redis: Move to container unit, Debian Bookworm
The container file is now directly based on Debian Bookworm, and uses official Debian packages.
This commit is contained in:
parent
dc48e4b06b
commit
c5a6208e6a
|
@ -13,6 +13,7 @@ shopt -s globstar
|
|||
TEMP_CONFIG_PATH="$(git -C "$(dirname "$0")" rev-parse --show-toplevel)"
|
||||
HOST_CONFIG_PATH="/etc/coreos-home-server"
|
||||
SYSTEMD_CONFIG_PATH="/etc/systemd/system"
|
||||
QUADLET_CONFIG_PATH="/etc/containers/systemd"
|
||||
|
||||
# Synchronize CoreOS home-server configuration for specific path.
|
||||
function sync-coreos-config() {
|
||||
|
@ -67,6 +68,11 @@ function sync-systemd-services() {
|
|||
if test -n "$tmp"; then buffer="${buffer}"$'\n'"${tmp}"; fi
|
||||
done
|
||||
|
||||
for src in "$HOST_CONFIG_PATH"/*/quadlet/*; do
|
||||
tmp="$(cp --verbose --recursive --update --target-directory "$QUADLET_CONFIG_PATH" "$src")"
|
||||
if test -n "$tmp"; then buffer="${buffer}"$'\n'"${tmp}"; fi
|
||||
done
|
||||
|
||||
printf "%s\ndone.\n" "$buffer"
|
||||
if test -n "$buffer"; then return 0; else return 1; fi
|
||||
}
|
||||
|
|
|
@ -6,10 +6,9 @@ ConditionPathExists=!/etc/cni/net.d/%i.conflist
|
|||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
SyslogIdentifier=%N
|
||||
RemainAfterExit=true
|
||||
ExecStart=/bin/podman network create %i
|
||||
ExecStop=/bin/podman network rm %i
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -6,6 +6,7 @@ After=container-volume-restore@%i.service
|
|||
[Service]
|
||||
Type=oneshot
|
||||
SyslogIdentifier=%N
|
||||
RemainAfterExit=true
|
||||
ExecStart=/bin/sh -c 'podman volume exists %i || podman volume create %i'
|
||||
|
||||
[Install]
|
||||
|
|
|
@ -13,17 +13,23 @@ corresponding directory:
|
|||
- `Containerfile` -- This file is used in building a container image, handled by the
|
||||
`container-build@example` service and presumably used in the systemd file for the `example`
|
||||
service.
|
||||
|
||||
|
||||
- `example.env.template` -- An optional file containing `KEY=value` definitions that can then be
|
||||
used in the systemd service. Host-wide environment is also available in this context, and can be
|
||||
used in expanding shared configuration, secrets, etc. This file is used by the
|
||||
`container-environment@example` service.
|
||||
|
||||
|
||||
- `systemd/` -- This directory contains systemd configuration, to be copied into the host-wide
|
||||
`/etc/systemd/system` directory. You'll typically find things like `example.service` files
|
||||
which run the service under Podman, as well as potential one-off services which copy files
|
||||
around in pre-existing Podman containers.
|
||||
|
||||
- `quadlet` -- This directory contains configuration for
|
||||
[Quadlet](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html), aka
|
||||
`podman-systemd.unit`, which allows for generating comprehensive Systemd configuration from more
|
||||
idiomatic templates. Most services will be found as `example.container` files, installed under
|
||||
`/etc/containers/systemd` in running systems.
|
||||
|
||||
- `container/` -- This directory contains any static files included in the Podman image, including
|
||||
templated configuration, scripts, etc.
|
||||
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
FROM docker.io/redis:6.2
|
||||
FROM docker.io/debian:bookworm-slim
|
||||
ARG VERSION=7.0
|
||||
|
||||
RUN apt-get update -y && apt-get install -y --no-install-recommends ca-certificates
|
||||
ADD --chown=_apt https://packages.redis.io/gpg /etc/apt/trusted.gpg.d/redis.asc
|
||||
|
||||
RUN echo "deb https://packages.redis.io/deb bookworm main" > /etc/apt/sources.list.d/redis.list && \
|
||||
apt-get update && apt-get install -y --no-install-recommends redis-server="6:${VERSION}*"
|
||||
|
||||
COPY container/config /etc/redis
|
||||
USER redis
|
||||
|
||||
CMD ["redis-server", "/etc/redis/redis.conf"]
|
||||
EXPOSE 6379
|
||||
ENTRYPOINT ["redis-server", "/etc/redis/redis.conf"]
