diff --git a/pillar/cove.sls b/pillar/cove.sls index c0036079..101ef489 100644 --- a/pillar/cove.sls +++ b/pillar/cove.sls @@ -2,7 +2,6 @@ x-volumes: &volumes - db - media - redis/data - - redis/tmp x-env: &env DJANGO_PROXY: True diff --git a/pillar/digitalbuying.sls b/pillar/digitalbuying.sls index 3b91437d..2812ee6e 100644 --- a/pillar/digitalbuying.sls +++ b/pillar/digitalbuying.sls @@ -21,7 +21,6 @@ docker_apps: volumes: - media - redis/data - - redis/tmp env: DJANGO_PROXY: True ALLOWED_HOSTS: digitalbuying.open-contracting.org diff --git a/pillar/dreambi.sls b/pillar/dreambi.sls index aff827f2..baff0995 100644 --- a/pillar/dreambi.sls +++ b/pillar/dreambi.sls @@ -47,7 +47,6 @@ docker_apps: site: bi.dream.gov.ua volumes: - redis/data - - redis/tmp env: # Must end with a "/". QLIK_PROXY_SERVICE: https://ocp15.open-contracting.org:4243/qps/prod/ diff --git a/pillar/registry.sls b/pillar/registry.sls index 5d5684df..7a04de25 100644 --- a/pillar/registry.sls +++ b/pillar/registry.sls @@ -181,7 +181,6 @@ docker_apps: - media - tmp - redis/data - - redis/tmp env: DJANGO_PROXY: True ALLOWED_HOSTS: flatten.open-contracting.org diff --git a/salt/docker_apps/files/conf/redis.conf b/salt/docker_apps/files/conf/redis.conf new file mode 100644 index 00000000..51732b4c --- /dev/null +++ b/salt/docker_apps/files/conf/redis.conf @@ -0,0 +1,101 @@ +# Network +bind 0.0.0.0 :: +protected-mode no + +# TLS/SSL +port 6379 +tcp-backlog 511 +timeout 0 +tcp-keepalive 300 + +# General +daemonize yes +pidfile /tmp/redis.pid +loglevel notice +logfile "" +databases 16 +always-show-logo no +set-proc-title yes +proc-title-template "{title} {listen-addr} {server-mode}" + +# Snapshotting +stop-writes-on-bgsave-error yes +rdbcompression yes +rdbchecksum yes +dbfilename dump.rdb +rdb-del-sync-files no +dir /data +save "" + +# Replication +replica-serve-stale-data yes +replica-read-only yes +repl-diskless-sync no +repl-diskless-sync-delay 5 +repl-diskless-load disabled +repl-disable-tcp-nodelay no +replica-priority 100 + +# Security +acllog-max-len 128 + +# Lazy Freeing +lazyfree-lazy-eviction no +lazyfree-lazy-expire no +lazyfree-lazy-server-del no +replica-lazy-flush no +lazyfree-lazy-user-del no +lazyfree-lazy-user-flush no + +# Kernel OOM Control +oom-score-adj no +oom-score-adj-values 0 200 800 + +# Kernel transparent huge page Control +disable-thp yes + +# Append Only Mode +appendonly yes +appendfilename "appendonly.aof" +appendfsync everysec +no-appendfsync-on-rewrite no +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb +aof-load-truncated yes +aof-use-rdb-preamble yes + +# Non-Deterministic Long Blocking Commands +lua-time-limit 5000 + +# Slow Log +slowlog-log-slower-than 10000 +slowlog-max-len 128 + +# Latency Monitor +latency-monitor-threshold 0 + +# Event Notification +notify-keyspace-events "" + +# Advanced Config +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 +list-max-ziplist-size -2 +list-compress-depth 0 +set-max-intset-entries 512 +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 +hll-sparse-max-bytes 3000 +stream-node-max-bytes 4096 +stream-node-max-entries 100 +activerehashing yes +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit replica 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 +hz 10 +dynamic-hz yes +aof-rewrite-incremental-fsync yes +rdb-save-incremental-fsync yes + +# Active Defragmentation +jemalloc-bg-thread yes diff --git a/salt/docker_apps/files/cove.yaml b/salt/docker_apps/files/cove.yaml index cdb747ef..42975336 100644 --- a/salt/docker_apps/files/cove.yaml +++ b/salt/docker_apps/files/cove.yaml @@ -21,10 +21,10 @@ x-django: &django services: {%- if 'REDIS_URL' in entry.env %} redis: - image: bitnamilegacy/redis:6.2 + image: rapidfort/redis-official:6.2-bookworm + command: ["redis-server", "/redis.conf"] + user: "{{ pillar.docker.uid }}:{{ pillar.docker.uid }}" restart: always - environment: - ALLOW_EMPTY_PASSWORD: "yes" healthcheck: test: redis-cli -h 