mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-10-24 13:04:00 -07:00
Add TLS certs params to redis (#8654)
* add tls params to redis
* add PR number
* add example
* move doc to redis fragment
* Update changelogs/fragments/8654-add-redis-tls-params.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* rm aliases and add version_added
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 52126b8fae
)
Co-authored-by: Matthieu Bourgain <matthieu@bourgain.me>
345 lines
11 KiB
Python
345 lines
11 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
__metaclass__ = type
|
|
|
|
DOCUMENTATION = '''
|
|
---
|
|
module: redis
|
|
short_description: Various redis commands, replica and flush
|
|
description:
|
|
- Unified utility to interact with redis instances.
|
|
extends_documentation_fragment:
|
|
- community.general.redis
|
|
- community.general.attributes
|
|
attributes:
|
|
check_mode:
|
|
support: full
|
|
diff_mode:
|
|
support: none
|
|
options:
|
|
command:
|
|
description:
|
|
- The selected redis command
|
|
- V(config) ensures a configuration setting on an instance.
|
|
- V(flush) flushes all the instance or a specified db.
|
|
- V(replica) sets a redis instance in replica or master mode. (V(slave) is an alias for V(replica).)
|
|
choices: [ config, flush, replica, slave ]
|
|
type: str
|
|
tls:
|
|
default: false
|
|
version_added: 4.6.0
|
|
login_user:
|
|
version_added: 4.6.0
|
|
validate_certs:
|
|
version_added: 4.6.0
|
|
ca_certs:
|
|
version_added: 4.6.0
|
|
master_host:
|
|
description:
|
|
- The host of the master instance [replica command]
|
|
type: str
|
|
master_port:
|
|
description:
|
|
- The port of the master instance [replica command]
|
|
type: int
|
|
replica_mode:
|
|
description:
|
|
- The mode of the redis instance [replica command]
|
|
- V(slave) is an alias for V(replica).
|
|
default: replica
|
|
choices: [ master, replica, slave ]
|
|
type: str
|
|
aliases:
|
|
- slave_mode
|
|
db:
|
|
description:
|
|
- The database to flush (used in db mode) [flush command]
|
|
type: int
|
|
flush_mode:
|
|
description:
|
|
- Type of flush (all the dbs in a redis instance or a specific one)
|
|
[flush command]
|
|
default: all
|
|
choices: [ all, db ]
|
|
type: str
|
|
name:
|
|
description:
|
|
- A redis config key.
|
|
type: str
|
|
value:
|
|
description:
|
|
- A redis config value. When memory size is needed, it is possible
|
|
to specify it in the usual form of 1KB, 2M, 400MB where the base is 1024.
|
|
Units are case insensitive i.e. 1m = 1mb = 1M = 1MB.
|
|
type: str
|
|
|
|
notes:
|
|
- Requires the redis-py Python package on the remote host. You can
|
|
install it with pip (pip install redis) or with a package manager.