|
||||
|
|
|
@ -1,2 +1,78 @@
|
|||
# Enable persistence via append-only file.
|
||||
################################## NETWORK #####################################
|
||||
|
||||
# Protected mode is a layer of security protection, in order to avoid that
|
||||
# Redis instances left open on the internet are accessed and exploited.
|
||||
#
|
||||
# When protected mode is on and the default user has no password, the server
|
||||
# only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address
|
||||
# (::1) or Unix domain sockets.
|
||||
#
|
||||
# By default protected mode is enabled. You should disable it only if
|
||||
# you are sure you want clients from other hosts to connect to Redis
|
||||
# even if no authentication is configured.
|
||||
|
||||
protected-mode no
|
||||
|
||||
################################# GENERAL #####################################
|
||||
|
||||
# If you run Redis from upstart or systemd, Redis can interact with your
|
||||
# supervision tree. Options:
|
||||
# supervised no - no supervision interaction
|
||||
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
|
||||
# requires "expect stop" in your upstart job config
|
||||
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
|
||||
# on startup, and updating Redis status on a regular
|
||||
# basis.
|
||||
# supervised auto - detect upstart or systemd method based on
|
||||
# UPSTART_JOB or NOTIFY_SOCKET environment variables
|
||||
# Note: these supervision methods only signal "process is ready."
|
||||
# They do not enable continuous pings back to your supervisor.
|
||||
#
|
||||
# The default is "no". To run under upstart/systemd, you can simply uncomment
|
||||
# the line below:
|
||||
|
||||
supervised systemd
|
||||
|
||||
# Specify the server verbosity level.
|
||||
# This can be one of:
|
||||
# debug (a lot of information, useful for development/testing)
|
||||
# verbose (many rarely useful info, but not a mess like the debug level)
|
||||
# notice (moderately verbose, what you want in production probably)
|
||||
# warning (only very important / critical messages are logged)
|
||||
|
||||
loglevel notice
|
||||
|
||||
################################ SNAPSHOTTING ################################
|
||||
|
||||
# The working directory.
|
||||
#
|
||||
# The DB will be written inside this directory, with the filename specified
|
||||
# above using the 'dbfilename' configuration directive.
|
||||
#
|
||||
# The Append Only File will also be created inside this directory.
|
||||
#
|
||||
# Note that you must specify a directory here, not a file name.
|
||||
|
||||
dir /var/lib/redis
|
||||
|
||||
############################## APPEND ONLY MODE ###############################
|
||||
|
||||
# By default Redis asynchronously dumps the dataset on disk. This mode is
|
||||
# good enough in many applications, but an issue with the Redis process or
|
||||
# a power outage may result into a few minutes of writes lost (depending on
|
||||
# the configured save points).
|
||||
#
|
||||
# The Append Only File is an alternative persistence mode that provides
|
||||
# much better durability. For instance using the default data fsync policy
|
||||
# (see later in the config file) Redis can lose just one second of writes in a
|
||||
# dramatic event like a server power outage, or a single write if something
|
||||
# wrong with the Redis process itself happens, but the operating system is
|
||||
# still running correctly.
|
||||
#
|
||||
# AOF and RDB persistence can be enabled at the same time without problems.
|
||||
# If the AOF is enabled on startup Redis will load the AOF, that is the file
|
||||
# with the better durability guarantees.
|
||||
#
|
||||
# Please check https://redis.io/topics/persistence for more information.
|
||||
|
||||
appendonly yes
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=Redis Key-Value Store
|
||||
Wants=container-build@%N.service container-volume@%N.service
|
||||
After=container-build@%N.service container-volume@%N.service
|
||||
|
||||
[Container]
|
||||
ContainerName=%N
|
||||
Image=localhost/%N:latest
|
||||
Network=internal
|
||||
Notify=true
|
||||
Volume=%N:/var/lib/%N:z
|
||||
|
||||
[Service]
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -4,9 +4,5 @@ storage:
|
|||
trees:
|
||||
- path: /etc/coreos-home-server/redis
|
||||
local: service/redis/
|
||||
- path: /etc/systemd/system
|
||||
local: service/redis/systemd/
|
||||
systemd:
|
||||
units:
|
||||
- name: redis.service
|
||||
enabled: true
|
||||
- path: /etc/containers/systemd
|
||||
local: service/redis/quadlet/
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
[Unit]
|
||||
Description=Redis Key-Value Store
|
||||
Wants=container-build@%N.service container-volume@%N.service
|
||||
After=container-build@%N.service container-volume@%N.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
SyslogIdentifier=%N
|
||||
Restart=on-failure
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon --volume %N:/data:z localhost/%N:latest
|
||||
ExecStop=/bin/podman stop --ignore --time 10 %N
|
||||
ExecStopPost=/bin/podman rm --ignore --force %N
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue