diff --git a/pillar/cove.sls b/pillar/cove.sls index c0036079..101ef489 100644 --- a/pillar/cove.sls +++ b/pillar/cove.sls @@ -2,7 +2,6 @@ x-volumes: &volumes - db - media - redis/data - - redis/tmp x-env: &env DJANGO_PROXY: True diff --git a/pillar/digitalbuying.sls b/pillar/digitalbuying.sls index 3b91437d..2812ee6e 100644 --- a/pillar/digitalbuying.sls +++ b/pillar/digitalbuying.sls @@ -21,7 +21,6 @@ docker_apps: volumes: - media - redis/data - - redis/tmp env: DJANGO_PROXY: True ALLOWED_HOSTS: digitalbuying.open-contracting.org diff --git a/pillar/dreambi.sls b/pillar/dreambi.sls index aff827f2..baff0995 100644 --- a/pillar/dreambi.sls +++ b/pillar/dreambi.sls @@ -47,7 +47,6 @@ docker_apps: site: bi.dream.gov.ua volumes: - redis/data - - redis/tmp env: # Must end with a "/". QLIK_PROXY_SERVICE: https://ocp15.open-contracting.org:4243/qps/prod/ diff --git a/pillar/registry.sls b/pillar/registry.sls index 5d5684df..7a04de25 100644 --- a/pillar/registry.sls +++ b/pillar/registry.sls @@ -181,7 +181,6 @@ docker_apps: - media - tmp - redis/data - - redis/tmp env: DJANGO_PROXY: True ALLOWED_HOSTS: flatten.open-contracting.org diff --git a/salt/docker_apps/files/conf/redis.conf b/salt/docker_apps/files/conf/redis.conf new file mode 100644 index 00000000..7fe2d1e8 --- /dev/null +++ b/salt/docker_apps/files/conf/redis.conf @@ -0,0 +1,6 @@ +bind 0.0.0.0 :: +dir /data +# https://redis.io/docs/latest/operate/oss_and_stack/management/persistence/#append-only-file +appendonly yes +# https://redis.io/docs/latest/operate/oss_and_stack/management/persistence/#how-i-can-switch-to-aof-if-im-currently-using-dumprdb-snapshots +save "" diff --git a/salt/docker_apps/files/cove.yaml b/salt/docker_apps/files/cove.yaml index cdb747ef..76c402aa 100644 --- a/salt/docker_apps/files/cove.yaml +++ b/salt/docker_apps/files/cove.yaml @@ -21,18 +21,18 @@ x-django: &django services: {%- if 'REDIS_URL' in entry.env %} redis: - image: bitnamilegacy/redis:6.2 + image: redis:8.4 + command: ["redis-server", "/redis.conf"] + user: "{{ pillar.docker.uid }}:{{ pillar.docker.uid }}" restart: always - environment: - ALLOW_EMPTY_PASSWORD: "yes" healthcheck: test: redis-cli -h 127.0.0.1 ping | grep -q PONG interval: 10s timeout: 5s retries: 5 volumes: - - {{ directory }}/redis/data:/bitnami/redis/data - - {{ directory }}/redis/tmp:/opt/bitnami/redis/tmp + - {{ directory }}/redis/data:/data + - {{ directory }}/redis/redis.conf:/redis.conf {%- endif %} web: <<: *django diff --git a/salt/docker_apps/files/digitalbuying.yaml b/salt/docker_apps/files/digitalbuying.yaml index 2fd48b2a..a3d80794 100644 --- a/salt/docker_apps/files/digitalbuying.yaml +++ b/salt/docker_apps/files/digitalbuying.yaml @@ -16,18 +16,18 @@ x-django: &django services: redis: - image: bitnamilegacy/redis:6.2 + image: redis:8.4 + command: ["redis-server", "/redis.conf"] + user: "{{ pillar.docker.uid }}:{{ pillar.docker.uid }}" restart: always - environment: - ALLOW_EMPTY_PASSWORD: "yes" healthcheck: test: redis-cli -h 127.0.0.1 ping | grep -q PONG interval: 10s timeout: 5s retries: 