|
|
https://github.com/andymccurdy/redis-py
|
|
- If the redis master instance we are making replica of is password protected
|
|
this needs to be in the redis.conf in the masterauth variable
|
|
|
|
seealso:
|
|
- module: community.general.redis_info
|
|
requirements: [ redis ]
|
|
author: "Xabier Larrakoetxea (@slok)"
|
|
'''
|
|
|
|
EXAMPLES = '''
|
|
- name: Set local redis instance to be a replica of melee.island on port 6377
|
|
community.general.redis:
|
|
command: replica
|
|
master_host: melee.island
|
|
master_port: 6377
|
|
|
|
- name: Deactivate replica mode
|
|
community.general.redis:
|
|
command: replica
|
|
replica_mode: master
|
|
|
|
- name: Flush all the redis db
|
|
community.general.redis:
|
|
command: flush
|
|
flush_mode: all
|
|
|
|
- name: Flush only one db in a redis instance
|
|
community.general.redis:
|
|
command: flush
|
|
db: 1
|
|
flush_mode: db
|
|
|
|
- name: Configure local redis to have 10000 max clients
|
|
community.general.redis:
|
|
command: config
|
|
name: maxclients
|
|
value: 10000
|
|
|
|
- name: Configure local redis maxmemory to 4GB
|
|
community.general.redis:
|
|
command: config
|
|
name: maxmemory
|
|
value: 4GB
|
|
|
|
- name: Configure local redis to have lua time limit of 100 ms
|
|
community.general.redis:
|
|
command: config
|
|
name: lua-time-limit
|
|
value: 100
|
|
|
|
- name: Connect using TLS and certificate authentication
|
|
community.general.redis:
|
|
command: config
|
|
name: lua-time-limit
|
|
value: 100
|
|
tls: true
|
|
ca_certs: /etc/redis/certs/ca.crt
|
|
client_cert_file: /etc/redis/certs/redis.crt
|
|
client_key_file: /etc/redis/certs/redis.key
|
|
'''
|
|
|
|
import traceback
|
|
|
|
REDIS_IMP_ERR = None
|
|
try:
|
|
import redis
|
|
except ImportError:
|
|
REDIS_IMP_ERR = traceback.format_exc()
|
|
redis_found = False
|
|
else:
|
|
redis_found = True
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
from ansible.module_utils.common.text.formatters import human_to_bytes
|
|
from ansible.module_utils.common.text.converters import to_native
|
|
from ansible_collections.community.general.plugins.module_utils.redis import (
|
|
fail_imports, redis_auth_argument_spec, redis_auth_params)
|
|
import re
|
|
|
|
|
|
# Redis module specific support methods.
|
|
def set_replica_mode(client, master_host, master_port):
|
|
try:
|
|
return client.slaveof(master_host, master_port)
|
|
except Exception:
|
|
return False
|
|
|
|
|
|
def set_master_mode(client):
|
|
try:
|
|
return client.slaveof()
|
|
except Exception:
|
|
return False
|
|
|
|
|
|
def flush(client, db=None):
|
|
try:
|
|
if not isinstance(db, int):
|
|
return client.flushall()
|
|
else:
|
|
# The passed client has been connected to the database already
|
|
return client.flushdb()
|
|
except Exception:
|
|
return False
|
|
|
|
|
|
# Module execution.
|
|
def main():
|
|
redis_auth_args = redis_auth_argument_spec(tls_default=False)
|
|
module_args = dict(
|
|
command=dict(type='str', choices=['config', 'flush', 'replica', 'slave']),
|
|
master_host=dict(type='str'),
|
|
master_port=dict(type='int'),
|
|
replica_mode=dict(type='str', default='replica', choices=['master', 'replica', 'slave'],
|
|
aliases=["slave_mode"]),
|
|
db=dict(type='int'),
|
|
flush_mode=dict(type='str', default='all', choices=['all', 'db']),
|
|
name=dict(type='str'),
|
|
value=dict(type='str'),
|
|
)
|
|
module_args.update(redis_auth_args)
|
|
module = AnsibleModule(
|
|
argument_spec=module_args,
|
|
supports_check_mode=True,
|
|
)
|
|
|
|
fail_imports(module, module.params['tls'])
|
|
|
|
redis_params = redis_auth_params(module)
|
|
|
|
command = module.params['command']
|
|
if command == "slave":
|
|
command = "replica"
|
|
|
|
# Replica Command section -----------
|
|
if command == "replica":
|
|
master_host = module.params['master_host']
|
|
master_port = module.params['master_port']
|
|
mode = module.params['replica_mode']
|
|
if mode == "slave":
|
|
mode = "replica"
|
|
|
|
