From 50959e7e1285a280ab8d0401ae7642a7a33405a7 Mon Sep 17 00:00:00 2001
From: Norman Ziegner <n.ziegner@hzdr.de>
Date: Tue, 21 May 2024 14:46:32 +0200
Subject: [PATCH] Add hifis.redis role

Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de>
---
 .github/labeler.yml                           |   6 +
 .github/workflows/redis.yml                   |  69 +++++
 README.md                                     |   2 +-
 molecule/redis/converge.yml                   |  14 +
 molecule/redis/molecule.yml                   |  48 ++++
 molecule/redis/prepare.yml                    |  21 ++
 molecule/redis/verify.yml                     |  53 ++++
 roles/redis/CHANGELOG.md                      | 259 ++++++++++++++++++
 roles/redis/README.md                         | 220 +++++++++++++++
 roles/redis/defaults/main.yml                 |  67 +++++
 roles/redis/handlers/main.yml                 |  39 +++
 roles/redis/meta/main.yml                     |  33 +++
 roles/redis/tasks/main.yml                    | 220 +++++++++++++++
 .../redis/templates/redis-sentinel.service.j2 |  25 ++
 roles/redis/templates/redis-server.service.j2 |  25 ++
 roles/redis/templates/redis.conf.j2           |  39 +++
 roles/redis/templates/sentinel.conf.j2        |  25 ++
 17 files changed, 1164 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/redis.yml
 create mode 100644 molecule/redis/converge.yml
 create mode 100644 molecule/redis/molecule.yml
 create mode 100644 molecule/redis/prepare.yml
 create mode 100644 molecule/redis/verify.yml
 create mode 100644 roles/redis/CHANGELOG.md
 create mode 100644 roles/redis/README.md
 create mode 100644 roles/redis/defaults/main.yml
 create mode 100644 roles/redis/handlers/main.yml
 create mode 100644 roles/redis/meta/main.yml
 create mode 100644 roles/redis/tasks/main.yml
 create mode 100644 roles/redis/templates/redis-sentinel.service.j2
 create mode 100644 roles/redis/templates/redis-server.service.j2
 create mode 100644 roles/redis/templates/redis.conf.j2
 create mode 100644 roles/redis/templates/sentinel.conf.j2

diff --git a/.github/labeler.yml b/.github/labeler.yml
index 9b7550f..09c147c 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -16,6 +16,12 @@ gitlab_runner:
           - "roles/gitlab_runner/**"
           - "molecule/gitlab_runner/**"
           - ".github/workflows/gitlab_runner.yml"
+redis:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "roles/redis/**"
+          - "molecule/redis/**"
+          - ".github/workflows/redis.yml"
 ssh_keys:
   - changed-files:
       - any-glob-to-any-file:
diff --git a/.github/workflows/redis.yml b/.github/workflows/redis.yml
new file mode 100644
index 0000000..5fe8a70
--- /dev/null
+++ b/.github/workflows/redis.yml
@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: "hifis.toolkit.redis"
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/redis.yml'
+      - 'roles/redis/**'
+      - 'molecule/redis/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v*.*.*"
+    paths:
+      - '.github/workflows/redis.yml'
+      - 'roles/redis/**'
+      - 'molecule/redis/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  schedule:
+    - cron: "0 0 * * *"
+env:
+  PY_COLORS: 1
+  ANSIBLE_FORCE_COLOR: 1
+
+jobs:
+
+  test:
+    name: "Run Molecule tests."
+    runs-on: "ubuntu-24.04"
+    env:
+      PY_COLORS: 1
+      ANSIBLE_FORCE_COLOR: 1
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - "ghcr.io/hifis-net/ubuntu-systemd:20.04"
+          - "ghcr.io/hifis-net/ubuntu-systemd:22.04"
+
+    steps:
+      - name: "Check out the codebase."
+        uses: "actions/checkout@v4"
+        with:
+          path: "ansible_collections/hifis/toolkit"
+
+      - name: "Prepare the job environment."
+        uses: "./ansible_collections/hifis/toolkit/.github/workflows/prepare-action"
+
+      # https://github.com/ansible/molecule/issues/3806
+      - name: "Help molecule to find the dependencies"
+        run: |
+          mkdir -p /home/runner/.ansible
+          ln -s /home/runner/work/ansible-collection-toolkit/ansible-collection-toolkit/ansible_collections/hifis/toolkit/roles \
+            /home/runner/.ansible/roles
+
+      - name: "Run Molecule tests."
+        run: "pipenv run molecule test -s redis"
+        env:
+          MOLECULE_IMAGE: "${{ matrix.image }}"
+        working-directory: "ansible_collections/hifis/toolkit"
diff --git a/README.md b/README.md
index cace9c0..f5fc8f3 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ software engineers, but not exclusively. The following use cases are supported:
 * DevOps platform:
     * [GitLab](https://github.com/hifis-net/ansible-role-gitlab) (**coming soon!**)
     * deploy [**GitLab-Runner**](roles/gitlab_runner) with a focus, but not limited, on Openstack autoscaling
-    * [Redis](https://github.com/hifis-net/ansible-role-redis) (**coming soon!**)
+    * [**Redis**](role/redis)
 * Help desk:
     * [**Zammad**](roles/zammad)
 * High Availability (HA) / Load Balancing:
diff --git a/molecule/redis/converge.yml b/molecule/redis/converge.yml
new file mode 100644
index 0000000..5745d0e
--- /dev/null
+++ b/molecule/redis/converge.yml
@@ -0,0 +1,14 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Converge"
+  hosts: "all"
+  tasks:
+    - name: "Include redis_role"
+      ansible.builtin.include_role:
+        name: "hifis.toolkit.redis"
+
+...
diff --git a/molecule/redis/molecule.yml b/molecule/redis/molecule.yml
new file mode 100644
index 0000000..2d372f5
--- /dev/null
+++ b/molecule/redis/molecule.yml
@@ -0,0 +1,48 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+dependency:
+  name: "galaxy"
+driver:
+  name: "podman"
+platforms:
+  - name: "instance_redis"
+    image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:22.04}"
+    pre_build_image: true
+    privileged: true
+    systemd: "always"
+    tty: true
+    override_command: false
+provisioner:
+  name: "ansible"
+  config_options:
+    defaults:
+      stdout_callback: "yaml"
+  playbooks:
+    prepare: "prepare.yml"
+    converge: "converge.yml"
+  inventory:
+    hosts:
+      all:
+        vars:
+          redis_sentinel_password: "123456"
+verifier:
+  name: "ansible"
+scenario:
+  name: "redis"
+  test_sequence:
+    - "destroy"
+    - "syntax"
+    - "create"
+    - "prepare"
+    - "check"
+    - "converge"
+    - "idempotence"
+    - "check"
+    - "verify"
+    - "destroy"
+
+...
diff --git a/molecule/redis/prepare.yml b/molecule/redis/prepare.yml
new file mode 100644
index 0000000..e8b52f9
--- /dev/null
+++ b/molecule/redis/prepare.yml
@@ -0,0 +1,21 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Prepare"
+  hosts: "all"
+  tasks:
+    - name: "Install dependencies"
+      ansible.builtin.apt:
+        name:
+          - "ca-certificates"   # for Redis download
+          - "iproute2"          # for gathering network facts
+          - "net-tools"         # for gathering listening ports
+          - "python3-redis"     # required by community.general.redis
+          - "sudo"              # for `become` privilege escalation
+        update_cache: true
+        state: "present"
+
+...
diff --git a/molecule/redis/verify.yml b/molecule/redis/verify.yml
new file mode 100644
index 0000000..a22b7a0
--- /dev/null
+++ b/molecule/redis/verify.yml
@@ -0,0 +1,53 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Verify"
+  hosts: "all"
+  vars:
+    redis_server_service_name: "redis-server"
+    redis_sentinel_service_name: "redis-sentinel"
+    redis_server_port: 6379
+    redis_sentinel_port: 26379
+    redis_ports:
+      - "{{ redis_server_port }}"
+      - "{{ redis_sentinel_port }}"
+    redis_password: "changeme"
+  tasks:
+    - name: "Populate service facts"
+      ansible.builtin.service_facts:
+      register: "services_state"
+
+    - name: "Check that Redis is running on instance"
+      ansible.builtin.assert:
+        that:
+          - "services_state.ansible_facts.services[redis_server_service_name + '.service'].state is search('running')"
+          - "services_state.ansible_facts.services[redis_sentinel_service_name + '.service'].state is search('running')"
+
+    - name: "Gather facts on listening ports."
+      community.general.listen_ports_facts:
+
+    - name: "Check if Redis is listening on TCP ports"
+      vars:
+        tcp_listen: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', redis_ports) | list }}"
+      ansible.builtin.assert:
+        that:
+          - "item.name == redis_server_service_name"
+      loop: "{{ tcp_listen }}"
+
+    - name: "Ensure Redis is in master mode"
+      community.general.redis:
+        command: "slave"
+        slave_mode: "master"
+        login_password: "{{ redis_password }}"
+
+    - name: "Configure Redis maxmemory"
+      community.general.redis:
+        command: "config"
+        name: "maxmemory"
+        value: "0"
+        login_password: "{{ redis_password }}"
+
+...
diff --git a/roles/redis/CHANGELOG.md b/roles/redis/CHANGELOG.md
new file mode 100644
index 0000000..cf704cb
--- /dev/null
+++ b/roles/redis/CHANGELOG.md
@@ -0,0 +1,259 @@
+<!--
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+-->
+# Changelog
+
+## [v1.4.2](https://github.com/hifis-net/ansible-role-redis/tree/v1.4.2) (2023-10-18)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-redis/compare/v1.4.1...v1.4.2)
+
+**Fixed bugs:**
+
+- Conflicting configuration generated by CONFIG REWRITE [\#133](https://github.com/hifis-net/ansible-role-redis/issues/133)
+
+**Merged pull requests:**
+
+- Prepare release 1.4.2 [\#135](https://github.com/hifis-net/ansible-role-redis/pull/135) ([Normo](https://github.com/Normo))
+- fix: remove config rewrite section when changing the config [\#134](https://github.com/hifis-net/ansible-role-redis/pull/134) ([Normo](https://github.com/Normo))
+
+## [v1.4.1](https://github.com/hifis-net/ansible-role-redis/tree/v1.4.1) (2023-10-17)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-redis/compare/v1.4.0...v1.4.1)
+
+**Fixed bugs:**
+
+- Sentinel service is not restarted when config is changed [\#128](https://github.com/hifis-net/ansible-role-redis/issues/128)
+
+**Merged pull requests:**
+
+- Prepare release 1.4.1 [\#130](https://github.com/hifis-net/ansible-role-redis/pull/130) ([Normo](https://github.com/Normo))
+- fix Redis Sentinel restart [\#129](https://github.com/hifis-net/ansible-role-redis/pull/129) ([Normo](https://github.com/Normo))
+- fix: reformat config templates [\#126](https://github.com/hifis-net/ansible-role-redis/pull/126) ([Normo](https://github.com/Normo))
+- chore\(deps\): bump ansible from 8.4.0 to 8.5.0 [\#125](https://github.com/hifis-net/ansible-role-redis/pull/125) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore\(deps-dev\): bump ansible-lint from 6.20.0 to 6.20.3 [\#124](https://github.com/hifis-net/ansible-role-redis/pull/124) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+## [v1.4.0](https://github.com/hifis-net/ansible-role-redis/tree/v1.4.0) (2023-09-21)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-redis/compare/v1.3.0...v1.4.0)
