redis socket support

2026-01-09 23:12:08 -03:30 · 2020-03-05 14:19:46 -05:00 · 2020-03-05 14:19:46 -05:00 · 770b457430
commit 770b457430
parent d58df0f34a
26 changed files with 95 additions and 91 deletions
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@ -421,7 +421,7 @@ os.environ.setdefault('DJANGO_LIVE_TEST_SERVER_ADDRESS', 'localhost:9013-9199')

 BROKER_DURABILITY = True
 BROKER_POOL_LIMIT = None
-BROKER_URL = 'redis://localhost:6379'
+BROKER_URL = 'unix:///var/run/redis/redis.sock'
 BROKER_TRANSPORT_OPTIONS = {}
 CELERYBEAT_SCHEDULE = {
    'tower_scheduler': {
@ -956,7 +956,7 @@ CHANNEL_LAYERS = {
    "default": {
        "BACKEND": "channels_redis.core.RedisChannelLayer",
        "CONFIG": {
-            "hosts": [("localhost", 6379)],
+            "hosts": [BROKER_URL],
            "capacity": 10000,
        },
    },
--- a/awx/settings/local_settings.py.docker_compose
+++ b/awx/settings/local_settings.py.docker_compose
@ -12,9 +12,7 @@
 # MISC PROJECT SETTINGS
 ###############################################################################
 import os
-import urllib.parse
 import sys
-from urllib import parse

 # Enable the following lines and install the browser extension to use Django debug toolbar
 # if your deployment method is not VMWare of Docker-for-Mac you may
@ -50,22 +48,6 @@ if "pytest" in sys.modules:
        }
    }

-# Use Redis as the message bus for now
-# Default to "just works" for single tower docker
-BROKER_URL = os.environ.get('BROKER_URL', "redis://redis_1:6379")
-
-redis_parts = parse.urlparse(BROKER_URL)
-
-CHANNEL_LAYERS = {
-    "default": {
-        "BACKEND": "channels_redis.core.RedisChannelLayer",
-        "CONFIG": {
-            "hosts": [(redis_parts.hostname, redis_parts.port)],
-            "capacity": 10000,
-        },
-    },
-}
-
 # Absolute filesystem path to the directory to host projects (with playbooks).
 # This directory should NOT be web-accessible.
 PROJECTS_ROOT = '/var/lib/awx/projects/'
--- a/installer/roles/image_build/files/launch_awx.sh
+++ b/installer/roles/image_build/files/launch_awx.sh
@ -9,7 +9,6 @@ source /etc/tower/conf.d/environment.sh

 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=$MEMCACHED_PORT" all
-ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$REDIS_HOST port=$REDIS_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all

 awx-manage collectstatic --noinput --clear
--- a/installer/roles/image_build/files/settings.py
+++ b/installer/roles/image_build/files/settings.py
@ -85,16 +85,4 @@ DATABASES = {
 if os.getenv("DATABASE_SSLMODE", False):
    DATABASES['default']['OPTIONS'] = {'sslmode': os.getenv("DATABASE_SSLMODE")}

-BROKER_URL = 'redis://{}:{}'.format(
-    os.getenv("REDIS_HOST", None),
-    os.getenv("REDIS_PORT", "6379"),)
-
-CHANNEL_LAYERS = {
-    'default': {'BACKEND': 'channels_redis.core.RedisChannelLayer',
-                'CONFIG': {
-                    'hosts': [(os.getenv("REDIS_HOST", None), int(os.getenv("REDIS_PORT", 6379)))]
-                    'capacity': 10000,
-                }}
-}
-
 USE_X_FORWARDED_PORT = True
--- a/installer/roles/image_build/templates/launch_awx_task.sh.j2
+++ b/installer/roles/image_build/templates/launch_awx_task.sh.j2
@ -9,7 +9,6 @@ source /etc/tower/conf.d/environment.sh