5 volumes: - - {{ directory }}/redis/data:/bitnami/redis/data - - {{ directory }}/redis/tmp:/opt/bitnami/redis/tmp + - {{ directory }}/redis/data:/data + - {{ directory }}/redis/redis.conf:/redis.conf web: <<: *django ports: diff --git a/salt/docker_apps/files/qlikauth.yaml b/salt/docker_apps/files/qlikauth.yaml index e6be95f4..2e1dc8df 100644 --- a/salt/docker_apps/files/qlikauth.yaml +++ b/salt/docker_apps/files/qlikauth.yaml @@ -5,18 +5,18 @@ x-shared: &shared services: redis: - image: bitnamilegacy/redis:6.2 + image: redis:8.4 + command: ["redis-server", "/redis.conf"] + user: "{{ pillar.docker.uid }}:{{ pillar.docker.uid }}" restart: always - environment: - ALLOW_EMPTY_PASSWORD: "yes" healthcheck: test: redis-cli -h 127.0.0.1 ping | grep -q PONG interval: 10s timeout: 5s retries: 5 volumes: - - {{ directory }}/redis/data:/bitnami/redis/data - - {{ directory }}/redis/tmp:/opt/bitnami/redis/tmp + - {{ directory }}/redis/data:/data + - {{ directory }}/redis/redis.conf:/redis.conf web: <<: *shared image: "ghcr.io/open-contracting/bi.dream.gov.ua-qlikauth:latest" diff --git a/salt/docker_apps/files/spoonbill.yaml b/salt/docker_apps/files/spoonbill.yaml index 12e8a3f6..764504d6 100644 --- a/salt/docker_apps/files/spoonbill.yaml +++ b/salt/docker_apps/files/spoonbill.yaml @@ -20,18 +20,18 @@ x-django: &django services: redis: - image: bitnamilegacy/redis:6.2 + image: redis:8.4 + command: ["redis-server", "/redis.conf"] + user: "{{ pillar.docker.uid }}:{{ pillar.docker.uid }}" restart: always - environment: - ALLOW_EMPTY_PASSWORD: "yes" healthcheck: test: redis-cli -h 127.0.0.1 ping | grep -q PONG interval: 10s timeout: 5s retries: 5 volumes: - - {{ entry.host_dir }}/redis/data:/bitnami/redis/data - - {{ entry.host_dir }}/redis/tmp:/opt/bitnami/redis/tmp + - {{ entry.host_dir }}/redis/data:/data + - {{ directory }}/redis/redis.conf:/redis.conf web: <<: *django ports: diff --git a/salt/docker_apps/init.sls b/salt/docker_apps/init.sls index ff066fe8..dfbb2cfd 100644 --- a/salt/docker_apps/init.sls +++ b/salt/docker_apps/init.sls @@ -41,16 +41,23 @@ include: - user: {{ pillar.docker.user }}_user_exists {% for volume in entry.volumes|default([]) %} -# "NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID 1001." -# https://github.com/bitnami/containers/blob/main/bitnami/redis/README.md#persisting-your-database -{% set volume_user_group = 1001 if volume.startswith('redis/') else pillar.docker.user %} - {{ entry.host_dir|default(directory) }}/{{ volume }}: file.directory: - - user: {{ volume_user_group }} - - group: {{ volume_user_group }} + - user: {{ pillar.docker.user }} + - group: {{ pillar.docker.user }} - makedirs: True - require: - user: {{ pillar.docker.user }}_user_exists {% endfor %} + +{% if 'redis' in entry.volumes|join(' ') %} +{{ directory }}/redis/redis.conf: + file.managed: + - source: salt://docker_apps/files/conf/redis.conf + - user: {{ pillar.docker.user }} + - group: {{ pillar.docker.user }} + - makedirs: True + - require: + - user: {{ pillar.docker.user }}_user_exists +{% endif %} {% endfor %}