# Check if we have all the data
|
|
if mode == "replica": # Only need data if we want to be replica
|
|
if not master_host:
|
|
module.fail_json(msg='In replica mode master host must be provided')
|
|
|
|
if not master_port:
|
|
module.fail_json(msg='In replica mode master port must be provided')
|
|
|
|
# Connect and check
|
|
r = redis.StrictRedis(**redis_params)
|
|
try:
|
|
r.ping()
|
|
except Exception as e:
|
|
module.fail_json(msg="unable to connect to database: %s" % to_native(e), exception=traceback.format_exc())
|
|
|
|
# Check if we are already in the mode that we want
|
|
info = r.info()
|
|
if mode == "master" and info["role"] == "master":
|
|
module.exit_json(changed=False, mode=mode)
|
|
|
|
elif mode == "replica" and info["role"] == "slave" and info["master_host"] == master_host and info["master_port"] == master_port:
|
|
status = dict(
|
|
status=mode,
|
|
master_host=master_host,
|
|
master_port=master_port,
|
|
)
|
|
module.exit_json(changed=False, mode=status)
|
|
else:
|
|
# Do the stuff
|
|
# (Check Check_mode before commands so the commands aren't evaluated
|
|
# if not necessary)
|
|
if mode == "replica":
|
|
if module.check_mode or set_replica_mode(r, master_host, master_port):
|
|
info = r.info()
|
|
status = {
|
|
'status': mode,
|
|
'master_host': master_host,
|
|
'master_port': master_port,
|
|
}
|
|
module.exit_json(changed=True, mode=status)
|
|
else:
|
|
module.fail_json(msg='Unable to set replica mode')
|
|
|
|
else:
|
|
if module.check_mode or set_master_mode(r):
|
|
module.exit_json(changed=True, mode=mode)
|
|
else:
|
|
module.fail_json(msg='Unable to set master mode')
|
|
|
|
# flush Command section -----------
|
|
elif command == "flush":
|
|
db = module.params['db']
|
|
mode = module.params['flush_mode']
|
|
|
|
# Check if we have all the data
|
|
if mode == "db":
|
|
if db is None:
|
|
module.fail_json(msg="In db mode the db number must be provided")
|
|
|
|
# Connect and check
|
|
r = redis.StrictRedis(db=db, **redis_params)
|
|
try:
|
|
r.ping()
|
|
except Exception as e:
|
|
module.fail_json(msg="unable to connect to database: %s" % to_native(e), exception=traceback.format_exc())
|
|
|
|
# Do the stuff
|
|
# (Check Check_mode before commands so the commands aren't evaluated
|
|
# if not necessary)
|
|
if mode == "all":
|
|
if module.check_mode or flush(r):
|
|
module.exit_json(changed=True, flushed=True)
|
|
else: # Flush never fails :)
|
|
module.fail_json(msg="Unable to flush all databases")
|
|
|
|
else:
|
|
if module.check_mode or flush(r, db):
|
|
module.exit_json(changed=True, flushed=True, db=db)
|
|
else: # Flush never fails :)
|
|
module.fail_json(msg="Unable to flush '%d' database" % db)
|
|
elif command == 'config':
|
|
name = module.params['name']
|
|
|
|
try: # try to parse the value as if it were the memory size
|
|
if re.match(r'^\s*(\d*\.?\d*)\s*([A-Za-z]+)?\s*$', module.params['value'].upper()):
|
|
value = str(human_to_bytes(module.params['value'].upper()))
|
|
else:
|
|
value = module.params['value']
|
|
except ValueError:
|
|
value = module.params['value']
|
|
|
|
r = redis.StrictRedis(**redis_params)
|
|
|
|
try:
|
|
r.ping()
|
|
except Exception as e:
|
|
module.fail_json(msg="unable to connect to database: %s" % to_native(e), exception=traceback.format_exc())
|
|
|
|
try:
|
|
old_value = r.config_get(name)[name]
|
|
except Exception as e:
|
|
module.fail_json(msg="unable to read config: %s" % to_native(e), exception=traceback.format_exc())
|
|
changed = old_value != value
|
|
|
|
if module.check_mode or not changed:
|
|
module.exit_json(changed=changed, name=name, value=value)
|
|
else:
|
|
try:
|
|
r.config_set(name, value)
|
|
except Exception as e:
|
|
module.fail_json(msg="unable to write config: %s" % to_native(e), exception=traceback.format_exc())
|
|
module.exit_json(changed=changed, name=name, value=value)
|
|
else:
|
|
module.fail_json(msg='A valid command must be provided')
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|