Add support for KeyDB and do not recommend Redis anymore
Fixes https://github.com/mother-of-all-self-hosting/mash-playbook/issues/175
This commit is contained in:
parent
0cc9223391
commit
9109b0badc
14 changed files with 310 additions and 232 deletions
|
@ -4,11 +4,11 @@ The way this playbook is structured, each Ansible role can only be invoked once
|
|||
|
||||
If you need multiple instances (of whichever service), you'll need some workarounds as described below.
|
||||
|
||||
The example below focuses on hosting multiple [Redis](services/redis.md) instances, but you can apply it to hosting multiple instances or whole stacks of any kind.
|
||||
The example below focuses on hosting multiple [KeyDB](services/keydb.md) instances, but you can apply it to hosting multiple instances or whole stacks of any kind.
|
||||
|
||||
Let's say you're managing a host called `mash.example.com` which installs both [PeerTube](services/peertube.md) and [NetBox](services/netbox.md). Both of these services require a [Redis](services/redis.md) instance. If you simply add `redis_enabled: true` to your `mash.example.com` host's `vars.yml` file, you'd get a Redis instance (`mash-redis`), but it's just one instance. As described in our [Redis](services/redis.md) documentation, this is a security problem and potentially fragile as both services may try to read/write the same data and get in conflict with one another.
|
||||
Let's say you're managing a host called `mash.example.com` which installs both [PeerTube](services/peertube.md) and [NetBox](services/netbox.md). Both of these services require a [KeyDB](services/keydb.md) instance. If you simply add `keydb_enabled: true` to your `mash.example.com` host's `vars.yml` file, you'd get a KeyDB instance (`mash-keydb`), but it's just one instance. As described in our [KeyDB](services/keydb.md) documentation, this is a security problem and potentially fragile as both services may try to read/write the same data and get in conflict with one another.
|
||||
|
||||
We propose that you **don't** add `redis_enabled: true` to your main `mash.example.com` file, but do the following:
|
||||
We propose that you **don't** add `keydb_enabled: true` to your main `mash.example.com` file, but do the following:
|
||||
|
||||
## Re-do your inventory to add supplementary hosts
|
||||
|
||||
|
@ -40,7 +40,7 @@ When running Ansible commands later on, you can use the `-l` flag to limit which
|
|||
|
||||
## Adjust the configuration of the supplementary hosts to use a new "namespace"
|
||||
|
||||
Multiple hosts targetting the same server as described above still causes conflicts, because services will use the same paths (e.g. `/mash/redis`) and service/container names (`mash-redis`) everywhere.
|
||||
Multiple hosts targetting the same server as described above still causes conflicts, because services will use the same paths (e.g. `/mash/keydb`) and service/container names (`mash-keydb`) everywhere.
|
||||
|
||||
To avoid conflicts, adjust the `vars.yml` file for the new hosts (`mash.example.com-netbox-deps` and `mash.example.com-peertube-deps`)
|
||||
and set non-default and unique values in the `mash_playbook_service_identifier_prefix` and `mash_playbook_service_base_directory_name_prefix` variables. Examples below:
|
||||
|
@ -73,15 +73,15 @@ mash_playbook_service_base_directory_name_prefix: 'netbox-'
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
@ -114,30 +114,30 @@ mash_playbook_service_base_directory_name_prefix: 'peertube-'
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
The above configuration will create **2** Redis instances:
|
||||
The above configuration will create **2** KeyDB instances:
|
||||
|
||||
- `mash-netbox-redis` with its base data path in `/mash/netbox-redis`
|
||||
- `mash-peertube-redis` with its base data path in `/mash/peertube-redis`
|
||||
- `mash-netbox-keydb` with its base data path in `/mash/netbox-keydb`
|
||||
- `mash-peertube-keydb` with its base data path in `/mash/peertube-keydb`
|
||||
|
||||
These instances reuse the `mash` user and group and the `/mash` data path, but are not in conflict with each other.
|
||||
|
||||
|
||||
## Adjust the configuration of the base host
|
||||
|
||||
Now that we've created separate Redis instances for both PeerTube and NetBox, we need to put them to use by editing the `vars.yml` file of the main host (the one that installs PeerTbue and NetBox) to wire them to their Redis instances.
|
||||
Now that we've created separate KeyDB instances for both PeerTube and NetBox, we need to put them to use by editing the `vars.yml` file of the main host (the one that installs PeerTbue and NetBox) to wire them to their KeyDB instances.
|
||||
|
||||
You'll need configuration (`inventory/host_vars/mash.example.com/vars.yml`) like this:
|
||||
|
||||
|
@ -152,17 +152,17 @@ netbox_enabled: true
|
|||
|
||||
# Other NetBox configuration here
|
||||
|
||||
# Point NetBox to its dedicated Redis instance
|
||||
netbox_environment_variable_redis_host: mash-netbox-redis
|
||||
netbox_environment_variable_redis_cache_host: mash-netbox-redis
|
||||
# Point NetBox to its dedicated KeyDB instance
|
||||
netbox_environment_variable_redis_host: mash-netbox-keydb
|
||||
netbox_environment_variable_redis_cache_host: mash-netbox-keydb
|
||||
|
||||
# Make sure the NetBox service (mash-netbox.service) starts after its dedicated Redis service (mash-netbox-redis.service)
|
||||
# Make sure the NetBox service (mash-netbox.service) starts after its dedicated KeyDB service (mash-netbox-keydb.service)
|
||||
netbox_systemd_required_services_list_custom:
|
||||
- mash-netbox-redis.service
|
||||
- mash-netbox-keydb.service
|
||||
|
||||
# Make sure the NetBox container is connected to the container network of its dedicated Redis service (mash-netbox-redis)
|
||||
# Make sure the NetBox container is connected to the container network of its dedicated KeyDB service (mash-netbox-keydb)
|
||||
netbox_container_additional_networks_custom:
|
||||
- mash-netbox-redis
|
||||
- mash-netbox-keydb
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -180,16 +180,16 @@ netbox_container_additional_networks_custom:
|
|||
|
||||
# Other PeerTube configuration here
|
||||
|
||||
# Point PeerTube to its dedicated Redis instance
|
||||
peertube_config_redis_hostname: mash-peertube-redis
|
||||
# Point PeerTube to its dedicated KeyDB instance
|
||||
peertube_config_redis_hostname: mash-peertube-keydb
|
||||
|
||||
# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated Redis service (mash-peertube-redis.service)
|
||||
# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated KeyDB service (mash-peertube-keydb.service)
|
||||
peertube_systemd_required_services_list_custom:
|
||||
- "mash-peertube-redis.service"
|
||||
- "mash-peertube-keydb.service"
|
||||
|
||||
# Make sure the PeerTube container is connected to the container network of its dedicated Redis service (mash-peertube-redis)
|
||||
# Make sure the PeerTube container is connected to the container network of its dedicated KeyDB service (mash-peertube-keydb)
|
||||
peertube_container_additional_networks_custom:
|
||||
- "mash-peertube-redis"
|
||||
- "mash-peertube-keydb"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -201,9 +201,9 @@ peertube_container_additional_networks_custom:
|
|||
|
||||
## Questions & Answers
|
||||
|
||||
**Can't I just use the same Redis instance for multiple services?**
|
||||
**Can't I just use the same KeyDB instance for multiple services?**
|
||||
|
||||
> You may or you may not. See the [Redis](services/redis.md) documentation for why you shouldn't do this.
