Add hifis.redis role

Signed-off-by: Norman Ziegner <[email protected]>
hifis-net · May 22, 2024 · 4413a0e · 4413a0e
1 parent b861b12
commit 4413a0e
Show file tree

Hide file tree

Showing 17 changed files with 1,164 additions and 1 deletion.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -28,6 +28,12 @@ netplan:
           - "roles/netplan/**"
           - "molecule/netplan/**"
           - ".github/workflows/netplan.yml"
+redis:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "roles/redis/**"
+          - "molecule/redis/**"
+          - ".github/workflows/redis.yml"
 ssh_keys:
   - changed-files:
       - any-glob-to-any-file:

diff --git a/.github/workflows/redis.yml b/.github/workflows/redis.yml
@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: "hifis.toolkit.redis"
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/redis.yml'
+      - 'roles/redis/**'
+      - 'molecule/redis/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v*.*.*"
+    paths:
+      - '.github/workflows/redis.yml'
+      - 'roles/redis/**'
+      - 'molecule/redis/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  schedule:
+    - cron: "0 0 * * *"
+env:
+  PY_COLORS: 1
+  ANSIBLE_FORCE_COLOR: 1
+
+jobs:
+
+  test:
+    name: "Run Molecule tests."
+    runs-on: "ubuntu-24.04"
+    env:
+      PY_COLORS: 1
+      ANSIBLE_FORCE_COLOR: 1
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - "ghcr.io/hifis-net/ubuntu-systemd:20.04"
+          - "ghcr.io/hifis-net/ubuntu-systemd:22.04"
+
+    steps:
+      - name: "Check out the codebase."
+        uses: "actions/checkout@v4"
+        with:
+          path: "ansible_collections/hifis/toolkit"
+
+      - name: "Prepare the job environment."
+        uses: "./ansible_collections/hifis/toolkit/.github/workflows/prepare-action"
+
+      # https://github.com/ansible/molecule/issues/3806
+      - name: "Help molecule to find the dependencies"
+        run: |
+          mkdir -p /home/runner/.ansible
+          ln -s /home/runner/work/ansible-collection-toolkit/ansible-collection-toolkit/ansible_collections/hifis/toolkit/roles \
+            /home/runner/.ansible/roles
+
+      - name: "Run Molecule tests."
+        run: "pipenv run molecule test -s redis"
+        env:
+          MOLECULE_IMAGE: "${{ matrix.image }}"
+        working-directory: "ansible_collections/hifis/toolkit"
diff --git a/README.md b/README.md
@@ -25,7 +25,7 @@ software engineers, but not exclusively. The following use cases are supported:
 * DevOps platform:
     * [GitLab](https://github.com/hifis-net/ansible-role-gitlab) (**coming soon!**)
     * deploy [**GitLab-Runner**](roles/gitlab_runner) with a focus, but not limited, on Openstack autoscaling
-    * [Redis](https://github.com/hifis-net/ansible-role-redis) (**coming soon!**)
+    * [**Redis**](role/redis)
 * Help desk:
     * [**Zammad**](roles/zammad)
 * High Availability (HA) / Load Balancing:

diff --git a/molecule/redis/converge.yml b/molecule/redis/converge.yml
@@ -0,0 +1,14 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Converge"
+  hosts: "all"
+  tasks:
+    - name: "Include redis_role"
+      ansible.builtin.include_role:
+        name: "hifis.toolkit.redis"
+
+...
diff --git a/molecule/redis/molecule.yml b/molecule/redis/molecule.yml
@@ -0,0 +1,48 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+dependency:
+  name: "galaxy"
+driver:
+  name: "podman"
+platforms:
+  - name: "instance_redis"
+    image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:22.04}"
+    pre_build_image: true
+    privileged: true
+    systemd: "always"
+    tty: true
+    override_command: false
+provisioner:
+  name: "ansible"
+  config_options:
+    defaults:
+      stdout_callback: "yaml"
+  playbooks:
+    prepare: "prepare.yml"
+    converge: "converge.yml"
+  inventory:
+    hosts:
+      all:
+        vars:
+          redis_sentinel_password: "123456"
+verifier:
+  name: "ansible"
+scenario:
+  name: "redis"
+  test_sequence:
+    - "destroy"
+    - "syntax"
+    - "create"
+    - "prepare"
+    - "check"
+    - "converge"
+    - "idempotence"
+    - "check"
+    - "verify"
+    - "destroy"
+
+...
diff --git a/molecule/redis/prepare.yml b/molecule/redis/prepare.yml
@@ -0,0 +1,21 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Prepare"
+  hosts: "all"
+  tasks:
+    - name: "Install dependencies"
+      ansible.builtin.apt:
+        name:
+          - "ca-certificates"   # for Redis download
+          - "iproute2"          # for gathering network facts
+          - "net-tools"         # for gathering listening ports
+          - "python3-redis"     # required by community.general.redis
+          - "sudo"              # for `become` privilege escalation
+        update_cache: true
+        state: "present"
+
+...
diff --git a/molecule/redis/verify.yml b/molecule/redis/verify.yml
@@ -0,0 +1,53 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Verify"
+  hosts: "all"
+  vars:
+    redis_server_service_name: "redis-server"
+    redis_sentinel_service_name: "redis-sentinel"
+    redis_server_port: 6379
+    redis_sentinel_port: 26379
+    redis_ports:
+      - "{{ redis_server_port }}"
+      - "{{ redis_sentinel_port }}"
+    redis_password: "changeme"
+  tasks:
+    - name: "Populate service facts"
+      ansible.builtin.service_facts:
+      register: "services_state"
+
+    - name: "Check that Redis is running on instance"
+      ansible.builtin.assert:
+        that:
+          - "services_state.ansible_facts.services[redis_server_service_name + '.service'].state is search('running')"
+          - "services_state.ansible_facts.services[redis_sentinel_service_name + '.service'].state is search('running')"
+
+    - name: "Gather facts on listening ports."
+      community.general.listen_ports_facts:
+
+    - name: "Check if Redis is listening on TCP ports"
+      vars:
+        tcp_listen: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', redis_ports) | list }}"
+      ansible.builtin.assert:
+        that:
+          - "item.name == redis_server_service_name"
+      loop: "{{ tcp_listen }}"
+
+    - name: "Ensure Redis is in master mode"
+      community.general.redis:
+        command: "slave"
+        slave_mode: "master"
+        login_password: "{{ redis_password }}"
+
+    - name: "Configure Redis maxmemory"
+      community.general.redis:
+        command: "config"
+        name: "maxmemory"
+        value: "0"
+        login_password: "{{ redis_password }}"
+
+...