geerlingguy / ansible-role-redis

Ansible Role - Redis
https://galaxy.ansible.com/geerlingguy/redis/
MIT License
254 stars 197 forks source link

Configuration directory task is breaking idempotence #84

Closed geerlingguy closed 3 months ago

geerlingguy commented 3 months ago

Also related: #80

  TASK [geerlingguy.redis : Ensure Redis configuration dir exists.] **************
  changed: [instance]
geerlingguy commented 3 months ago

This is also breaking CI on my php-redis role: https://github.com/geerlingguy/ansible-role-php-redis/issues/6

geerlingguy commented 3 months ago

During first run (before redis restarts):

[root@instance /]# ls -lah /etc/redis
total 16K
drwxr-xr-x 2 root root 4.0K Jul 31 05:16 .
drwxr-xr-x 1 root root 4.0K Jul 31 05:16 ..
-rw-r--r-- 1 root root  609 Jul 31 05:16 redis.conf

After first run (after redis restarts):

[root@instance /]# ls -lah /etc/redis
total 124K
drwxr-x--- 2 redis root 4.0K Jul 31 05:17 .
drwxr-xr-x 1 root  root 4.0K Jul 31 05:17 ..
-rw-r--r-- 1 root  root  609 Jul 31 05:16 redis.conf
-rw-r----- 1 redis root  92K Oct 30  2022 redis.conf.rpmnew
-rw-r----- 1 redis root  14K Oct 30  2022 sentinel.conf
geerlingguy commented 3 months ago

Well... idempotence was fixed on RockyLinux9, but now is still failing on Ubuntu2404. Testing locally on that.

geerlingguy commented 3 months ago

During first run (before redis restarts):

root@instance:/# ls -lah /etc/redis
total 16K
drwxr-x--- 2 root root 4.0K Jul 31 05:32 .
drwxr-xr-x 1 root root 4.0K Jul 31 05:32 ..
-rw-r----- 1 root root  616 Jul 31 05:32 redis.conf

After first run (after redis restarts):

root@instance:/# ls -lah /etc/redis
total 124K
drwxrws--- 2 redis redis 4.0K Jul 31 05:32 .
drwxr-xr-x 1 root  root  4.0K Jul 31 05:32 ..
-rw-r----- 1 redis redis  616 Jul 31 05:32 redis.conf
-rw-r----- 1 root  root  105K Apr  1 07:33 redis.conf.dpkg-dist
geerlingguy commented 3 months ago

It looks like the group setuid bit would == 02750? Ugh... might have to make this configurable between Debian / RHELs.

geerlingguy commented 3 months ago

Should be fixed now!

smagdziarz commented 1 week ago

Hi @geerlingguy, I'm having issues with running this ansible role after upgrading from 1.7.0 to 1.9.0 - Redis is unable to start because it cannot open the config file: Fatal error, can't open config file '/etc/redis/redis.conf'.

I'm not that fluent with Linux permissions, but could it be that the permissions of the config directory are causing the issue? I saw this was one of the changes made recently in the role:

redis_conf_dir_mode: 02770

Edit: setting the mode to 02771 seems to do the trick for me..

geerlingguy commented 1 week ago

All the documentation online seems to point to 770 permissions for that file... it works in CI, but that doesn't mean it works in all real world deployments.