|
||||
> You may or you may not. See the [KeyDB](services/keydb.md) documentation for why you shouldn't do this.
|
||||
|
||||
**Can't I just create one host and a separate stack for each service** (e.g. Nextcloud + all dependencies on one inventory host; PeerTube + all dependencies on another inventory host; with both inventory hosts targetting the same server)?
|
||||
|
||||
|
|
|
@ -16,9 +16,9 @@ This service requires the following other services:
|
|||
- (optional) a MySQL / [MariaDB](mariadb.md) database - if enabled for your Ansible inventory host (and you don't also enable Postgres), Authelia will be connected to the MariaDB server automatically
|
||||
- or SQLite, used by default when none of the above database choices is enabled for your Ansible inventory host
|
||||
|
||||
- (optional, but recommended) [Redis](redis.md)
|
||||
- (optional, but recommended) [KeyDB](keydb.md)
|
||||
- for storing session information in a persistent manner
|
||||
- if Redis is not enabled, session information is stored in-memory and restarting Authelia destroys user sessions
|
||||
- if KeyDB is not enabled, session information is stored in-memory and restarting Authelia destroys user sessions
|
||||
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
- for serving the Authelia portal website
|
||||
|
@ -87,11 +87,11 @@ authelia_config_access_control_rules:
|
|||
- domain: 'service1.example.com'
|
||||
policy: one_factor
|
||||
|
||||
# The configuration below connects Authelia to the Redis instance, for session storage purposes.
|
||||
# You may wish to run a separate Redis instance for Authelia, because Redis is not multi-tenant.
|
||||
# The configuration below connects Authelia to the KeyDB instance, for session storage purposes.
|
||||
# You may wish to run a separate KeyDB instance for Authelia, because KeyDB is not multi-tenant.
|
||||
# Read more in docs/services/redis.md.
|
||||
# If Redis is not available, session data will be stored in memory and will be lost on container restart.
|
||||
authelia_config_session_redis_host: "{{ redis_identifier if redis_enabled else '' }}"
|
||||
# If KeyDB is not available, session data will be stored in memory and will be lost on container restart.
|
||||
authelia_config_session_redis_host: "{{ keydb_identifier if keydb_enabled else '' }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -111,9 +111,9 @@ On the Authelia base URL, there's a portal website where you can log in and mana
|
|||
|
||||
### Session storage
|
||||
|
||||
As mentioned in the default configuration above (see `authelia_config_session_redis_host`), you may wish to run [Redis](redis.md) for storing session data.
|
||||
As mentioned in the default configuration above (see `authelia_config_session_redis_host`), you may wish to run [KeyDB](keydb.md) for storing session data.
|
||||
|
||||
You may wish to run a separate Redis instance for Authelia, because Redis is not multi-tenant. See [our Redis documentation page](redis.md) for additional details. When running a separate instance of Redis, you may need to connect Authelia to the Redis instance's container network via the `authelia_container_additional_networks_custom` variable.
|
||||
You may wish to run a separate KeyDB instance for Authelia, because KeyDB is not multi-tenant. See [our KeyDB documentation page](keydb.md) for additional details. When running a separate instance of KeyDB, you may need to connect Authelia to the KeyDB instance's container network via the `authelia_container_additional_networks_custom` variable.
|
||||
|
||||
|
||||
### Authentication storage providers
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
This service requires the following other services:
|
||||
|
||||
- a [Postgres](postgres.md) database
|
||||
- a [Redis](redis.md) data-store, installation details [below](#redis)
|
||||
- a [KeyDB](keydb.md) data-store, installation details [below](#keydb)
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
|
||||
|
||||
|
@ -32,7 +32,7 @@ authentik_hostname: authentik.example.com
|
|||
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
|
||||
authentik_secret_key: ''
|
||||
|
||||
# Redis configuration, as described below
|
||||
# KeyDB configuration, as described below
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -41,28 +41,28 @@ authentik_secret_key: ''
|
|||
########################################################################
|
||||
```
|
||||
|
||||
### Redis
|
||||
### KeyDB
|
||||
|
||||
As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to authentik](#creating-a-redis-instance-dedicated-to-authentik).
|
||||
As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to authentik](#creating-a-keydb-instance-dedicated-to-authentik).
|
||||
|
||||
If you're only running authentik on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-authentik).
|
||||
If you're only running authentik on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-authentik).
|
||||
|
||||
#### Using the shared Redis instance for authentik
|
||||
#### Using the shared KeyDB instance for authentik
|
||||
|
||||
To install a single (non-dedicated) Redis instance (`mash-redis`) and hook authentik to it, add the following **additional** configuration:
|
||||
To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook authentik to it, add the following **additional** configuration:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
@ -75,16 +75,16 @@ redis_enabled: true
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point authentik to the shared Redis instance
|
||||
authentik_config_redis_hostname: "{{ redis_identifier }}"
|
||||
# Point authentik to the shared KeyDB instance
|
||||
authentik_config_redis_hostname: "{{ keydb_identifier }}"
|
||||
|
||||
# Make sure the authentik service (mash-authentik.service) starts after the shared Redis service (mash-redis.service)
|
||||
# Make sure the authentik service (mash-authentik.service) starts after the shared KeyDB service (mash-keydb.service)
|
||||
authentik_systemd_required_services_list_custom:
|
||||
- "{{ redis_identifier }}.service"
|
||||
- "{{ keydb_identifier }}.service"
|
||||
|
||||
# Make sure the authentik container is connected to the container network of the shared Redis service (mash-redis)
|
||||
# Make sure the authentik container is connected to the container network of the shared KeyDB service (mash-keydb)
|
||||
authentik_container_additional_networks_custom:
|
||||
- "{{ redis_identifier }}"
|
||||
- "{{ keydb_identifier }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -93,12 +93,12 @@ authentik_container_additional_networks_custom:
|
|||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-redis` Redis instance on this host.
