | def version
73 | if redis_exists?
74 | bin_path = if node['redisio']['install_dir']
75 | ::File.join(node['redisio']['install_dir'], 'bin')
76 | else
77 | node['redisio']['bin_path']
78 | end
79 | redis_server = ::File.join(bin_path, 'redis-server')
80 | redis_version = Mixlib::ShellOut.new("#{redis_server} -v")
81 | redis_version.run_command
82 | version = redis_version.stdout[/version (\d*.\d*.\d*)/, 1] || redis_version.stdout[/v=(\d*.\d*.\d*)/, 1]
83 | Chef::Log.info("The Redis server version is: #{version}")
84 | return version.delete("\n")
85 | end
86 | nil
87 | end
88 |
89 | def load_current_resource
90 | @current_resource = Chef::Resource.resource_for_node(:redisio_install, node).new(new_resource.name)
91 | @current_resource.version(version)
92 | @current_resource
93 | end
94 |
--------------------------------------------------------------------------------
/providers/sentinel.rb:
--------------------------------------------------------------------------------
1 | action :run do
2 | base_piddir = new_resource.base_piddir
3 |
4 | current_version = if new_resource.version.nil?
5 | version
6 | else
7 | new_resource.version
8 | end
9 |
10 | version_hash = RedisioHelper.version_to_hash(current_version)
11 |
12 | # Setup a configuration file and init script for each configuration provided
13 | new_resource.sentinels.each do |current_instance|
14 | # Retrieve the default settings hash and the current server setups settings hash.
15 | current_instance_hash = current_instance.to_hash
16 | current_defaults_hash = new_resource.sentinel_defaults.to_hash
17 |
18 | # Merge the configuration defaults with the provided array of configurations provided
19 | current = current_defaults_hash.merge(current_instance_hash)
20 |
21 | sentinel_name = current['name'] || current['port']
22 | sentinel_name = "sentinel_#{sentinel_name}"
23 | piddir = "#{base_piddir}/#{sentinel_name}"
24 |
25 | # Create the owner of the redis data directory
26 | user current['user'] do
27 | comment 'Redis service account'
28 | manage_home true
29 | home current['homedir']
30 | shell current['shell']
31 | system current['systemuser']
32 | uid current['uid'] unless current['uid'].nil?
33 | end
34 |
35 | # Create the redis configuration directory
36 | directory current['configdir'] do
37 | owner 'root'
38 | group platform_family?('freebsd') ? 'wheel' : 'redis'
39 | mode '0775'
40 | recursive true
41 | action :create
42 | end
43 | # Create the pid file directory
44 | directory piddir do
45 | owner current['user']
46 | group current['group']
47 | mode '0755'
48 | recursive true
49 | action :create
50 | end
51 |
52 | unless current['logfile'].nil?
53 | # Create the log directory if syslog is not being used
54 | directory ::File.dirname(current['logfile']) do
55 | owner current['user']
56 | group current['group']
57 | mode '0755'
58 | recursive true
59 | action :create
60 | only_if { current['syslogenabled'] != 'yes' && current['logfile'] && current['logfile'] != 'stdout' }
61 | end
62 |
63 | # Create the log file is syslog is not being used
64 | file current['logfile'] do
65 | owner current['user']
66 | group current['group']
67 | mode '0644'
68 | backup false
69 | action :touch
70 | only_if { current['logfile'] && current['logfile'] != 'stdout' }
71 | end
72 | end
73 |
74 | # <%=@name%> <%=@masterip%> <%=@masterport%> <%= @quorum_count %>
75 | # <%= "sentinel auth-pass #{@name} #{@authpass}" unless @authpass.nil? %>
76 | # sentinel down-after-milliseconds <%=@name%> <%=@downaftermil%>
77 | # sentinel parallel-syncs <%=@name%> <%=@parallelsyncs%>
78 | # sentinel failover-timeout <%=@name%> <%=@failovertimeout%>
79 |
80 | # convert from old format (preserve compat)
81 | if !current['masters'] && current['master_ip']
82 | Chef::Log.warn('You are using a deprecated sentinel format. This will be removed in future versions.')
83 |
84 | # use old key names if newer key names aren't present (e.g. 'foo' || :foo)
85 | masters = [
86 | {
87 | master_name: current['master_name'] || current[:mastername],
88 | master_ip: current['master_ip'] || current[:masterip],
89 | master_port: current['master_port'] || current[:masterport],
90 | quorum_count: current['quorum_count'] || current[:quorum_count],
91 | auth_pass: current['auth-pass'] || current[:authpass],
92 | down_after_milliseconds: current['down-after-milliseconds'] || current[:downaftermil],
93 | parallel_syncs: current['parallel-syncs'] || current[:parallelsyncs],
94 | failover_timeout: current['failover-timeout'] || current[:failovertimeout],
95 | },
96 | ]
97 | else
98 | masters = [current['masters']].flatten
99 | end
100 |
101 | # Load password for use with requirepass from data bag if needed
102 | if current['data_bag_name'] && current['data_bag_item'] && current['data_bag_key']
103 | bag = data_bag_item(current['data_bag_name'], current['data_bag_item'])
104 | masters.each do |master|
105 | master['auth_pass'] = bag[current['data_bag_key']]
106 | end
107 | end
108 |
109 | # merge in default values to each sentinel hash
110 | masters_with_defaults = []
111 | masters.each do |current_sentinel_master|
112 | default_sentinel_master = new_resource.sentinel_defaults.to_hash
113 | sentinel_master = default_sentinel_master.merge(current_sentinel_master || {})
114 | masters_with_defaults << sentinel_master
115 | end
116 |
117 | # Don't render a template if we're missing these from any sentinel,
118 | # as these are the minimal settings required to be passed in
119 | masters_with_defaults.each do |sentinel_instance|
120 | %w(master_ip master_port quorum_count).each do |param|
121 | raise "Missing required sentinel parameter #{param} for #{sentinel_instance}" unless sentinel_instance[param]
122 | end
123 | end
124 |
125 | # Lay down the configuration files for the current instance
126 | template "#{current['configdir']}/#{sentinel_name}.conf" do
127 | source 'sentinel.conf.erb'
128 | cookbook 'redisio'
129 | owner current['user']
130 | group current['group']
131 | mode '0644'
132 | action :create
133 | variables(
134 | name: current['name'],
135 | piddir: piddir,
136 | version: version_hash,
137 | job_control: node['redisio']['job_control'],
138 | sentinel_bind: current['sentinel_bind'],
139 | sentinel_port: current['sentinel_port'],
140 | loglevel: current['loglevel'],
141 | logfile: current['logfile'],
142 | syslogenabled: current['syslogenabled'],
143 | syslogfacility: current['syslogfacility'],
144 | masters: masters_with_defaults,
145 | announce_ip: current['announce-ip'],
146 | announce_port: current['announce-port'],
147 | notification_script: current['notification-script'],
148 | client_reconfig_script: current['client-reconfig-script'],
149 | protected_mode: current['protected_mode'],
150 | maxclients: current['maxclients'],
151 | aclfile: current['aclfile'],
152 | includes: current['includes'],
153 | tlsport: current['tlsport'],
154 | tlscertfile: current['tlscertfile'],
155 | tlskeyfile: current['tlskeyfile'],
156 | tlskeyfilepass: current['tlskeyfilepass'],
157 | tlsclientcertfile: current['tlsclientcertfile'],
158 | tlsclientkeyfile: current['tlsclientkeyfile'],
159 | tlsclientkeyfilepass: current['tlsclientkeyfilepass'],
160 | tlsdhparamsfile: current['tlsdhparamsfile'],
161 | tlscacertfile: current['tlscacertfile'],
162 | tlscacertdir: current['tlscacertdir'],
163 | tlsauthclients: current['tlsauthclients'],
164 | tlsreplication: current['tlsreplication'],
165 | tlscluster: current['tlscluster'],
166 | tlsprotocols: current['tlsprotocols'],
167 | tlsciphers: current['tlsciphers'],
168 | tlsciphersuites: current['tlsciphersuites'],
169 | tlspreferserverciphers: current['tlspreferserverciphers'],
170 | tlssessioncaching: current['tlssessioncaching'],
171 | tlssessioncachesize: current['tlssessioncachesize'],
172 | tlssessioncachetimeout: current['tlssessioncachetimeout']
173 | )
174 | not_if { ::File.exist?("#{current['configdir']}/#{sentinel_name}.conf.breadcrumb") }
175 | end
176 |
177 | file "#{current['configdir']}/#{sentinel_name}.conf.breadcrumb" do
178 | content 'This file prevents the chef cookbook from overwritting the sentinel config more than once'
179 | action :create_if_missing
180 | end
181 |
182 | # Setup init.d file
183 | bin_path = if node['redisio']['install_dir']
184 | ::File.join(node['redisio']['install_dir'], 'bin')
185 | else
186 | node['redisio']['bin_path']
187 | end
188 | template "/etc/init.d/redis_#{sentinel_name}" do
189 | source 'sentinel.init.erb'
190 | cookbook 'redisio'
191 | owner 'root'
192 | group 'root'
193 | mode '0755'
194 | variables(
195 | name: sentinel_name,
196 | bin_path: bin_path,
197 | user: current['user'],
198 | configdir: current['configdir'],
199 | piddir: piddir,
200 | platform: node['platform']
201 | )
202 | only_if { node['redisio']['job_control'] == 'initd' }
203 | end
204 |
205 | template "/etc/init/redis_#{sentinel_name}.conf" do
206 | source 'sentinel.upstart.conf.erb'
207 | cookbook 'redisio'
208 | owner current['user']
209 | group current['group']
210 | mode '0644'
211 | variables(
212 | name: sentinel_name,
213 | bin_path: bin_path,
214 | user: current['user'],
215 | group: current['group'],
216 | configdir: current['configdir'],
217 | piddir: piddir
218 | )
219 | only_if { node['redisio']['job_control'] == 'upstart' }
220 | end
221 | # TODO: fix for freebsd
222 | template "/usr/local/etc/rc.d/redis_#{sentinel_name}" do
223 | source 'sentinel.rcinit.erb'
224 | cookbook 'redisio'
225 | owner current['user']
226 | group current['group']
227 | mode '0755'
228 | variables(
229 | name: sentinel_name,
230 | bin_path: bin_path,
231 | user: current['user'],
232 | configdir: current['configdir'],
233 | piddir: piddir
234 | )
235 | only_if { node['redisio']['job_control'] == 'rcinit' }
236 | end
237 | end
238 | # servers each loop
239 | end
240 |
241 | def redis_exists?
242 | bin_path = if node['redisio']['install_dir']
243 | ::File.join(node['redisio']['install_dir'], 'bin')
244 | else
245 | node['redisio']['bin_path']
246 | end
247 | redis_server = ::File.join(bin_path, 'redis-server')
248 | ::File.exist?(redis_server)
249 | end
250 |
251 | def version
252 | if redis_exists?
253 | bin_path = if node['redisio']['install_dir']
254 | ::File.join(node['redisio']['install_dir'], 'bin')
255 | else
256 | node['redisio']['bin_path']
257 | end
258 | redis_server = ::File.join(bin_path, 'redis-server')
259 | redis_version = Mixlib::ShellOut.new("#{redis_server} -v")
260 | redis_version.run_command
261 | version = redis_version.stdout[/version (\d*.\d*.\d*)/, 1] || redis_version.stdout[/v=(\d*.\d*.\d*)/, 1]
262 | Chef::Log.info("The Redis server version is: #{version}")
263 | return version.delete("\n")
264 | end
265 | nil
266 | end
267 |
--------------------------------------------------------------------------------
/recipes/_install_prereqs.rb:
--------------------------------------------------------------------------------
1 | packages_to_install = case node['platform_family']
2 | when 'debian'
3 | %w(
4 | tar
5 | )
6 | when 'rhel', 'fedora'
7 | %w(
8 | tar
9 | )
10 | else
11 | %w()
12 | end
13 |
14 | packages_to_install.each do |pkg|
15 | package pkg do
16 | action :install
17 | end
18 | end
19 |
--------------------------------------------------------------------------------
/recipes/configure.rb:
--------------------------------------------------------------------------------
1 | include_recipe 'redisio::default'
2 | include_recipe 'redisio::ulimit'
3 |
4 | redis = node['redisio']
5 |
6 | redis_instances = redis['servers']
7 | if redis_instances.nil?
8 | redis_instances = [
9 | {
10 | 'port' => '6379',
11 | },
12 | ]
13 | end
14 |
15 | redisio_configure 'redis-servers' do
16 | version redis['version'] if redis['version']
17 | default_settings redis['default_settings']
18 | servers redis_instances
19 | base_piddir redis['base_piddir']
20 | end
21 |
22 | # Create a service resource for each redis instance, named for the port it runs on.
23 | redis_instances.each do |current_server|
24 | server_name = current_server['name'] || current_server['port']
25 |
26 | case node['redisio']['job_control']
27 | when 'initd'
28 | service "redis#{server_name}" do
29 | # don't supply start/stop/restart commands, Chef::Provider::Service::*
30 | # do a fine job on it's own, and support systemd correctly
31 | supports start: true, stop: true, restart: false, status: true
32 | end
33 | when 'upstart'
34 | service "redis#{server_name}" do
35 | provider Chef::Provider::Service::Upstart
36 | start_command "start redis#{server_name}"
37 | stop_command "stop redis#{server_name}"
38 | restart_command "restart redis#{server_name}"
39 | supports start: true, stop: true, restart: true, status: false
40 | end
41 | when 'systemd'
42 | service "redis@#{server_name}" do
43 | provider Chef::Provider::Service::Systemd
44 | supports start: true, stop: true, restart: true, status: true
45 | end
46 | when 'rcinit'
47 | service "redis#{server_name}" do
48 | provider Chef::Provider::Service::Freebsd
49 | supports start: true, stop: true, restart: true, status: true
50 | end
51 | else
52 | Chef::Log.error('Unknown job control type, no service resource created!')
53 | end
54 | end
55 |
56 | node.override['redisio']['servers'] = redis_instances
57 |
--------------------------------------------------------------------------------
/recipes/default.rb:
--------------------------------------------------------------------------------
1 | apt_update
2 |
3 | unless node['redisio']['package_install']
4 | include_recipe 'redisio::_install_prereqs'
5 | build_essential 'install build deps'
6 | end
7 |
8 | unless node['redisio']['bypass_setup']
9 | include_recipe 'redisio::install'
10 | include_recipe 'redisio::disable_os_default'
11 | include_recipe 'redisio::configure'
12 | end
13 |
--------------------------------------------------------------------------------
/recipes/disable.rb:
--------------------------------------------------------------------------------
1 | redis = node['redisio']
2 |
3 | redis['servers'].each do |current_server|
4 | server_name = current_server['name'] || current_server['port']
5 | resource_name = if node['redisio']['job_control'] == 'systemd'
6 | "service[redis@#{server_name}]"
7 | else
8 | "service[redis#{server_name}]"
9 | end
10 | resource = resources(resource_name)
11 | resource.action Array(resource.action)
12 | resource.action << :stop
13 | resource.action << :disable
14 | end
15 |
--------------------------------------------------------------------------------
/recipes/disable_os_default.rb:
--------------------------------------------------------------------------------
1 | # disable the default OS redis init script
2 | service_name = case node['platform_family']
3 | when 'debian'
4 | 'redis-server'
5 | when 'rhel', 'fedora'
6 | 'redis'
7 | end
8 |
9 | service service_name do
10 | action [:stop, :disable]
11 | only_if { service_name }
12 | end
13 |
--------------------------------------------------------------------------------
/recipes/enable.rb:
--------------------------------------------------------------------------------
1 | redis = node['redisio']
2 |
3 | redis['servers'].each do |current_server|
4 | server_name = current_server['name'] || current_server['port']
5 | resource_name = if node['redisio']['job_control'] == 'systemd'
6 | "service[redis@#{server_name}]"
7 | else
8 | "service[redis#{server_name}]"
9 | end
10 | resource = resources(resource_name)
11 | resource.action Array(resource.action)
12 | resource.action.concat [:start, :enable]
13 | end
14 |
--------------------------------------------------------------------------------
/recipes/install.rb:
--------------------------------------------------------------------------------
1 | if node['redisio']['package_install']
2 | package 'redisio_package_name' do
3 | package_name node['redisio']['package_name']
4 | version node['redisio']['version'] if node['redisio']['version']
5 | action :install
6 | end
7 | else
8 | include_recipe 'redisio::_install_prereqs'
9 | build_essential 'install build deps'
10 |
11 | redis = node['redisio']
12 | location = "#{redis['mirror']}/#{redis['base_name']}#{redis['version']}.#{redis['artifact_type']}"
13 |
14 | redisio_install 'redis-installation' do
15 | version redis['version'] if redis['version']
16 | download_url location
17 | safe_install redis['safe_install']
18 | install_dir redis['install_dir'] if redis['install_dir']
19 | end
20 | end
21 |
22 | include_recipe 'redisio::ulimit'
23 |
--------------------------------------------------------------------------------
/recipes/redis_gem.rb:
--------------------------------------------------------------------------------
1 | gem_package node['redisio']['gem']['name'] do
2 | version node['redisio']['gem']['version'] unless node['redisio']['gem']['version'].nil?
3 | action :install
4 | end
5 |
--------------------------------------------------------------------------------
/recipes/sentinel.rb:
--------------------------------------------------------------------------------
1 | include_recipe 'redisio::_install_prereqs'
2 | include_recipe 'redisio::install'
3 | include_recipe 'redisio::ulimit'
4 |
5 | redis = node['redisio']
6 |
7 | sentinel_instances = redis['sentinels']
8 | if sentinel_instances.nil?
9 | sentinel_instances = [
10 | {
11 | 'sentinel_port' => '26379',
12 | 'name' => 'mycluster',
13 | 'masters' => [
14 | {
15 | 'master_name' => 'mycluster_master',
16 | 'master_ip' => '127.0.0.1',
17 | 'master_port' => '6379',
18 | },
19 | ],
20 | },
21 | ]
22 | end
23 |
24 | redisio_sentinel 'redis-sentinels' do
25 | version redis['version'] if redis['version']
26 | sentinel_defaults redis['sentinel_defaults']
27 | sentinels sentinel_instances
28 | base_piddir redis['base_piddir']
29 | end
30 |
31 | bin_path = if node['redisio']['install_dir']
32 | ::File.join(node['redisio']['install_dir'], 'bin')
33 | else
34 | node['redisio']['bin_path']
35 | end
36 |
37 | template '/lib/systemd/system/redis-sentinel@.service' do
38 | source 'redis-sentinel@.service'
39 | variables(
40 | bin_path: bin_path,
41 | limit_nofile: redis['default_settings']['maxclients'] + 32
42 | )
43 | only_if { node['redisio']['job_control'] == 'systemd' }
44 | end
45 |
46 | # Create a service resource for each sentinel instance, named for the port it runs on.
47 | sentinel_instances.each do |current_sentinel|
48 | sentinel_name = current_sentinel['name']
49 |
50 | case node['redisio']['job_control']
51 | when 'initd'
52 | service "redis_sentinel_#{sentinel_name}" do
53 | # don't supply start/stop/restart commands, Chef::Provider::Service::*
54 | # do a fine job on it's own, and support systemd correctly
55 | supports start: true, stop: true, restart: true, status: false
56 | end
57 | when 'upstart'
58 | service "redis_sentinel_#{sentinel_name}" do
59 | provider Chef::Provider::Service::Upstart
60 | start_command "start redis_sentinel_#{sentinel_name}"
61 | stop_command "stop redis_sentinel_#{sentinel_name}"
62 | restart_command "restart redis_sentinel_#{sentinel_name}"
63 | supports start: true, stop: true, restart: true, status: false
64 | end
65 | when 'systemd'
66 | service "redis-sentinel@#{sentinel_name}" do
67 | provider Chef::Provider::Service::Systemd
68 | supports start: true, stop: true, restart: true, status: true
69 | end
70 | when 'rcinit'
71 | service "redis_sentinel_#{sentinel_name}" do
72 | provider Chef::Provider::Service::Freebsd
73 | supports start: true, stop: true, restart: true, status: true
74 | end
75 | else
76 | Chef::Log.error('Unknown job control type, no service resource created!')
77 | end
78 | end
79 |
--------------------------------------------------------------------------------
/recipes/sentinel_enable.rb:
--------------------------------------------------------------------------------
1 | sentinel_instances = node['redisio']['sentinels']
2 |
3 | if sentinel_instances.nil?
4 | sentinel_instances = [
5 | {
6 | 'sentinel_port' => '26379',
7 | 'name' => 'mycluster',
8 | 'master_ip' => '127.0.0.1',
9 | 'master_port' => '6379',
10 | },
11 | ]
12 | end
13 |
14 | execute 'reload-systemd-sentinel' do
15 | command 'systemctl daemon-reload'
16 | only_if { node['redisio']['job_control'] == 'systemd' }
17 | action :nothing
18 | end
19 |
20 | sentinel_instances.each do |current_sentinel|
21 | sentinel_name = current_sentinel['name']
22 | resource_name = if node['redisio']['job_control'] == 'systemd'
23 | "service[redis-sentinel@#{sentinel_name}]"
24 | else
25 | "service[redis_sentinel_#{sentinel_name}]"
26 | end
27 | resource = resources(resource_name)
28 | resource.action Array(resource.action)
29 | resource.action << :start
30 | if node['redisio']['job_control'] != 'systemd'
31 | resource.action << :enable
32 | else
33 | link "/etc/systemd/system/multi-user.target.wants/redis-sentinel@#{sentinel_name}.service" do
34 | to '/usr/lib/systemd/system/redis-sentinel@.service'
35 | notifies :run, 'execute[reload-systemd-sentinel]', :immediately
36 | end
37 | end
38 | end
39 |
--------------------------------------------------------------------------------
/recipes/ulimit.rb:
--------------------------------------------------------------------------------
1 | # Pulled from the now replaced ulimit cookbook
2 | # TODO: find a more tidy way to do this
3 | ulimit = node['ulimit']
4 |
5 | if platform_family?('debian')
6 | template '/etc/pam.d/su' do
7 | cookbook ulimit['pam_su_template_cookbook']
8 | end
9 |
10 | cookbook_file '/etc/pam.d/sudo' do
11 | cookbook node['ulimit']['ulimit_overriding_sudo_file_cookbook']
12 | source node['ulimit']['ulimit_overriding_sudo_file_name']
13 | mode '0644'
14 | end
15 | end
16 |
17 | if ulimit.key?('users')
18 | ulimit['users'].each do |user, attributes|
19 | user_ulimit user do
20 | attributes.each do |a, v|
21 | send(a.to_sym, v)
22 | end
23 | end
24 | end
25 | end
26 |
--------------------------------------------------------------------------------
/renovate.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json",
3 | "extends": ["config:base"],
4 | "packageRules": [
5 | {
6 | "groupName": "Actions",
7 | "matchUpdateTypes": ["minor", "patch", "pin"],
8 | "automerge": true,
9 | "addLabels": ["Release: Patch", "Skip: Announcements"]
10 | },
11 | {
12 | "groupName": "Actions",
13 | "matchUpdateTypes": ["major"],
14 | "automerge": false,
15 | "addLabels": ["Release: Patch", "Skip: Announcements"]
16 | }
17 | ]
18 | }
19 |
--------------------------------------------------------------------------------
/resources/configure.rb:
--------------------------------------------------------------------------------
1 | actions :run
2 | unified_mode true
3 | default_action :run
4 |
5 | # Configuration attributes
6 | attribute :version, kind_of: String
7 | attribute :base_piddir, kind_of: String, default: '/var/run/redis'
8 | attribute :user, kind_of: String, default: 'redis'
9 | attribute :group, kind_of: String, default: 'redis'
10 |
11 | attribute :default_settings, kind_of: Hash
12 | attribute :servers, kind_of: Array
13 |
--------------------------------------------------------------------------------
/resources/install.rb:
--------------------------------------------------------------------------------
1 | actions :run
2 | unified_mode true
3 | default_action :run
4 |
5 | # Installation attributes
6 | attribute :version, kind_of: String
7 | attribute :download_url, kind_of: String
8 | attribute :download_dir, kind_of: String, default: Chef::Config[:file_cache_path]
9 | attribute :artifact_type, kind_of: String, default: 'tar.gz'
10 | attribute :base_name, kind_of: String, default: 'redis-'
11 | attribute :safe_install, kind_of: [TrueClass, FalseClass], default: true
12 |
13 | attribute :install_dir, kind_of: String, default: nil
14 |
--------------------------------------------------------------------------------
/resources/sentinel.rb:
--------------------------------------------------------------------------------
1 | actions :run
2 | unified_mode true
3 | default_action :run
4 |
5 | # Configuration attributes
6 | attribute :version, kind_of: String
7 | attribute :base_piddir, kind_of: String, default: '/var/run/redis'
8 | attribute :user, kind_of: String, default: 'redis'
9 |
10 | attribute :sentinel_defaults, kind_of: Hash
11 | attribute :sentinels, kind_of: Array
12 |
--------------------------------------------------------------------------------
/spec/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sous-chefs/redisio/a99335cb609d8be0d2c67a2a651152449cd7a505/spec/.gitkeep
--------------------------------------------------------------------------------
/templates/default/domain.erb:
--------------------------------------------------------------------------------
1 | <%
2 | node.run_state[:ulimit][@domain].each do |item, entries|
3 | entries.each do |type, value|
4 | -%>
5 | <%= @domain %> <%= type %> <%= item %> <%= value %>
6 | <%
7 | end
8 | end
9 | -%>
10 |
--------------------------------------------------------------------------------
/templates/default/redis-sentinel@.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Redis persistent key-value database
3 | After=network.target
4 |
5 | [Service]
6 | ExecStart=<%= @bin_path %>/redis-server /etc/redis/sentinel_%i.conf --sentinel --daemonize no
7 | User=redis
8 | Group=redis
9 | LimitNOFILE=<%= @limit_nofile %>
10 |
11 | [Install]
12 | WantedBy=multi-user.target
13 |
--------------------------------------------------------------------------------
/templates/default/redis.init.erb:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # Simple Redis init.d script conceived to work on Linux systems
4 | # as it does use of the /proc filesystem.
5 | #
6 | # description: Redis is an in memory key-value store database
7 | #
8 | ### BEGIN INIT INFO
9 | # Provides: redis<%= @port %>
10 | # Default-Start: 2 3 4 5
11 | # Default-Stop: 0 1 6
12 | # Required-Start: <%= @required_start %>
13 | # Required-Stop: <%= @required_stop %>
14 | # Description: redis<%= @port %> init script
15 | ### END INIT INFO
16 |
17 | REDISNAME=<%= @name %>
18 | REDISPORT=<%= @port %>
19 | <% case @platform %>
20 | <% when 'ubuntu','debian','fedora' %>
21 | EXEC="su -s /bin/sh -c '<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${REDISNAME}.conf' <%= @user %>"
22 | <% else %>
23 | EXEC="runuser <%= @user %> -c \"<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${REDISNAME}.conf\""
24 | <% end %>
25 | CLIEXEC=<%= File.join(@bin_path, 'redis-cli') %>
26 |
27 | <% connection_string = String.new %>
28 | <% if @unixsocket.nil? %>
29 | <% connection_string << " -p #{@port}" %>
30 | <% connection_string << " -h #{@address.respond_to?(:first) ? @address.first : @address }" if @address %>
31 | <% else %>
32 | <% connection_string << " -s #{@unixsocket}" %>
33 | <% end %>
34 | <% connection_string << " -a '#{@requirepass}'" unless @requirepass.nil? %>
35 |
36 | PIDFILE=<%= @piddir %>/redis_${REDISNAME}.pid
37 |
38 | if [ ! -d <%= @piddir %> ]; then
39 | mkdir -p <%= @piddir %>
40 | chown <%= @user %> <%= @piddir %>
41 | fi
42 |
43 | ulimit -n <%= @ulimit %>
44 |
45 | case "$1" in
46 | status)
47 | if [ -f $PIDFILE ]
48 | then
49 | echo "redis$REDISNAME $PIDFILE exists, pid is $(cat $PIDFILE), should be running"
50 | ps -p $(cat $PIDFILE) >/dev/null 2>&1
51 | exit $?
52 | else
53 | echo "redis$REDISNAME $PIDFILE doesn't exist"
54 | exit 3
55 | fi
56 | ;;
57 | start)
58 | if [ -f $PIDFILE ]
59 | then
60 | echo "$PIDFILE exists, process is already running or crashed"
61 | PIDNUM=`cat $PIDFILE`
62 | PROCESS_RUNNING=`ps --no-headers -q $PIDNUM | wc -l`
63 | if [ ! $PROCESS_RUNNING -eq 1 ]
64 | then
65 | echo "The PID doesn't exists, restarting it."
66 | rm $PIDFILE
67 | eval $EXEC
68 | fi
69 | else
70 | echo "Starting Redis server..."
71 | eval $EXEC
72 | fi
73 | ;;
74 | stop)
75 | if [ ! -f $PIDFILE ]
76 | then
77 | echo "$PIDFILE does not exist, process is not running"
78 | else
79 | PID=$(cat $PIDFILE)
80 | echo "Stopping ..."
81 |
82 | <%= "$CLIEXEC #{connection_string} save" if @shutdown_save %>
83 | $CLIEXEC <%= connection_string %> shutdown
84 |
85 | while [ -x /proc/${PID} ]
86 | do
87 | echo "Waiting for Redis to shutdown ..."
88 | sleep 1
89 | done
90 | echo "Redis stopped"
91 | fi
92 | ;;
93 | *)
94 | echo "Please use start or stop as first argument"
95 | ;;
96 | esac
97 |
--------------------------------------------------------------------------------
/templates/default/redis.rcinit.erb:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | #
4 |
5 | # PROVIDE: redis<%= @name %>
6 | # REQUIRE: LOGIN
7 | # BEFORE: securelevel
8 | # KEYWORD: shutdown
9 |
10 | # Add the following line to /etc/rc.conf to enable `redis':
11 | #
12 | #redis<%= @name %>_enable="YES"
13 | #
14 | # Define profiles here to run separate redis instances:
15 | #
16 | #redis_profiles="foo bar" # Script uses /usr/local/etc/redis-NAME.conf respectively.
17 | # For correct script working please update pidfile entries in
18 | # redis-NAME.conf files.
19 |
20 | . /etc/rc.subr
21 |
22 | name="redis<%= @name %>"
23 | rcvar="${name}_enable"
24 |
25 | extra_commands="reload"
26 |
27 | command="<%= File.join(@bin_path, 'redis-server') %>"
28 | pidfile="<%= @piddir %>/redis_<%=@name%>.pid"
29 |
30 | # read configuration and set defaults
31 | load_rc_config "$name"
32 | : ${redis<%= @name %>_enable="NO"}
33 | : ${redis_user="<%= @user %>"}
34 | : ${redis_config="<%= @configdir %>/<%= @name %>.conf"}
35 |
36 | command_args="${redis_config}"
37 | required_files="${redis_config}"
38 |
39 | _profile_exists() {
40 | for _p in ${redis_profiles}; do
41 | [ "${_p}" = "$1" ] && return 1;
42 | done
43 | return 0
44 | }
45 |
46 | if [ $# -eq 2 ]; then
47 | _profile=$2
48 | _profile_exists $_profile
49 | _exists=$?
50 | [ ${_exists} -ne 1 ] && {
51 | echo "`basename /usr/local/etc/rc.d/redis`: no '$2' in 'redis_profiles'"
52 | exit 1
53 | };
54 | echo "-- Profile: ${name} --"
55 | config_file="/usr/local/etc/redis/${name}.conf"
56 | command_args="${config_file}"
57 | pidfile="<%= @piddir %>/${name}.pid"
58 | required_files="${config_file}"
59 | elif [ -n "${redis_profiles}" ]; then
60 | _swap=$*; shift; _profiles=$*
61 | _profiles=${_profiles:-${redis_profiles}}
62 | set -- ${_swap}
63 | for _profile in ${_profiles}; do
64 | /usr/local/etc/rc.d/redis $1 ${_profile}
65 | done
66 | exit 0
67 | fi
68 |
69 | run_rc_command "$1"
--------------------------------------------------------------------------------
/templates/default/redis.upstart.conf.erb:
--------------------------------------------------------------------------------
1 | description "Start the redis instance on port <%= @port %>"
2 | author "Installed by chef redisio cookbook"
3 |
4 | #start on runlevel [2345]
5 | stop on runlevel [06]
6 |
7 | script
8 | if [ ! -d <%= @piddir %> ]; then
9 | mkdir -p <%= @piddir %>
10 | chown <%= @user %>:<%= @group %> <%= @piddir %>
11 | fi
12 | end script
13 |
14 | # If the job exits, restart it. Give up with more than 10 restarts in 30 seconds.
15 | respawn
16 | respawn limit 10 30
17 |
18 | exec su -s /bin/sh -c 'exec "$0" "$@"' <%= @user %> <%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/<%= @name %>.conf
19 |
20 |
--------------------------------------------------------------------------------
/templates/default/redis@.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Redis (%i) persistent key-value database
3 | Wants=network-online.target
4 | After=network-online.target
5 |
6 | [Service]
7 | ExecStart=<%= @bin_path %>/redis-server /etc/redis/%i.conf --daemonize no
8 | User=<%= @user %>
9 | Group=<%= @group %>
10 | LimitNOFILE=<%= @limit_nofile %>
11 |
12 | [Install]
13 | WantedBy=multi-user.target
14 |
--------------------------------------------------------------------------------
/templates/default/sentinel.conf.erb:
--------------------------------------------------------------------------------
1 | # Example sentinel.conf
2 |
3 | # redisio Cookbook additions
4 | <% if @job_control == 'initd' || @job_control == 'rcinit' %>
5 | daemonize yes
6 | <% end %>
7 | pidfile <%= @piddir %>/sentinel_<%=@name%>.pid
8 | loglevel <%=@loglevel%>
9 | syslog-enabled <%= @syslogenabled %>
10 | syslog-ident redis-<%= @name %>
11 | syslog-facility <%= @syslogfacility %>
12 | maxclients <%= @maxclients %>
13 | <%= "logfile #{@logfile}" unless @logfile.nil? %>
14 |
15 | <% if @sentinel_bind %>
16 | bind <%=@sentinel_bind%>
17 | <% end %>
18 |
19 | <% if @protected_mode %>
20 | <%= "protected-mode #{@protected_mode}" %>
21 | <% end %>
22 |
23 | # port
24 | # The port that this sentinel instance will run on
25 | port <%=@sentinel_port%>
26 |
27 | # sentinel announce-ip
28 | # sentinel announce-port
29 | #
30 | # The above two configuration directives are useful in environments where,
31 | # because of NAT, Sentinel is reachable from outside via a non-local address.
32 | #
33 | # When announce-ip is provided, the Sentinel will claim the specified IP address
34 | # in HELLO messages used to gossip its presence, instead of auto-detecting the
35 | # local address as it usually does.
36 | #
37 | # Similarly when announce-port is provided and is valid and non-zero, Sentinel
38 | # will announce the specified TCP port.
39 | #
40 | # The two options don't need to be used together, if only announce-ip is
41 | # provided, the Sentinel will announce the specified IP and the server port
42 | # as specified by the "port" option. If only announce-port is provided, the
43 | # Sentinel will announce the auto-detected local IP and the specified port.
