geerlingguy / ansible-role-redis

Ansible Role - Redis
https://galaxy.ansible.com/geerlingguy/redis/
MIT License
254 stars 197 forks source link

`redis-server` installation fails when IPv6 is disabled #39

Closed 907th closed 4 years ago

907th commented 5 years ago

I used this Redis role after OS hardening role which disabled all IPv6 settings in sysctl.conf. That resulted in the failure of apt-get install redis-server (I'm on Ubuntu server) command.

Error output is:

Reading package lists...
Building dependency tree...
Reading state information...
redis-server is already the newest version (5:4.0.9-1ubuntu0.1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up redis-server (5:4.0.9-1ubuntu0.1) ...
Job for redis-server.service failed because a timeout was exceeded.
See \"systemctl status redis-server.service\" and \"journalctl -xe\" for details.
invoke-rc.d: initscript redis-server, action \"start\" failed.
* redis-server.service - Advanced key-value store
   Loaded: loaded (/lib/systemd/system/redis-server.service; disabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: timeout) since Wed 2019-01-30 15:26:36 MSK; 7ms ago
     Docs: http://redis.io/documentation,
           man:redis-server(1)

Jan 30 15:26:36 eps-lw-banking systemd[1]: \u001b[0;1;31m\u001b[0;1;39m\u001b[0;1;31mFailed to start Advanced key-value store.\u001b[0m
dpkg: error processing package redis-server (--configure):
 installed redis-server package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 redis-server

The problem is that default redis.conf from redis-server package contains bind 127.0.0.1 ::1 line, so Redis tries to bind on disabled IPv6 address and hangs.

I found discussions of this problem on Ubuntu and Debian bugtrackers. I understand that this is more redis-server package problem than the problem of this role, but it would be great if this role had a workaround for this situation.

By default, this role is configured to set bind to 127.0.0.1 (redis_bind_interface setting), so I found the following solution: I changed the order of Redis configuration and Redis installation tasks in the play, and I also added the task for creating the /etc/redis dir:

- name: Ensure Redis configuration dir exists.
  file:
    path: "{{ redis_conf_path | dirname }}"
    state: directory
    mode: 0755

- name: Ensure Redis is configured.
  template:
    src: redis.conf.j2
    dest: "{{ redis_conf_path }}"
    mode: 0644
  notify: restart redis

# Setup/install tasks.
- include_tasks: setup-Debian.yml
  when: ansible_os_family == 'Debian'

Now, when redis-server installation happens, the installer uses preconfigured redis.conf and all works even if IPv6 is totally disabled.

stale[bot] commented 4 years ago

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

stale[bot] commented 4 years ago

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.