diff --git a/manifests/params.pp b/manifests/params.pp index 2714fdd..da33491 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,323 +1,324 @@ # = Class: redis::params # # This class provides a number of parameters. # class redis::params { # Generic $manage_repo = false $manage_package = true $managed_by_cluster_manager = false # redis.conf.erb $activerehashing = true $aof_load_truncated = true $aof_rewrite_incremental_fsync = true $appendfilename = 'appendonly.aof' $appendfsync = 'everysec' $appendonly = false $auto_aof_rewrite_min_size = '64mb' $auto_aof_rewrite_percentage = 100 $bind = '127.0.0.1' $output_buffer_limit_slave = '256mb 64mb 60' $output_buffer_limit_pubsub = '32mb 8mb 60' $conf_template = 'redis/redis.conf.erb' $default_install = true $databases = 16 $dbfilename = 'dump.rdb' $extra_config_file = undef $hash_max_ziplist_entries = 512 $hash_max_ziplist_value = 64 $hll_sparse_max_bytes = 3000 $hz = 10 $latency_monitor_threshold = 0 $list_max_ziplist_entries = 512 $list_max_ziplist_value = 64 $log_dir = '/var/log/redis' $log_file = '/var/log/redis/redis.log' $log_level = 'notice' $manage_service_file = false $maxclients = 10000 $maxmemory = undef $maxmemory_policy = undef $maxmemory_samples = undef $no_appendfsync_on_rewrite = false $notify_keyspace_events = undef $notify_service = true $port = 6379 $protected_mode = 'yes' $rdbcompression = true $requirepass = undef $save_db_to_disk = true $save_db_to_disk_interval = {'900' =>'1', '300' => '10', '60' => '10000'} $sentinel_auth_pass = undef $sentinel_bind = undef $sentinel_config_file_mode = '0644' $sentinel_config_group = 'root' $sentinel_config_owner = 'redis' $sentinel_conf_template = 'redis/redis-sentinel.conf.erb' $sentinel_down_after = 30000 $sentinel_failover_timeout = 180000 $sentinel_master_name = 'mymaster' $sentinel_parallel_sync = 1 $sentinel_port = 26379 + $sentinel_protected_mode = 'yes' $sentinel_quorum = 2 $sentinel_service_name = 'redis-sentinel' $sentinel_working_dir = '/tmp' $sentinel_init_template = 'redis/redis-sentinel.init.erb' $sentinel_pid_file = '/var/run/redis/redis-sentinel.pid' $sentinel_notification_script = undef $sentinel_client_reconfig_script = undef $service_provider = undef $set_max_intset_entries = 512 $slave_priority = 100 $slowlog_log_slower_than = 10000 $slowlog_max_len = 1024 $stop_writes_on_bgsave_error = true $syslog_enabled = undef $syslog_facility = undef $tcp_backlog = 511 $tcp_keepalive = 0 $timeout = 0 $ulimit = 65536 $unixsocket = '/var/run/redis/redis.sock' $unixsocketperm = 755 $zset_max_ziplist_entries = 128 $zset_max_ziplist_value = 64 # redis.conf.erb - replication $masterauth = undef $min_slaves_to_write = 0 $min_slaves_max_lag = 10 $repl_backlog_size = '1mb' $repl_backlog_ttl = 3600 $repl_disable_tcp_nodelay = false $repl_ping_slave_period = 10 $repl_timeout = 60 $slave_read_only = true $slave_serve_stale_data = true $slaveof = undef # redis.conf.erb - redis 3.0 clustering $cluster_enabled = false $cluster_config_file = 'nodes.conf' $cluster_node_timeout = 5000 case $::osfamily { 'Debian': { $config_dir = '/etc/redis' $config_dir_mode = '0755' $config_file = '/etc/redis/redis.conf' $config_file_mode = '0644' $config_file_orig = '/etc/redis/redis.conf.puppet' $config_owner = 'redis' $daemonize = true $log_dir_mode = '0755' $package_ensure = 'present' $package_name = 'redis-server' $pid_file = '/var/run/redis/redis-server.pid' $sentinel_config_file = '/etc/redis/sentinel.conf' $sentinel_config_file_orig = '/etc/redis/redis-sentinel.conf.puppet' $sentinel_daemonize = true $sentinel_init_script = '/etc/init.d/redis-sentinel' $sentinel_package_name = 'redis-sentinel' $sentinel_package_ensure = 'present' $service_manage = true $service_enable = true $service_ensure = 'running' $service_group = 'redis' $service_hasrestart = true $service_hasstatus = true $service_name = 'redis-server' $service_user = 'redis' $ppa_repo = 'ppa:chris-lea/redis-server' $workdir = '/var/lib/redis' $workdir_mode = '0750' case $::operatingsystem { 'Ubuntu': { $config_group = 'redis' case $::operatingsystemmajrelease { '14.04': { # upstream package is 2.8.4 $minimum_version = '2.8.4' } '16.04': { # upstream