+
+**Closed issues:**
+
+- Adapt Redis config template due to changes after restart of Redis service [\#19](https://github.com/hifis-net/ansible-role-redis/issues/19)
+
+**Merged pull requests:**
+
+- chore: bump Redis version to 7.2.1 [\#121](https://github.com/hifis-net/ansible-role-redis/pull/121) ([Normo](https://github.com/Normo))
+- Prepare release v1.4.0 [\#120](https://github.com/hifis-net/ansible-role-redis/pull/120) ([Normo](https://github.com/Normo))
+- chore: add CITATION.cff [\#119](https://github.com/hifis-net/ansible-role-redis/pull/119) ([Normo](https://github.com/Normo))
+- chore: add codeowners file [\#118](https://github.com/hifis-net/ansible-role-redis/pull/118) ([Normo](https://github.com/Normo))
+- fix: do not overwrite redis server configuration [\#117](https://github.com/hifis-net/ansible-role-redis/pull/117) ([Normo](https://github.com/Normo))
+- Bump ansible-lint from 6.17.2 to 6.20.0 [\#116](https://github.com/hifis-net/ansible-role-redis/pull/116) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 8.2.0 to 8.4.0 [\#115](https://github.com/hifis-net/ansible-role-redis/pull/115) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump actions/checkout from 3 to 4 [\#113](https://github.com/hifis-net/ansible-role-redis/pull/113) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 5.1.0 to 6.0.2 [\#112](https://github.com/hifis-net/ansible-role-redis/pull/112) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule-plugins from 23.4.1 to 23.5.0 [\#107](https://github.com/hifis-net/ansible-role-redis/pull/107) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+## [v1.3.0](https://github.com/hifis-net/ansible-role-redis/tree/v1.3.0) (2023-07-31)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-redis/compare/v1.2.0...v1.3.0)
+
+**Fixed bugs:**
+
+- Changing sentinel.conf always results in 'ok' [\#6](https://github.com/hifis-net/ansible-role-redis/issues/6)
+- fix: do not overwrite sentinel configuration [\#106](https://github.com/hifis-net/ansible-role-redis/pull/106) ([tobiashuste](https://github.com/tobiashuste))
+
+**Closed issues:**
+
+- Make Molecule test image configurable [\#3](https://github.com/hifis-net/ansible-role-redis/issues/3)
+
+## [v1.2.0](https://github.com/hifis-net/ansible-role-redis/tree/v1.2.0) (2023-07-31)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-redis/compare/v1.1.0...v1.2.0)
+
+**Implemented enhancements:**
+
+- Allow to configure a password for Redis Sentinel [\#103](https://github.com/hifis-net/ansible-role-redis/issues/103)
+
+**Merged pull requests:**
+
+- chore: update all Python dependencies [\#105](https://github.com/hifis-net/ansible-role-redis/pull/105) ([tobiashuste](https://github.com/tobiashuste))
+- feat: allow to configure authentication for sentinel [\#104](https://github.com/hifis-net/ansible-role-redis/pull/104) ([tobiashuste](https://github.com/tobiashuste))
+- Bump ansible from 7.1.0 to 7.5.0 [\#94](https://github.com/hifis-net/ansible-role-redis/pull/94) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 4.0.4 to 5.0.0 [\#92](https://github.com/hifis-net/ansible-role-redis/pull/92) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+## [v1.1.0](https://github.com/hifis-net/ansible-role-redis/tree/v1.1.0) (2023-01-26)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-redis/compare/v1.0.0...v1.1.0)
+
+**Implemented enhancements:**
+
+- Add badges to README [\#10](https://github.com/hifis-net/ansible-role-redis/issues/10)
+- Implement GitHub Actions pipeline [\#1](https://github.com/hifis-net/ansible-role-redis/issues/1)
+- Add support for Ubuntu 22.04 [\#14](https://github.com/hifis-net/ansible-role-redis/issues/14)
+- Use the FQCN throughout the whole project [\#13](https://github.com/hifis-net/ansible-role-redis/pull/13) ([tobiashuste](https://github.com/tobiashuste))
+- Add badges to README [\#11](https://github.com/hifis-net/ansible-role-redis/pull/11) ([tobiashuste](https://github.com/tobiashuste))
+- Implement CI pipeline via GitHub Actions [\#2](https://github.com/hifis-net/ansible-role-redis/pull/2) ([tobiashuste](https://github.com/tobiashuste))
+- Add support for Ubuntu 22.04 [\#15](https://github.com/hifis-net/ansible-role-redis/pull/15) ([tobiashuste](https://github.com/tobiashuste))
+
+**Fixed bugs:**
+
+- Molecule folder not linted by molecule [\#52](https://github.com/hifis-net/ansible-role-redis/issues/52)
+- Add folder molecule to command ansible-lint in molecule lint [\#74](https://github.com/hifis-net/ansible-role-redis/pull/74) ([christianhueserhzdr](https://github.com/christianhueserhzdr))
+
+**Closed issues:**
+
+- Add support for initial dry-runs to role [\#72](https://github.com/hifis-net/ansible-role-redis/issues/72)
+- Use FQCN everywhere in the project [\#12](https://github.com/hifis-net/ansible-role-redis/issues/12)
+- Switch to molecule-podman [\#62](https://github.com/hifis-net/ansible-role-redis/issues/62)
+- Release version 1.1.0 of Ansible role Redis [\#22](https://github.com/hifis-net/ansible-role-redis/issues/22)
+- Add an auto-generated version of the CHANGELOG file [\#21](https://github.com/hifis-net/ansible-role-redis/issues/21)
+
+**Merged pull requests:**
+
+- Release version 1.1.0 of Ansible role Redis [\#76](https://github.com/hifis-net/ansible-role-redis/pull/76) ([christianhueserhzdr](https://github.com/christianhueserhzdr))
+- Bump ansible-lint from 6.8.7 to 6.11.0 [\#71](https://github.com/hifis-net/ansible-role-redis/pull/71) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump yamllint from 1.28.0 to 1.29.0 [\#70](https://github.com/hifis-net/ansible-role-redis/pull/70) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Switch from molecule-docker to molecule-podman [\#67](https://github.com/hifis-net/ansible-role-redis/pull/67) ([Normo](https://github.com/Normo))
