From 953428679c2679005f718c3cf97e4d4cb4b55ad0 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Wed, 28 Feb 2024 11:00:15 +0100 Subject: [PATCH 1/2] Configurable Redis URL This allows users to run with a remote Redis server. --- manifests/config.pp | 7 +++++++ manifests/database.pp | 2 -- manifests/init.pp | 6 +++++- spec/classes/pulpcore_spec.rb | 12 ++++++++++++ templates/settings.py.erb | 2 +- 5 files changed, 25 insertions(+), 4 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index b499d927..e273780b 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,6 +1,13 @@ # Configures pulp3 # @api private class pulpcore::config { + if $pulpcore::redis_url { + $redis_url = $pulpcore::redis_url + } else { + contain redis + $redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}" + } + file { [$pulpcore::config_dir, $pulpcore::certs_dir]: ensure => directory, owner => 'root', diff --git a/manifests/database.pp b/manifests/database.pp index 6b824224..bd7d2b91 100644 --- a/manifests/database.pp +++ b/manifests/database.pp @@ -39,6 +39,4 @@ refreshonly => false, require => Pulpcore::Admin['migrate --noinput'], } - - contain redis } diff --git a/manifests/init.pp b/manifests/init.pp index 25af6561..74d06bc6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -109,8 +109,11 @@ # @param django_secret_key # SECRET_KEY for Django # +# @param redis_url +# Redis URL use. If not specified, a local server will be installed +# # @param redis_db -# Redis DB number to use. By default, Redis supports a DB number of 0 through 15. +# The default DB to use when redis_url is not specified. By default, Redis supports a DB number of 0 through 15. # # @param servername # Server name of the VirtualHost in the webserver @@ -232,6 +235,7 @@ Optional[Stdlib::Absolutepath] $postgresql_db_ssl_key = undef, Optional[Stdlib::Absolutepath] $postgresql_db_ssl_root_ca = undef, String $django_secret_key = extlib::cache_data('pulpcore_cache_data', 'secret_key', extlib::random_password(50)), + Optional[Redis::RedisUrl] $redis_url = undef, Integer[0] $redis_db = 8, Stdlib::Fqdn $servername = $facts['networking']['fqdn'], Array[Stdlib::Fqdn] $serveraliases = [], diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb index ef58af16..2b260aff 100644 --- a/spec/classes/pulpcore_spec.rb +++ b/spec/classes/pulpcore_spec.rb @@ -659,6 +659,18 @@ end end end + + context 'with external redis' do + let(:params) do + { + redis_url: 'redis://redis.example.com:12345/7', + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_concat__fragment('base').with_content(include('REDIS_URL = "redis://redis.example.com:12345/7"')) } + it { is_expected.not_to contain_class('redis') } + end end end end diff --git a/templates/settings.py.erb b/templates/settings.py.erb index 145dd942..86bea9e8 100644 --- a/templates/settings.py.erb +++ b/templates/settings.py.erb @@ -37,7 +37,7 @@ DATABASES = { <% end -%> }, } -REDIS_URL = "redis://localhost:<%= scope['redis::port'] %>/<%= scope['pulpcore::redis_db'] %>" +REDIS_URL = "<%= @redis_url %>" <% if scope['pulpcore::worker_ttl'] -%> WORKER_TTL = <%= scope['pulpcore::worker_ttl'] %> From 73d945f2d157feb62c0a0dc2a237278b62ab773a Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Tue, 13 Jul 2021 14:26:55 +0200 Subject: [PATCH 2/2] Prefer the Redis unix socket if available Unix sockets typically have lower overhead and also allows setting stricter permissions. While iptables can be used to limit access using users, file permissions are much easier to manage. --- manifests/config.pp | 9 ++++++++- spec/classes/pulpcore_spec.rb | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index e273780b..d390dfbd 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -5,7 +5,14 @@ $redis_url = $pulpcore::redis_url } else { contain redis - $redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}" + if $redis::unixsocket != '' { + $redis_url = "redis+unix://${redis::unixsocket}?db=${pulpcore::redis_db}" + } elsif $redis::port != 0 { + # TODO: this assumes $redis::bind at least has localhost in it + $redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}" + } else { + fail('Unable to determine Redis URL') + } } file { [$pulpcore::config_dir, $pulpcore::certs_dir]: diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb index 2b260aff..6d2882b7 100644 --- a/spec/classes/pulpcore_spec.rb +++ b/spec/classes/pulpcore_spec.rb @@ -23,7 +23,7 @@ .with_content(%r{ALLOWED_EXPORT_PATHS = \[\]}) .with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]}) .with_content(%r{ALLOWED_CONTENT_CHECKSUMS = \["sha224", "sha256", "sha384", "sha512"\]}) - .with_content(%r{REDIS_URL = "redis://localhost:6379/8"}) + .with_content(%r{REDIS_URL = "redis\+unix:///var/run/redis/redis\.sock\?db=8"}) .with_content(%r{CACHE_ENABLED = False}) .with_content(%r{# ANALYTICS = False}) .without_content(%r{sslmode})