|
||||
This will create a `mash-keydb` KeyDB instance on this host.
|
||||
|
||||
This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to authentik](#creating-a-redis-instance-dedicated-to-authentik).
|
||||
This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to authentik](#creating-a-keydb-instance-dedicated-to-authentik).
|
||||
|
||||
|
||||
#### Creating a Redis instance dedicated to authentik
|
||||
#### Creating a KeyDB instance dedicated to authentik
|
||||
|
||||
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
||||
|
||||
|
@ -134,20 +134,20 @@ mash_playbook_service_base_directory_name_prefix: 'authentik-'
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-authentik-redis` instance on this host with its data in `/mash/authentik-redis`.
|
||||
This will create a `mash-authentik-keydb` instance on this host with its data in `/mash/authentik-keydb`.
|
||||
|
||||
Then, adjust your main inventory host's variables file (`inventory/host_vars/authentik.example.com/vars.yml`) like this:
|
||||
|
||||
|
@ -160,16 +160,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/aut
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point authentik to its dedicated Redis instance
|
||||
authentik_config_redis_hostname: mash-authentik-redis
|
||||
# Point authentik to its dedicated KeyDB instance
|
||||
authentik_config_redis_hostname: mash-authentik-keydb
|
||||
|
||||
# Make sure the authentik service (mash-authentik.service) starts after its dedicated Redis service (mash-authentik-redis.service)
|
||||
# Make sure the authentik service (mash-authentik.service) starts after its dedicated KeyDB service (mash-authentik-keydb.service)
|
||||
authentik_systemd_required_services_list_custom:
|
||||
- "mash-authentik-redis.service"
|
||||
- "mash-authentik-keydb.service"
|
||||
|
||||
# Make sure the authentik container is connected to the container network of its dedicated Redis service (mash-authentik-redis)
|
||||
# Make sure the authentik container is connected to the container network of its dedicated KeyDB service (mash-authentik-keydb)
|
||||
authentik_container_additional_networks_custom:
|
||||
- "mash-authentik-redis"
|
||||
- "mash-authentik-keydb"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -181,7 +181,7 @@ authentik_container_additional_networks_custom:
|
|||
|
||||
## Installation
|
||||
|
||||
If you've decided to install a dedicated Redis instance for authentik, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `authentik.example.com-deps`), before running installation for the main one (e.g. `authentik.example.com`).
|
||||
If you've decided to install a dedicated KeyDB instance for authentik, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `authentik.example.com-deps`), before running installation for the main one (e.g. `authentik.example.com`).
|
||||
|
||||
|
||||
## Usage
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
This service requires the following other services:
|
||||
|
||||
- a [Postgres](postgres.md) database
|
||||
- a [Redis](redis.md) data-store, installation details [below](#redis)
|
||||
- a [KeyDB](keydb.md) data-store, installation details [below](#keydb)
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
|
||||
|
||||
|
@ -30,7 +30,7 @@ funkwhale_hostname: mash.example.com
|
|||
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
|
||||
funkwhale_django_secret_key: ''
|
||||
|
||||
# Redis configuration, as described below
|
||||
# KeyDB configuration, as described below
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -39,28 +39,28 @@ funkwhale_django_secret_key: ''
|
|||
########################################################################
|
||||
```
|
||||
|
||||
### Redis
|
||||
### KeyDB
|
||||
|
||||
As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to funkwhale](#creating-a-redis-instance-dedicated-to-funkwhale).
|
||||
As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to funkwhale](#creating-a-keydb-instance-dedicated-to-funkwhale).
|
||||
|
||||
If you're only running funkwhale on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-funkwhale).
|
||||
If you're only running funkwhale on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-funkwhale).
|
||||
|
||||
#### Using the shared Redis instance for funkwhale
|
||||
#### Using the shared KeyDB instance for funkwhale
|
||||
|
||||
To install a single (non-dedicated) Redis instance (`mash-redis`) and hook funkwhale to it, add the following **additional** configuration:
|
||||
To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook funkwhale to it, add the following **additional** configuration:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
@ -73,16 +73,16 @@ redis_enabled: true
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point funkwhale to the shared Redis instance
|
||||
funkwhale_config_redis_hostname: "{{ redis_identifier }}"
|
||||
# Point funkwhale to the shared KeyDB instance
|
||||
funkwhale_config_redis_hostname: "{{ keydb_identifier }}"
|
||||
|
||||
# Make sure the funkwhale API service (mash-funkwhale-api.service) starts after the shared Redis service
|
||||
# Make sure the funkwhale API service (mash-funkwhale-api.service) starts after the shared KeyDB service
|
||||
funkwhale_api_systemd_required_services_list_custom:
|
||||
- "{{ redis_identifier }}.service"
|
||||
- "{{ keydb_identifier }}.service"
|
||||
|
||||
# Make sure the funkwhale API service (mash-funkwhale-api.service) is connected to the container network of the shared Redis service
|
||||
# Make sure the funkwhale API service (mash-funkwhale-api.service) is connected to the container network of the shared KeyDB service
|
||||
funkwhale_api_container_additional_networks_custom:
|
||||
- "{{ redis_container_network }}"
|
||||
- "{{ keydb_container_network }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -91,12 +91,12 @@ funkwhale_api_container_additional_networks_custom:
|
|||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-redis` Redis instance on this host.
|
||||
This will create a `mash-keydb` KeyDB instance on this host.
|
||||
|
||||
This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to funkwhale](#creating-a-redis-instance-dedicated-to-funkwhale).
|
||||
This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to funkwhale](#creating-a-keydb-instance-dedicated-to-funkwhale).
|
||||
|
||||
|
||||
#### Creating a Redis instance dedicated to funkwhale
|
||||
#### Creating a KeyDB instance dedicated to funkwhale
|
||||
|
||||
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
||||
|
||||
|
@ -132,20 +132,20 @@ mash_playbook_service_base_directory_name_prefix: 'funkwhale-'
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-funkwhale-redis` instance on this host with its data in `/mash/funkwhale-redis`.
|
||||
This will create a `mash-funkwhale-keydb` instance on this host with its data in `/mash/funkwhale-keydb`.
