Add redis role with sample inventory

This commit adds the redis role complete of a full inventory usable
inside the sample lab.

Author: rascasoft

inventory/lab/group_vars/redis.yaml

@@ -0,0 +1,53 @@
+---
+
+redis_instances:
+  - name: 'master'
+    state: 'started'
+    enabled: true
+    user: 'redis'
+    group: 'redis'
+    config_path: '/etc'
+    config_file: 'redis_master.conf'
+    bind: '0.0.0.0'
+    port: '6379'
+    loglevel: 'warning'
+    logfile: '/var/log/redis/redis_master.log'
+    tcp_keepalive: '300'
+    tcp_backlog: '65536'
+    pidfile: '/var/run/redis_master_6379.pid'
+    working_dir: '/var/lib/redis_master'
+    maxmemory_policy: 'noeviction'
+    cluster_enabled: 'yes'
+    exporter_enabled: false
+  - name: 'slave'
+    state: 'started'
+    enabled: true
+    user: 'redis'
+    group: 'redis'
+    config_path: '/etc'
+    config_file: 'redis_slave.conf'
+    bind: '0.0.0.0'
+    port: '6380'
+    loglevel: 'warning'
+    logfile: '/var/log/redis/redis_slave.log'
+    tcp_keepalive: '300'
+    tcp_backlog: '65536'
+    pidfile: '/var/run/redis_slave_6380.pid'
+    working_dir: '/var/lib/redis_slave'
+    maxmemory_policy: 'noeviction'
+    cluster_enabled: 'yes'
+    exporter_enabled: false
+
+# Note: Redis do not support hostnames, use IPs
+redis_clusters:
+  - name: redis_cluster
+    nodes:
+      - master: 192.168.122.50:6379
+        slaves:
+          - 192.168.122.51:6380
+      - master: 192.168.122.51:6379
+        slaves:
+          - 192.168.122.52:6380
+      - master: 192.168.122.52:6379
+        slaves:
+          - 192.168.122.50:6380

inventory/lab/hosts

@@ -21,3 +21,8 @@ graylog-3
 kubernetes-1 k8s_role=master run_non_infra_pods=true
 kubernetes-2 k8s_role=worker
 kubernetes-3 k8s_role=worker
+
+[redis]
+redis-1
+redis-2
+redis-3

redis.yml

@@ -0,0 +1,6 @@
+---
+- hosts: redis
+  become: true
+  tasks:
+    - import_role:
+        name: redis

roles/redis/defaults/main.yaml

@@ -0,0 +1,45 @@
+---
+
+redis_server_bin: '/bin/redis-server'
+redis_cli_bin: '/bin/redis-cli'
+
+redis_exporter_enable: true
+redis_exporter_bin: '/bin/redis_exporter'
+redis_exporter_version: 'v1.9.0'
+redis_exporter_arch: 'linux-amd64'
+redis_exporter_download_url: "https://github.com/oliver006/redis_exporter/releases/download/{{ redis_exporter_version }}/redis_exporter-{{ redis_exporter_version }}.{{ redis_exporter_arch }}.tar.gz"
+
+redis_instances:
+  - name: 'default'
+    state: 'started'
+    enabled: true
+    user: 'redis'
+    group: 'redis'
+    config_path: '/etc'
+    config_file: 'redis.conf'
+    bind: '0.0.0.0'
+    port: '6379'
+    loglevel: 'warning'
+    logfile: '/var/log/redis/redis.log'
+    tcp_keepalive: '300'
+    tcp_backlog: '65536'
+    pidfile: '/var/run/redis_6379.pid'
+    working_dir: '/var/lib/redis'
+    maxmemory_policy: 'noeviction'
+    cluster_enabled: 'no'
+    exporter_enabled: false
+
+redis_RedHat_package: 'redis'
+redis_RedHat_remi_package: 'http://rpms.remirepo.net/enterprise/remi-release-7.rpm'
+redis_Debian_package: 'redis-server'
+
+system_sysctls:
+  vm.overcommit_memory: 1
+  vm.swappiness: 0
+
+system_systemd_onetime_services:
+  - name: 'disable-thp'
+    description: 'Disable Transparent Huge Pages (THP)'
+    command: "/bin/sh -c \"echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag\""
+    before_services:
+      - "redis_default"

