diff --git a/ansible/artifacts/cache/cache.service b/ansible/artifacts/cache/cache.service new file mode 100644 index 0000000..1f7e25b --- /dev/null +++ b/ansible/artifacts/cache/cache.service @@ -0,0 +1,18 @@ +[Unit] +Description=Redis instance with mCaptcha cache module +After=network.target +Documentation=https://github.com/mCaptcha/cache + +[Service] +Type=notify +ExecStart=/usr/bin/redis-server /etc/redis/redis.conf --supervised systemd --daemonize no +PIDFile=/run/redis/redis-server.pid +TimeoutStopSec=0 +Restart=always +User=redis +Group=redis +RuntimeDirectory=redis +RuntimeDirectoryMode=2755 + +UMask=007 +PrivateTmp=true diff --git a/ansible/artifacts/cache/redis.conf b/ansible/artifacts/cache/redis.conf new file mode 100644 index 0000000..7c7ddc3 --- /dev/null +++ b/ansible/artifacts/cache/redis.conf @@ -0,0 +1,2 @@ +loadmodule /usr/lib/redis/modules/libcache.so +bind 0.0.0.0 diff --git a/ansible/cache.yml b/ansible/cache.yml new file mode 100644 index 0000000..da9bdb2 --- /dev/null +++ b/ansible/cache.yml @@ -0,0 +1,91 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later +--- +- name: Base configuration + ansible.builtin.import_playbook: base.yml + +- name: Install redis cache + hosts: mcaptcha_demo_server + remote_user: atm + pre_tasks: + - name: Ensure all VMs are reachable + ansible.builtin.ping: + + tasks: + - name: Install redis-server + become: true + ansible.builtin.apt: + update_cache: true + pkg: + - redis-server + + - name: Create Redis plugins dir + become: true + ansible.builtin.file: + path: /usr/lib/redis/modules + owner: redis + group: redis + state: directory + mode: "0755" + + - name: Copy custom Redis configuration + become: true + ansible.builtin.copy: + src: ./artifacts/cache/redis.conf + dest: /etc/redis/ + owner: redis + group: redis + force: true + mode: "0640" + + - name: Create download dir + ansible.builtin.file: + path: /tmp/cache-lib + state: directory + mode: "0755" + + - name: Download plugin + ansible.builtin.get_url: + url: https://dl.mcaptcha.org/mcaptcha/cache/master/cache-master-linux-amd64.tar.gz + dest: /tmp/cache-lib/ + checksum: sha256:https://dl.mcaptcha.org/mcaptcha/cache/master/cache-master-linux-amd64.tar.gz.sha256 + + - name: Extract cache-master-linux-amd64.tar.gz into /var/lib/foo + ansible.builtin.unarchive: + src: /tmp/cache-lib/cache-master-linux-amd64.tar.gz + remote_src: true + dest: /tmp/cache-lib/ + + - name: Copy custom Redis configuration + become: true + notify: restart redis + ansible.builtin.copy: + src: /tmp/cache-lib/cache-master-linux-amd64/libcache.so + remote_src: true + dest: /usr/lib/redis/modules/ + owner: redis + group: redis + force: true + mode: "0755" + + # - name: Delete download dir + # ansible.builtin.file: + # path: /tmp/cache-lib + # state: absent + + - name: Allow port 6379 for redis + become: true + community.general.ufw: + state: enabled + rule: allow + proto: tcp + port: "6379" + + handlers: + - name: Restart redis + listen: restart redis + ansible.builtin.service: + name: redis + enabled: true + state: restarted diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 5058737..a204433 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -28,7 +28,7 @@ name: docker-ce update_cache: true -# - name: Install Docker Module for Python +#- name: Install Docker Module for Python # become: true # community.general.pipx: # name: docker diff --git a/tests/cache/base.py b/tests/cache/base.py new file mode 100644 index 0000000..977b644 --- /dev/null +++ b/tests/cache/base.py @@ -0,0 +1,22 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +import os + + +def test_redis_is_listening(host): + socket = host.socket(f"tcp://0.0.0.0:6379") + assert socket.is_listening + + +def test_redis_config_exists(host): + config = host.file("/etc/redis/redis.conf") + assert config.exists + assert config.is_file + + +def test_redis_service_running_and_enabled(host): + service = host.service("redis") + assert service.is_running + assert service.is_enabled