 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=$MEMCACHED_PORT" all
-ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$REDIS_HOST port=$REDIS_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all

 if [ -z "$AWX_SKIP_MIGRATIONS" ]; then
--- a/installer/roles/kubernetes/defaults/main.yml
+++ b/installer/roles/kubernetes/defaults/main.yml
@ -25,8 +25,7 @@ redis_cpu_request: 500

 kubernetes_redis_image: "redis"
 kubernetes_redis_image_tag: "latest"
-kubernetes_redis_hostname: "localhost"
-kubernetes_redis_port: "6379"
+kubernetes_redis_config_mount_path: "/usr/local/etc/redis/redis.conf"

 memcached_hostname: localhost
 memcached_mem_request: 1
--- a/installer/roles/kubernetes/templates/configmap.yml.j2
+++ b/installer/roles/kubernetes/templates/configmap.yml.j2
@ -205,5 +205,11 @@ data:
    USE_X_FORWARDED_PORT = True

    AWX_CONTAINER_GROUP_DEFAULT_IMAGE = "{{ container_groups_image }}"
-    BROADCAST_WEBSOCKETS_PORT = 8052
-    BROADCAST_WEBSOCKETS_PROTOCOL = 'http'
+    BROADCAST_WEBSOCKET_PORT = 8052
+    BROADCAST_WEBSOCKET_PROTOCOL = 'http'
+
+  {{ kubernetes_deployment_name }}_redis_conf: |
+    unixsocket /var/run/redis/redis.sock
+    unixsocketperm 777
+    port 0
+    bind 127.0.0.1
--- a/installer/roles/kubernetes/templates/credentials.py.j2
+++ b/installer/roles/kubernetes/templates/credentials.py.j2
@ -12,15 +12,3 @@ DATABASES = {
        },
    }
 }
-
-BROKER_URL = 'redis://{}:{}/'.format(
-    "{{ kubernetes_redis_hostname }}",
-    "{{ kubernetes_redis_port }}",)
-
-CHANNEL_LAYERS = {
-    'default': {'BACKEND': 'channels_redis.core.RedisChannelLayer',
-                'CONFIG': {
-                    'hosts': [("{{ kubernetes_redis_hostname }}", {{ kubernetes_redis_port|int }})],
-                    'capacity': 10000,
-                 }}
-}
--- a/installer/roles/kubernetes/templates/deployment.yml.j2
+++ b/installer/roles/kubernetes/templates/deployment.yml.j2
@ -40,6 +40,7 @@ spec:
        service: django
        app: {{ kubernetes_deployment_name }}
    spec:
+      serviceAccountName: awx
      terminationGracePeriodSeconds: 10
 {% if custom_venvs is defined %}
 {% set trusted_hosts = "" %}
@ -127,6 +128,9 @@ spec:
              subPath: SECRET_KEY
              readOnly: true

+            - name: {{ kubernetes_deployment_name }}-redis-socket
+              mountPath: "/var/run/redis"
+
          resources:
            requests:
              memory: "{{ web_mem_request }}Gi"
@ -170,6 +174,9 @@ spec:
              mountPath: "/etc/tower/SECRET_KEY"
              subPath: SECRET_KEY
              readOnly: true
+
+            - name: {{ kubernetes_deployment_name }}-redis-socket
+              mountPath: "/var/run/redis"
          env:
            - name: AWX_SKIP_MIGRATIONS
              value: "1"
@ -197,10 +204,19 @@ spec:
        - name: {{ kubernetes_deployment_name }}-redis
          image: {{ kubernetes_redis_image }}:{{ kubernetes_redis_image_tag }}
          imagePullPolicy: Always
+          args: ["/usr/local/etc/redis/redis.conf"]
          ports:
            - name: redis
              protocol: TCP
              containerPort: 6379
+          volumeMounts:
+            - name: {{ kubernetes_deployment_name }}-redis-config
+              mountPath: "{{ kubernetes_redis_config_mount_path }}"
+              subPath: redis.conf
+              readOnly: true
+
+            - name: {{ kubernetes_deployment_name }}-redis-socket
+              mountPath: "/var/run/redis"
          resources:
            requests:
              memory: "{{ redis_mem_request }}Gi"
@ -273,6 +289,13 @@ spec:
              - key: {{ kubernetes_deployment_name }}_nginx_conf
                path: nginx.conf

