From abdbfb7baa96ee2c849c0e130458f7ff97ea2caf Mon Sep 17 00:00:00 2001 From: Daniel Gola Date: Fri, 22 Jan 2021 00:17:47 +0100 Subject: [PATCH 1/5] Jmx recipe (#132) Co-authored-by: Jakub Kotkowiak Co-authored-by: JakubKotkowiak <52407257+JakubKotkowiak@users.noreply.github.com> Co-authored-by: Justin Eveland --- recipes/newrelic/jmx/debian.yml | 215 +++++++++++++++++ recipes/newrelic/jmx/rhel.yml | 218 ++++++++++++++++++ .../ohi/linux/jmx-jboss-debian.json | 64 +++++ .../definitions/ohi/linux/jmx-jboss-rhel.json | 64 +++++ .../ohi/linux/jmx-jetty-debian.json | 58 +++++ .../definitions/ohi/linux/jmx-jetty-rhel.json | 58 +++++ .../ohi/linux/jmx-tomcat-debian.json | 58 +++++ .../ohi/linux/jmx-tomcat-rhel.json | 58 +++++ .../debian/roles/configure/tasks/main.yml | 112 +++++++++ .../rhel/roles/configure/tasks/main.yml | 112 +++++++++ .../debian/roles/configure/tasks/main.yml | 114 +++++++++ .../debian/roles/configure/templates/jetty | 6 + .../roles/configure/templates/start.ini | 197 ++++++++++++++++ .../rhel/roles/configure/tasks/main.yml | 114 +++++++++ .../rhel/roles/configure/templates/jetty | 6 + .../rhel/roles/configure/templates/start.ini | 197 ++++++++++++++++ .../debian/roles/configure/tasks/main.yml | 96 ++++++++ .../roles/configure/templates/setenv.sh | 1 + .../roles/configure/templates/tomcat.service | 25 ++ .../rhel/roles/configure/tasks/main.yml | 97 ++++++++ .../rhel/roles/configure/templates/setenv.sh | 1 + .../roles/configure/templates/tomcat.service | 25 ++ 22 files changed, 1896 insertions(+) create mode 100644 recipes/newrelic/jmx/debian.yml create mode 100644 recipes/newrelic/jmx/rhel.yml create mode 100644 test/definitions/ohi/linux/jmx-jboss-debian.json create mode 100644 test/definitions/ohi/linux/jmx-jboss-rhel.json create mode 100644 test/definitions/ohi/linux/jmx-jetty-debian.json create mode 100644 test/definitions/ohi/linux/jmx-jetty-rhel.json create mode 100644 test/definitions/ohi/linux/jmx-tomcat-debian.json create mode 100644 test/definitions/ohi/linux/jmx-tomcat-rhel.json create mode 100644 test/deploy/linux/jmx-jboss/install/debian/roles/configure/tasks/main.yml create mode 100644 test/deploy/linux/jmx-jboss/install/rhel/roles/configure/tasks/main.yml create mode 100644 test/deploy/linux/jmx-jetty/install/debian/roles/configure/tasks/main.yml create mode 100644 test/deploy/linux/jmx-jetty/install/debian/roles/configure/templates/jetty create mode 100644 test/deploy/linux/jmx-jetty/install/debian/roles/configure/templates/start.ini create mode 100644 test/deploy/linux/jmx-jetty/install/rhel/roles/configure/tasks/main.yml create mode 100644 test/deploy/linux/jmx-jetty/install/rhel/roles/configure/templates/jetty create mode 100644 test/deploy/linux/jmx-jetty/install/rhel/roles/configure/templates/start.ini create mode 100644 test/deploy/linux/jmx-tomcat/install/debian/roles/configure/tasks/main.yml create mode 100644 test/deploy/linux/jmx-tomcat/install/debian/roles/configure/templates/setenv.sh create mode 100644 test/deploy/linux/jmx-tomcat/install/debian/roles/configure/templates/tomcat.service create mode 100644 test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/tasks/main.yml create mode 100644 test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/templates/setenv.sh create mode 100644 test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/templates/tomcat.service diff --git a/recipes/newrelic/jmx/debian.yml b/recipes/newrelic/jmx/debian.yml new file mode 100644 index 000000000..d05843f01 --- /dev/null +++ b/recipes/newrelic/jmx/debian.yml @@ -0,0 +1,215 @@ +# Visit our schema definition for additional information on this file format +# https://github.com/newrelic/open-install-library/blob/main/docs/recipe-spec/recipe-spec.md#schema-definition + +name: jmx-open-source-integration +displayName: JMX Open Source Integration +description: New Relic install recipe for default JMX Open