|
||||
|
||||
Then, adjust your main inventory host's variables file (`inventory/host_vars/funkwhale.example.com/vars.yml`) like this:
|
||||
|
||||
|
@ -158,16 +158,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/fun
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point funkwhale to its dedicated Redis instance
|
||||
funkwhale_config_redis_hostname: mash-funkwhale-redis
|
||||
# Point funkwhale to its dedicated KeyDB instance
|
||||
funkwhale_config_redis_hostname: mash-funkwhale-keydb
|
||||
|
||||
# Make sure the funkwhale API service (mash-funkwhale-api.service) starts after its dedicated Redis service
|
||||
# Make sure the funkwhale API service (mash-funkwhale-api.service) starts after its dedicated KeyDB service
|
||||
funkwhale_api_systemd_required_services_list_custom:
|
||||
- "mash-funkwhale-redis.service"
|
||||
- "mash-funkwhale-keydb.service"
|
||||
|
||||
# Make sure the funkwhale API service (mash-funkwhale-api.service) is connected to the container network of its dedicated Redis service
|
||||
# Make sure the funkwhale API service (mash-funkwhale-api.service) is connected to the container network of its dedicated KeyDB service
|
||||
funkwhale_api_container_additional_networks_custom:
|
||||
- "mash-funkwhale-redis"
|
||||
- "mash-funkwhale-keydb"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -179,7 +179,7 @@ funkwhale_api_container_additional_networks_custom:
|
|||
|
||||
## Installation
|
||||
|
||||
If you've decided to install a dedicated Redis instance for funkwhale, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `funkwhale.example.com-deps`), before running installation for the main one (e.g. `funkwhale.example.com`).
|
||||
If you've decided to install a dedicated KeyDB instance for funkwhale, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `funkwhale.example.com-deps`), before running installation for the main one (e.g. `funkwhale.example.com`).
|
||||
|
||||
|
||||
## Usage
|
||||
|
|
39
docs/services/keydb.md
Normal file
39
docs/services/keydb.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
# KeyDB
|
||||
|
||||
[KeyDB](https://docs.keydb.dev/) is an open source, in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker.
|
||||
|
||||
We used to advocate for using [Redis](redis.md), but since [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/) we recommend that you use KeyDB instead. KeyDB is compatible with Redis, so switching should be straightforward. You can learn more about the switch from Redis to KeyDB in [this changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/50813c600db1c47b1f3e76707b81fe05d6c46ef5/CHANGELOG.md#backward-compatibility-break-the-playbook-now-defaults-to-keydb-instead-of-redis) for [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy).
|
||||
|
||||
Some of the services installed by this playbook require a KeyDB data store.
|
||||
|
||||
**Warning**: Because KeyDB is not as flexible as [Postgres](postgres.md) when it comes to authentication and data separation, it's **recommended that you run separate KeyDB instances** (one for each service). KeyDB supports multiple database and a [SELECT](https://docs.keydb.dev/docs/commands/#select) command for switching between them. However, **reusing the same KeyDB instance is not good enough** because:
|
||||
|
||||
- if all services use the same KeyDB instance and database (id = 0), services may conflict with one another
|
||||
- the number of databases is limited to [16 by default](https://github.com/Snapchat/KeyDB/blob/0731a0509a82af5114da1b5aa6cf8ba84c06e134/keydb.conf#L342-L345), which may or may not be enough. With configuration changes, this is solveable.
|
||||
- some services do not support switching the KeyDB database and always insist on using the default one (id = 0)
|
||||
- KeyDB [does not support different authentication credentials for its different databases](https://stackoverflow.com/a/37262596), so each service can potentially read and modify other services' data
|
||||
|
||||
If you're only hosting a single service (like [PeerTube](peertube.md) or [NetBox](netbox.md)) on your server, you can get away with running a single instance. If you're hosting multiple services, you should prepare separate instances for each service.
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process to **host a single instance of the KeyDB service**:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
To **host multiple instances of the KeyDB service**, follow the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation or the **KeyDB** section (if available) of the service you're installing.
|
|
@ -8,7 +8,7 @@
|
|||
This service requires the following other services:
|
||||
|
||||
- a [Postgres](postgres.md) database
|
||||
- a [Redis](redis.md) data-store, installation details [below](#redis)
|
||||
- a [KeyDB](keydb.md) data-store, installation details [below](#keydb)
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
|
||||
|
||||
|
@ -34,7 +34,7 @@ lago_api_environment_variable_lago_rsa_private_key: ''
|
|||
# unless you'd like to run a server with public registration enabled.
|
||||
lago_front_environment_variable_lago_disable_signup: false
|
||||
|
||||
# Redis configuration, as described below
|
||||
# KeyDB configuration, as described below
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -63,28 +63,28 @@ We recommend installing with public registration enabled at first, creating your
|
|||
It should be noted that disabling public signup with this variable merely disables the Sign-Up page in the web interface, but [does not actually disable signups due to a Lago bug](https://github.com/getlago/lago/issues/220).
|
||||
|
||||
|
||||
### Redis
|
||||
### KeyDB
|
||||
|
||||
As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to Lago](#creating-a-redis-instance-dedicated-to-lago).
|
||||
As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to Lago](#creating-a-keydb-instance-dedicated-to-lago).
|
||||
|
||||
If you're only running Lago on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-lago).
|
||||
If you're only running Lago on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-lago).
|
||||
|
||||
#### Using the shared Redis instance for Lago
|
||||
#### Using the shared KeyDB instance for Lago
|
||||
|
||||
To install a single (non-dedicated) Redis instance (`mash-redis`) and hook Lago to it, add the following **additional** configuration:
|
||||
To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook Lago to it, add the following **additional** configuration:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
@ -97,16 +97,16 @@ redis_enabled: true
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point Lago to the shared Redis instance
|
||||
lago_redis_hostname: "{{ redis_identifier }}"
|
||||
# Point Lago to the shared KeyDB instance
|
||||
lago_redis_hostname: "{{ keydb_identifier }}"
|
||||
|
||||
# Make sure the Lago service (mash-lago.service) starts after the shared Redis service (mash-redis.service)
|
||||
# Make sure the Lago service (mash-lago.service) starts after the shared KeyDB service (mash-keydb.service)
|
||||
lago_api_systemd_required_services_list_custom:
|
||||
- "{{ redis_identifier }}.service"
|
||||
- "{{ keydb_identifier }}.service"
|
||||
|
||||
# Make sure the Lago container is connected to the container network of the shared Redis service (mash-redis)
|
||||
# Make sure the Lago container is connected to the container network of the shared KeyDB service (mash-keydb)
|
||||
lago_api_container_additional_networks_custom:
|
||||
- "{{ redis_identifier }}"
|
||||
- "{{ keydb_identifier }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -115,11 +115,11 @@ lago_api_container_additional_networks_custom:
|
|||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-redis` Redis instance on this host.
