From 73d945f2d157feb62c0a0dc2a237278b62ab773a Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Tue, 13 Jul 2021 14:26:55 +0200 Subject: [PATCH] Prefer the Redis unix socket if available Unix sockets typically have lower overhead and also allows setting stricter permissions. While iptables can be used to limit access using users, file permissions are much easier to manage. --- manifests/config.pp | 9 ++++++++- spec/classes/pulpcore_spec.rb | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index e273780..d390dfb 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -5,7 +5,14 @@ $redis_url = $pulpcore::redis_url } else { contain redis - $redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}" + if $redis::unixsocket != '' { + $redis_url = "redis+unix://${redis::unixsocket}?db=${pulpcore::redis_db}" + } elsif $redis::port != 0 { + # TODO: this assumes $redis::bind at least has localhost in it + $redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}" + } else { + fail('Unable to determine Redis URL') + } } file { [$pulpcore::config_dir, $pulpcore::certs_dir]: diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb index 2b260af..6d2882b 100644 --- a/spec/classes/pulpcore_spec.rb +++ b/spec/classes/pulpcore_spec.rb @@ -23,7 +23,7 @@ .with_content(%r{ALLOWED_EXPORT_PATHS = \[\]}) .with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]}) .with_content(%r{ALLOWED_CONTENT_CHECKSUMS = \["sha224", "sha256", "sha384", "sha512"\]}) - .with_content(%r{REDIS_URL = "redis://localhost:6379/8"}) + .with_content(%r{REDIS_URL = "redis\+unix:///var/run/redis/redis\.sock\?db=8"}) .with_content(%r{CACHE_ENABLED = False}) .with_content(%r{# ANALYTICS = False}) .without_content(%r{sslmode})