Initial commit

0f14d2ab · Remy Mudingay · 0f14d2ab · 0f14d2ab · 0f14d2ab · 0f14d2ab
Commit 0f14d2ab authored 5 years ago by Remy Mudingay
--- a/.flake8
+++ b/.flake8
+[flake8]
+ignore = E501
--- a/.gitignore
+++ b/.gitignore
+.molecule
+.vagrant
+.cache
+*.swp
+.DS_Store
+__pycache__
+*.pyc
+.vault_pass
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+---
+include: 'https://gitlab.esss.lu.se/ics-infrastructure/gitlab-ci-yml/raw/master/Molecule.gitlab-ci.yml'
--- a/.yamllint
+++ b/.yamllint
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  # NOTE(retr0h): Templates no longer fail this lint rule.
+  #               Uncomment if running old Molecule templates.
+  # truthy: disable
--- a/LICENSE
+++ b/LICENSE
+BSD 2-Clause License
+
+Copyright (c) 2019, European Spallation Source ERIC
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/README.md
+++ b/README.md
+# ics-ans-role-redis
+
+Ansible role to install redis.
+
+## Role Variables
+
+```yaml
+redis_conf_path: /etc/redis.conf
+redis_port: 6379
+redis_bind_interface: 127.0.0.1
+redis_unixsocket: ''
+redis_timeout: 300
+redis_loglevel: "notice"
+redis_logfile: /var/log/redis/redis-server.log
+redis_databases: 16
+
+# Set to an empty set to disable persistence (saving the DB to disk).
+redis_save:
+  - 900 1
+  - 300 10
+  - 60 10000
+
+redis_rdbcompression: "yes"
+redis_dbfilename: dump.rdb
+gredis_dbdir: /var/lib/redis
+
+gredis_maxmemory: 0
+gredis_maxmemory_policy: "noeviction"
+gredis_maxmemory_samples: 5
+
+gredis_appendonly: "no"
+gredis_appendfsync: "everysec"
+
+g# Add extra include files for local configuration/overrides.
+gredis_includes: []
+
+g# Require authentication to Redis with a password.
+gredis_requirepass: ""
+
+g# Disable certain Redis commands for security reasons.
+gredis_disabled_commands: []
+g#  - FLUSHDB
+g#  - FLUSHALL
+g#  - KEYS
+g#  - PEXPIRE
+g#  - DEL
+g#  - CONFIG
+g#  - SHUTDOWN
+g#  - BGREWRITEAOF
+g#  - BGSAVE
+g#  - SAVE
+g#  - SPOP
+g#  - SREM
+g#  - RENAME
+g#  - DEBUG
+...
+```
+
+## Example Playbook
+
+```yaml
+- hosts: servers
+  roles:
+    - role: ics-ans-role-redis
+```
+
+## License
+
+BSD 2-clause
--- a/defaults/main.yml
+++ b/defaults/main.yml
+---
+redis_conf_path: /etc/redis.conf
+redis_port: 6379
+redis_bind_interface: 127.0.0.1
+redis_unixsocket: ''
+redis_timeout: 300
+redis_loglevel: "notice"
+redis_logfile: /var/log/redis/redis-server.log
+redis_databases: 16
+
+# Set to an empty set to disable persistence (saving the DB to disk).
+redis_save:
+  - 900 1
+  - 300 10
+  - 60 10000
+
+redis_rdbcompression: "yes"
+redis_dbfilename: dump.rdb
+redis_dbdir: /var/lib/redis
+
+redis_maxmemory: 0
+redis_maxmemory_policy: "noeviction"
+redis_maxmemory_samples: 5
+
+redis_appendonly: "no"
+redis_appendfsync: "everysec"
+
+# Add extra include files for local configuration/overrides.
+redis_includes: []
+
+# Require authentication to Redis with a password.
+redis_requirepass: ""
+
+# Disable certain Redis commands for security reasons.
+redis_disabled_commands: []
+#  - FLUSHDB
+#  - FLUSHALL
+#  - KEYS
+#  - PEXPIRE
+#  - DEL
+#  - CONFIG
+#  - SHUTDOWN
+#  - BGREWRITEAOF
+#  - BGSAVE
+#  - SAVE
+#  - SPOP
+#  - SREM
+#  - RENAME
+#  - DEBUG
--- a/handlers/main.yml
+++ b/handlers/main.yml
+---
+- name: restart redis
+  systemd:
+    name: redis
+    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
+---
+galaxy_info:
+  author: Remy Mudingay
+  company: European Spallation Source ERIC
+  description: Ansible role to install redis.