package is 3.0.3 $minimum_version = '3.0.3' } default: { warning("Ubuntu release ${::operatingsystemmajrelease} isn't 'officially' supported by module, but will git it a shot") $minimum_version = '2.8.5' } } } default: { $config_group = 'root' # Debian standard package is 2.4.14 # But we have dotdeb repo which is 3.2.5 $minimum_version = '3.2.5' } } } 'RedHat': { $config_dir = '/etc/redis' $config_dir_mode = '0755' $config_file = '/etc/redis.conf' $config_file_mode = '0644' $config_file_orig = '/etc/redis.conf.puppet' $config_group = 'root' $config_owner = 'redis' $daemonize = true $log_dir_mode = '0755' $package_ensure = 'present' $package_name = 'redis' $pid_file = '/var/run/redis/redis.pid' $sentinel_config_file = '/etc/redis-sentinel.conf' $sentinel_config_file_orig = '/etc/redis-sentinel.conf.puppet' $sentinel_daemonize = false $sentinel_init_script = undef $sentinel_package_name = 'redis' $sentinel_package_ensure = 'present' $service_manage = true $service_enable = true $service_ensure = 'running' $service_hasrestart = true $service_hasstatus = true $service_name = 'redis' $service_user = 'redis' $ppa_repo = undef $workdir = '/var/lib/redis' $workdir_mode = '0755' case $::operatingsystemmajrelease { '6': { # CentOS 6 EPEL package is just updated to 3.2.10 # https://bugzilla.redhat.com/show_bug.cgi?id=923970 $minimum_version = '3.2.10' $service_group = 'root' } '7': { # CentOS 7 EPEL package is 3.2.3 $minimum_version = '3.2.3' $service_group = 'redis' } default: { fail("Not sure what Redis version is avaliable upstream on your release: ${::operatingsystemmajrelease}") } } } 'FreeBSD': { $config_dir = '/usr/local/etc/redis' $config_dir_mode = '0755' $config_file = '/usr/local/etc/redis.conf' $config_file_mode = '0644' $config_file_orig = '/usr/local/etc/redis.conf.puppet' $config_group = 'wheel' $config_owner = 'redis' $daemonize = true $log_dir_mode = '0755' $package_ensure = 'present' $package_name = 'redis' $pid_file = '/var/run/redis/redis.pid' $sentinel_config_file = '/usr/local/etc/redis-sentinel.conf' $sentinel_config_file_orig = '/usr/local/etc/redis-sentinel.conf.puppet' $sentinel_daemonize = true $sentinel_init_script = undef $sentinel_package_name = 'redis' $sentinel_package_ensure = 'present' $service_manage = true $service_enable = true $service_ensure = 'running' $service_group = 'redis' $service_hasrestart = true $service_hasstatus = true $service_name = 'redis' $service_user = 'redis' $ppa_repo = undef $workdir = '/var/db/redis' $workdir_mode = '0750' # pkg version $minimum_version = '3.2.4' } 'Suse': { $config_dir = '/etc/redis' $config_dir_mode = '0750' $config_file = '/etc/redis/redis-server.conf' $config_file_mode = '0644' $config_group = 'redis' $config_owner = 'redis' $daemonize = true $log_dir_mode = '0750' $package_ensure = 'present' $package_name = 'redis' $pid_file = '/var/run/redis/redis-server.pid' $sentinel_config_file = '/etc/redis/redis-sentinel.conf' $sentinel_config_file_orig = '/etc/redis/redis-sentinel.conf.puppet' $sentinel_daemonize = true $sentinel_init_script = undef $sentinel_package_name = 'redis' $sentinel_package_ensure = 'present' $service_manage = true $service_enable = true $service_ensure = 'running' $service_group = 'redis' $service_hasrestart = true $service_hasstatus = true $service_name = 'redis' $service_user = 'redis' $ppa_repo = undef $workdir = '/var/lib/redis' $workdir_mode = '0750' # suse package version $minimum_version = '3.0.5' } 'Archlinux': { $config_dir = '/etc/redis' $config_dir_mode = '0755' $config_file = '/etc/redis/redis.conf' $config_file_mode = '0644' $config_file_orig = '/etc/redis/redis.conf.puppet' $config_group = 'root' $config_owner = 'root' $daemonize = true $log_dir_mode = '0755' $package_ensure = 'present' $package_name = 'redis' $pid_file = '/var/run/redis.pid' $sentinel_config_file = '/etc/redis/redis-sentinel.conf' $sentinel_config_file_orig = '/etc/redis/redis-sentinel.conf.puppet' $sentinel_daemonize = true $sentinel_init_script = undef $sentinel_package_name = 'redis' $sentinel_package_ensure = 'present' $service_manage = true $service_enable = true $service_ensure = 'running' $service_group = 