|
||||
This will create a `mash-keydb` KeyDB instance on this host.
|
||||
|
||||
This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to Lago](#creating-a-redis-instance-dedicated-to-lago).
|
||||
This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to Lago](#creating-a-keydb-instance-dedicated-to-lago).
|
||||
|
||||
#### Creating a Redis instance dedicated to Lago
|
||||
#### Creating a KeyDB instance dedicated to Lago
|
||||
|
||||
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
||||
|
||||
|
@ -155,20 +155,20 @@ mash_playbook_service_base_directory_name_prefix: 'lago-'
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-lago-redis` instance on this host with its data in `/mash/lago-redis`.
|
||||
This will create a `mash-lago-keydb` instance on this host with its data in `/mash/lago-keydb`.
|
||||
|
||||
Then, adjust your main inventory host's variables file (`inventory/host_vars/lago.example.com/vars.yml`) like this:
|
||||
|
||||
|
@ -181,16 +181,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/lag
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point Lago to its dedicated Redis instance
|
||||
lago_redis_hostname: mash-lago-redis
|
||||
# Point Lago to its dedicated KeyDB instance
|
||||
lago_redis_hostname: mash-lago-keydb
|
||||
|
||||
# Make sure the Lago service (mash-lago.service) starts after its dedicated Redis service (mash-lago-redis.service)
|
||||
# Make sure the Lago service (mash-lago.service) starts after its dedicated KeyDB service (mash-lago-keydb.service)
|
||||
lago_api_systemd_required_services_list_custom:
|
||||
- "mash-lago-redis.service"
|
||||
- "mash-lago-keydb.service"
|
||||
|
||||
# Make sure the Lago container is connected to the container network of its dedicated Redis service (mash-lago-redis)
|
||||
# Make sure the Lago container is connected to the container network of its dedicated KeyDB service (mash-lago-keydb)
|
||||
lago_api_container_additional_networks_custom:
|
||||
- "mash-lago-redis"
|
||||
- "mash-lago-keydb"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
This service requires the following other services:
|
||||
|
||||
- a [Postgres](postgres.md) database
|
||||
- a [Redis](redis.md) data-store, installation details [below](#redis)
|
||||
- a [KeyDB](keydb.md) data-store, installation details [below](#keydb)
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
|
||||
|
||||
|
@ -38,7 +38,7 @@ netbox_environment_variable_superuser_email: your.email@example.com
|
|||
# Changing the password subsequently will not affect the user's password.
|
||||
netbox_environment_variable_superuser_password: ''
|
||||
|
||||
# Redis configuration, as described below
|
||||
# KeyDB configuration, as described below
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -60,28 +60,28 @@ If `netbox_environment_variable_superuser_*` variables are specified, NetBox wil
|
|||
|
||||
[Single-Sign-On](#single-sign-on-sso-integration) is also supported.
|
||||
|
||||
### Redis
|
||||
### KeyDB
|
||||
|
||||
As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to NetBox](#creating-a-redis-instance-dedicated-to-netbox).
|
||||
As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to NetBox](#creating-a-keydb-instance-dedicated-to-netbox).
|
||||
|
||||
If you're only running NetBox on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-netbox).
|
||||
If you're only running NetBox on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-netbox).
|
||||
|
||||
#### Using the shared Redis instance for NetBox
|
||||
#### Using the shared KeyDB instance for NetBox
|
||||
|
||||
To install a single (non-dedicated) Redis instance (`mash-redis`) and hook NetBox to it, add the following **additional** configuration:
|
||||
To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook NetBox to it, add the following **additional** configuration:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
@ -94,17 +94,17 @@ redis_enabled: true
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point NetBox to the shared Redis instance
|
||||
netbox_environment_variable_redis_host: "{{ redis_identifier }}"
|
||||
netbox_environment_variable_redis_cache_host: "{{ redis_identifier }}"
|
||||
# Point NetBox to the shared KeyDB instance
|
||||
netbox_environment_variable_redis_host: "{{ keydb_identifier }}"
|
||||
netbox_environment_variable_redis_cache_host: "{{ keydb_identifier }}"
|
||||
|
||||
# Make sure the NetBox service (mash-netbox.service) starts after the shared Redis service (mash-redis.service)
|
||||
# Make sure the NetBox service (mash-netbox.service) starts after the shared KeyDB service (mash-keydb.service)
|
||||
netbox_systemd_required_services_list_custom:
|
||||
- "{{ redis_identifier }}.service"
|
||||
- "{{ keydb_identifier }}.service"
|
||||
|
||||
# Make sure the NetBox container is connected to the container network of the shared Redis service (mash-redis)
|
||||
# Make sure the NetBox container is connected to the container network of the shared KeyDB service (mash-keydb)
|
||||
netbox_container_additional_networks_custom:
|
||||
- "{{ redis_identifier }}"
|
||||
- "{{ keydb_identifier }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -113,12 +113,12 @@ netbox_container_additional_networks_custom:
|
|||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-redis` Redis instance on this host.
|
||||
This will create a `mash-keydb` KeyDB instance on this host.
|
||||
|
||||
This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to NetBox](#creating-a-redis-instance-dedicated-to-netbox).
|
||||
This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to NetBox](#creating-a-keydb-instance-dedicated-to-netbox).
|
||||
|
||||
|
||||
#### Creating a Redis instance dedicated to NetBox
|
||||
#### Creating a KeyDB instance dedicated to NetBox
|
||||
|
||||
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
||||
|
||||
|
@ -154,20 +154,20 @@ mash_playbook_service_base_directory_name_prefix: 'netbox-'
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-netbox-redis` instance on this host with its data in `/mash/netbox-redis`.
|
||||
This will create a `mash-netbox-keydb` instance on this host with its data in `/mash/netbox-keydb`.