44 | #
45 | # Example:
46 | #
47 | # sentinel announce-ip 1.2.3.4
48 | <%= "sentinel announce-ip #{@announce_ip}" unless @announce_ip.nil? %>
49 | <%= "sentinel announce-port #{@announce_port}" unless @announce_port.nil? %>
50 |
51 | # sentinel monitor
52 | #
53 | # Tells Sentinel to monitor this master, and to consider it in O_DOWN
54 | # (Objectively Down) state only if at least sentinels agree.
55 | #
56 | # Note that whatever is the ODOWN quorum, a Sentinel will require to
57 | # be elected by the majority of the known Sentinels in order to
58 | # start a failover, so no failover can be performed in minority.
59 | #
60 | # Replicas are auto-discovered, so you don't need to specify replicas in
61 | # any way. Sentinel itself will rewrite this configuration file adding
62 | # the replicas using additional configuration options.
63 | # Also note that the configuration file is rewritten when a
64 | # replica is promoted to master.
65 | #
66 | # Note: master name should not include special characters or spaces.
67 | # The valid charset is A-z 0-9 and the three characters ".-_".
68 | <% @masters.each do |current| %>
69 | <% calc_name = String(current['master_name'] || @name || 'master_name') %>
70 | <%= "sentinel monitor #{calc_name} #{current['master_ip']} #{current['master_port']} #{current['quorum_count']}" %>
71 | <% end %>
72 | # sentinel auth-pass
73 | #
74 | # Set the password to use to authenticate with the master and replicas.
75 | # Useful if there is a password set in the Redis instances to monitor.
76 | #
77 | # Note that the master password is also used for replicas, so it is not
78 | # possible to set a different password in masters and replicas instances
79 | # if you want to be able to monitor these instances with Sentinel.
80 | #
81 | # However you can have Redis instances without the authentication enabled
82 | # mixed with Redis instances requiring the authentication (as long as the
83 | # password set is the same for all the instances requiring the password) as
84 | # the AUTH command will have no effect in Redis instances with authentication
85 | # switched off.
86 | #
87 | # Example:
88 | #
89 | # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
90 | <% @masters.each do |current| %>
91 | <% calc_name = String(current['master_name'] || @name || 'master_name') %>
92 | <%= "sentinel auth-pass #{calc_name} #{current['auth_pass']}" unless current['auth_pass'].nil? %>
93 | <% end %>
94 |
95 | <% if @version[:major].to_i >= 6 %>
96 | # Using an external ACL file
97 | #
98 | # Instead of configuring users here in this file, it is possible to use
99 | # a stand-alone file just listing users. The two methods cannot be mixed:
100 | # if you configure users here and at the same time you activate the external
101 | # ACL file, the server will refuse to start.
102 | #
103 | # The format of the external ACL user file is exactly the same as the
104 | # format that is used inside redis.conf to describe users.
105 | #
106 | # aclfile /etc/redis/sentinel-users.acl
107 | <% unless @aclfile.nil? %>
108 | aclfile <%= @aclfile %>
109 | <% end %>
110 | <% end %>
111 |
112 | # sentinel down-after-milliseconds
113 | #
114 | # Number of milliseconds the master (or any attached replica or sentinel) should
115 | # be unreachable (as in, not acceptable reply to PING, continuously, for the
116 | # specified period) in order to consider it in S_DOWN state (Subjectively
117 | # Down).
118 | #
119 | # Default is 30 seconds.
120 | <% @masters.each do |current| %>
121 | <% calc_name = String(current['master_name'] || @name || 'master_name') %>
122 | <%= "sentinel down-after-milliseconds #{calc_name} #{current['down_after_milliseconds']}" unless current['down_after_milliseconds'].nil? %>
123 | <% end %>
124 | # sentinel parallel-syncs
125 | #
126 | # How many replicas we can reconfigure to point to the new replica simultaneously
127 | # during the failover. Use a low number if you use the replicas to serve query
128 | # to avoid that all the replicas will be unreachable at about the same
129 | # time while performing the synchronization with the master.
130 | <% @masters.each do |current| %>
131 | <% calc_name = String(current['master_name'] || @name || 'master_name') %>
132 | <%= "sentinel parallel-syncs #{calc_name} #{current['parallel_syncs']}" unless current['parallel_syncs'].nil? %>
133 | <% end %>
134 | # sentinel failover-timeout
135 | #
136 | # Specifies the failover timeout in milliseconds. It is used in many ways:
137 | #
138 | # - The time needed to re-start a failover after a previous failover was
139 | # already tried against the same master by a given Sentinel, is two
140 | # times the failover timeout.
141 | #
142 | # - The time needed for a replica replicating to a wrong master according
143 | # to a Sentinel current configuration, to be forced to replicate
144 | # with the right master, is exactly the failover timeout (counting since
145 | # the moment a Sentinel detected the misconfiguration).
146 | #
147 | # - The time needed to cancel a failover that is already in progress but
148 | # did not produced any configuration change (REPLICAOF NO ONE yet not
149 | # acknowledged by the promoted replica).
150 | #
151 | # - The maximum time a failover in progress waits for all the replicas to be
152 | # reconfigured as replicas of the new master. However even after this time
153 | # the replicas will be reconfigured by the Sentinels anyway, but not with
154 | # the exact parallel-syncs progression as specified.
155 | #
156 | # Default is 15 minutes.
157 | <% @masters.each do |current| %>
158 | <% calc_name = String(current['master_name'] || @name || 'master_name') %>
159 | <%= "sentinel failover-timeout #{calc_name} #{current['failover_timeout']}" unless current['failover_timeout'].nil? %>
160 | <% end %>
161 |
162 | # SCRIPTS EXECUTION
163 | #
164 | # sentinel notification-script and sentinel reconfig-script are used in order
165 | # to configure scripts that are called to notify the system administrator
166 | # or to reconfigure clients after a failover. The scripts are executed
167 | # with the following rules for error handling:
168 | #
169 | # If script exists with "1" the execution is retried later (up to a maximum
170 | # number of times currently set to 10).
171 | #
172 | # If script exists with "2" (or an higher value) the script execution is
173 | # not retried.
174 | #
175 | # If script terminates because it receives a signal the behavior is the same
176 | # as exit code 1.
177 | #
178 | # A script has a maximum running time of 60 seconds. After this limit is
179 | # reached the script is terminated with a SIGKILL and the execution retried.
180 |
181 | # NOTIFICATION SCRIPT
182 | #
183 | # sentinel notification-script
184 | #
185 | # Call the specified notification script for any sentienl event that is
186 | # generated in the WARNING level (for instance -sdown, -odown, and so forth).
187 | # This script should notify the system administrator via email, SMS, or any
188 | # other messaging system, that there is something wrong with the monitored
189 | # Redis systems.
190 | #
191 | # The script is called with just two arguments: the first is the event type
192 | # and the second the event description.
193 | #
194 | # The script must exist and be executable in order for sentinel to start if
195 | # this option is provided.
196 | #
197 | # Example:
198 | #
199 | # sentinel notification-script mymaster /var/redis/notify.sh
200 | <%= "sentinel notification-script #{@name} #{@notification_script}" unless @notification_script.nil? %>
201 |
202 | # CLIENTS RECONFIGURATION SCRIPT
203 | #
204 | # sentinel client-reconfig-script
205 | #
206 | # When the master changed because of a failover a script can be called in
207 | # order to perform application-specific tasks to notify the clients that the
208 | # configuration has changed and the master is at a different address.
209 | #
210 | # The following arguments are passed to the script:
211 | #
212 | #
213 | #
214 | # is currently always "start"
215 | # is either "leader" or "observer"
216 | #
217 | # The arguments from-ip, from-port, to-ip, to-port are used to communicate
218 | # the old address of the master and the new address of the elected replica
219 | # (now a master).
220 | #
221 | # This script should be resistant to multiple invocations.
222 | #
223 | # Example:
224 | #
225 | # sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
226 | <%= "sentinel client-reconfig-script #{@name} #{@client_reconfig_script}" unless @client_reconfig_script.nil? %>
227 |
228 | ################################# TLS/SSL #####################################
229 |
230 | # By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
231 | # directive can be used to define TLS-listening ports. To enable TLS on the
232 | # default port, use:
233 | #
234 | # port 0
235 | # tls-port 6379
236 | <%= "tls-port #{@tlsport}" unless @tlsport.nil? %>
237 |
238 | # Configure a X.509 certificate and private key to use for authenticating the
239 | # server to connected clients, masters or cluster peers. These files should be
240 | # PEM formatted.
241 | #
242 | # tls-cert-file redis.crt
243 | # tls-key-file redis.key
244 | <%= "tls-cert-file #{@tlscertfile}" unless @tlscertfile.nil? %>
245 | <%= "tls-key-file #{@tlskeyfile}" unless @tlskeyfile.nil? %>
246 | #
247 | # If the key file is encrypted using a passphrase, it can be included here
248 | # as well.
