Skip to content

Commit

Permalink
Prefer the Redis unix socket if available
Browse files Browse the repository at this point in the history
Unix sockets typically have lower overhead and also allows setting
stricter permissions. While iptables can be used to limit access using
users, file permissions are much easier to manage.
  • Loading branch information
ekohl committed Feb 28, 2024
1 parent eb8c67c commit 27dbee0
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
9 changes: 8 additions & 1 deletion manifests/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,14 @@
$redis_url = $pulpcore::redis_url
} else {
contain redis
$redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}"
if $redis::unixsocket != '' {
$redis_url = "redis+unix://${redis::unixsocket}?db=${pulpcore::redis_db}"
} elsif $redis::port != 0 {
# TODO: this assumes $redis::bind at least has localhost in it
$redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}"
} else {
fail('Unable to determine Redis URL')
}
}

file { [$pulpcore::config_dir, $pulpcore::certs_dir]:
Expand Down
2 changes: 0 additions & 2 deletions manifests/database.pp
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,4 @@
refreshonly => false,
require => Pulpcore::Admin['migrate --noinput'],
}

contain redis
}
2 changes: 1 addition & 1 deletion spec/classes/pulpcore_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
.with_content(%r{ALLOWED_EXPORT_PATHS = \[\]})
.with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]})
.with_content(%r{ALLOWED_CONTENT_CHECKSUMS = \["sha224", "sha256", "sha384", "sha512"\]})
.with_content(%r{REDIS_URL = "redis://localhost:6379/8"})
.with_content(%r{REDIS_URL = "redis\+unix:///var/run/redis/redis\.sock\?db=8"})
.with_content(%r{CACHE_ENABLED = False})
.with_content(%r{# ANALYTICS = False})
.without_content(%r{sslmode})
Expand Down

0 comments on commit 27dbee0

Please sign in to comment.