|
||||
|
||||
Then, adjust your main inventory host's variables file (`inventory/host_vars/netbox.example.com/vars.yml`) like this:
|
||||
|
||||
|
@ -181,17 +181,17 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/net
|
|||
# Base configuration as shown above
|
||||
|
||||
|
||||
# Point NetBox to its dedicated Redis instance
|
||||
netbox_environment_variable_redis_host: mash-netbox-redis
|
||||
netbox_environment_variable_redis_cache_host: mash-netbox-redis
|
||||
# Point NetBox to its dedicated KeyDB instance
|
||||
netbox_environment_variable_redis_host: mash-netbox-keydb
|
||||
netbox_environment_variable_redis_cache_host: mash-netbox-keydb
|
||||
|
||||
# Make sure the NetBox service (mash-netbox.service) starts after its dedicated Redis service (mash-netbox-redis.service)
|
||||
# Make sure the NetBox service (mash-netbox.service) starts after its dedicated KeyDB service (mash-netbox-keydb.service)
|
||||
netbox_systemd_required_services_list_custom:
|
||||
- "mash-netbox-redis.service"
|
||||
- "mash-netbox-keydb.service"
|
||||
|
||||
# Make sure the NetBox container is connected to the container network of its dedicated Redis service (mash-netbox-redis)
|
||||
# Make sure the NetBox container is connected to the container network of its dedicated KeyDB service (mash-netbox-keydb)
|
||||
netbox_container_additional_networks_custom:
|
||||
- "mash-netbox-redis"
|
||||
- "mash-netbox-keydb"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -257,7 +257,7 @@ For additional environment variables controlling groups and permissions for new
|
|||
|
||||
## Installation
|
||||
|
||||
If you've decided to install a dedicated Redis instance for NetBox, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `netbox.example.com-deps`), before running installation for the main one (e.g. `netbox.example.com`).
|
||||
If you've decided to install a dedicated KeyDB instance for NetBox, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `netbox.example.com-deps`), before running installation for the main one (e.g. `netbox.example.com`).
|
||||
|
||||
|
||||
## Usage
|
||||
|
|
|
@ -9,7 +9,7 @@ This service requires the following other services:
|
|||
|
||||
- a [Postgres](postgres.md) database
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
- (optional) a [Redis](redis.md) data-store, installation details [below](#redis)
|
||||
- (optional) a [KeyDB](keydb.md) data-store, installation details [below](#keydb)
|
||||
- (optional) the [exim-relay](exim-relay.md) mailer
|
||||
|
||||
|
||||
|
@ -29,7 +29,7 @@ nextcloud_enabled: true
|
|||
nextcloud_hostname: mash.example.com
|
||||
nextcloud_path_prefix: /nextcloud
|
||||
|
||||
# Redis configuration, as described below
|
||||
# KeyDB configuration, as described below
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -42,23 +42,23 @@ In the example configuration above, we configure the service to be hosted at `ht
|
|||
|
||||
You can remove the `nextcloud_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
|
||||
|
||||
### Redis
|
||||
### KeyDB
|
||||
|
||||
Redis can **optionally** be enabled to improve Nextcloud performance.
|
||||
It's dubious whether using using Redis helps much, so we recommend that you **start without** it, for a simpler deployment.
|
||||
KeyDB can **optionally** be enabled to improve Nextcloud performance.
|
||||
It's dubious whether using using KeyDB helps much, so we recommend that you **start without** it, for a simpler deployment.
|
||||
|
||||
To learn more, read the [Memory caching](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html) section of the Nextcloud documentation.
|
||||
|
||||
As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to Nextcloud](#creating-a-redis-instance-dedicated-to-nextcloud).
|
||||
As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud).
|
||||
|
||||
If you're only running Nextcloud on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-nextcloud).
|
||||
If you're only running Nextcloud on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-nextcloud).
|
||||
|
||||
**Regardless** of the method of installing Redis, you may need to adjust your Nextcloud configuration file (e.g. `/mash/nextcloud/data/config/config.php`) to **add** this:
|
||||
**Regardless** of the method of installing KeyDB, you may need to adjust your Nextcloud configuration file (e.g. `/mash/nextcloud/data/config/config.php`) to **add** this:
|
||||
|
||||
```php
|
||||
'memcache.distributed' => '\OC\Memcache\Redis',
|
||||
'memcache.locking' => '\OC\Memcache\Redis',
|
||||
'redis' => [
|
||||
'memcache.distributed' => '\OC\Memcache\KeyDB',
|
||||
'memcache.locking' => '\OC\Memcache\KeyDB',
|
||||
'keydb' => [
|
||||
'host' => 'REDIS_HOSTNAME_HERE',
|
||||
'port' => 6379,
|
||||
],
|
||||
|
@ -66,26 +66,26 @@ If you're only running Nextcloud on this server and don't need to use Redis for
|
|||
|
||||
Where `REDIS_HOSTNAME_HERE` is to be replaced with:
|
||||
|
||||
- `mash-nextcloud-redis`, when [Creating a Redis instance dedicated to Nextcloud](#creating-a-redis-instance-dedicated-to-nextcloud)
|
||||
- `mash-redis`, when [using a single Redis instance](#using-the-shared-redis-instance-for-nextcloud).
|
||||
- `mash-nextcloud-keydb`, when [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud)
|
||||
- `mash-keydb`, when [using a single KeyDB instance](#using-the-shared-keydb-instance-for-nextcloud).
|
||||
|
||||
|
||||
#### Using the shared Redis instance for Nextcloud
|
||||
#### Using the shared KeyDB instance for Nextcloud
|
||||
|
||||
To install a single (non-dedicated) Redis instance (`mash-redis`) and hook Nextcloud to it, add the following **additional** configuration:
|
||||
To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook Nextcloud to it, add the following **additional** configuration:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
@ -98,16 +98,16 @@ redis_enabled: true
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point Nextcloud to the shared Redis instance
|
||||
nextcloud_redis_hostname: "{{ redis_identifier }}"
|
||||
# Point Nextcloud to the shared KeyDB instance
|
||||
nextcloud_redis_hostname: "{{ keydb_identifier }}"
|
||||
|
||||
# Make sure the Nextcloud service (mash-nextcloud.service) starts after the shared Redis service (mash-redis.service)
|
||||
# Make sure the Nextcloud service (mash-nextcloud.service) starts after the shared KeyDB service (mash-keydb.service)
|
||||
nextcloud_systemd_required_services_list_custom:
|
||||
- "{{ redis_identifier }}.service"
|
||||
- "{{ keydb_identifier }}.service"
|
||||
|
||||
# Make sure the Nextcloud container is connected to the container network of the shared Redis service (mash-redis)
|
||||
# Make sure the Nextcloud container is connected to the container network of the shared KeyDB service (mash-keydb)
|
||||
nextcloud_container_additional_networks_custom:
|
||||
- "{{ redis_identifier }}"
|
||||
- "{{ keydb_identifier }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -115,11 +115,11 @@ nextcloud_container_additional_networks_custom:
|
|||
# #
|
||||
########################################################################
|
||||
```
|
||||
This will create a `mash-redis` Redis instance on this host.