roles/redis/handlers/main.yaml

@@ -0,0 +1,11 @@
+---
+
+- name: restart redis instance
+  systemd:
+    name: redis_{{ redis_instance_restart }}.service
+    state: restarted
+
+- name: restart redis exporter instance
+  systemd:
+    name: redis_{{ redis_exporter_instance_restart }}.service
+    state: restarted

roles/redis/meta/main.yml

@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - common_handlers
+  - system

roles/redis/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+
+- include: redis_packages.yml
+
+- name: Deploy Redis instances configurations
+  include: redis_configs.yml
+  with_items:
+    - "{{ redis_instances }}"
+  loop_control:
+    loop_var: redis_instance
+
+- name: Ensure Redis instances are started and enabled
+  include: redis_services.yml
+  with_items:
+    - "{{ redis_instances }}"
+  loop_control:
+    loop_var: redis_instance
+
+- name: Check and configure clusters
+  include: redis_clusters.yml
+  with_items:
+    - "{{ redis_clusters }}"
+  loop_control:
+    loop_var: redis_cluster

roles/redis/tasks/redis_clusters.yml

@@ -0,0 +1,27 @@
+---
+
+- block:
+    - name: "Get Redis cluster status"
+      command: "redis-cli --cluster check {{ redis_cluster.nodes[0].master }}"
+      failed_when: false
+      changed_when: false
+      register: redis_cluster_status
+
+    - block:
+        - name: "Create Redis cluster, if needed"
+          shell: |
+            echo yes |
+            redis-cli --cluster create \
+            {% for node in redis_cluster.nodes %}{{ node.master }}{% if not loop.last %} {% endif %}{% endfor %}
+
+        - name: "Add Redis slave nodes"
+          shell: |
+            MASTER_ID=$(redis-cli cluster nodes | grep {{ item.master }} | cut -f 1 -d " ")
+            {% for slave in item.slaves %}
+            echo yes | redis-cli --cluster add-node {{ slave }} {{ item.master }} --cluster-slave --cluster-master-id $MASTER_ID
+            {% endfor %}
+          with_items:
+            - "{{ redis_cluster.nodes }}"
+      when:
+        - redis_cluster_status.rc != 0
+  run_once: true

roles/redis/tasks/redis_configs.yml

@@ -0,0 +1,72 @@
+---
+
+- name: "Check if firewalld is active"
+  systemd:
+    name: firewalld
+  register: firewalld_status
+  changed_when: false
+  failed_when: false
+
+- name: "Enable Redis instance {{ redis_instance.name }} port "
+  firewalld:
+   port: "{{ redis_instance.port }}/tcp"
+   state: enabled
+   permanent: yes
+   immediate: yes
+  when:
+    - firewalld_status.status.ActiveState == 'active'
+
+- name: "Create Redis config path for instance {{ redis_instance.name }}"
+  file:
+    path: "{{ redis_instance.config_path }}"
+    state: directory
+    owner: 'root'
+    group: 'root'
+
+- name: "Create Redis working directory for instance {{ redis_instance.name }}"
+  file:
+    path: "{{ redis_instance.working_dir }}"
+    state: directory
+    owner: "{{ redis_instance.user }}"
+    group: "{{ redis_instance.group }}"
+
+- name: Set instance to restart fact, if needed
+  set_fact:
+    redis_instance_restart: "{{ redis_instance.name }}"
+
+- name: "Deploy Redis configuration for instance {{ redis_instance.name }}"
+  template:
+    src: redis.conf.j2
+    dest: "{{ redis_instance.config_path }}/{{ redis_instance.config_file }}"
+    owner: 'root'
+    group: 'root'
+    mode: 0644
+  notify:
+    - restart redis instance
+
+- name: "Deploy Redis systemd unit file for instance {{ redis_instance.name }}"
+  template:
+    src: redis.service.j2
+    dest: "/etc/systemd/system/redis_{{ redis_instance.name }}.service"
+    owner: 'root'
+    group: 'root'
+    mode: 0644
+  notify:
+    - reload systemd configuration
+    - restart redis instance
+
+- name: Set exporter instance to restart fact, if needed
+  set_fact:
+    redis_exporter_instance_restart: "{{ redis_instance.name }}"
+
+- name: "Deploy Redis exporter systemd file for instance {{ redis_instance.name }}"
+  template:
+    src: redis_exporter.service.j2
+    dest: "/etc/systemd/system/redis_{{ redis_instance.name }}_exporter.service"
+    owner: 'root'
+    group: 'root'
+    mode: 0644
+  notify:
+    - reload systemd configuration
+  when:
+    - redis_instance.exporter_enabled | bool