+- Bump ansible from 6.5.0 to 7.1.0 [\#66](https://github.com/hifis-net/ansible-role-redis/pull/66) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump reuse from 1.0.0 to 1.1.0 [\#63](https://github.com/hifis-net/ansible-role-redis/pull/63) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.8.4 to 6.8.6 [\#57](https://github.com/hifis-net/ansible-role-redis/pull/57) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.8.3 to 6.8.4 [\#55](https://github.com/hifis-net/ansible-role-redis/pull/55) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.8.2 to 6.8.3 [\#54](https://github.com/hifis-net/ansible-role-redis/pull/54) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 4.0.2 to 4.0.3 [\#53](https://github.com/hifis-net/ansible-role-redis/pull/53) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 4.0.1 to 4.0.2 [\#51](https://github.com/hifis-net/ansible-role-redis/pull/51) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.5.2 to 6.8.2 [\#50](https://github.com/hifis-net/ansible-role-redis/pull/50) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 6.3.0 to 6.5.0 [\#49](https://github.com/hifis-net/ansible-role-redis/pull/49) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump yamllint from 1.27.1 to 1.28.0 [\#42](https://github.com/hifis-net/ansible-role-redis/pull/42) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.1.0 to 6.5.2 [\#41](https://github.com/hifis-net/ansible-role-redis/pull/41) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 6.2.0 to 6.3.0 [\#39](https://github.com/hifis-net/ansible-role-redis/pull/39) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 5.7.1 to 6.2.0 [\#37](https://github.com/hifis-net/ansible-role-redis/pull/37) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 3.6.1 to 4.0.1 [\#35](https://github.com/hifis-net/ansible-role-redis/pull/35) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump yamllint from 1.26.3 to 1.27.1 [\#33](https://github.com/hifis-net/ansible-role-redis/pull/33) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump robertdebock/galaxy-action from 1.2.0 to 1.2.1 [\#27](https://github.com/hifis-net/ansible-role-redis/pull/27) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump reuse from 0.14.0 to 1.0.0 [\#26](https://github.com/hifis-net/ansible-role-redis/pull/26) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.0.2 to 6.1.0 [\#18](https://github.com/hifis-net/ansible-role-redis/pull/18) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 5.6.0 to 5.7.1 [\#17](https://github.com/hifis-net/ansible-role-redis/pull/17) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 5.3.0 to 5.6.0 [\#9](https://github.com/hifis-net/ansible-role-redis/pull/9) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 3.6.0 to 3.6.1 [\#8](https://github.com/hifis-net/ansible-role-redis/pull/8) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 5.4.0 to 6.0.2 [\#7](https://github.com/hifis-net/ansible-role-redis/pull/7) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Configurable molecule image [\#4](https://github.com/hifis-net/ansible-role-redis/pull/4) ([tobiashuste](https://github.com/tobiashuste))
+- Add auto-generated CHANGELOG based on HISTORY since v1.0.0 [\#75](https://github.com/hifis-net/ansible-role-redis/pull/75) ([christianhueserhzdr](https://github.com/christianhueserhzdr))
+- Add support for initial dry-runs [\#73](https://github.com/hifis-net/ansible-role-redis/pull/73) ([christianhueserhzdr](https://github.com/christianhueserhzdr))
+
+## [1.0.0](https://gitlab.com/hifis/ansible/redis-role/-/releases/v1.0.0) - 2021-05-05
+
+[List of commits](https://gitlab.com/hifis/ansible/redis-role/-/compare/v0.2.0...v1.0.0)
+
+### Changed
+
+- Upgrade and pin project dependencies
+  ([!35](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/35) 
+  by [Normo](https://gitlab.com/Normo)).
+- Upgrade Redis from 6.0.9 to 6.2.2
+  ([!36](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/36)
+  by [Normo](https://gitlab.com/Normo)).
+- Verify that Redis is running and listening on default ports
+  ([!40](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/40)
+  by [Normo](https://gitlab.com/Normo)).
+- Bind Redis on loopback interface by default
+  ([!41](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/41)
+  by [Normo](https://gitlab.com/Normo)).
+- Interact with Redis when testing the role
+  ([!43](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/43)
+  by [Normo](https://gitlab.com/Normo)).
+
+## [0.2.0](https://gitlab.com/hifis/ansible/redis-role/-/releases/v0.2.0) - 2020-11-09
+
+[List of commits](https://gitlab.com/hifis/ansible/redis-role/-/compare/v0.1.0...v0.2.0)
+
+### Added
+
+- Enable check-mode
+  ([!26](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/26)
+  by [Normo](https://gitlab.com/Normo)).
+
+### Changed
+
+- Upgrade Redis from version 6.0.6 to 6.0.8
+  ([!19](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/19) 
+  by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+- Improve and speed up the CI pipeline
+  ([!20](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/20) 
+  by [tobiashuste](https://gitlab.com/tobiashuste)).
+- Include role independent of project directory name
+  ([!25](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/25)
+  by [Normo](https://gitlab.com/Normo)).
+- Upgrade Redis from version 6.0.8 to 6.0.9
+  ([!27](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/27) 
+  by [Normo](https://gitlab.com/Normo)).