|
||||
This will create a `mash-keydb` KeyDB instance on this host.
|
||||
|
||||
This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to Nextcloud](#creating-a-redis-instance-dedicated-to-nextcloud).
|
||||
This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud).
|
||||
|
||||
#### Creating a Redis instance dedicated to Nextcloud
|
||||
#### Creating a KeyDB instance dedicated to Nextcloud
|
||||
|
||||
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
||||
|
||||
|
@ -155,20 +155,20 @@ mash_playbook_service_base_directory_name_prefix: 'nextcloud-'
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-nextcloud-redis` instance on this host with its data in `/mash/nextcloud-redis`.
|
||||
This will create a `mash-nextcloud-keydb` instance on this host with its data in `/mash/nextcloud-keydb`.
|
||||
|
||||
Then, adjust your main inventory host's variables file (`inventory/host_vars/nextcloud.example.com/vars.yml`) like this:
|
||||
|
||||
|
@ -181,16 +181,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/nex
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point Nextcloud to its dedicated Redis instance
|
||||
nextcloud_redis_hostname: mash-nextcloud-redis
|
||||
# Point Nextcloud to its dedicated KeyDB instance
|
||||
nextcloud_redis_hostname: mash-nextcloud-keydb
|
||||
|
||||
# Make sure the Nextcloud service (mash-nextcloud.service) starts after its dedicated Redis service (mash-nextcloud-redis.service)
|
||||
# Make sure the Nextcloud service (mash-nextcloud.service) starts after its dedicated KeyDB service (mash-nextcloud-keydb.service)
|
||||
nextcloud_systemd_required_services_list_custom:
|
||||
- "mash-nextcloud-redis.service"
|
||||
- "mash-nextcloud-keydb.service"
|
||||
|
||||
# Make sure the Nextcloud container is connected to the container network of its dedicated Redis service (mash-nextcloud-redis)
|
||||
# Make sure the Nextcloud container is connected to the container network of its dedicated KeyDB service (mash-nextcloud-keydb)
|
||||
nextcloud_container_additional_networks_custom:
|
||||
- "mash-nextcloud-redis"
|
||||
- "mash-nextcloud-keydb"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -230,7 +230,7 @@ nextcloud_container_image_customizations_samba_enabled: true
|
|||
|
||||
## Installation
|
||||
|
||||
If you've decided to install a dedicated Redis instance for Nextcloud, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `nextcloud.example.com-deps`), before running installation for the main one (e.g. `nextcloud.example.com`).
|
||||
If you've decided to install a dedicated KeyDB instance for Nextcloud, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `nextcloud.example.com-deps`), before running installation for the main one (e.g. `nextcloud.example.com`).
|
||||
|
||||
## Usage
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
This service requires the following other services:
|
||||
|
||||
- [Postgres](postgres.md)
|
||||
- [Redis](redis.md)
|
||||
- [KeyDB](keydb.md)
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
|
||||
|
||||
|
@ -30,14 +30,14 @@ outline_hostname: outline.example.com
|
|||
# This must be generated with: `openssl rand -hex 32`
|
||||
outline_environment_variable_secret_key: ''
|
||||
|
||||
# The configuration below connects Outline to the Redis instance, for session storage purposes.
|
||||
# You may wish to run a separate Redis instance for Outline, because Redis is not multi-tenant.
|
||||
# Read more in docs/services/redis.md.
|
||||
outline_redis_hostname: "{{ redis_identifier if redis_enabled else '' }}"
|
||||
# The configuration below connects Outline to the KeyDB instance, for session storage purposes.
|
||||
# You may wish to run a separate KeyDB instance for Outline, because KeyDB is not multi-tenant.
|
||||
# Read more in docs/services/keydb.md.
|
||||
outline_redis_hostname: "{{ keydb_identifier if keydb_enabled else '' }}"
|
||||
|
||||
outline_container_additional_networks_custom: |
|
||||
{{
|
||||
[redis_container_network]
|
||||
[keydb_container_network]
|
||||
}}
|
||||
|
||||
# By default, files are stored locally.
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
This service requires the following other services:
|
||||
|
||||
- a [Postgres](postgres.md) database
|
||||
- a [Redis](redis.md) data-store, installation details [below](#redis)
|
||||
- a [KeyDB](keydb.md) data-store, installation details [below](#keydb)
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
|
||||
|
||||
|
@ -47,7 +47,7 @@ peertube_config_root_user_initial_password: ''
|
|||
# Then, replace the example IP range below, and re-run the playbook.
|
||||
# peertube_trusted_proxies_values_custom: ["172.21.0.0/16"]
|
||||
|
||||
# Redis configuration, as described below
|
||||
# KeyDB configuration, as described below
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -60,28 +60,28 @@ In the example configuration above, we configure the service to be hosted at `ht
|
|||
|
||||
Hosting PeerTube under a subpath (by configuring the `peertube_path_prefix` variable) does not seem to be possible right now, due to PeerTube limitations.
|
||||
|
||||
### Redis
|
||||
### KeyDB
|
||||
|
||||
As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to PeerTube](#creating-a-redis-instance-dedicated-to-peertube).
|
||||
As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to PeerTube](#creating-a-keydb-instance-dedicated-to-peertube).
|
||||
|
||||
If you're only running PeerTube on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-peertube).
|
||||
If you're only running PeerTube on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-peertube).
|
||||
|
||||
#### Using the shared Redis instance for PeerTube
|
||||
#### Using the shared KeyDB instance for PeerTube
|
||||
|
||||
To install a single (non-dedicated) Redis instance (`mash-redis`) and hook PeerTube to it, add the following **additional** configuration:
|
||||
To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook PeerTube to it, add the following **additional** configuration:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
@ -94,16 +94,16 @@ redis_enabled: true
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point PeerTube to the shared Redis instance
|
||||
peertube_config_redis_hostname: "{{ redis_identifier }}"
|
||||
# Point PeerTube to the shared KeyDB instance
|
||||
peertube_config_redis_hostname: "{{ keydb_identifier }}"
|
||||
|
||||
# Make sure the PeerTube service (mash-peertube.service) starts after the shared Redis service (mash-redis.service)
|
||||
# Make sure the PeerTube service (mash-peertube.service) starts after the shared KeyDB service (mash-keydb.service)
|
||||
peertube_systemd_required_services_list_custom:
|
||||
- "{{ redis_identifier }}.service"
|
||||
- "{{ keydb_identifier }}.service"
|
||||
|
||||
# Make sure the PeerTube container is connected to the container network of the shared Redis service (mash-redis)
|
||||
# Make sure the PeerTube container is connected to the container network of the shared KeyDB service (mash-keydb)
|
||||
peertube_container_additional_networks_custom:
|
||||
- "{{ redis_identifier }}"
|
||||
- "{{ keydb_identifier }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -112,12 +112,12 @@ peertube_container_additional_networks_custom:
|
|||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-redis` Redis instance on this host.