249 | #
250 | # tls-key-file-pass secret
251 | <%= "tls-key-file-pass #{@tlskeyfilepass}" unless @tlskeyfilepass.nil? %>
252 |
253 | # Normally Redis uses the same certificate for both server functions (accepting
254 | # connections) and client functions (replicating from a master, establishing
255 | # cluster bus connections, etc.).
256 | #
257 | # Sometimes certificates are issued with attributes that designate them as
258 | # client-only or server-only certificates. In that case it may be desired to use
259 | # different certificates for incoming (server) and outgoing (client)
260 | # connections. To do that, use the following directives:
261 | #
262 | # tls-client-cert-file client.crt
263 | # tls-client-key-file client.key
264 | <%= "tls-client-cert-file #{@tlsclientcertfile}" unless @tlsclientcertfile.nil? %>
265 | <%= "tls-client-key-file #{@tlsclientkeyfile}" unless @tlsclientkeyfile.nil? %>
266 | #
267 | # If the key file is encrypted using a passphrase, it can be included here
268 | # as well.
269 | #
270 | # tls-client-key-file-pass secret
271 | <%= "tls-client-key-file-pass #{@tlsclientkeyfilepass}" unless @tlsclientkeyfilepass.nil? %>
272 |
273 | # Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange,
274 | # required by older versions of OpenSSL (<3.0). Newer versions do not require
275 | # this configuration and recommend against it.
276 | #
277 | # tls-dh-params-file redis.dh
278 | <%= "tls-dh-params-file #{@tlsdhparamsfile}" unless @tlsdhparamsfile.nil? %>
279 |
280 | # Configure a CA certificate(s) bundle or directory to authenticate TLS/SSL
281 | # clients and peers. Redis requires an explicit configuration of at least one
282 | # of these, and will not implicitly use the system wide configuration.
283 | #
284 | # tls-ca-cert-file ca.crt
285 | # tls-ca-cert-dir /etc/ssl/certs
286 | <%= "tls-ca-cert-file #{@tlscacertfile}" unless @tlscacertfile.nil? %>
287 | <%= "tls-ca-cert-dir #{@tlscacertdir}" unless @tlscacertdir.nil? %>
288 |
289 | # By default, clients (including replica servers) on a TLS port are required
290 | # to authenticate using valid client side certificates.
291 | #
292 | # If "no" is specified, client certificates are not required and not accepted.
293 | # If "optional" is specified, client certificates are accepted and must be
294 | # valid if provided, but are not required.
295 | #
296 | # tls-auth-clients no
297 | # tls-auth-clients optional
298 | <%= "tls-auth-clients #{@tlsauthclients}" unless @tlsauthclients.nil? %>
299 |
300 | # By default, a Redis replica does not attempt to establish a TLS connection
301 | # with its master.
302 | #
303 | # Use the following directive to enable TLS on replication links.
304 | #
305 | # tls-replication yes
306 | <%= "tls-replication #{@tlsreplication}" unless @tlsreplication.nil? %>
307 |
308 | # By default, the Redis Cluster bus uses a plain TCP connection. To enable
309 | # TLS for the bus protocol, use the following directive:
310 | #
311 | # tls-cluster yes
312 | <%= "tls-cluster #{@tlscluster}" unless @tlscluster.nil? %>
313 |
314 | # By default, only TLSv1.2 and TLSv1.3 are enabled and it is highly recommended
315 | # that older formally deprecated versions are kept disabled to reduce the attack surface.
316 | # You can explicitly specify TLS versions to support.
317 | # Allowed values are case insensitive and include "TLSv1", "TLSv1.1", "TLSv1.2",
318 | # "TLSv1.3" (OpenSSL >= 1.1.1) or any combination.
319 | # To enable only TLSv1.2 and TLSv1.3, use:
320 | #
321 | # tls-protocols "TLSv1.2 TLSv1.3"
322 | <%= "tls-protocols #{@tlsprotocols}" unless @tlsprotocols.nil? %>
323 |
324 | # Configure allowed ciphers. See the ciphers(1ssl) manpage for more information
325 | # about the syntax of this string.
326 | #
327 | # Note: this configuration applies only to <= TLSv1.2.
328 | #
329 | # tls-ciphers DEFAULT:!MEDIUM
330 | <%= "tls-ciphers #{@tlsciphers}" unless @tlsciphers.nil? %>
331 |
332 | # Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more
333 | # information about the syntax of this string, and specifically for TLSv1.3
334 | # ciphersuites.
335 | #
336 | # tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
337 | <%= "tls-ciphersuites #{@tlsciphersuites}" unless @tlsciphersuites.nil? %>
338 |
339 | # When choosing a cipher, use the server's preference instead of the client
340 | # preference. By default, the server follows the client's preference.
341 | #
342 | # tls-prefer-server-ciphers yes
343 | <%= "tls-prefer-server-ciphers #{@tlspreferserverciphers}" unless @tlspreferserverciphers.nil? %>
344 |
345 | # By default, TLS session caching is enabled to allow faster and less expensive
346 | # reconnections by clients that support it. Use the following directive to disable
347 | # caching.
348 | #
349 | # tls-session-caching no
350 | <%= "tls-session-caching #{@tlssessioncaching}" unless @tlssessioncaching.nil? %>
351 |
352 | # Change the default number of TLS sessions cached. A zero value sets the cache
353 | # to unlimited size. The default size is 20480.
354 | #
355 | # tls-session-cache-size 5000
356 | <%= "tls-session-cache-size #{@tlssessioncachesize}" unless @tlssessioncachesize.nil? %>
357 |
358 | # Change the default timeout of cached TLS sessions. The default timeout is 300
359 | # seconds.
360 | #
361 | # tls-session-cache-timeout 60
362 | <%= "tls-session-cache-timeout #{@tlssessioncachetimeout}" unless @tlssessioncachetimeout.nil? %>
363 |
364 | ################################## INCLUDES ###################################
365 |
366 | # Include one or more other config files here. This is useful if you
367 | # have a standard template that goes to all redis server but also need
368 | # to customize a few per-server settings. Include files can include
369 | # other files, so use this wisely.
370 | #
371 | # include /path/to/local.conf
372 | # include /path/to/other.conf
373 | <% unless @includes.nil? %>
374 | <% @includes.each do |include_option| %>
375 | <%= "include #{include_option}" %>
376 | <% end %>
377 | <% end %>
378 |
--------------------------------------------------------------------------------
/templates/default/sentinel.init.erb:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # Simple Redis init.d script conceived to work on Linux systems
4 | # as it does use of the /proc filesystem.
5 | #
6 | # description: Redis is an in memory key-value store database
7 | #
8 | ### BEGIN INIT INFO
9 | # Provides: redissentinel_<%=@name%>
10 | # Required-Start:
11 | # Required-Stop:
12 | # Should-Start:
13 | # Default-Start: 2 3 4 5
14 | # Default-Stop: 0 1 6
15 | # Short-Description:
16 | # Description: redissentinel_<%=@name%> init script
17 | ### END INIT INFO
18 |
19 | SENTINELNAME=<%= @name %>
20 | <% case @platform %>
21 | <% when 'ubuntu','debian','fedora' %>
22 | EXEC="su -s /bin/sh -c '<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${SENTINELNAME}.conf --sentinel' <%= @user %>"
23 | <% else %>
24 | EXEC="runuser <%= @user %> -c \"<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${SENTINELNAME}.conf --sentinel\""
25 | <% end %>
26 | CLIEXEC=<%= File.join(@bin_path, 'redis-cli') %>
27 |
28 |
29 | PIDFILE=<%= @piddir %>/${SENTINELNAME}.pid
30 |
31 | if [ ! -d <%= @piddir %> ]; then
32 | mkdir -p <%= @piddir %>
33 | chown <%= @user %> <%= @piddir %>
34 | fi
35 |
36 | case "$1" in
37 | status)
38 | if [ -f $PIDFILE ]
39 | then
40 | echo "redis$SENTINELNAME $PIDFILE exists, pid is $(cat $PIDFILE), should be running"
41 | ps -p $(cat $PIDFILE) >/dev/null 2>&1
42 | exit $?
43 | else
44 | echo "redis$SENTINELNAME $PIDFILE doesn't exist"
45 | exit 3
46 | fi
47 | ;;
48 | start)
49 | if [ -f $PIDFILE ]
50 | then
51 | echo "$PIDFILE exists, process is already running or crashed"
52 | else
53 | echo "Starting Redis server..."
54 | eval $EXEC
55 | fi
56 | ;;
57 | stop)
58 | if [ ! -f $PIDFILE ]
59 | then
60 | echo "$PIDFILE does not exist, process is not running"
61 | else
62 | PID=$(cat $PIDFILE)
63 | echo "Stopping ..."
64 |
65 | kill ${PID}
66 |
67 | while [ -x /proc/${PID} ]
68 | do
69 | echo "Waiting for Redis to shutdown ..."