+        - name: {{ kubernetes_deployment_name }}-redis-config
+          configMap:
+            name: {{ kubernetes_deployment_name }}-config
+            items:
+              - key: {{ kubernetes_deployment_name }}_redis_conf
+                path: redis.conf
+
        - name: "{{ kubernetes_deployment_name }}-application-credentials"
          secret:
            secretName: "{{ kubernetes_deployment_name }}-secrets"
@ -289,6 +312,9 @@ spec:
              - key: secret_key
                path: SECRET_KEY

+        - name: {{ kubernetes_deployment_name }}-redis-socket
+          emptyDir: {}
+
 ---
 apiVersion: v1
 kind: Service
--- a/installer/roles/local_docker/defaults/main.yml
+++ b/installer/roles/local_docker/defaults/main.yml
@ -2,8 +2,6 @@
 dockerhub_version: "{{ lookup('file', playbook_dir + '/../VERSION') }}"

 redis_image: "redis"
-redis_hostname: "redis"
-redis_port: "6379"

 postgresql_version: "10"
 postgresql_image: "postgres:{{postgresql_version}}"
--- a/installer/roles/local_docker/tasks/compose.yml
+++ b/installer/roles/local_docker/tasks/compose.yml
@ -4,6 +4,12 @@
    path: "{{ docker_compose_dir }}"
    state: directory

+- name: Create Redis socket directory
+  file:
+    path: "{{ docker_compose_dir }}/redis_socket"
+    state: directory
+    mode: 0777
+
 - name: Create Docker Compose Configuration
  template:
    src: "{{ item }}.j2"
@ -14,8 +20,14 @@
    - credentials.py
    - docker-compose.yml
    - nginx.conf
+    - redis.conf
  register: awx_compose_config

+- name: Set redis config to other group readable to satisfy redis-server
+  file:
+    path: "{{ docker_compose_dir }}/redis.conf"
+    mode: 0666
+
 - name: Render SECRET_KEY file
  copy:
    content: "{{ secret_key }}"
--- a/installer/roles/local_docker/templates/credentials.py.j2
+++ b/installer/roles/local_docker/templates/credentials.py.j2
@ -10,18 +10,6 @@ DATABASES = {
    }
 }

-BROKER_URL = 'redis://{}:{}/'.format(
-    "{{ redis_hostname }}",
-    "{{ redis_port }}",)
-
-CHANNEL_LAYERS = {
-    'default': {'BACKEND': 'channels_redis.core.RedisChannelLayer',
-                'CONFIG': {
-                    'hosts': [("{{ redis_hostname }}", {{ redis_port|int }})],
-                    'capacity': 10000,
-                 }}
-}
-
 CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
--- a/installer/roles/local_docker/templates/docker-compose.yml.j2
+++ b/installer/roles/local_docker/templates/docker-compose.yml.j2
@ -24,6 +24,7 @@ services:
      - "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
      - "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
      - "{{ docker_compose_dir }}/nginx.conf:/etc/nginx/nginx.conf:ro"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"
    {% if project_data_dir is defined %}
      - "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
    {% endif %}
@ -76,6 +77,7 @@ services:
      - "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
      - "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
      - "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"
    {% if project_data_dir is defined %}
      - "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
    {% endif %}
@ -119,6 +121,10 @@ services:
      http_proxy: {{ http_proxy | default('') }}
      https_proxy: {{ https_proxy | default('') }}
      no_proxy: {{ no_proxy | default('') }}
+    command: ["/usr/local/etc/redis/redis.conf"]
+    volumes:
+      - "{{ docker_compose_dir }}/redis.conf:/usr/local/etc/redis/redis.conf:ro"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"