|
||||
This will create a `mash-keydb` KeyDB instance on this host.
|
||||
|
||||
This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to PeerTube](#creating-a-redis-instance-dedicated-to-peertube).
|
||||
This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to PeerTube](#creating-a-keydb-instance-dedicated-to-peertube).
|
||||
|
||||
|
||||
#### Creating a Redis instance dedicated to PeerTube
|
||||
#### Creating a KeyDB instance dedicated to PeerTube
|
||||
|
||||
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
||||
|
||||
|
@ -153,20 +153,20 @@ mash_playbook_service_base_directory_name_prefix: 'peertube-'
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# redis #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
redis_enabled: true
|
||||
keydb_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /redis #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
This will create a `mash-peertube-redis` instance on this host with its data in `/mash/peertube-redis`.
|
||||
This will create a `mash-peertube-keydb` instance on this host with its data in `/mash/peertube-keydb`.
|
||||
|
||||
Then, adjust your main inventory host's variables file (`inventory/host_vars/peertube.example.com/vars.yml`) like this:
|
||||
|
||||
|
@ -179,16 +179,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/pee
|
|||
|
||||
# Base configuration as shown above
|
||||
|
||||
# Point PeerTube to its dedicated Redis instance
|
||||
peertube_config_redis_hostname: mash-peertube-redis
|
||||
# Point PeerTube to its dedicated KeyDB instance
|
||||
peertube_config_redis_hostname: mash-peertube-keydb
|
||||
|
||||
# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated Redis service (mash-peertube-redis.service)
|
||||
# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated KeyDB service (mash-peertube-keydb.service)
|
||||
peertube_systemd_required_services_list_custom:
|
||||
- "mash-peertube-redis.service"
|
||||
- "mash-peertube-keydb.service"
|
||||
|
||||
# Make sure the PeerTube container is connected to the container network of its dedicated Redis service (mash-peertube-redis)
|
||||
# Make sure the PeerTube container is connected to the container network of its dedicated KeyDB service (mash-peertube-keydb)
|
||||
peertube_container_additional_networks_custom:
|
||||
- "mash-peertube-redis"
|
||||
- "mash-peertube-keydb"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -200,7 +200,7 @@ peertube_container_additional_networks_custom:
|
|||
|
||||
## Installation
|
||||
|
||||
If you've decided to install a dedicated Redis instance for PeerTube, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `peertube.example.com-deps`), before running installation for the main one (e.g. `peertube.example.com`).
|
||||
If you've decided to install a dedicated KeyDB instance for PeerTube, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `peertube.example.com-deps`), before running installation for the main one (e.g. `peertube.example.com`).
|
||||
|
||||
|
||||
## Usage
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
[Redis](https://redis.io/) is an open source, in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker.
|
||||
|
||||
We used to used to advocate for using Redis, but since [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/) we recommend that you use [KeyDB](keydb.md) instead. KeyDB is compatible with Redis, so switching should be straightforward. You can learn more about the switch from Redis to KeyDB in [this changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/50813c600db1c47b1f3e76707b81fe05d6c46ef5/CHANGELOG.md#backward-compatibility-break-the-playbook-now-defaults-to-keydb-instead-of-redis) for [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy).
|
||||
|
||||
Some of the services installed by this playbook require a Redis data store.
|
||||
|
||||
**Warning**: Because Redis is not as flexible as [Postgres](postgres.md) when it comes to authentication and data separation, it's **recommended that you run separate Redis instances** (one for each service). Redis supports multiple database and a [SELECT](https://redis.io/commands/select/) command for switching between them. However, **reusing the same Redis instance is not good enough** because:
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
| [InfluxDB](https://www.influxdata.com/) | A self-hosted time-series database. | [Link](services/influxdb.md) |
|
||||
| [Jitsi](https://jitsi.org/) | A fully encrypted, 100% Open Source video conferencing solution | [Link](services/jitsi.md) |
|
||||
| [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) |
|
||||
| [KeyDB](https://docs.keydb.dev/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/keydb.md) |
|
||||
| [Lago](https://www.getlago.com/) | Open-source metering and usage-based billing | [Link](services/lago.md) |
|
||||
| [languageTool](https://languagetool.org/) | An open source online grammar, style and spell checker | [Link](services/languagetool.md) |
|
||||
| [linkding](https://github.com/sissbruecker/linkding/) | Bookmark manager designed to be minimal and fast. | [Link](services/linkding.md) |
|
||||
|
|
|
@ -4346,6 +4346,38 @@ redis_gid: "{{ mash_playbook_gid }}"
|
|||
# /role-specific:redis
|
||||
|
||||
|
||||
# role-specific:keydb
|
||||
########################################################################
|
||||
# #
|
||||
# keydb #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
keydb_enabled: false
|
||||
|
||||
redis_identifier: "{{ mash_playbook_service_identifier_prefix }}keydb"
|
||||
|
||||
keydb_uid: "{{ mash_playbook_uid }}"
|
||||
keydb_gid: "{{ mash_playbook_gid }}"
|
||||
|
||||
keydb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}keydb"
|
||||
|
||||
keydb_arch: |-
|
||||
{{
|
||||
({
|
||||
'amd64': 'x86_64',
|
||||
'arm32': 'arm32',
|
||||
'arm64': 'arm64',
|
||||
})[mash_playbook_architecture]
|
||||
}}
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /keydb #
|
||||
# #
|
||||
########################################################################
|
||||
# /role-specific:keydb
|
||||
|
||||
|
||||
# role-specific:roundcube
|
||||
########################################################################
|
||||
|
|
|
@ -152,6 +152,10 @@
|
|||
version: v24.0.2-0
|
||||
name: keycloak
|
||||
activation_prefix: keycloak_
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git
|
||||
version: v6.3.4-1
|
||||
name: keydb
|
||||
activation_prefix: keydb_
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-lago.git
|
||||
version: v0.50.0-0
|
||||
name: lago
|
||||
|
|
Loading…
Reference in a new issue