'redis' $service_hasrestart = true $service_hasstatus = true $service_name = 'redis' $service_user = 'redis' $ppa_repo = undef $workdir = '/var/lib/redis' $workdir_mode = '0750' # pkg version $minimum_version = '3.2.4' } default: { fail "Operating system ${::operatingsystem} is not supported yet." } } } diff --git a/manifests/sentinel.pp b/manifests/sentinel.pp index 14237d1..d9c2bc2 100644 --- a/manifests/sentinel.pp +++ b/manifests/sentinel.pp @@ -1,261 +1,264 @@ # = Class: redis::sentinel # # This class installs redis-sentinel # # == Parameters: # # # [*auth_pass*] # The password to use to authenticate with the master and slaves. # # Default: undef # # [*config_file*] # The location and name of the sentinel config file. # # Default for deb: /etc/redis/redis-sentinel.conf # Default for rpm: /etc/redis-sentinel.conf # # [*config_file_orig*] # The location and name of a config file that provides the source # of the sentinel config file. Two different files are needed # because sentinel itself writes to its own config file and we do # not want override that when puppet is run unless there are # changes from the manifests. # # Default for deb: /etc/redis/redis-sentinel.conf.puppet # Default for rpm: /etc/redis-sentinel.conf.puppet # # [*config_file_mode*] # Permissions of config file. # # Default: 0644 # # [*conf_template*] # Define which template to use. # # Default: redis/redis-sentinel.conf.erb # # [*daemonize*] # Have Redis sentinel run as a daemon. # # Default: true # # [*down_after*] # Number of milliseconds the master (or any attached slave or sentinel) # should be unreachable (as in, not acceptable reply to PING, continuously, # for the specified period) in order to consider it in S_DOWN state. # # Default: 30000 # # [*failover_timeout*] # Specify the failover timeout in milliseconds. # # Default: 180000 # # [*init_script*] # Specifiy the init script that will be created for sentinel. # # Default: undef on rpm, /etc/init.d/redis-sentinel on apt. # # [*log_file*] # Specify where to write log entries. # # Default: /var/log/redis/redis.log # # [*log_level*] # Specify how much we should log. # # Default: notice # # [*master_name*] # Specify the name of the master redis server. # The valid charset is A-z 0-9 and the three characters ".-_". # # Default: mymaster # # [*redis_host*] # Specify the bound host of the master redis server. # # Default: 127.0.0.1 # # [*redis_port*] # Specify the port of the master redis server. # # Default: 6379 # # [*package_name*] # The name of the package that installs sentinel. # # Default: 'redis-server' on apt, 'redis' on rpm # # [*package_ensure*] # Do we ensure this package. # # Default: 'present' # # [*parallel_sync*] # How many slaves can be reconfigured at the same time to use a # new master after a failover. # # Default: 1 # # [*pid_file*] # If sentinel is daemonized it will write its pid at this location. # # Default: /var/run/redis/redis-sentinel.pid # # [*quorum*] # Number of sentinels that must agree that a master is down to # signal sdown state. # # Default: 2 # # [*sentinel_bind*] # Allow optional sentinel server ip binding. Can help overcome # issues arising from protect-mode added Redis 3.2 # # Default: undef # # [*sentinel_port*] # The port of sentinel server. # # Default: 26379 # # [*service_group*] # The group of the config file. # # Default: redis # # [*service_name*] # The name of the service (for puppet to manage). # # Default: redis-sentinel # # [*service_owner*] # The owner of the config file. # # Default: redis # # [*working_dir*] # The directory into which sentinel will change to avoid mount # conflicts. # # Default: /tmp # # [*notification_script*] # Path to the notification script # # Default: undef # # [*client_reconfig_script*] # Path to the client-reconfig script +# [*protected_mode*] +# Whether protected mode is enabled or not. Only applicable when no bind is set. # # Default: undef # == Actions: # - Install and configure Redis Sentinel # # == Sample Usage: # # class { 'redis::sentinel': } # # class {'redis::sentinel': # down_after => 80000, # log_file => '/var/log/redis/sentinel.log', # } # class redis::sentinel ( $auth_pass = $::redis::params::sentinel_auth_pass, $config_file = $::redis::params::sentinel_config_file, $config_file_orig = $::redis::params::sentinel_config_file_orig, $config_file_mode = $::redis::params::sentinel_config_file_mode, $conf_template = $::redis::params::sentinel_conf_template, $daemonize = $::redis::params::sentinel_daemonize, $down_after = $::redis::params::sentinel_down_after, $failover_timeout = $::redis::params::sentinel_failover_timeout, $init_script = $::redis::params::sentinel_init_script, $init_template = $::redis::params::sentinel_init_template, $log_level = $::redis::params::log_level, $log_file = $::redis::params::log_file, $master_name = $::redis::params::sentinel_master_name, $redis_host = $::redis::params::bind, $redis_port = $::redis::params::port, $package_name = $::redis::params::sentinel_package_name, $package_ensure = $::redis::params::sentinel_package_ensure, $parallel_sync = $::redis::params::sentinel_parallel_sync, $pid_file = $::redis::params::sentinel_pid_file, $quorum = $::redis::params::sentinel_quorum, $sentinel_bind = $::redis::params::sentinel_bind, $sentinel_port = $::redis::params::sentinel_port, + $protected_mode = $::redis::params::sentinel_protected_mode, $service_group = $::redis::params::service_group, $service_name = $::redis::params::sentinel_service_name, $service_ensure = $::redis::params::service_ensure, $service_user = $::redis::params::service_user, $working_dir = $::redis::params::sentinel_working_dir, $notification_script = $::redis::params::sentinel_notification_script, $client_reconfig_script = $::redis::params::sentinel_client_reconfig_script, ) inherits redis::params { require ::redis if $::osfamily == 'Debian' { # Debian flavour machines have a dedicated redis-sentinel package # This is default in Xenial or Stretch onwards or PPA/other upstream # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775414 for context if ( (versioncmp($::operatingsystemmajrelease, '16.04') >= 0 and $::operatingsystem == 'Ubuntu') or (versioncmp($::operatingsystemmajrelease, '9') >= 0 and $::operatingsystem == 'Debian') or $::redis::manage_repo ) { package { $package_name: ensure => $package_ensure, } } } file { $config_file_orig: ensure => present, owner => $service_user, group => $service_group, mode => $config_file_mode, content => template($conf_template), require => Package[$package_name]; } exec { "cp -p ${config_file_orig} ${config_file}": path => '/usr/bin:/bin', subscribe => File[$config_file_orig], notify => Service[$service_name], refreshonly => true; } if $init_script { file { $init_script: ensure => present, owner => 'root', group => 'root', mode => '0755', content => template($init_template), require => Package[$package_name]; } exec { '/usr/sbin/update-rc.d redis-sentinel defaults': subscribe => File[$init_script], refreshonly => true; } } service { $service_name: ensure => $service_ensure, enable => $::redis::params::service_enable, hasrestart => $::redis::params::service_hasrestart, hasstatus => $::redis::params::service_hasstatus, } } diff --git a/templates/redis-sentinel.conf.erb b/templates/redis-sentinel.conf.erb index 59e6820..662f8d6 100644 --- a/templates/redis-sentinel.conf.erb +++ b/templates/redis-sentinel.conf.erb @@ -1,24 +1,25 @@ <% if @sentinel_bind -%> bind <%= @sentinel_bind %> <% end -%> port <%= @sentinel_port %> dir <%= @working_dir %> <% if @daemonize -%>daemonize yes<% else -%>daemonize no<% end %> pidfile <%= @pid_file %> +protected-mode <%= @protected_mode %> sentinel monitor <%= @master_name %> <%= @redis_host %> <%= @redis_port %> <%= @quorum %> sentinel down-after-milliseconds <%= @master_name %> <%= @down_after %> sentinel parallel-syncs <%= @master_name %> <%= @parallel_sync %> sentinel failover-timeout <%= @master_name %> <%= @failover_timeout %> <% if @auth_pass -%> sentinel auth-pass <%= @master_name %> <%= @auth_pass %> <% end -%> <% if @notification_script -%> sentinel notification-script <%= @master_name %> <%= @notification_script %> <% end -%> <% if @client_reconfig_script -%> sentinel client-reconfig-script <%= @master_name %> <%= @client_reconfig_script %> <% end -%> loglevel <%= @log_level %> logfile <%= @log_file %>