70 | sleep 1
71 | done
72 | echo "Redis stopped"
73 | fi
74 | ;;
75 | *)
76 | echo "Please use start or stop as first argument"
77 | ;;
78 | esac
79 |
--------------------------------------------------------------------------------
/templates/default/sentinel.rcinit.erb:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # PROVIDE: sentinel_<%=@name%>
4 | # REQUIRE: LOGIN
5 | # BEFORE: securelevel
6 | # KEYWORD: shutdown
7 |
8 | # Add the following line to /etc/rc.conf to enable `sentinel':
9 | #
10 | #redis_<%= @name %>_enable="YES"
11 | #
12 |
13 | . /etc/rc.subr
14 |
15 | name="redis_<%= @name %>"
16 | rcvar="${name}_enable"
17 |
18 | command="<%= File.join(@bin_path, 'redis-sentinel') %>"
19 | pidfile="<%= @piddir %>/<%=@name%>.pid"
20 |
21 | # read configuration and set defaults
22 | load_rc_config "$name"
23 | : ${sentinel_enable="NO"}
24 | : ${sentinel_user="<%= @user %>"}
25 | : ${sentinel_config="<%= @configdir %>/<%= @name %>.conf"}
26 |
27 | command_args="${sentinel_config} --daemonize yes --pidfile ${pidfile}"
28 | required_files="${sentinel_config}"
29 | start_precmd="sentinel_checks"
30 | restart_precmd="sentinel_checks"
31 |
32 | sentinel_checks()
33 | {
34 | if [ x`id -u ${sentinel_user}` != x`stat -f %u ${sentinel_config}` ]; then
35 | err 1 "${sentinel_config} must be owned by user ${sentinel_user}"
36 | fi
37 | }
38 |
39 | run_rc_command "$1"
--------------------------------------------------------------------------------
/templates/default/sentinel.upstart.conf.erb:
--------------------------------------------------------------------------------
1 | description "Start the redis-sentinel instance on port <%= @port %>"
2 | author "Installed by chef redisio cookbook"
3 |
4 | #start on runlevel [2345]
5 | stop on runlevel [06]
6 |
7 | script
8 | if [ ! -d <%= @piddir %> ]; then
9 | mkdir -p <%= @piddir %>
10 | chown <%= @user %>:<%= @group %> <%= @piddir %>
11 | fi
12 | end script
13 |
14 | # If the job exits, restart it. Give up with more than 10 restarts in 30 seconds.
15 | respawn
16 | respawn limit 10 30
17 |
18 | exec su -s /bin/sh -c 'exec "$0" "$@"' -- <%= @user %> <%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/<%= @name %>.conf --sentinel
19 |
20 |
--------------------------------------------------------------------------------
/templates/default/su.erb:
--------------------------------------------------------------------------------
1 | #
2 | # The PAM configuration file for the Shadow `su' service
3 | #
4 | # This file modified by Chef to enable ulimit switching with `su`
5 | #
6 |
7 | # This allows root to su without passwords (normal operation)
8 | auth sufficient pam_rootok.so
9 |
10 | # Uncomment this to force users to be a member of group root
11 | # before they can use `su'. You can also add "group=foo"
12 | # to the end of this line if you want to use a group other
13 | # than the default "root" (but this may have side effect of
14 | # denying "root" user, unless she's a member of "foo" or explicitly
15 | # permitted earlier by e.g. "sufficient pam_rootok.so").
16 | # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
17 | # auth required pam_wheel.so
18 |
19 | # Uncomment this if you want wheel members to be able to
20 | # su without a password.
21 | # auth sufficient pam_wheel.so trust
22 |
23 | # Uncomment this if you want members of a specific group to not
24 | # be allowed to use su at all.
25 | # auth required pam_wheel.so deny group=nosu
26 |
27 | # Uncomment and edit /etc/security/time.conf if you need to set
28 | # time restrainst on su usage.
29 | # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
30 | # as well as /etc/porttime)
31 | # account requisite pam_time.so
32 |
33 | # This module parses environment configuration file(s)
34 | # and also allows you to use an extended config
35 | # file /etc/security/pam_env.conf.
36 | #
37 | # parsing /etc/environment needs "readenv=1"
38 | session required pam_env.so readenv=1
39 | # locale variables are also kept into /etc/default/locale in etch
40 | # reading this file *in addition to /etc/environment* does not hurt
41 | session required pam_env.so readenv=1 envfile=/etc/default/locale
42 |
43 | # Defines the MAIL environment variable
44 | # However, userdel also needs MAIL_DIR and MAIL_FILE variables
45 | # in /etc/login.defs to make sure that removing a user
46 | # also removes the user's mail spool file.
47 | # See comments in /etc/login.defs
48 | #
49 | # "nopen" stands to avoid reporting new mail when su'ing to another user
50 | session optional pam_mail.so nopen
51 |
52 | # Sets up user limits, please uncomment and read /etc/security/limits.conf
53 | # to enable this functionality.
54 | # (Replaces the use of /etc/limits in old login)
55 | session required pam_limits.so
56 |
57 | # The standard Unix authentication modules, used with
58 | # NIS (man nsswitch) as well as normal /etc/passwd and
59 | # /etc/shadow entries.
60 | @include common-auth
61 | @include common-account
62 | @include common-session
63 |
--------------------------------------------------------------------------------
/templates/default/ulimit.erb:
--------------------------------------------------------------------------------
1 | # Limits settings for <%= @ulimit_user %>
2 | <% unless @filehandle_limit.nil? -%>
3 | <%= @ulimit_user -%> - nofile <%= @filehandle_limit %>
4 | <% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%>
5 | <% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%>
6 | <% end -%>
7 | <% unless @process_limit.nil? -%>
8 | <%= @ulimit_user -%> - nproc <%= @process_limit %>
9 | <% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%>
10 | <% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%>
11 | <% end -%>
12 | <% unless @memory_limit.nil? -%>
13 | <%= @ulimit_user -%> - memlock <%= @memory_limit %>
14 | <% end -%>
15 | <% unless @core_limit.nil? -%>
16 | <%= @ulimit_user -%> - core <%= @core_limit %>
17 | <% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%>
18 | <% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%>
19 | <% end -%>
20 | <% unless @stack_limit.nil? -%>
21 | <%= @ulimit_user -%> - stack <%= @stack_limit %>
22 | <% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%>
23 | <% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%>
24 | <% end -%>
25 | <% unless @rtprio_limit.nil? -%>
26 | <%= @ulimit_user -%> - rtprio <%= @rtprio_limit %>
27 | <% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%>
28 | <% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%>
29 | <% end -%>
30 | <% unless @virt_limit.nil? -%>
31 | <%= @ulimit_user -%> - as <%= @virt_limit %>
32 | <% end -%>
33 |
--------------------------------------------------------------------------------
/test/integration/default/serverspec/redisio_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | prefix = os[:family] == 'freebsd' ? '/usr/local' : ''
4 |
5 | describe 'Redis' do
6 | it_behaves_like 'redis on port', 6379
7 | end
8 |
9 | describe file("#{prefix}/etc/redis/savetest.conf") do
10 | it { should be_file }
11 | its('mode') { should cmp '0640' }
12 |
13 | ['save 3600 1', '300 200', '60 30000'].each do |m|
14 | its(:content) { should match(m) }
15 | end
16 | end
17 |
18 | if system('command -v semanage &>/dev/null')
19 | describe command('semanage fcontext --list --noheading | grep -F redis') do
20 | [
21 | %r{^/etc/redis\(/\.\*\)\?\s.*:redis_conf_t:},
22 | %r{^/var/lib/redis\(/\.\*\)\?\s.*:redis_var_lib_t:},
23 | %r{^/var/run/redis\(/\.\*\)\?\s.*:redis_var_run_t:},
24 | %r{^/var/log/redis\(/\.\*\)\?\s.*:redis_log_t:},
25 | ].each do |pattern|
26 | its(:stdout) { should match(pattern) }
27 | end
28 | end
29 | end
30 |
--------------------------------------------------------------------------------
/test/integration/helpers/serverspec/redisio_examples.rb:
--------------------------------------------------------------------------------
1 | shared_examples_for 'redis on port' do |redis_port, _args|
2 | it 'enables the redis service' do
3 | service_name = if (os[:family] == 'redhat' && os[:release][0] == '7') ||
4 | (os[:family] == 'ubuntu' && os[:release].to_f >= 16.04) ||
5 | (os[:family] == 'debian' && os[:release].to_f >= 8.0) ||
6 | os[:family] == 'fedora'
7 | "redis@#{redis_port}"
8 | else
9 | "redis#{redis_port}"
10 | end
11 | expect(service(service_name)).to be_enabled
12 | expect(service(service_name)).to be_running, if: os[:family] != 'fedora'
13 | end
14 |
15 | # We use grep and commands here, since serverspec only checks systemd on fedora 20
16 | # instead of also being able to check sysv style init systems.
