Skip to content

Commit

Permalink
Prefer the Redis unix socket if available
Browse files Browse the repository at this point in the history
Unix sockets typically have lower overhead and also allows setting
stricter permissions. While iptables can be used to limit access using
users, file permissions are much easier to manage.
  • Loading branch information
ekohl committed Feb 28, 2024
1 parent 9534286 commit 73d945f
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
9 changes: 8 additions & 1 deletion manifests/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,14 @@
$redis_url = $pulpcore::redis_url
} else {
contain redis
$redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}"
if $redis::unixsocket != '' {
$redis_url = "redis+unix://${redis::unixsocket}?db=${pulpcore::redis_db}"
} elsif $redis::port != 0 {
# TODO: this assumes $redis::bind at least has localhost in it
$redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}"
} else {
fail('Unable to determine Redis URL')
}
}

file { [$pulpcore::config_dir, $pulpcore::certs_dir]:
Expand Down
2 changes: 1 addition & 1 deletion spec/classes/pulpcore_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
.with_content(%r{ALLOWED_EXPORT_PATHS = \[\]})
.with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]})
.with_content(%r{ALLOWED_CONTENT_CHECKSUMS = \["sha224", "sha256", "sha384", "sha512"\]})
.with_content(%r{REDIS_URL = "redis://localhost:6379/8"})
.with_content(%r{REDIS_URL = "redis\+unix:///var/run/redis/redis\.sock\?db=8"})
.with_content(%r{CACHE_ENABLED = False})
.with_content(%r{# ANALYTICS = False})
.without_content(%r{sslmode})
Expand Down

0 comments on commit 73d945f

Please sign in to comment.