Puppet Class: redis::sentinel

Inherits:
redis::params
Defined in:
manifests/sentinel.pp

Summary

Install redis-sentinel

Overview

Examples:

Basic inclusion

include redis::sentinel

Configuring options

class {'redis::sentinel':
  down_after => 80000,
  log_file   => '/var/log/redis/sentinel.log',
}

Parameters:

  • auth_pass (Optional[Variant[String[1], Sensitive[String[1]]]]) (defaults to: undef)

    The password to use to authenticate with the master and slaves.

  • config_file (Stdlib::Absolutepath) (defaults to: $redis::params::sentinel_config_file)

    The location and name of the sentinel config file.

  • config_file_orig (Stdlib::Absolutepath) (defaults to: $redis::params::sentinel_config_file_orig)

    The location and name of a config file that provides the source of the sentinel config file. Two different files are needed because sentinel itself writes to its own config file and we do not want override that when puppet is run unless there are changes from the manifests.

  • config_file_mode (Stdlib::Filemode) (defaults to: '0644')

    Permissions of config file.

  • conf_template (String[1]) (defaults to: 'redis/redis-sentinel.conf.erb')

    Define which template to use.

  • daemonize (Boolean) (defaults to: $redis::params::sentinel_daemonize)

    Have Redis sentinel run as a daemon.

  • down_after (Integer[1]) (defaults to: 30000)

    Number of milliseconds the master (or any attached slave or sentinel) should be unreachable (as in, not acceptable reply to PING, continuously, for the specified period) in order to consider it in S_DOWN state.

  • failover_timeout (Integer[1]) (defaults to: 180000)

    Specify the failover timeout in milliseconds.

  • log_file (Stdlib::Absolutepath) (defaults to: $redis::params::sentinel_log_file)

    Specify where to write log entries.

  • log_level (Redis::LogLevel) (defaults to: 'notice')

    Specify how much we should log.

  • master_name (String[1]) (defaults to: 'mymaster')

    Specify the name of the master redis server. The valid charset is A-z 0-9 and the three characters “.-_”.

  • redis_host (Stdlib::Host) (defaults to: '127.0.0.1')

    Specify the bound host of the master redis server.

  • redis_port (Stdlib::Port) (defaults to: 6379)

    Specify the port of the master redis server.

  • requirepass (Optional[String[1]]) (defaults to: undef)

    Specify the password to require client authentication via the AUTH command, however this feature is only available starting with Redis 5.0.1.

  • protected_mode (Boolean) (defaults to: true)

    Whether protected mode is enabled or not. Only applicable when no bind is set.

  • package_name (String[1]) (defaults to: $redis::params::sentinel_package_name)

    The name of the package that installs sentinel.

  • package_ensure (String[1]) (defaults to: 'installed')

    Do we ensure this package. This parameter takes effect only if an independent package is required for sentinel.

  • parallel_sync (Integer[0]) (defaults to: 1)

    How many slaves can be reconfigured at the same time to use a new master after a failover.

  • pid_file (Stdlib::Absolutepath) (defaults to: $redis::params::sentinel_pid_file)

    If sentinel is daemonized it will write its pid at this location.

  • quorum (Integer[1]) (defaults to: 2)

    Number of sentinels that must agree that a master is down to signal sdown state.

  • sentinel_announce_hostnames (Optional[Enum['yes', 'no']]) (defaults to: undef)

    Whether or not sentinels will announce hostnames instead of ip addresses to clients. This can be required for TLS.

  • sentinel_announce_ip (Optional[Stdlib::Host]) (defaults to: undef)

    Specify the IP or hostname that Sentinel will announce

  • sentinel_bind (Variant[Undef, Stdlib::IP::Address, Array[Stdlib::IP::Address]]) (defaults to: undef)

    Allow optional sentinel server ip binding. Can help overcome issues arising from protect-mode added Redis 3.2

  • sentinel_port (Stdlib::Port) (defaults to: 26379)

    The port of sentinel server.

  • sentinel_resolve_hostnames (Optional[Enum['yes', 'no']]) (defaults to: undef)

    Whether or not sentinels can resolve hostnames to ip addresses.

  • sentinel_tls_port (Optional[Stdlib::Port::Unprivileged]) (defaults to: undef)

    Configure which TLS port to listen on.

  • service_group (String[1]) (defaults to: 'redis')

    The group of the config file.

  • service_name (String[1]) (defaults to: $redis::params::sentinel_service_name)

    The name of the service (for puppet to manage).

  • service_user (String[1]) (defaults to: 'redis')

    The owner of the config file.

  • service_enable (Boolean) (defaults to: true)

    Enable the service at boot time.

  • tls_cert_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Specify which X.509 certificate file to use for TLS connections.

  • tls_key_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Specify which privaye key file to use for TLS connections.