+  license: BSD
+  min_ansible_version: 2.7
+  platforms:
+    - name: CentOS
+      versions:
+        - 7
+dependencies:
+  - role: ics-ans-role-repository
--- a/molecule/default/Dockerfile.j2
+++ b/molecule/default/Dockerfile.j2
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
+---
+dependency:
+  name: galaxy
+lint:
+  name: yamllint
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      gather_timeout: 20
+  lint:
+    name: ansible-lint
+  inventory:
+    group_vars:
+      molecule_group:
+scenario:
+  name: default
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+driver:
+  name: docker
+platforms:
+  - name: ics-ans-role-redis-default
+    image: registry.esss.lu.se/ics-docker/centos-systemd:7
+    # SYS_ADMIN required to run systemctl
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    tmpfs:
+      - /run
+    command: /sbin/init
+    groups:
+      - molecule_group
--- a/molecule/default/playbook.yml
+++ b/molecule/default/playbook.yml
+---
+- name: Converge
+  hosts: all
+  become: true
+  roles:
+    - role: ics-ans-role-redis
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
+---
+- name: Prepare
+  hosts: all
+  gather_facts: false
+  tasks: []
--- a/molecule/default/requirements.yml
+++ b/molecule/default/requirements.yml
+---
+- src: git+https://gitlab.esss.lu.se/ics-ansible-galaxy/ics-ans-role-repository.git
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
+import os
+import testinfra.utils.ansible_runner
+
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_config_file_exists(host):
+    f = host.file('/etc/redis.conf')
+    assert f.exists
+
+
+def test_redis_enabled_and_running(host):
+    service = host.service('redis')
+    assert service.is_running
+    assert service.is_enabled
--- a/tasks/main.yml
+++ b/tasks/main.yml
+---
+- name: Ensure Redis is installed.
+  package:
+    name: redis
+    state: present
+
+- name: Ensure Redis is configured.
+  template:
+    src: redis.conf.j2
+    dest: "{{ redis_conf_path }}"
+    mode: 0644
+  notify: restart redis
+
+- name: Ensure Redis is running and enabled on boot.
+  systemd:
+    name: redis
+    state: started
+    enabled: true
--- a/templates/redis.conf.j2
+++ b/templates/redis.conf.j2
+# {{ ansible_managed }}
+
+daemonize yes
+pidfile /var/run/redis/redis.pid
+port {{ redis_port }}
+bind {{ redis_bind_interface }}
+
+{% if redis_unixsocket %}
+unixsocket {{ redis_unixsocket }}
+{% endif %}
+
+timeout {{ redis_timeout }}
+
+loglevel {{ redis_loglevel }}
+logfile {{ redis_logfile }}
+
+# To enable logging to the system logger, just set 'syslog-enabled' to yes,
+# and optionally update the other syslog parameters to suit your needs.
+# syslog-enabled no
+# syslog-ident redis
+# syslog-facility local0
+
+databases {{ redis_databases }}
+
+{% for save in redis_save %}
+save {{ save }}
+{% endfor %}
+
+rdbcompression {{ redis_rdbcompression }}
+dbfilename {{ redis_dbfilename }}
+dir {{ redis_dbdir }}
+
+# maxclients 128
+
+{% if redis_maxmemory %}
+maxmemory {{ redis_maxmemory }}
+maxmemory-policy {{ redis_maxmemory_policy }}
+maxmemory-samples {{ redis_maxmemory_samples }}
+{% endif %}
+
+appendonly {{ redis_appendonly }}
+appendfsync {{ redis_appendfsync }}
+no-appendfsync-on-rewrite no
+
+{% for include in redis_includes %}
+include {{ include }}
+{% endfor %}
+
+{% if redis_requirepass %}
+requirepass {{ redis_requirepass }}
+{% endif %}
+
+{% for redis_disabled_command in redis_disabled_commands %}
+rename-command {{ redis_disabled_command }} ""
+{% endfor %}