debops.redis_sentinel default variables
Sections
APT packages, Redis Sentinel version
- redis_sentinel__base_packages
List of the default APT packages to install for Redis Sentinel support.
redis_sentinel__base_packages: [ 'redis-sentinel', 'redis-tools' ]
- redis_sentinel__packages
List of additional APT packages to install with Redis Sentinel.
redis_sentinel__packages: []
- redis_sentinel__version
The version of the installed Redis Sentinel. It will be detected via Ansible local facts, installed by the role.
redis_sentinel__version: '{{ ansible_local.redis_sentinel.version|d("0.0.0") }}'
UNIX environment
- redis_sentinel__user
Name of the UNIX system account which is used to run Redis Sentinel service.
redis_sentinel__user: 'redis'
- redis_sentinel__group
Name of the UNIX system group which is used to run Redis Sentinel service.
redis_sentinel__group: 'redis'
- redis_sentinel__auth_group
Name of the UNIX system group which has read-only access to the Redis configuration and can be used to retrieve the authentication password by running the redis-password script.
redis_sentinel__auth_group: 'redis-auth'
Domain, password authentication
- redis_sentinel__domain
The DNS domain used in the role to configure Redis and Sentinel parameters, primarly to retrieve the shared password.
redis_sentinel__domain: '{{ ansible_domain }}'
- redis_sentinel__auth_password
The password used for authentication in Redis. The same password is used on all nodes in the Redis/Sentinel cluster to simplify authentication.
redis_sentinel__auth_password: '{{ ansible_local.redis_sentinel.password
if (ansible_local.redis_sentinel.password|d())
else (lookup("password", secret +
"/redis/clusters/" + redis_sentinel__domain +
"/password length=" + redis_sentinel__password_length +
" chars=ascii_letters,digits,-_.")) }}'
- redis_sentinel__password_length
Length of the generated random passwords. Redis documentation suggests to use long passwords due to speed of the engine making it easy to test short passwords. See: https://redis.io/topics/security
redis_sentinel__password_length: '256'
- redis_sentinel__no_log
Enable or disable logging of the Ansible tasks that may contain passwords.
redis_sentinel__no_log: '{{ secret__no_log | d(True) }}'
Network configuration
- redis_sentinel__bind
A string or a list of IP addresses on which Redis Sentinel instances should listen for connections. It can be overridden per instance, see redis_sentinel__instances for more details.
By default Redis Sentinel instances will listen only on the loopback network
interface. To listen for IPv4 and IPv6 connections you can set this variable
to [ '0.0.0.0', '::' ]
. Ensure that the firewall access is configured
properly to avoid security issues.
redis_sentinel__bind: 'localhost'
- redis_sentinel__allow
List of IP addresses or CIDR subnets which are allowed to connect to the
Redis Sentinel instances over the network, on all hosts in the Ansible
inventory. This variable configures the firewall for all instances at the
same time, for individual instance configuration you should modify the
redis_sentinel__ferm__dependent_rules
variable directly.
redis_sentinel__allow: []
- redis_sentinel__group_allow
List of IP addresses or CIDR subnets which are allowed to connect to the
Redis Sentinel instances over the network, on hosts in the specific Ansible
inventory group. This variable configures the firewall for all instances at
the same time, for individual instance configuration you should modify the
redis_sentinel__ferm__dependent_rules
variable directly.
redis_sentinel__group_allow: []
- redis_sentinel__host_allow
List of IP addresses or CIDR subnets which are allowed to connect to the
Redis Sentinel instances over the network, on specific hosts in the Ansible
inventory. This variable configures the firewall for all instances at the
same time, for individual instance configuration you should modify the
redis_sentinel__ferm__dependent_rules
variable directly.
redis_sentinel__host_allow: []
Redis Sentinel base options
- redis_sentinel__default_base_options
The default set of configuration options, applied to all Redis Sentinel instances. See redis_sentinel__configuration for more details.
redis_sentinel__default_base_options:
- name: 'syslog-enabled'
value: True
- name: 'syslog-facility'
value: 'local0'
- name: 'loglevel'
value: 'notice'
- name: 'daemonize'
value: True
- redis_sentinel__base_options
An additional set of configuration options, applied to all Redis Sentinel instances. See redis_sentinel__configuration for more details.
redis_sentinel__base_options: []
Redis Sentinel instances
These variables define what Redis Sentinel instances are present on the host. See redis_sentinel__instances for more details.
