From a50d7d95bfceff64978b1c4e1856bf4ecec95bcd Mon Sep 17 00:00:00 2001 From: "Tuan T. Pham" Date: Wed, 1 May 2019 22:04:22 -0400 Subject: [PATCH 1/2] Add protected-mode option to template config files defaults/main.yml: * Add redis_protected_mode for redis server config * Add redis_sentinel_protected_mode for redis sentinel config templates/redis.conf.j2: * Add redis_protected_mode variable for redis server config template templates/redis_sentinel.conf.j2: * Add redis_sentinel_protected_mode variable for redis sentinel server config template Signed-off-by: Tuan T. Pham --- defaults/main.yml | 3 +++ templates/redis.conf.j2 | 1 + templates/redis_sentinel.conf.j2 | 1 + 3 files changed, 5 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 42f6c479..495cf08e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,6 +4,8 @@ redis_version: 2.8.24 redis_install_dir: /opt/redis redis_dir: /var/lib/redis/{{ redis_port }} redis_download_url: "http://download.redis.io/releases/redis-{{ redis_version }}.tar.gz" + +redis_protected_mode: yes # Set this to true to validate redis tarball checksum against vars/main.yml redis_verify_checksum: false # Set this value to a local path of a tarball to use for installation instead of downloading @@ -106,6 +108,7 @@ redis_client_output_buffer_limit_pubsub: 32mb 8mb 60 ## Redis sentinel configs # Set this to true on a host to configure it as a Sentinel redis_sentinel: false +redis_sentinel_protected_mode: yes redis_sentinel_dir: /var/lib/redis/sentinel_{{ redis_sentinel_port }} redis_sentinel_bind: 0.0.0.0 redis_sentinel_port: 26379 diff --git a/templates/redis.conf.j2 b/templates/redis.conf.j2 index 153b2557..05077c61 100644 --- a/templates/redis.conf.j2 +++ b/templates/redis.conf.j2 @@ -2,6 +2,7 @@ # General daemonize {{ redis_daemonize }} +protected-mode {{ redis_protected_mode }} pidfile {{ redis_pidfile }} dir {{ redis_dir }} port {{ redis_port }} diff --git a/templates/redis_sentinel.conf.j2 b/templates/redis_sentinel.conf.j2 index 624e5b1f..a4b237b0 100644 --- a/templates/redis_sentinel.conf.j2 +++ b/templates/redis_sentinel.conf.j2 @@ -2,6 +2,7 @@ # sentinel_{{ redis_sentinel_port }}.conf daemonize {{ redis_daemonize }} +protected-mode {{ redis_sentinel_protected_mode }} dir {{ redis_sentinel_dir }} pidfile {{ redis_sentinel_pidfile }} port {{ redis_sentinel_port }} From ab70c153f1cbaeee267bdd28416ff718c95bdd35 Mon Sep 17 00:00:00 2001 From: "Tuan T. Pham" Date: Mon, 22 Jun 2020 16:23:58 -0400 Subject: [PATCH 2/2] Update default setting to string defaults/main.yml: * Coerce value to string with double quote. Otherwise, .conf.j2 will write True CC: @rromanchuck Signed-off-by: Tuan T. Pham --- defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 495cf08e..f5e482a1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,7 +5,7 @@ redis_install_dir: /opt/redis redis_dir: /var/lib/redis/{{ redis_port }} redis_download_url: "http://download.redis.io/releases/redis-{{ redis_version }}.tar.gz" -redis_protected_mode: yes +redis_protected_mode: "yes" # Set this to true to validate redis tarball checksum against vars/main.yml redis_verify_checksum: false # Set this value to a local path of a tarball to use for installation instead of downloading @@ -108,7 +108,7 @@ redis_client_output_buffer_limit_pubsub: 32mb 8mb 60 ## Redis sentinel configs # Set this to true on a host to configure it as a Sentinel redis_sentinel: false -redis_sentinel_protected_mode: yes +redis_sentinel_protected_mode: "yes" redis_sentinel_dir: /var/lib/redis/sentinel_{{ redis_sentinel_port }} redis_sentinel_bind: 0.0.0.0 redis_sentinel_port: 26379