17 | describe command("ps aux | grep -v grep | grep 'redis-server' | grep '*:#{redis_port}'"), if: os[:family] == 'fedora' do
18 | its(:exit_status) { should eq(0) }
19 | end
20 |
21 | it "is listening on port #{redis_port}" do
22 | expect(port(redis_port)).to be_listening
23 | end
24 | end
25 |
--------------------------------------------------------------------------------
/test/integration/helpers/serverspec/sentinel_examples.rb:
--------------------------------------------------------------------------------
1 | shared_examples_for 'sentinel on port' do |redis_port, redis_cluster_name, _args|
2 | it 'enables the redis-sentinel service' do
3 | redis_cluster_name ||= 'mycluster'
4 | name = if (os[:family] == 'redhat' && os[:release][0] == '7') ||
5 | (os[:family] == 'ubuntu' && os[:release].to_f >= 16.04) ||
6 | (os[:family] == 'debian' && os[:release].to_f >= 8.0) ||
7 | os[:family] == 'fedora'
8 | "redis-sentinel@#{redis_cluster_name}"
9 | else
10 | "redis_sentinel_#{redis_cluster_name}"
11 | end
12 | expect(service(name)).to be_enabled
13 | expect(service(name)).to be_running, if: os[:family] != 'fedora'
14 | end
15 |
16 | describe command("ps aux | grep -v grep | grep 'redis-server' | grep '*:#{redis_port}'"), if: os[:family] == 'fedora' do
17 | its(:exit_status) { should eq(0) }
18 | end
19 |
20 | it "is listening on port #{redis_port}" do
21 | expect(port(redis_port)).to be_listening
22 | end
23 | end
24 |
--------------------------------------------------------------------------------
/test/integration/helpers/serverspec/spec_helper.rb:
--------------------------------------------------------------------------------
1 | require 'serverspec'
2 |
3 | # shared examples
4 | require_relative 'redisio_examples'
5 | require_relative 'sentinel_examples'
6 |
7 | set :backend, :exec
8 |
--------------------------------------------------------------------------------
/test/integration/multisentinel/serverspec/multiple_sentinels_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | prefix = os[:family] == 'freebsd' ? '/usr/local' : ''
4 |
5 | describe 'Redis-Sentinel' do
6 | it_behaves_like 'sentinel on port', 26379, 'cluster'
7 | end
8 |
9 | describe file("#{prefix}/etc/redis/sentinel_cluster.conf") do
10 | [
11 | /sentinel monitor master6379 127.0.0.1 6379 2/,
12 | /sentinel down-after-milliseconds master6379 30000/,
13 | /sentinel parallel-syncs master6379 1/,
14 | /sentinel failover-timeout master6379 900000/,
15 | /sentinel monitor master6380 127.0.0.1 6380 2/,
16 | /sentinel down-after-milliseconds master6380 30000/,
17 | /sentinel parallel-syncs master6380 1/,
18 | /sentinel failover-timeout master6380 900000/,
19 | ].each do |pattern|
20 | its(:content) { should match(pattern) }
21 | end
22 | end
23 |
24 | unless (os[:family] == 'redhat' && os[:release][0] == '7') ||
25 | os[:family] == 'freebsd' ||
26 | (os[:family] == 'ubuntu' && os[:release].to_f >= 16.04) ||
27 | (os[:family] == 'debian' && os[:release].to_f >= 8.0) ||
28 | os[:family] == 'fedora'
29 | describe file('/etc/init.d/redis_sentinel_cluster') do
30 | [
31 | /SENTINELNAME=sentinel_cluster/,
32 | %r{EXEC="(su -s /bin/sh)|(runuser redis) -c \\?["']/usr/local/bin/redis-server /etc/redis/\$\{SENTINELNAME\}.conf --sentinel\\?["']( redis)?"},
33 | %r{PIDFILE=/var/run/redis/sentinel_cluster/\$\{SENTINELNAME\}.pid},
34 | %r{mkdir -p /var/run/redis/sentinel_cluster},
35 | %r{chown redis /var/run/redis/sentinel_cluster},
36 | ].each do |pattern|
37 | its(:content) { should match(pattern) }
38 | end
39 | end
40 | end
41 |
42 | describe command('/usr/local/bin/redis-cli --raw -p 26379 SENTINEL MASTER master6379') do
43 | [
44 | /name/,
45 | /master6379/,
46 | /ip/,
47 | /127.0.0.1/,
48 | /port/,
49 | /6379/,
50 | /flags/,
51 | /master/,
52 | /last-ping-sent/,
53 | /last-ok-ping-reply/,
54 | /last-ping-reply/,
55 | /down-after-milliseconds/,
56 | /30000/,
57 | /role-reported/,
58 | /master/,
59 | /config-epoch/,
60 | /0/,
61 | /num-slaves/,
62 | /0/,
63 | /num-other-sentinels/,
64 | /0/,
65 | /quorum/,
66 | /2/,
67 | /failover-timeout/,
68 | /900000/,
69 | /parallel-syncs/,
70 | /1/,
71 | ].each do |pattern|
72 | its(:stdout) { should match(pattern) }
73 | end
74 | end
75 |
76 | describe command('/usr/local/bin/redis-cli --raw -p 26379 SENTINEL MASTER master6380') do
77 | [
78 | /name/,
79 | /master6380/,
80 | /ip/,
81 | /127.0.0.1/,
82 | /port/,
83 | /6380/,
84 | /flags/,
85 | /master/,
86 | /last-ping-sent/,
87 | /last-ok-ping-reply/,
88 | /last-ping-reply/,
89 | /down-after-milliseconds/,
90 | /30000/,
91 | /role-reported/,
92 | /master/,
93 | /config-epoch/,
94 | /0/,
95 | /num-slaves/,
96 | /0/,
97 | /num-other-sentinels/,
98 | /0/,
99 | /quorum/,
100 | /2/,
101 | /failover-timeout/,
102 | /900000/,
103 | /parallel-syncs/,
104 | /1/,
105 | ].each do |pattern|
106 | its(:stdout) { should match(pattern) }
107 | end
108 | end
109 |
--------------------------------------------------------------------------------
/test/integration/sentinel/serverspec/sentinel_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'Redis-Sentinel' do
4 | it_behaves_like 'sentinel on port', 26379
5 | end
6 |
--------------------------------------------------------------------------------
/test/unit/spec/sentinel_spec.rb:
--------------------------------------------------------------------------------
1 | require_relative 'spec_helper'
2 |
3 | # the runlist came from test-kitchen's default suite
4 | describe 'sentinel recipes' do
5 | recipes = %w(
6 | default
7 | enable
8 | sentinel
9 | sentinel_enable
10 | ).map { |r| "redisio::#{r}" }
11 |
12 | # pick an arbitrary OS; just for fauxhai to provide some values
13 | it 'creates a default sentinel instance' do
14 | # *splat operator for array to vararg
15 | chef_run = ChefSpec::SoloRunner.new.converge(*recipes)
16 | expect(chef_run).to run_redisio_sentinel('redis-sentinels').with(
17 | sentinels: [
18 | {
19 | 'sentinel_port' => '26379',
20 | 'name' => 'mycluster',
21 | 'masters' => [
22 | {
23 | 'master_name' => 'mycluster_master',
24 | 'master_ip' => '127.0.0.1',
25 | 'master_port' => '6379',
26 | },
27 | ],
28 | },
29 | ]
30 | )
31 | end
32 |
33 | it 'creates a specified sentinel instance' do
34 | chef_run = ChefSpec::SoloRunner.new do |node|
35 | node.override['redisio']['sentinels'] = [
36 | {
37 | 'sentinel_bind' => '0.0.0.0',
38 | 'sentinel_port' => '1234',
39 | 'name' => 'sentinel-test-params',
40 | 'master_ip' => '5.6.7.8',
41 | 'master_port' => 9123,
42 | },
43 | ]
44 | end.converge(*recipes) # *splat operator for array to vararg
45 | expect(chef_run).to run_redisio_sentinel('redis-sentinels').with(
46 | sentinels: [
47 | {
48 | 'sentinel_bind' => '0.0.0.0',
49 | 'sentinel_port' => '1234',
50 | 'name' => 'sentinel-test-params',
51 | 'master_ip' => '5.6.7.8',
52 | 'master_port' => 9123,
53 | },
54 | ]
55 | )
56 | end
57 |
58 | it 'should not create a sentinel instance' do
59 | chef_run = ChefSpec::SoloRunner.new do |node|
60 | node.override['redisio']['sentinels'] = []
61 | end.converge(*recipes) # *splat operator for array to vararg
62 | expect(chef_run).to run_redisio_sentinel('redis-sentinels').with(
63 | sentinels: []
64 | )
65 | end
66 | end
67 |
--------------------------------------------------------------------------------
/test/unit/spec/spec_helper.rb:
--------------------------------------------------------------------------------
1 | require 'rspec/expectations'
2 | require 'chefspec'
3 | require 'chefspec/berkshelf'
4 | require 'chef/application'
5 |
6 | RSpec.configure do |config|
7 | config.version = '14.04'
8 | config.platform = 'ubuntu'
9 | end
10 |
--------------------------------------------------------------------------------