- redis_sentinel__default_instances
The list of the Redis Sentinel instances defined by default by the role.
redis_sentinel__default_instances:
- name: 'main'
port: '26379'
pidfile: '/var/run/sentinel/redis-sentinel.pid'
unixsocket: '/var/run/sentinel/redis-sentinel.sock'
systemd_override: |
[Service]
PIDFile=/var/run/sentinel/redis-sentinel.pid
RuntimeDirectory=sentinel
ReadWriteDirectories=-/var/run/sentinel
state: 'present'
- redis_sentinel__instances
List of the Redis Sentinel instances defined on all hosts in the Ansible inventory.
redis_sentinel__instances: []
- redis_sentinel__group_instances
List of the Redis Sentinel instances defined on hosts in a specific Ansible inventory group.
redis_sentinel__group_instances: []
- redis_sentinel__host_instances
List of the Redis Sentinel instances defined on specific hosts in the Ansible inventory.
redis_sentinel__host_instances: []
- redis_sentinel__combined_instances
Variable which combines all of the defined Redis Sentinel instance lists and is used in the role tasks and templates.
redis_sentinel__combined_instances: '{{ redis_sentinel__default_instances
+ redis_sentinel__instances
+ redis_sentinel__group_instances
+ redis_sentinel__host_instances }}'
Redis Sentinel monitors
These variables define the monitoring configuration for Redis Sentinel instances. By default each configured monitor will be defined in all Sentinel instances, but this can be restricted to a specific instance. See redis_sentinel__monitors for more details.
- redis_sentinel__default_monitors
List of the default Redis Sentinel monitors defined by the role.
redis_sentinel__default_monitors:
- name: 'redis-ha'
host: 'localhost'
port: '6379'
quorum: '2'
- redis_sentinel__monitors
List of the Redis Sentinel monitors defined on all hosts in the Ansible inventory.
redis_sentinel__monitors: []
- redis_sentinel__group_monitors
List of the Redis Sentinel monitors defined on hosts in a specific Ansible inventory group.
redis_sentinel__group_monitors: []
- redis_sentinel__host_monitors
List of the Redis Sentinel monitors defined on specific hosts in the Ansible inventory.
redis_sentinel__host_monitors: []
- redis_sentinel__combined_monitors
The variable that combines all of the Redis Sentinel monitor lists and is used in the role tasks and templates.
redis_sentinel__combined_monitors: '{{ redis_sentinel__default_monitors
+ redis_sentinel__monitors
+ redis_sentinel__group_monitors
+ redis_sentinel__host_monitors }}'
Redis Sentinel configuration options
These variables define the configuration used by the debops.redis_sentinel Ansible role to manage the Redis Sentinel instances. See redis_sentinel__configuration for more details.
- redis_sentinel__default_configuration
The default Redis Sentinel configuration, generated automatically, based on the defined Redis Sentinel instances.
redis_sentinel__default_configuration: '{{ lookup("template", "lookup/redis_sentinel__filtered_instances.j2")
| from_yaml }}'
- redis_sentinel__configuration
The Redis Sentinel configuration options defined for all hosts in the Ansible inventory.
redis_sentinel__configuration: []
- redis_sentinel__group_configuration
The Redis Sentinel configuration options defined for hosts in a specific Ansible inventory group.
redis_sentinel__group_configuration: []
- redis_sentinel__host_configuration
The Redis Sentinel configuration options defined for specific hosts in the Ansible inventory.
redis_sentinel__host_configuration: []
- redis_sentinel__combined_configuration
The variable which combines lists with Redis Sentinel configuration options and is used in the role tasks and templates.
redis_sentinel__combined_configuration: '{{ redis_sentinel__default_configuration
+ redis_sentinel__configuration
+ redis_sentinel__group_configuration
+ redis_sentinel__host_configuration }}'
Configuration for other Ansible roles
- redis_sentinel__apt_preferences__dependent_list
Configuration for the debops.apt_preferences Ansible role.
redis_sentinel__apt_preferences__dependent_list:
- packages: [ 'redis', 'redis-*' ]
backports: [ 'stretch' ]
by_role: 'debops.redis_sentinel'
reason: 'Support for multiple Redis instances, compatibility with newer Debian releases'
- redis_sentinel__etc_services__dependent_list
Configuration for the debops.etc_services Ansible role.
redis_sentinel__etc_services__dependent_list:
- name: 'redis-sentinel'
port: '26379'
comment: 'Redis Sentinel'
- redis_sentinel__python__dependent_packages3
Configuration for the debops.python Ansible role.
redis_sentinel__python__dependent_packages3:
- 'python3-redis'
- redis_sentinel__python__dependent_packages2
Configuration for the debops.python Ansible role.
redis_sentinel__python__dependent_packages2:
- 'python-redis'
- redis_sentinel__ferm__dependent_rules
Configuration for the debops.ferm Ansible role.
redis_sentinel__ferm__dependent_rules:
- name: 'redis_sentinel'
type: 'accept'
dport: '{{ redis_sentinel__env_ports }}'
saddr: '{{ redis_sentinel__allow + redis_sentinel__group_allow + redis_sentinel__host_allow }}'
weight: '40'
accept_any: False
multiport: True
by_role: 'debops.redis_sentinel'