+
+### Fixed
+
+- Fix linter issues 106 and 208
+  ([!23](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/23) 
+  by [tobiashuste](https://gitlab.com/tobiashuste)).
+- Simplify Systemd configuration reload
+  ([!28](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/28)
+  by [Normo](https://gitlab.com/Normo)).
+
+## [0.1.0](https://gitlab.com/hifis/ansible/redis-role/-/releases/v0.1.0) - 2020-08-13
+
+### Added
+
+- Add initial molecule setup
+  ([!1](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/1) 
+  by [Normo](https://gitlab.com/Normo)).
+- Set up CI/CD.
+  ([!3](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/3)
+  by [Normo](https://gitlab.com/Normo)).
+- Make Redis Role idempotent
+  ([!4](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/4)
+  by [Normo](https://gitlab.com/Normo) and [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+- Add proper licensing to the project
+  ([!5](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/5)
+  by [tobiashuste](https://gitlab.com/tobiashuste)).
+- Provide templates for Systemd service files and make them configurable
+  ([!11](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/11)
+  by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+- Add file CHANGELOG.md and use Semantic Versioning
+  ([!13](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/13)
+  by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+
+### Changed
+
+- Add defaults to Redis Ansible role and rename variables to more meaningful ones
+  ([!2](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/2)
+  by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+- Upgrade Redis from 6.0.5 to 6.0.6
+  ([!6](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/6)
+  by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+- Simplify version check
+  ([!7](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/7)
+  by [Normo](https://gitlab.com/Normo)).
+- Make the log level configurable
+  ([!8](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/8)
+  by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+- Make Redis protected-mode configurable and activate it
+  ([!9](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/9)
+  by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+- Only use one password variable instead of 3 equal ones
+  ([!16](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/16)
+  by [tobiashuste](https://gitlab.com/tobiashuste))
+
+### Fixed
+
+- Redis / Sentinel service isn't restarted on update or config change
+  ([!10](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/10)
+  by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)).
+- Fix Redis Server and Sentinel not starting properly
+  ([!15](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/15)
+  by [tobiashuste](https://gitlab.com/tobiashuste))
+- Update project path to gitlab-ci templates
+  ([!14](https://gitlab.com/hifis/ansible/redis-role/-/merge_requests/14)
+  by [Normo](https://gitlab.com/Normo))
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/roles/redis/README.md b/roles/redis/README.md
new file mode 100644
index 0000000..2ccdb2b
--- /dev/null
+++ b/roles/redis/README.md
@@ -0,0 +1,220 @@
+<!--
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# `hifis.toolkit.redis` Ansible Role
+
+[![CI Status](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/redis.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/redis.yml)
+
+A role to set up Redis instances to be used as caching servers in a high
+availability and scalability context.
+
+Currently [supported platforms](meta/main.yml) are:
+
+- Ubuntu 20.04 LTS
+- Ubuntu 22.04 LTS
+
+## Requirements
+
+None.
+
+## Role variables
+
+The Redis version to install:
+
+```yaml
+redis_version: '7.2.1'
+```
+
+Specifies whether the current node is `master`, or a `replica` instance:
+
+```yaml
+redis_instance_type: 'master'
+```
+
+The IP address to bind Redis to:
+
+```yaml
+redis_instance_ip: "127.0.0.1"
+```
+
+The Redis Master instance IP address:
+
+```yaml
+redis_master_instance_ip: "{{ redis_instance_ip if redis_instance_type == 'master' else None }}"
+```
+
+The name of the Redis cluster monitored by Sentinel:
+
+```yaml
+redis_cluster_name: 'redis-cluster'
+```
+
+Password used to authenticate in the Redis cluster:
+
+```yaml
+redis_password: 'changeme'
+```
+
+List of dependent packages required by Redis Server:
+
+```yaml
+redis_dependencies:
+  - 'build-essential'
+```
+
+URL from which Redis Server can be downloaded:
+
+```yaml
+redis_download_url: "https://download.redis.io/releases/redis-{{ redis_version }}.tar.gz"
+```
+
+File path to the Redis Server binary:
+
+```yaml
+redis_bin: '/usr/local/bin/redis-server'
+```
+
+File path to the directory in which Redis Server is build:
+
+```yaml
+redis_build_dir: '/usr/local/src/redis-{{ redis_version }}'
+```
+
+Directory into which Redis service files are copied:
+
+```yaml
+redis_systemd_dir: '/etc/systemd/system'
+```
+
+Redis Server service file path:
+
+```yaml
+redis_server_service_file: '{{ redis_systemd_dir }}/redis-server.service'
+```
+
+Redis Sentinel service file path:
+
+```yaml
+redis_sentinel_service_file: '{{ redis_systemd_dir }}/redis-sentinel.service'
+```
+
+Password for Redis Sentinel. This is unset by default.
