From d7dfdb734167f3ed615de72fd5c0e53d1fc952b0 Mon Sep 17 00:00:00 2001
From: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
Date: Tue, 13 Jul 2021 14:26:55 +0200
Subject: [PATCH] Prefer the Redis unix socket if available

Unix sockets typically have lower overhead and also allows setting
stricter permissions. While iptables can be used to limit access using
users, file permissions are much easier to manage.
---
 manifests/config.pp           | 9 +++++++++
 spec/classes/pulpcore_spec.rb | 2 +-
 templates/settings.py.erb     | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/manifests/config.pp b/manifests/config.pp
index 8cdaba84..e59aae56 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -17,6 +17,15 @@
     ensure_newline => true,
   }
 
+  if $redis::unixsocket != '' {
+    $redis_url = "redis+unix://${redis::unixsocket}?db=${pulpcore::redis_db}"
+  } elsif $redis::port != 0 {
+    # TODO: this assumes $redis::bind at least has localhost in it
+    $redis_url = "redis://localhost:${redis::port}/${pulpcore::redis_db}"
+  } else {
+    fail('Unable to determine Redis URL')
+  }
+
   concat::fragment { 'base':
     target  => 'pulpcore settings',
     content => template('pulpcore/settings.py.erb'),
diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb
index 8c8c1355..93ba74f2 100644
--- a/spec/classes/pulpcore_spec.rb
+++ b/spec/classes/pulpcore_spec.rb
@@ -24,7 +24,7 @@
             .with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]})
             .with_content(%r{ALLOWED_CONTENT_CHECKSUMS = \["sha224", "sha256", "sha384", "sha512"\]})
             .with_content(%r{\s'level': 'INFO',})
-            .with_content(%r{REDIS_URL = "redis://localhost:6379/8"})
+            .with_content(%r{REDIS_URL = "redis\+unix:///var/run/redis/redis\.sock\?db=8"})
             .with_content(%r{CACHE_ENABLED = False})
             .without_content(%r{sslmode})
           is_expected.to contain_file('/etc/pulp')
diff --git a/templates/settings.py.erb b/templates/settings.py.erb
index db79d87e..0fc25eab 100644
--- a/templates/settings.py.erb
+++ b/templates/settings.py.erb
@@ -19,7 +19,7 @@ DATABASES = {
 <% end -%>
     },
 }
-REDIS_URL = "redis://localhost:<%= scope['redis::port'] %>/<%= scope['pulpcore::redis_db'] %>"
+REDIS_URL = "<%= @redis_url %>"
 
 USE_NEW_WORKER_TYPE = <%= scope['pulpcore::use_rq_tasking_system'] ? "False" : "True" %>