This playbook installs Redis using distro-aware package handling and applies a minimal service baseline.
- name: Install Redis
hosts: redis
become: true
vars:
# Redis version variables
redis_version: "8.6" # Specify version if installing from custom repo
app_packages_debian:
- redis-server
app_packages_redhat:
- redis
tasks:
- name: Install packages on Debian family
apt:
name: "{{ app_packages_debian }}"
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install packages on RedHat family
dnf:
name: "{{ app_packages_redhat }}"
state: present
when: ansible_os_family == "RedHat"
# Optional: Install from Docker if preferred
- name: Ensure Docker is installed (if using containerized Redis)
package:
name: docker
state: present
when: use_docker_redis | default(false)
- name: Create Redis config directory
file:
path: /etc/redis
state: directory
owner: root
group: root
mode: '0755'
when: not use_docker_redis | default(true)
- name: Copy Redis configuration
template:
src: redis.conf.j2
dest: /etc/redis/redis.conf
owner: redis
group: redis
mode: '0640'
notify: restart redis
when: not use_docker_redis | default(true)
- name: Copy ACL configuration
template:
src: users.acl.j2
dest: /etc/redis/users.acl
owner: redis
group: redis
mode: '0640'
notify: restart redis
when: not use_docker_redis | default(true)
- name: Enable and start service
service:
name: "{{ 'redis-server' if ansible_os_family == 'Debian' else 'redis' }}"
state: started
enabled: true
# Firewall configuration (optional)
- name: Allow Redis traffic on private interface
ufw:
rule: allow
port: "{{ redis_port | default('6379') }}"
proto: tcp
src: "{{ private_network_cidr | default('10.0.0.0/8') }}"
when: ansible_pkg_mgr == "apt"
- name: Validate binary availability
command: redis-cli ping
register: app_version
changed_when: false
failed_when: false
- name: Show version/check output
debug:
var: app_version.stdout
- name: Check Redis version
command: redis-cli --version
register: redis_version_output
changed_when: false
failed_when: false
- name: Display Redis version
debug:
msg: "Installed Redis version: {{ redis_version_output.stdout }}"
Create a vars/main.yml file for your Redis role:
# Redis configuration variables
redis_bind_addresses:
- 127.0.0.1
- "{{ private_ip_address | default(ansible_default_ipv4.address) }}"
redis_port: 6379
redis_maxmemory: "1gb"
redis_maxmemory_policy: "allkeys-lru"
redis_requirepass: !vault |
$ANSIBLE_VAULT;1.1;AES256
[encrypted password - use ansible-vault to encrypt]
# ACL users configuration
redis_acl_users:
- name: default
enabled: false
nopass: true
hashed_passwords: []
commands: []
keys: []
- name: appuser
enabled: true
passwords: ["{{ redis_app_password }}"]
commands: ["+@read", "+@write", "-@admin"]
keys: ["~app:*"]
Create a handlers/main.yml file:
- name: restart redis
service:
name: "{{ 'redis-server' if ansible_os_family == 'Debian' else 'redis' }}"
state: restarted