roles/redis/tasks/redis_packages.yml

@@ -0,0 +1,73 @@
+---
+
+- block:
+    - name: Adding EPEL yum repository
+      package:
+        name:
+          - epel-release
+          - yum-utils
+          - "{{ redis_RedHat_remi_package }}"
+
+    - name: Check if remi repository is enabled
+      shell: |
+        set -o pipefail
+        yum clean expire-cache
+        yum repolist enabled | grep ^remi
+      register: remi_repository_is_enabled
+      changed_when: false
+      failed_when: false
+
+    - name: Enable remi repository
+      command: 'yum-config-manager --enable remi'
+      when:
+        - remi_repository_is_enabled.rc != 0
+  when:
+    - ansible_os_family == "RedHat"
+
+- name: Ensure Redis is installed
+  package:
+    name:
+      - "{{ lookup('vars', 'redis_' + ansible_os_family + '_package') }}"
+    state: "present"
+
+- block:
+    - name: "Check for {{ redis_exporter_bin }} existence under /usr/local/bin/redis_exporter-{{ redis_exporter_version }}.{{ redis_exporter_arch }}"
+      stat:
+        path: "/usr/local/bin/redis_exporter-{{ redis_exporter_version }}.{{ redis_exporter_arch }}/redis_exporter"
+      register: redis_exporter_bin_stat
+
+    - name: "Check for {{ redis_exporter_bin }} link existence"
+      stat:
+        path: "{{ redis_exporter_bin }}"
+      register: redis_exporter_link_stat
+
+    - block:
+        - name: Download redis_exporter package
+          get_url:
+            url: "{{ redis_exporter_download_url }}"
+            dest: "/tmp/redis_exporter-{{ redis_exporter_version }}.{{ redis_exporter_arch }}.tar.gz"
+
+        - name: Unarchive redis_exporter binary from downloaded package
+          unarchive:
+            src: "/tmp/redis_exporter-{{ redis_exporter_version }}.{{ redis_exporter_arch }}.tar.gz"
+            dest: "/usr/local/bin"
+            remote_src: yes
+
+        - name: Remove redise_exporter downloaded archive
+          file:
+            path: "/tmp/redis_exporter-{{ redis_exporter_version }}.{{ redis_exporter_arch }}.tar.gz"
+            state: absent
+
+        - name: "Create redis_exporter executable into {{ redis_exporter_bin }}"
+          file:
+           src: "/usr/local/bin/redis_exporter-{{ redis_exporter_version }}.{{ redis_exporter_arch }}/redis_exporter"
+           dest: "{{ redis_exporter_bin }}"
+           force: yes
+           state: link
+      when:
+        - redis_exporter_bin_stat.stat.executable is not defined or
+          not redis_exporter_bin_stat.stat.executable | bool or
+          redis_exporter_link_stat.stat.islnk is not defined or
+          not redis_exporter_link_stat.stat.islnk | bool
+  when:
+    redis_exporter_enable | bool

roles/redis/tasks/redis_services.yml

@@ -0,0 +1,21 @@
+---
+
+- name: "Check Redis service - {{ redis_instance.name }} instance"
+  service:
+    name: "redis_{{ redis_instance.name }}"
+    state: "{{ redis_instance.state }}"
+    enabled: "{{ redis_instance.enabled }}"
+
+- name: "Check Redis exporter service - {{ redis_instance.name }} instance"
+  service:
+    name: "redis_{{ redis_instance.name }}_exporter.service"
+    state: "{{ redis_instance.exporter_state }}"
+    enabled: "{{ redis_instance.exporter_enabled }}"
+  when:
+    - redis_instance.exporter_enabled | bool
+
+- name: "Check if Redis {{ redis_instance.bind }}:{{ redis_instance.port }} instance {{ redis_instance.name }} is reachable"
+  wait_for:
+    host: "{{ redis_instance.bind }}"
+    port: "{{ redis_instance.port }}"
+    state: started