Michael Blum

Developer from Chicago

Deploying a Redis instance with Ansible


Road Map

I wanted to automate the tedious and error-prone process of creating a Redis instance that I could reuse when going between my laptop and a remote serer. I settled on writing an Ansible playbook for deploying a secured and optimized Redis instance.

Based originally on DigitalOcean’s guide to deploying a Redis instance:

How to install and configure redis on Ubuntu 16.04

This playbook looks to automate the tedious setup process by performing the following tasks:

  • Update OS with apt-get
  • Install Redis dependencies
  • Install Redis from source (test, make)
  • Configure and secure Redis-as-a-service

    • Create a redis user and group
    • Create data and logging directories
  • Optimize Redis

    • Disable Transparent Huge Pages (THP) support
    • Increase TCP backlog
    • Enalbe low-memory DB saves

Play-by-play

Running a simple vagrant up we can get a Redis instance up and configured just like we’ll have in production. Provisioning the instance takes less than five minutes:

	25.36s user 
	17.79s system 
	16% cpu 
	4:13.97 total

When we tail the redis-server.log we see no warnings or errors.

                _._
           _.-``__ ''-._
      _.-``    `.  `_.  ''-._           Redis 3.2.3 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 23230
  `-._    `-._  `-./  _.-'    _.-'
 |`-._`-._    `-.__.-'    _.-'_.-'|
 |    `-._`-._        _.-'_.-'    |           http://redis.io
  `-._    `-._`-.__.-'_.-'    _.-'
 |`-._`-._    `-.__.-'    _.-'_.-'|
 |    `-._`-._        _.-'_.-'    |
  `-._    `-._`-.__.-'_.-'    _.-'
      `-._    `-.__.-'    _.-'
          `-._        _.-'
              `-.__.-'

23230:M 24 Sep 21:26:00.539 # Server started, Redis version 3.2.3
23230:M 24 Sep 21:26:00.539 * DB loaded from disk: 0.000 seconds
23230:M 24 Sep 21:26:00.539 * The server is now ready to accept connections on port 6379

You can override configuration properties inside the Vagrantfile under ansible.extra_vars. Be sure in production to bind redis to 127.0.0.1 only, otherwise the internet can access your redis instance.

Run Redis commands with the following command:

redis-cli -a redis

In addition to the binding address, be sure to make a nice long password with:

apg -m 32 -x 1 -a 1 -n 1

Since Redis can process commands quickly, its a good idea to have a long password.

As far as security is concerned, there is ample documentation on the matter: Redis Security if you’d like to tweak this playbook with enhanced security measures I’d be glad to take your PRs.

Github Repo

redis-playbook