127.0.0.1 ping | grep -q PONG interval: 10s @@ -32,7 +32,7 @@ services: retries: 5 volumes: - {{ directory }}/redis/data:/bitnami/redis/data - - {{ directory }}/redis/tmp:/opt/bitnami/redis/tmp + - {{ directory }}/redis/redis.conf:/redis.conf {%- endif %} web: <<: *django diff --git a/salt/docker_apps/files/digitalbuying.yaml b/salt/docker_apps/files/digitalbuying.yaml index 2fd48b2a..9f269873 100644 --- a/salt/docker_apps/files/digitalbuying.yaml +++ b/salt/docker_apps/files/digitalbuying.yaml @@ -16,18 +16,18 @@ x-django: &django services: redis: - image: bitnamilegacy/redis:6.2 + image: rapidfort/redis-official:6.2-bookworm + command: ["redis-server", "/redis.conf"] + user: "{{ pillar.docker.uid }}:{{ pillar.docker.uid }}" restart: always - environment: - ALLOW_EMPTY_PASSWORD: "yes" healthcheck: test: redis-cli -h 127.0.0.1 ping | grep -q PONG interval: 10s timeout: 5s retries: 5 volumes: - - {{ directory }}/redis/data:/bitnami/redis/data - - {{ directory }}/redis/tmp:/opt/bitnami/redis/tmp + - {{ directory }}/redis/data:/data + - {{ directory }}/redis/redis.conf:/redis.conf web: <<: *django ports: diff --git a/salt/docker_apps/files/qlikauth.yaml b/salt/docker_apps/files/qlikauth.yaml index e6be95f4..5c82ff27 100644 --- a/salt/docker_apps/files/qlikauth.yaml +++ b/salt/docker_apps/files/qlikauth.yaml @@ -5,10 +5,10 @@ x-shared: &shared services: redis: - image: bitnamilegacy/redis:6.2 + image: rapidfort/redis-official:6.2-bookworm + command: ["redis-server", "/redis.conf"] + user: "{{ pillar.docker.uid }}:{{ pillar.docker.uid }}" restart: always - environment: - ALLOW_EMPTY_PASSWORD: "yes" healthcheck: test: redis-cli -h 127.0.0.1 ping | grep -q PONG interval: 10s @@ -16,7 +16,7 @@ services: retries: 5 volumes: - {{ directory }}/redis/data:/bitnami/redis/data - - {{ directory }}/redis/tmp:/opt/bitnami/redis/tmp + - {{ directory }}/redis/redis.conf:/redis.conf web: <<: *shared image: "ghcr.io/open-contracting/bi.dream.gov.ua-qlikauth:latest" diff --git a/salt/docker_apps/files/spoonbill.yaml b/salt/docker_apps/files/spoonbill.yaml index 12e8a3f6..578baa54 100644 --- a/salt/docker_apps/files/spoonbill.yaml +++ b/salt/docker_apps/files/spoonbill.yaml @@ -20,10 +20,10 @@ x-django: &django services: redis: - image: bitnamilegacy/redis:6.2 + image: rapidfort/redis-official:6.2-bookworm + command: ["redis-server", "/redis.conf"] + user: "{{ pillar.docker.uid }}:{{ pillar.docker.uid }}" restart: always - environment: - ALLOW_EMPTY_PASSWORD: "yes" healthcheck: test: redis-cli -h 127.0.0.1 ping | grep -q PONG interval: 10s @@ -31,7 +31,7 @@ services: retries: 5 volumes: - {{ entry.host_dir }}/redis/data:/bitnami/redis/data - - {{ entry.host_dir }}/redis/tmp:/opt/bitnami/redis/tmp + - {{ directory }}/redis/redis.conf:/redis.conf web: <<: *django ports: diff --git a/salt/docker_apps/init.sls b/salt/docker_apps/init.sls index ff066fe8..dfbb2cfd 100644 --- a/salt/docker_apps/init.sls +++ b/salt/docker_apps/init.sls @@ -41,16 +41,23 @@ include: - user: {{ pillar.docker.user }}_user_exists {% for volume in entry.volumes|default([]) %} -# "NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID 1001." -# https://github.com/bitnami/containers/blob/main/bitnami/redis/README.md#persisting-your-database -{% set volume_user_group = 1001 if volume.startswith('redis/') else pillar.docker.user %} - {{ entry.host_dir|default(directory) }}/{{ volume }}: file.directory: - - user: {{ volume_user_group }} - - group: {{ volume_user_group }} + - user: {{ pillar.docker.user }} + - group: {{ pillar.docker.user }} - makedirs: True - require: - user: {{ pillar.docker.user }}_user_exists {% endfor %} + +{% if 'redis' in entry.volumes|join(' ') %} +{{ directory }}/redis/redis.conf: + file.managed: + - source: salt://docker_apps/files/conf/redis.conf + - user: {{ pillar.docker.user }} + - group: {{ pillar.docker.user }} + - makedirs: True + - require: + - user: {{ pillar.docker.user }}_user_exists +{% endif %} {% endfor %}