playbook.yml

---
# based on Digital Ocean's installation guide
# https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-redis-on-ubuntu-16-04
- hosts: all 
  sudo: True
  remote_user: root

  vars:
    ipv4_addr: '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
    redis_user: redis
    redis_group: redis
    # change for production
    redis_bind_addr: 127.0.0.1
    redis_port: 6379
    redis_tcp_sockets: 511
    redis_socket: /var/run/redis/redis.sock
    redis_socket_permissions: 770
    redis_logfile: /var/log/redis/redis-server.log
    # generate a 32-character password with apg:
    # apg -m 32 -x 1 -a 1 -n 1
    redis_password: redis
  
  # install python 2.7 on Ubuntu > 14.x 
  # solves "/bin/sh: 1: /usr/bin/python: not found" issue with
  # later Ubuntu releases
  gather_facts: no
  pre_tasks:
    - name: 'install python2'
      raw: sudo apt-get -y install python-simplejson  

  tasks:
    - name: update apt cache
      apt: update_cache=yes

    - name: install required packages
      apt: name={{ item }} state=present
      with_items:
        - build-essential
        - tcl

    - name: download redis src
      # remote_src broken in ~ 2.1
      # https://github.com/ansible/ansible-modules-core/issues/4752
      unarchive: 
        src: http://download.redis.io/redis-stable.tar.gz 
        copy: no
        dest: /tmp
        mode: u=rwx,g=rx,o=rx
        owner: root
        creates: /tmp/redis-stable
    
    - name: make redis
      make: chdir=/tmp/redis-stable

    - name: test and install redis
      make: chdir=/tmp/redis-stable target={{ item }}
      become: yes
      with_items:
        - test
        - install

    - name: create /etc/redis, data, logs, and socket directories
      file: path={{ item }} state=directory
      with_items:
        - /etc/redis
        - /var/lib/redis
        - /var/log/redis
        - /var/run/redis

    - name: copy default redis.conf
      # create a copy of the default redis.conf
      copy: remote_src=True
            src=/tmp/redis-stable/redis.conf
            dest=/etc/redis/redis.conf
      become: yes

    - name: configure systemmd
      lineinfile: dest=/etc/redis/redis.conf 
                regexp='^supervised no$' 
                line='supervised systemd'
                state=present

    - name: store redis data in /var/lib/redis
      lineinfile: dest=/etc/redis/redis.conf
                regexp='^dir ./$'
                line='dir /var/lib/redis'
                state=present

    - name: secure redis
      lineinfile: 
        dest: /etc/redis/redis.conf
        regexp: '^# requirepass \w*$'
        line: 'requirepass {{ redis_password }}'
        state: present

    - name: bind to redis.bind_addr
      lineinfile: 
        dest: /etc/redis/redis.conf
        regexp: '^bind {{ ipv4_addr }}$'
        line: 'bind {{ redis_bind_addr }}'
        state: present

    - name: configure logging
      lineinfile: 
        dest: /etc/redis/redis.conf
        regexp: '^logfile ""$'
        line: 'logfile {{ redis_logfile }}'
        state: present

    - name: Check rc.local exists
      stat:
        path: /etc/rc.local
      register: rc_local

    - name: Create rc.local if not present
      when: rc_local.islnk is not defined
      template:
        src: templates/rc.local
        dest: /etc/rc.local
        mode: '0755'

    - name: disable Transparent Huge Pages (THP) support
      lineinfile: dest=/etc/rc.local
            	  insertbefore='^exit 0$'
          	  line='echo never > /sys/kernel/mm/transparent_hugepage/enabled'
          	  state=present
      become: yes

    - name: fix TCP backlog
      lineinfile: dest=/etc/rc.local
                insertbefore='^exit 0$'
                line='net.core.somaxconn={{ redis_tcp_sockets }}'
                state=present
      become: yes

    - command: sysctl -w net.core.somaxconn={{ redis_tcp_sockets }}
      become: yes

    - name: enable low-memory background saves
      lineinfile: dest=/etc/sysctl.conf
                regexp=''
                insertafter=EOF
                line='vm.overcommit_memory = 1'
      become: yes

    - command: sysctl vm.overcommit_memory=1
      become: yes

    - name: create redis-as-a-service
      template: src=templates/redis.service.j2 
                dest=/etc/systemd/system/redis.service
                owner=root
                group=root
                mode=0644

    - name: create redis group
      group: name=redis state=present

    - name: create redis user
      user: name={{ redis_user }}
            group={{ redis_group }}
            shell=/bin/bash
            createhome=no
    
    - name: enable unix socket support
      lineinfile: dest=/etc/redis/redis.conf
                regexp='^unixsocket {{ redis_socket }}$'
                line='unixsocket {{ redis_socket }}'
                state=present
                insertafter=EOF
                create=True

    - name: configure unix socket permissions
      lineinfile: dest=/etc/redis/redis.conf
                regexp='^unixsocketperm {{ redis_socket_permissions }}$'
                line='unixsocketperm {{ redis_socket_permissions }}'
                state=present
                insertafter=EOF
                create=True

    - name: set permissions for redis
      file: path={{ item }} state=touch owner=redis group=redis mode=0770
      with_items:
        - /etc/redis
        - /var/lib/redis
        - /var/log/redis
        - /var/run/redis
      become: yes

    - name: start redis
      service: name=redis state=restarted enabled=yes