  memcached:
    image: "{{ memcached_image }}:{{ memcached_version }}"
--- a/installer/roles/local_docker/templates/environment.sh.j2
+++ b/installer/roles/local_docker/templates/environment.sh.j2
@ -8,7 +8,5 @@ DATABASE_ADMIN_PASSWORD={{ pg_admin_password|quote }}
 {% endif %}
 MEMCACHED_HOST={{ memcached_hostname|default('memcached') }}
 MEMCACHED_PORT={{ memcached_port|default('11211')|quote }}
-REDIS_HOST={{ redis_hostname|quote }}
-REDIS_PORT={{ redis_port|quote }}
 AWX_ADMIN_USER={{ admin_user|quote }}
 AWX_ADMIN_PASSWORD={{ admin_password|quote }}
--- a/installer/roles/local_docker/templates/redis.conf.j2
+++ b/installer/roles/local_docker/templates/redis.conf.j2
@ -0,0 +1,4 @@
+unixsocket /var/run/redis/redis.sock
+unixsocketperm 777
+port 0
+bind 127.0.0.1
--- a/tools/docker-compose-cluster.yml
+++ b/tools/docker-compose-cluster.yml
@ -24,7 +24,6 @@ services:
    #entrypoint: ["bash"]
    environment:
      CURRENT_UID:
-      BROKER_URL: "redis://redis_1:63791"
      SDB_HOST: 0.0.0.0
      SDB_PORT: 5899
      AWX_GROUP_QUEUES: alpha,tower
@ -32,6 +31,7 @@ services:
    working_dir: "/awx_devel"
    volumes:
      - "../:/awx_devel"
+      - "./redis/redis_socket_ha_1:/var/run/redis/"
    ports:
      - "5899-5999:5899-5999"
  awx-2:
@ -44,12 +44,12 @@ services:
    working_dir: "/awx_devel"
    environment:
      CURRENT_UID:
-      BROKER_URL: "redis://redis_2:63792"
      SDB_HOST: 0.0.0.0
      SDB_PORT: 7899
      AWX_GROUP_QUEUES: bravo,tower
    volumes:
      - "../:/awx_devel"
+      - "./redis/redis_socket_ha_2:/var/run/redis/"
    ports:
      - "7899-7999:7899-7999"
  awx-3:
@ -63,39 +63,42 @@ services:
    working_dir: "/awx_devel"
    environment:
      CURRENT_UID:
-      BROKER_URL: "redis://redis_3:63793"
      SDB_HOST: 0.0.0.0
      SDB_PORT: 8899
      AWX_GROUP_QUEUES: charlie,tower
    volumes:
      - "../:/awx_devel"
+      - "./redis/redis_socket_ha_3:/var/run/redis/"
    ports:
      - "8899-8999:8899-8999"
  redis_1:
+    user: ${CURRENT_UID}
    image: redis:latest
-    hostname: redis_1
    container_name: tools_redis_1_1
-    command: "redis-server /usr/local/etc/redis/redis.conf"
+    command: ["/usr/local/etc/redis/redis.conf"]
    volumes:
-      - "./redis/redis_1.conf:/usr/local/etc/redis/redis.conf"
+      - "./redis/redis.conf:/usr/local/etc/redis/redis.conf"
+      - "./redis/redis_socket_ha_1:/var/run/redis/"
    ports:
      - "63791:63791"
  redis_2:
+    user: ${CURRENT_UID}
    image: redis:latest
-    hostname: redis_2
    container_name: tools_redis_2_1
-    command: "redis-server /usr/local/etc/redis/redis.conf"
+    command: ["/usr/local/etc/redis/redis.conf"]
    volumes:
-      - "./redis/redis_2.conf:/usr/local/etc/redis/redis.conf"
+      - "./redis/redis.conf:/usr/local/etc/redis/redis.conf"
+      - "./redis/redis_socket_ha_2:/var/run/redis/"
    ports:
      - "63792:63792"
  redis_3:
+    user: ${CURRENT_UID}
    image: redis:latest
-    hostname: redis_3
    container_name: tools_redis_3_1
-    command: "redis-server /usr/local/etc/redis/redis.conf"
+    command: ["/usr/local/etc/redis/redis.conf"]
    volumes:
-      - "./redis/redis_3.conf:/usr/local/etc/redis/redis.conf"
+      - "./redis/redis.conf:/usr/local/etc/redis/redis.conf"
+      - "./redis/redis_socket_ha_3:/var/run/redis/"
    ports:
      - "63793:63793"
  postgres:
--- a/tools/docker-compose.yml
+++ b/tools/docker-compose.yml
@ -32,6 +32,7 @@ services:
    volumes:
      - "../:/awx_devel"
      - "../awx/projects/:/var/lib/awx/projects/"
+      - "./redis/redis_socket_standalone:/var/run/redis/"
    privileged: true
  # A useful container that simply passes through log messages to the console
  # helpful for testing awx/tower logging
@ -58,4 +59,8 @@ services:
    container_name: tools_redis_1
    ports:
      - "6379:6379"
-
+    user: ${CURRENT_UID}
+    volumes:
+      - "./redis/redis.conf:/usr/local/etc/redis/redis.conf"
+      - "./redis/redis_socket_standalone:/var/run/redis/"
+    command: ["/usr/local/etc/redis/redis.conf"]
--- a/tools/docker-compose/bootstrap_development.sh
+++ b/tools/docker-compose/bootstrap_development.sh
@ -4,6 +4,7 @@ set +x
 # Wait for the databases to come up
 ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=postgres port=5432" all
 ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=memcached port=11211" all
+ansible -i "127.0.0.1," -c local -v -m wait_for -a "path=/var/run/redis/redis.sock" all

 # In case AWX in the container wants to connect to itself, use "docker exec" to attach to the container otherwise
 # TODO: FIX
--- a/tools/redis/redis.conf
+++ b/tools/redis/redis.conf
@ -0,0 +1,10 @@
+unixsocket /var/run/redis/redis.sock
+unixsocketperm 770
+port 0
+# Do not actually listen to any tcp port
+# but include the bind directive because without it redis will
+# listen on the public interface. Port 0 causes it to NOT listen on
+# the public interface. Adding the below line is an extra precaution.
+# If a developer comes by later and wants to listen on a tcp port and changes
+# the above port, it will ONLY listen on the local interface.
+bind 127.0.0.1
--- a/tools/redis/redis_1.conf
+++ b/tools/redis/redis_1.conf
@ -1,4 +0,0 @@
-protected-mode no
-port 63791
-dir .
-logfile "/tmp/redis.log"
--- a/tools/redis/redis_2.conf
+++ b/tools/redis/redis_2.conf
@ -1,4 +0,0 @@
-protected-mode no
-port 63792
-dir .
-logfile "/tmp/redis.log"
--- a/tools/redis/redis_3.conf
+++ b/tools/redis/redis_3.conf
@ -1,4 +0,0 @@
-protected-mode no
-port 63793
-dir .
-logfile "/tmp/redis.log"
--- a/tools/redis/redis_socket_ha_1/.dir_placeholder
+++ b/tools/redis/redis_socket_ha_1/.dir_placeholder
@ -0,0 +1 @@
+This dir must pre-exist and be owned by the user you are launching awx dev env as. If the dir does not exist before launching the awx dev environment then docker will create the dir and it will be owned by root. Since we start our awx dev environment with user: ${CURRENT_UID} the redis container will be unable to create a socket file in a directory owned by root.
--- a/tools/redis/redis_socket_ha_2/.dir_placeholder
+++ b/tools/redis/redis_socket_ha_2/.dir_placeholder
@ -0,0 +1 @@
+This dir must pre-exist and be owned by the user you are launching awx dev env as. If the dir does not exist before launching the awx dev environment then docker will create the dir and it will be owned by root. Since we start our awx dev environment with user: ${CURRENT_UID} the redis container will be unable to create a socket file in a directory owned by root.
--- a/tools/redis/redis_socket_ha_3/.dir_placeholder
+++ b/tools/redis/redis_socket_ha_3/.dir_placeholder
@ -0,0 +1 @@
+This dir must pre-exist and be owned by the user you are launching awx dev env as. If the dir does not exist before launching the awx dev environment then docker will create the dir and it will be owned by root. Since we start our awx dev environment with user: ${CURRENT_UID} the redis container will be unable to create a socket file in a directory owned by root.
--- a/tools/redis/redis_socket_standalone/.dir_placeholder
+++ b/tools/redis/redis_socket_standalone/.dir_placeholder
@ -0,0 +1 @@
+This dir must pre-exist and be owned by the user you are launching awx dev env as. If the dir does not exist before launching the awx dev environment then docker will create the dir and it will be owned by root. Since we start our awx dev environment with user: ${CURRENT_UID} the redis container will be unable to create a socket file in a directory owned by root.
				`@ -0,0 +1 @@`
				`This dir must pre-exist and be owned by the user you are launching awx dev env as. If the dir does not exist before launching the awx dev environment then docker will create the dir and it will be owned by root. Since we start our awx dev environment with user: ${CURRENT_UID} the redis container will be unable to create a socket file in a directory owned by root.`