+
+```yaml
+redis_sentinel_password: 'changeme'
+```
+
+Redis configuration directory path:
+
+```yaml
+redis_configuration_dir: '/etc/redis'
+```
+
+Path to Redis Server configuration file:
+
+```yaml
+redis_server_configuration_file: '{{ redis_configuration_dir }}/redis.conf'
+```
+
+Path to Redis Sentinel configuration file:
+
+```yaml
+redis_sentinel_configuration_file: '{{ redis_configuration_dir }}/sentinel.conf'
+```
+
+Redis library directory:
+
+```yaml
+redis_lib_dir: '/var/lib/redis'
+```
+
+Redis logging directory:
+
+```yaml
+redis_log_dir: '/var/log/redis'
+```
+
+Path to Redis Server log file:
+
+```yaml
+redis_server_log_file_path: "{{ redis_log_dir }}/redis-server.log"
+```
+
+Path to Redis Sentinel log file:
+
+```yaml
+redis_sentinel_log_file_path: "{{ redis_log_dir }}/redis-sentinel.log"
+```
+
+Redis log level, can be one of: `debug`, `verbose`, `notice`, `warning`:
+
+```yaml
+redis_log_level: 'notice'
+```
+
+Sentinel log level, can be one of: `debug`, `verbose`, `notice`, `warning`:
+
+```yaml
+sentinel_log_level: 'notice'
+```
+
+Enable/disable Redis Server protected mode:
+
+```yaml
+redis_protected_mode: 'yes'
+```
+
+Enable/disable Redis Sentinel protected mode:
+
+```yaml
+sentinel_protected_mode: 'yes'
+```
+
+Redis username:
+
+```yaml
+redis_user: 'redis'
+```
+
+Redis group name:
+
+```yaml
+redis_group: 'redis'
+```
+
+Redis Server service name:
+
+```yaml
+redis_server_service_name: 'redis-server'
+```
+
+Redis Sentinel service name:
+
+```yaml
+redis_sentinel_service_name: 'redis-sentinel'
+
+```
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+```yaml
+- hosts: servers
+  roles:
+    - role: hifis.toolkit.redis
+```
+
+## License
+
+[Apache-2.0](LICENSES/Apache-2.0.txt)
+
+## Author Information
+
+This role was created by [HIFIS Software Services](https://hifis.net)
diff --git a/roles/redis/defaults/main.yml b/roles/redis/defaults/main.yml
new file mode 100644
index 0000000..48e6b81
--- /dev/null
+++ b/roles/redis/defaults/main.yml
@@ -0,0 +1,67 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+
+# Here you specify whether it is a "master" or "replica" instance:
+redis_instance_type: "master"
+# You need to provide the IP address of your Redis instance:
+redis_instance_ip: "127.0.0.1"
+# This is the name of the Redis cluster:
+redis_cluster_name: "redis-cluster"
+# You need to provide the IP address of your Redis master instance:
+redis_master_instance_ip: "{{ redis_instance_ip if redis_instance_type == 'master' else None }}"
+# Password used to authenticate in the Redis cluster
+redis_password: "changeme"
+
+# Redis version
+redis_version: "7.2.1"
+# Path to the Redis Server binary
+redis_bin: "/usr/local/bin/redis-server"
+# List of dependencies of Redis Server
+redis_dependencies:
+  - "build-essential"
+# URL from which Redis Server can be downloaded
+redis_download_url: "https://download.redis.io/releases/redis-{{ redis_version }}.tar.gz"
+# Path to the directory in which Redis Server is build
+redis_build_dir: "/usr/local/src/redis-{{ redis_version }}"
+# Directory into which Redis service file is copied
+redis_systemd_dir: "/etc/systemd/system"
+# Name of Redis Server service file
+redis_server_service_file: "{{ redis_systemd_dir }}/redis-server.service"
+# Name of Redis Sentinel service file
+redis_sentinel_service_file: "{{ redis_systemd_dir }}/redis-sentinel.service"
+# Directory of Redis Server configuration files
+redis_configuration_dir: "/etc/redis"
+# Path to Redis Server configuration file
+redis_server_configuration_file: "{{ redis_configuration_dir }}/redis.conf"
+# Path to Redis Sentinel configuration file
+redis_sentinel_configuration_file: "{{ redis_configuration_dir }}/sentinel.conf"
+# Redis library directory
+redis_lib_dir: "/var/lib/redis"
+# Redis logging directory
+redis_log_dir: "/var/log/redis"
+# Path to Redis Server log file
+redis_server_log_file_path: "{{ redis_log_dir }}/redis-server.log"
+# Path to Redis Sentinel log file
+redis_sentinel_log_file_path: "{{ redis_log_dir }}/redis-sentinel.log"
+# Redis log level, can be one of: debug, verbose, notice, warning
+redis_log_level: "notice"
+# Sentinel log level, can be one of: debug, verbose, notice, warning
+sentinel_log_level: "notice"
+# Redis protected-mode
+redis_protected_mode: "yes"
+# Sentinel protected-mode
+sentinel_protected_mode: "yes"
+# Redis user name
+redis_user: "redis"
+# Redis group name
+redis_group: "redis"
+# Redis Server service name
+redis_server_service_name: "redis-server"
+# Redis Sentinel service name
+redis_sentinel_service_name: "redis-sentinel"
+
+...
diff --git a/roles/redis/handlers/main.yml b/roles/redis/handlers/main.yml
new file mode 100644
index 0000000..abd6c10
--- /dev/null
+++ b/roles/redis/handlers/main.yml
@@ -0,0 +1,39 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Remove auto-generated Redis config section"
+  become: true
+  ansible.builtin.replace:
+    path: "{{ redis_server_configuration_file }}"
+    after: "# END ANSIBLE MANAGED BLOCK"
+    regexp: "^.*$"
+    replace: ""
+  when: "not is_initial_dryrun"
+
+- name: "Remove auto-generated Sentinel config section"
+  become: true
+  ansible.builtin.replace:
+    path: "{{ redis_sentinel_configuration_file }}"
+    after: "# END ANSIBLE MANAGED BLOCK"
+    regexp: "^.*$"
+    replace: ""
+  when: "not is_initial_dryrun"
+
+- name: "Restart Redis Server"
+  become: true
+  ansible.builtin.service:
+    name: "{{ redis_server_service_name }}"
+    state: "restarted"
+  when: "not is_initial_dryrun"
+
+- name: "Restart Redis Sentinel"
+  become: true
+  ansible.builtin.service:
+    name: "{{ redis_sentinel_service_name }}"
+    state: "restarted"
+  when: "not is_initial_dryrun"
+
+...