  • tls_ca_cert_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Specify which X.509 CA certificate(s) bundle file to use.

  • tls_ca_cert_dir (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Specify which X.509 CA certificate(s) bundle directory to use.

  • tls_auth_clients (Enum['yes', 'no', 'optional']) (defaults to: 'no')

    Specify if clients and replicas are required to authenticate using valid client side certificates.

  • tls_replication (Boolean) (defaults to: false)

    Specify if TLS should be enabled on replication links.

  • working_dir (Stdlib::Absolutepath) (defaults to: $redis::params::sentinel_working_dir)

    The directory into which sentinel will change to avoid mount conflicts.

  • notification_script (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to the notification script

  • client_reconfig_script (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to the client-reconfig script

  • acls (Array[String[1]]) (defaults to: [])

    This is a way to pass an array of raw ACLs to Sentinel. The ACLs must be in the form of:

    user USERNAME [additional ACL options]
  • service_ensure (Stdlib::Ensure::Service) (defaults to: 'running') 


148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
 
# File 'manifests/sentinel.pp', line 148

class redis::sentinel (
  Optional[Variant[String[1], Sensitive[String[1]]]] $auth_pass = undef,
  Stdlib::Absolutepath $config_file = $redis::params::sentinel_config_file,
  Stdlib::Absolutepath $config_file_orig = $redis::params::sentinel_config_file_orig,
  Stdlib::Filemode $config_file_mode = '0644',
  String[1] $conf_template = 'redis/redis-sentinel.conf.erb',
  Boolean $daemonize = $redis::params::sentinel_daemonize,
  Boolean $protected_mode = true,
  Integer[1] $down_after = 30000,
  Integer[1] $failover_timeout = 180000,
  Redis::LogLevel $log_level = 'notice',
  Stdlib::Absolutepath $log_file = $redis::params::sentinel_log_file,
  String[1] $master_name  = 'mymaster',
  Stdlib::Host $redis_host = '127.0.0.1',
  Stdlib::Port $redis_port = 6379,
  Optional[String[1]] $requirepass = undef,
  String[1] $package_name = $redis::params::sentinel_package_name,
  String[1] $package_ensure = 'installed',
  Integer[0] $parallel_sync = 1,
  Stdlib::Absolutepath $pid_file = $redis::params::sentinel_pid_file,
  Integer[1] $quorum = 2,
  Optional[Enum['yes', 'no']] $sentinel_announce_hostnames = undef,
  Optional[Stdlib::Host] $sentinel_announce_ip = undef,
  Variant[Undef, Stdlib::IP::Address, Array[Stdlib::IP::Address]] $sentinel_bind = undef,
  Stdlib::Port $sentinel_port = 26379,
  Optional[Enum['yes', 'no']] $sentinel_resolve_hostnames = undef,
  Optional[Stdlib::Port::Unprivileged] $sentinel_tls_port = undef,
  String[1] $service_group = 'redis',
  String[1] $service_name = $redis::params::sentinel_service_name,
  Stdlib::Ensure::Service $service_ensure = 'running',
  Boolean $service_enable = true,
  String[1] $service_user = 'redis',
  Optional[Stdlib::Absolutepath] $tls_cert_file = undef,
  Optional[Stdlib::Absolutepath] $tls_key_file = undef,
  Optional[Stdlib::Absolutepath] $tls_ca_cert_file = undef,
  Optional[Stdlib::Absolutepath] $tls_ca_cert_dir = undef,
  Enum['yes', 'no', 'optional'] $tls_auth_clients = 'no',
  Boolean $tls_replication = false,
  Stdlib::Absolutepath $working_dir = $redis::params::sentinel_working_dir,
  Optional[Stdlib::Absolutepath] $notification_script = undef,
  Optional[Stdlib::Absolutepath] $client_reconfig_script = undef,
  Array[String[1]] $acls = [],
) inherits redis::params {
  $auth_pass_unsensitive = if $auth_pass =~ Sensitive {
    $auth_pass.unwrap
  } else {
    $auth_pass
  }

  contain 'redis'

  if $package_name != $redis::package_name {
    ensure_packages([$package_name], {
        ensure => $package_ensure
    })
    Package[$package_name] -> Class['redis']
  }
  Package[$package_name] -> File[$config_file_orig]

  $sentinel_bind_arr = delete_undef_values([$sentinel_bind].flatten)

  file { $config_file_orig:
    ensure  => file,
    owner   => $service_user,
    group   => $service_group,
    mode    => $config_file_mode,
    content => template($conf_template),
  }

  exec { "cp -p ${config_file_orig} ${config_file}":
    path        => '/usr/bin:/bin',
    subscribe   => File[$config_file_orig],
    notify      => Service[$service_name],
    refreshonly => true,
  }

  service { $service_name:
    ensure => $service_ensure,
    enable => $service_enable,
  }
}