Configuration directory task is breaking idempotence

geerlingguy / ansible-role-redis

Ansible Role - Redis

https://galaxy.ansible.com/geerlingguy/redis/

MIT License

255 stars 197 forks source link

Configuration directory task is breaking idempotence #84

Closed geerlingguy closed 4 months ago

geerlingguy commented 4 months ago

Also related: #80

  TASK [geerlingguy.redis : Ensure Redis configuration dir exists.] **************
  changed: [instance]

geerlingguy commented 4 months ago

This is also breaking CI on my php-redis role: https://github.com/geerlingguy/ansible-role-php-redis/issues/6

geerlingguy commented 4 months ago

During first run (before redis restarts):

[root@instance /]# ls -lah /etc/redis
total 16K
drwxr-xr-x 2 root root 4.0K Jul 31 05:16 .
drwxr-xr-x 1 root root 4.0K Jul 31 05:16 ..
-rw-r--r-- 1 root root  609 Jul 31 05:16 redis.conf

After first run (after redis restarts):

[root@instance /]# ls -lah /etc/redis
total 124K
drwxr-x--- 2 redis root 4.0K Jul 31 05:17 .
drwxr-xr-x 1 root  root 4.0K Jul 31 05:17 ..
-rw-r--r-- 1 root  root  609 Jul 31 05:16 redis.conf
-rw-r----- 1 redis root  92K Oct 30  2022 redis.conf.rpmnew
-rw-r----- 1 redis root  14K Oct 30  2022 sentinel.conf

geerlingguy commented 4 months ago

Well... idempotence was fixed on RockyLinux9, but now is still failing on Ubuntu2404. Testing locally on that.

geerlingguy commented 4 months ago

During first run (before redis restarts):

root@instance:/# ls -lah /etc/redis
total 16K
drwxr-x--- 2 root root 4.0K Jul 31 05:32 .
drwxr-xr-x 1 root root 4.0K Jul 31 05:32 ..
-rw-r----- 1 root root  616 Jul 31 05:32 redis.conf

After first run (after redis restarts):

root@instance:/# ls -lah /etc/redis
total 124K
drwxrws--- 2 redis redis 4.0K Jul 31 05:32 .
drwxr-xr-x 1 root  root  4.0K Jul 31 05:32 ..
-rw-r----- 1 redis redis  616 Jul 31 05:32 redis.conf
-rw-r----- 1 root  root  105K Apr  1 07:33 redis.conf.dpkg-dist

geerlingguy commented 4 months ago

It looks like the group setuid bit would == 02750? Ugh... might have to make this configurable between Debian / RHELs.

geerlingguy commented 4 months ago

Should be fixed now!

smagdziarz commented 1 month ago

Hi @geerlingguy, I'm having issues with running this ansible role after upgrading from 1.7.0 to 1.9.0 - Redis is unable to start because it cannot open the config file: Fatal error, can't open config file '/etc/redis/redis.conf'.

I'm not that fluent with Linux permissions, but could it be that the permissions of the config directory are causing the issue? I saw this was one of the changes made recently in the role:

redis_conf_dir_mode: 02770

Edit: setting the mode to 02771 seems to do the trick for me..

geerlingguy commented 1 month ago

All the documentation online seems to point to 770 permissions for that file... it works in CI, but that doesn't mean it works in all real world deployments.

smagdziarz commented 3 weeks ago

Hi @geerlingguy, would you be able to share the docs you looked into? Perhaps that could shed some more light and help me find a solution.

Or perhaps there is a way to override the value of the redis_conf_dir_mode variable? I tried to do that in my group_vars, but that didn't work.

Update 6 Nov: it looks like I can override this variable using the ansible.builtin.set_fact module.