diff --git a/roles/redis/meta/main.yml b/roles/redis/meta/main.yml
new file mode 100644
index 0000000..410bade
--- /dev/null
+++ b/roles/redis/meta/main.yml
@@ -0,0 +1,33 @@
+# SPDX-FileCopyrightText: 2020 Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: 2020 Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+galaxy_info:
+  role_name: "redis"
+  namespace: "hifis"
+  author: "HIFIS Software Team"
+  description: "Install and configure Redis"
+  company: "Helmholtz Association"
+
+  issue_tracker_url: "https://github.com/hifis-net/ansible-role-redis/issues"
+
+  license: "Apache-2.0"
+
+  min_ansible_version: "2.14"
+
+  platforms:
+    - name: "Ubuntu"
+      versions:
+        - "focal"
+        - "jammy"
+
+  galaxy_tags:
+    - "redis"
+    - "sentinel"
+    - "cache"
+    - "database"
+
+dependencies: []
+
+...
diff --git a/roles/redis/tasks/main.yml b/roles/redis/tasks/main.yml
new file mode 100644
index 0000000..4ba5f67
--- /dev/null
+++ b/roles/redis/tasks/main.yml
@@ -0,0 +1,220 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+
+- name: "Check whether Redis server is installed."
+  ansible.builtin.stat:
+    path: "{{ redis_bin }}"
+  register: "redis_server_installed"
+
+- name: "Determine initial dry-run."
+  ansible.builtin.set_fact:
+    is_initial_dryrun: "{{ ansible_check_mode and not redis_server_installed.stat.exists }}"
+
+- name: "Check Redis version."
+  ansible.builtin.command:
+    cmd: "{{ redis_bin }} -v"
+  register: "redis_version_installed"
+  when: "redis_server_installed.stat.exists"
+  changed_when: false
+  check_mode: false
+
+- name: "Determine version."
+  ansible.builtin.set_fact:
+    installed_redis_server_version: "{{ redis_version_installed.stdout | regex_search('^Redis server v=(\\d+\\.\\d+\\.\\d+)', '\\1') | first }}"
+  when: "redis_server_installed.stat.exists"
+
+- name: "Output version strings."
+  ansible.builtin.debug:
+    msg: "Installed version: {{ installed_redis_server_version }}, version to be installed: {{ redis_version }}."
+  when: "installed_redis_server_version is defined"
+
+- name: "Check if version strings are equal."
+  ansible.builtin.set_fact:
+    is_redis_server_version_equal: "{{ installed_redis_server_version is version(redis_version, operator='==', strict=True) }}"
+  when: "redis_server_installed.stat.exists"
+
+- name: "Install dependencies."
+  become: true
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: "present"
+    update_cache: true
+  with_items: "{{ redis_dependencies }}"
+
+- name: "Create Redis Group."
+  become: true
+  ansible.builtin.group:
+    name: "{{ redis_group }}"
+    system: true
+    state: "present"
+
+- name: "Add Redis System User."
+  become: true
+  ansible.builtin.user:
+    name: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+    system: true
+    create_home: false
+
+- name: "Continue if Redis is not installed or versions are not equal."
+  when: "not redis_server_installed.stat.exists or not is_redis_server_version_equal"
+  block:
+    - name: "Download and extract redis-{{ redis_version }}"
+      become: true
+      ansible.builtin.unarchive:
+        src: "{{ redis_download_url }}"
+        dest: "{{ redis_build_dir | dirname }}"
+        mode: "0755"
+        owner: "root"
+        group: "root"
+        remote_src: true
+
+    - name: "Build Redis."
+      become: true
+      community.general.make:
+        chdir: "{{ redis_build_dir }}"
+      when: "not is_initial_dryrun"
+
+    - name: "Install Redis."
+      become: true
+      community.general.make:
+        chdir: "{{ redis_build_dir }}"
+        target: "install"
+      when: "not is_initial_dryrun"
+      notify:
+        - "Restart Redis Server"
+        - "Restart Redis Sentinel"
+
+    - name: "Remove current Redis Build Directory."
+      ansible.builtin.file:
+        path: "{{ redis_build_dir }}"
+        state: "absent"
+      when: "redis_version is defined"
+
+- name: "Create Redis Server Service file."
+  become: true
+  ansible.builtin.template:
+    src: "redis-server.service.j2"
+    dest: "{{ redis_server_service_file }}"
+    mode: "0640"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+  notify:
+    - "Restart Redis Server"
+
+- name: "Create Redis Sentinel Service file."
+  become: true
+  ansible.builtin.template:
+    src: "redis-sentinel.service.j2"
+    dest: "{{ redis_sentinel_service_file }}"
+    mode: "0640"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+  notify:
+    - "Restart Redis Sentinel"
+
+- name: "Create Redis Configuration Directory."
+  become: true
+  ansible.builtin.file:
+    path: "{{ redis_configuration_dir }}"
+    state: "directory"
+    mode: "0755"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+
+
+- name: "Add Ansible begin marker for backwards compatibility"
+  ansible.builtin.lineinfile:
+    line: "# BEGIN ANSIBLE MANAGED BLOCK"
+    path: "{{ item }}"
+    insertbefore: "BOF"
+    create: true
+    mode: "0600"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+  loop:
+    - "{{ redis_sentinel_configuration_file }}"
+    - "{{ redis_server_configuration_file }}"
+
+- name: "Add Ansible end marker for backwards compatibility"
+  ansible.builtin.lineinfile:
+    line: "# END ANSIBLE MANAGED BLOCK"
+    path: "{{ item }}"
+    insertbefore: "# Generated by CONFIG REWRITE"
+    create: true
+    mode: "0600"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+  loop:
+    - "{{ redis_sentinel_configuration_file }}"
+    - "{{ redis_server_configuration_file }}"
+
+- name: "Configure Redis Server."
+  become: true
+  ansible.builtin.blockinfile:
+    block: "{{ lookup('ansible.builtin.template', 'redis.conf.j2') }}"
+    path: "{{ redis_server_configuration_file }}"
+    insertbefore: "# Generated by CONFIG REWRITE"
+    create: true
+    mode: "0600"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+  notify:
+    - "Remove auto-generated Redis config section"
+    - "Restart Redis Server"
+
+- name: "Configure Redis Sentinel."
+  become: true
+  ansible.builtin.blockinfile:
+    block: "{{ lookup('ansible.builtin.template', 'sentinel.conf.j2') }}"
+    path: "{{ redis_sentinel_configuration_file }}"
+    insertbefore: "# Generated by CONFIG REWRITE"
+    create: true
+    mode: "0600"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+  notify:
+    - "Remove auto-generated Sentinel config section"
+    - "Restart Redis Sentinel"
+
+- name: "Create Redis Lib Directory."
+  become: true
+  ansible.builtin.file:
+    path: "{{ redis_lib_dir }}"
+    state: "directory"
+    mode: "0770"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+
+- name: "Create Redis Log Directory."
+  become: true
+  ansible.builtin.file:
+    path: "{{ redis_log_dir }}"
+    state: "directory"
+    mode: "0770"
+    owner: "{{ redis_user }}"
+    group: "{{ redis_group }}"
+
+- name: "Register Redis Server Service."
+  become: true
+  ansible.builtin.service:
+    name: "{{ redis_server_service_name }}"
+    state: "started"
+    enabled: true
+  when: "not is_initial_dryrun"
+  notify: "Restart Redis Server"
+
+- name: "Register Redis Sentinel Service."
+  become: true
+  ansible.builtin.service:
+    name: "{{ redis_sentinel_service_name }}"
+    state: "started"
+    enabled: true
+  when: "not is_initial_dryrun"
+  notify: "Restart Redis Sentinel"
+
+...
diff --git a/roles/redis/templates/redis-sentinel.service.j2 b/roles/redis/templates/redis-sentinel.service.j2
new file mode 100644
index 0000000..c30a407
--- /dev/null
+++ b/roles/redis/templates/redis-sentinel.service.j2
@@ -0,0 +1,25 @@
+{#
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+#}
+[Unit]
+Description=Redis Sentinel service
+Documentation=https://redis.io/documentation
+AssertPathExists={{ redis_lib_dir }}
+
+[Service]
+ExecStart={{ redis_bin }} {{ redis_sentinel_configuration_file }} --sentinel
+LimitNOFILE=10032
+NoNewPrivileges=yes
+Type=forking
+TimeoutStartSec=300
+TimeoutStopSec=300
+UMask=0077
+User={{ redis_user }}
+Group={{ redis_group }}
+WorkingDirectory={{ redis_lib_dir }}
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/redis/templates/redis-server.service.j2 b/roles/redis/templates/redis-server.service.j2
new file mode 100644
index 0000000..8db2bf2
--- /dev/null
+++ b/roles/redis/templates/redis-server.service.j2
@@ -0,0 +1,25 @@
+{#
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+#}
+[Unit]
+Description=Redis Server service
+Documentation=https://redis.io/documentation
+AssertPathExists={{ redis_lib_dir }}
+
+[Service]
+ExecStart={{ redis_bin }} {{ redis_server_configuration_file }}
+LimitNOFILE=10032
+NoNewPrivileges=yes
+Type=forking
+TimeoutStartSec=300
+TimeoutStopSec=300
+UMask=0077
+User={{ redis_user }}
+Group={{ redis_group }}
+WorkingDirectory={{ redis_lib_dir }}
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/redis/templates/redis.conf.j2 b/roles/redis/templates/redis.conf.j2
new file mode 100644
index 0000000..1a96b93
--- /dev/null
+++ b/roles/redis/templates/redis.conf.j2
@@ -0,0 +1,39 @@
+{#
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+#}
+supervised no
+daemonize yes
+pidfile "/var/run/redis/redis-server.pid"
+logfile "{{ redis_server_log_file_path }}"
+loglevel {{ redis_log_level }}
+dir "/var/lib/redis"
+bind {{ redis_instance_ip }}
+port 6379
+
+requirepass "{{ redis_password }}"
+masterauth "{{ redis_password }}"
+
+timeout 300
+
+databases 16
+
+save 900 1
+save 300 10
+save 60 10000
+
+rdbcompression yes
+
+dbfilename "dump.rdb"
+
+appendonly no
+appendfsync everysec
+no-appendfsync-on-rewrite no
+
+protected-mode {{ redis_protected_mode }}
+
+{% if redis_instance_type == "replica" %}
+replicaof {{ redis_master_instance_ip }} 6379
+{% endif %}
diff --git a/roles/redis/templates/sentinel.conf.j2 b/roles/redis/templates/sentinel.conf.j2
new file mode 100644
index 0000000..1f53aac
--- /dev/null
+++ b/roles/redis/templates/sentinel.conf.j2
@@ -0,0 +1,25 @@
+{#
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+#}
+supervised no
+daemonize yes
+pidfile "/var/run/redis/redis-sentinel.pid"
+logfile "{{ redis_sentinel_log_file_path }}"
+loglevel {{ sentinel_log_level }}
+dir "/var/lib/redis"
+bind {{ redis_instance_ip }}
+port 26379
+{% if (redis_sentinel_password is defined) and (redis_sentinel_password|length > 0) %}
+
+requirepass "{{ redis_sentinel_password }}"
+{% endif %}
+
+sentinel monitor {{ redis_cluster_name }} {{ redis_master_instance_ip }} 6379 2
+sentinel auth-pass {{ redis_cluster_name }} {{ redis_password }}
+sentinel down-after-milliseconds {{ redis_cluster_name }} 10000
+sentinel failover-timeout {{ redis_cluster_name }} 30000
+
+protected-mode {{ sentinel_protected_mode }}