Source on-host integration (via Infra-Agent) +repository: https://github.com/newrelic/nri-jmx + +installTargets: + - type: host + os: linux + platform: "debian" + - type: host + os: linux + platform: "ubuntu" + +# keyword convention for dealing with search terms that could land someone on this instrumentation project +keywords: + - Infrastructure + - Integration + - jmx + - jvm + +# Examine Infrastructure events for correlated data +processMatch: + - java + - jboss + - tomcat + - jetty + # Once https://github.com/newrelic/newrelic-cli/pull/637 is merged, change to the following: + # - java.*jboss + # - java.*tomcat + # - java.*jetty + +# Matches partial list of the Log forwarding parameters +# https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent#parameters +logMatch: + - name: tomcat + file: /var/log/tomcat/catalina.out + + +# NRQL the newrelic-cli will use to validate the agent/integration this recipe +# installed is successfully sending data to New Relic +validationNrql: "SELECT count(*) from JVMSample where hostname like '{{.HOSTNAME}}%' FACET entityGuid SINCE 10 minutes ago" + +# Prompts for input from the user. These variables then become +# available to go-task in the form of {{.VAR_NAME}} +inputVars: + - name: "NR_CLI_JMX_USERNAME" + prompt: "Please enter your username." + - name: "NR_CLI_JMX_PASSWORD" + prompt: "Please enter your password." + secret: true + - name: "NR_CLI_JMX_HOST" + prompt: "Please enter your hostname below. If none is provided, the default value: localhost, will be used." + default: "localhost" + - name: "NR_CLI_JMX_PORT" + prompt: "Please enter your port below. If none is provided, the default value: 9999, will be used." + default: 9999 + - name: "NR_CLI_SSL_ENABLED" + prompt: "Are you using SSL? (y/n)" + - name: "NR_CLI_KEYSTORE" + prompt: "Enter key store file path if applicable." + - name: "NR_CLI_KEYSTORE_PASSWORD" + prompt: "Enter key store password if applicable." + - name: "NR_CLI_TRUSTSTORE" + prompt: "Enter trust store file path if applicable." + - name: "NR_CLI_TRUSTSTORE_PASSWORD" + prompt: "Enter trust store password if applicable." + +install: + version: "3" + + silent: true + + tasks: + default: + cmds: + - task: assert_pre_req + - task: setup + - task: restart + + assert_pre_req: + cmds: + - | + SERVICE_EXIST=$(sudo systemctl status newrelic-infra.service | grep "Active" | wc -l) + if [ $SERVICE_EXIST -eq 0 ]; then + echo "The newrelic-infra agent service is NOT installed on the host, but is required to install this integration." >> /dev/stderr + exit 1 + fi + + setup: + label: "Installing jmx integration..." + cmds: + - | + sudo mkdir -p "/etc/newrelic-infra/integrations.d" + - | + sudo apt-get update + - | + sudo apt-get install nri-jmx -y + - | + if [ -f /etc/newrelic-infra/integrations.d/jmx-config.yml ]; then + sudo rm /etc/newrelic-infra/integrations.d/jmx-config.yml; + fi + + sudo cp /etc/newrelic-infra/integrations.d/jvm-metrics.yml.sample /etc/newrelic-infra/integrations.d/jvm-metrics.yml; + + - | + IS_TOMCAT=$(ps -aux | grep -o tomcat | wc -l) + IS_JBOSS=$(ps -aux | grep -o jboss | wc -l) + if [ "{{.NR_CLI_SSL_ENABLED}}" == "n" ]; then + if [ "$IS_TOMCAT" -gt 1 ]; then + sudo cp /etc/newrelic-infra/integrations.d/tomcat-metrics.yml.sample /etc/newrelic-infra/integrations.d/tomcat-metrics.yml; + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_host: {{.NR_CLI_JMX_HOST}} + jmx_port: {{.NR_CLI_JMX_PORT}} + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml,/etc/newrelic-infra/integrations.d/tomcat-metrics.yml" + EOT + elif [ "$IS_JBOSS" -gt 1 ]; then + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + connection_url: 'service:jmx:remote+http://{{.NR_CLI_JMX_HOST}}:{{.NR_CLI_JMX_PORT}}' + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml" + EOT + else + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_host: {{.NR_CLI_JMX_HOST}} + jmx_port: {{.NR_CLI_JMX_PORT}} + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml" + EOT + fi + else + if [ "$IS_TOMCAT" -gt 1 ]; then + sudo cp /etc/newrelic-infra/integrations.d/tomcat-metrics.yml.sample /etc/newrelic-infra/integrations.d/tomcat-metrics.yml; + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_host: {{.NR_CLI_JMX_HOST}} + jmx_port: {{.NR_CLI_JMX_PORT}} + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + key_store: {{.NR_CLI_KEYSTORE}} + key_store_password: {{.NR_CLI_KEYSTORE_PASSWORD}} + trust_store: {{.NR_CLI_TRUSTSTORE}} + trust_store_password: {{.NR_CLI_TRUSTSTORE_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml,/etc/newrelic-infra/integrations.d/tomcat-metrics.yml" + EOT + elif [ "$IS_JBOSS" -gt 1 ]; then + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + connection_url: 'service:jmx:remote+http://{{.NR_CLI_JMX_HOST}}:{{.NR_CLI_JMX_PORT}}' + key_store: {{.NR_CLI_KEYSTORE}} + key_store_password: {{.NR_CLI_KEYSTORE_PASSWORD}} + trust_store: {{.NR_CLI_TRUSTSTORE}} + trust_store_password: {{.NR_CLI_TRUSTSTORE_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml" + EOT + else + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_host: {{.NR_CLI_JMX_HOST}} + jmx_port: {{.NR_CLI_JMX_PORT}} + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + key_store: {{.NR_CLI_KEYSTORE}} + key_store_password: {{.NR_CLI_KEYSTORE_PASSWORD}} + trust_store: {{.NR_CLI_TRUSTSTORE}} + trust_store_password: {{.NR_CLI_TRUSTSTORE_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml" + EOT + fi + fi + + restart: + cmds: + - sudo systemctl restart newrelic-infra.service diff --git a/recipes/newrelic/jmx/rhel.yml b/recipes/newrelic/jmx/rhel.yml new file mode 100644 index 000000000..cd6f6fa0b --- /dev/null +++ b/recipes/newrelic/jmx/rhel.yml @@ -0,0 +1,218 @@ +# Visit our schema definition for additional information on this file format +# https://github.com/newrelic/open-install-library/blob/main/docs/recipe-spec/recipe-spec.md#schema-definition + +name: jmx-open-source-integration +displayName: JMX Open Source Integration +description: New Relic install recipe for default JMX Open Source on-host integration (via Infra-Agent) +repository: https://github.com/newrelic/nri-jmx + +installTargets: + - type: host + os: linux + platform: "amazon" + platformVersion: "2" + - type: host + os: linux + platform: "redhat" + - type: host + os: linux + platform: "centos" + +# keyword convention for dealing with search terms that could land someone on this instrumentation project +keywords: + - Infrastructure + - Integration + - jmx + - jvm + +# Examine Infrastructure events for correlated data +processMatch: + - java + - jboss + - tomcat + - jetty + # Once https://github.com/newrelic/newrelic-cli/pull/637 is merged, change to the following: + # - java.*jboss + # - java.*tomcat + # - java.*jetty + +# Matches partial list of the Log forwarding parameters +# https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent#parameters +logMatch: + - name: tomcat + file: /var/log/tomcat/catalina.out + +# NRQL the newrelic-cli will use to validate the agent/integration this recipe +# installed is successfully sending data to New Relic +validationNrql: "SELECT count(*) from JVMSample where hostname like '{{.HOSTNAME}}%' FACET entityGuid SINCE 10 minutes ago" + +# Prompts for input from the user. These variables then become +# available to go-task in the form of {{.VAR_NAME}} +inputVars: + - name: "NR_CLI_JMX_USERNAME" + prompt: "Please enter your username." + - name: "NR_CLI_JMX_PASSWORD" + prompt: "Please enter your password." + secret: true + - name: "NR_CLI_JMX_HOST" + prompt: "Please enter your hostname below. If none is provided, the default value: localhost, will be used." + default: "localhost" + - name: "NR_CLI_JMX_PORT" + prompt: "Please enter your port below. If none is provided, the default value: 9999, will be used." + default: 9999 + - name: "NR_CLI_SSL_ENABLED" + prompt: "Are you using SSL? (y/n)" + - name: "NR_CLI_KEYSTORE" + prompt: "Enter key store file path if applicable." + - name: "NR_CLI_KEYSTORE_PASSWORD" + prompt: "Enter key store password if applicable." + - name: "NR_CLI_TRUSTSTORE" + prompt: "Enter trust store file path if applicable." + - name: "NR_CLI_TRUSTSTORE_PASSWORD" + prompt: "Enter trust store password if applicable." + +install: + version: "3" + + silent: true + + tasks: + default: + cmds: + - task: assert_pre_req + - task: setup + - task: restart + + assert_pre_req: + cmds: + - | + SERVICE_EXIST=$(sudo systemctl status newrelic-infra.service | grep "Active" | wc -l) + if [ $SERVICE_EXIST -eq 0 ]; then + echo "The newrelic-infra agent service is NOT installed on the host, but is required to install this integration." >> /dev/stderr + exit 1 + fi + + setup: + label: "Installing jmx integration..." + cmds: + - | + sudo mkdir -p "/etc/newrelic-infra/integrations.d" + - | + sudo yum -q makecache -y --disablerepo='*' --enablerepo='newrelic-infra' + - | + sudo yum install nri-jmx -y + - | + if [ -f /etc/newrelic-infra/integrations.d/jmx-config.yml ]; then + sudo rm /etc/newrelic-infra/integrations.d/jmx-config.yml; + fi + + sudo cp /etc/newrelic-infra/integrations.d/jvm-metrics.yml.sample /etc/newrelic-infra/integrations.d/jvm-metrics.yml; + + - | + IS_TOMCAT=$(ps -aux | grep -o tomcat | wc -l) + IS_JBOSS=$(ps -aux | grep -o jboss | wc -l) + if [ "{{.NR_CLI_SSL_ENABLED}}" == "n" ]; then + if [ "$IS_TOMCAT" -gt 1 ]; then + sudo cp /etc/newrelic-infra/integrations.d/tomcat-metrics.yml.sample /etc/newrelic-infra/integrations.d/tomcat-metrics.yml; + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_host: {{.NR_CLI_JMX_HOST}} + jmx_port: {{.NR_CLI_JMX_PORT}} + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml,/etc/newrelic-infra/integrations.d/tomcat-metrics.yml" + EOT + elif [ "$IS_JBOSS" -gt 1 ]; then + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + connection_url: 'service:jmx:remote+http://{{.NR_CLI_JMX_HOST}}:{{.NR_CLI_JMX_PORT}}' + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml" + EOT + else + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_host: {{.NR_CLI_JMX_HOST}} + jmx_port: {{.NR_CLI_JMX_PORT}} + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml" + EOT + fi + else + if [ "$IS_TOMCAT" -gt 1 ]; then + sudo cp /etc/newrelic-infra/integrations.d/tomcat-metrics.yml.sample /etc/newrelic-infra/integrations.d/tomcat-metrics.yml; + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_host: {{.NR_CLI_JMX_HOST}} + jmx_port: {{.NR_CLI_JMX_PORT}} + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + key_store: {{.NR_CLI_KEYSTORE}} + key_store_password: {{.NR_CLI_KEYSTORE_PASSWORD}} + trust_store: {{.NR_CLI_TRUSTSTORE}} + trust_store_password: {{.NR_CLI_TRUSTSTORE_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml,/etc/newrelic-infra/integrations.d/tomcat-metrics.yml" + EOT + elif [ "$IS_JBOSS" -gt 1 ]; then + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + connection_url: 'service:jmx:remote+http://{{.NR_CLI_JMX_HOST}}:{{.NR_CLI_JMX_PORT}}' + key_store: {{.NR_CLI_KEYSTORE}} + key_store_password: {{.NR_CLI_KEYSTORE_PASSWORD}} + trust_store: {{.NR_CLI_TRUSTSTORE}} + trust_store_password: {{.NR_CLI_TRUSTSTORE_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml" + EOT + else + sudo tee /etc/newrelic-infra/integrations.d/jmx-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.jmx + + instances: + - name: jmx + command: all_data + arguments: + jmx_host: {{.NR_CLI_JMX_HOST}} + jmx_port: {{.NR_CLI_JMX_PORT}} + jmx_user: {{.NR_CLI_JMX_USERNAME}} + jmx_pass: {{.NR_CLI_JMX_PASSWORD}} + key_store: {{.NR_CLI_KEYSTORE}} + key_store_password: {{.NR_CLI_KEYSTORE_PASSWORD}} + trust_store: {{.NR_CLI_TRUSTSTORE}} + trust_store_password: {{.NR_CLI_TRUSTSTORE_PASSWORD}} + collection_files: "/etc/newrelic-infra/integrations.d/jvm-metrics.yml" + EOT + fi + fi + + restart: + cmds: + - sudo systemctl restart newrelic-infra.service diff --git a/test/definitions/ohi/linux/jmx-jboss-debian.json b/test/definitions/ohi/linux/jmx-jboss-debian.json new file mode 100644 index 000000000..978ff3af0 --- /dev/null +++ b/test/definitions/ohi/linux/jmx-jboss-debian.json @@ -0,0 +1,64 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + "resources": [ + { + "id": "host1", + "display_name": "Debian10InfraJMXInstallHost", + "provider": "aws", + "type": "ec2", + "size": "t3.small", + "ami_name": "SupportedImages debian-10-amd64-*", + "user_name": "admin" + } + ], + "services": [ + { + "id": "jmx1", + "destinations": [ + "host1" + ], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/jmx-jboss/install/debian/roles", + "port": 9990, + "params": { + "create_env_var": true + } + } + ], + "instrumentations": { + "resources": [ + { + "id": "nr_infra_jmx", + "resource_ids": [ + "host1" + ], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/newrelic-cli/install-recipe/roles", + "params": { + "recipe_content_url": [ + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/infra-agent/debian.yml", + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/debian.yml" + ] + } + }, + { + "id": "nr_infra_is_having_data", + "resource_ids": [ + "host1" + ], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/assertions/recipe-is-valid/roles", + "params": { + "recipe_validation_nrql_url": "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/debian.yml" + } + } + ] + } +} diff --git a/test/definitions/ohi/linux/jmx-jboss-rhel.json b/test/definitions/ohi/linux/jmx-jboss-rhel.json new file mode 100644 index 000000000..4acfaf6e8 --- /dev/null +++ b/test/definitions/ohi/linux/jmx-jboss-rhel.json @@ -0,0 +1,64 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + "resources": [ + { + "id": "host1", + "display_name": "AwsLinux2InfraJMXInstallHost", + "provider": "aws", + "type": "ec2", + "size": "t3.small", + "ami_name": "amazonlinux-2-base*", + "user_name": "ec2-user" + } + ], + "services": [ + { + "id": "jmx1", + "destinations": [ + "host1" + ], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/jmx-jboss/install/rhel/roles", + "port": 9990, + "params": { + "create_env_var": true + } + } + ], + "instrumentations": { + "resources": [ + { + "id": "nr_infra_jmx", + "resource_ids": [ + "host1" + ], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/newrelic-cli/install-recipe/roles", + "params": { + "recipe_content_url": [ + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/infra-agent/amazonlinux2.yml", + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/rhel.yml" + ] + } + }, + { + "id": "nr_infra_is_having_data", + "resource_ids": [ + "host1" + ], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/assertions/recipe-is-valid/roles", + "params": { + "recipe_validation_nrql_url": "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/rhel.yml" + } + } + ] + } +} diff --git a/test/definitions/ohi/linux/jmx-jetty-debian.json b/test/definitions/ohi/linux/jmx-jetty-debian.json new file mode 100644 index 000000000..163db62d9 --- /dev/null +++ b/test/definitions/ohi/linux/jmx-jetty-debian.json @@ -0,0 +1,58 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + + "resources": [{ + "id": "host1", + "display_name": "Debian10InfraJMXInstallHost", + "provider": "aws", + "type": "ec2", + "size": "t3.small", + "ami_name": "SupportedImages debian-10-amd64-*", + "user_name": "admin" + }], + + "services": [{ + "id": "jmx1", + "destinations": ["host1"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/jmx-jetty/install/debian/roles", + "port": 9999, + "params":{ + "create_env_var": true + } + }], + + "instrumentations": { + "resources": [ + { + "id": "nr_infra_jmx", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/newrelic-cli/install-recipe/roles", + "params": { + "recipe_content_url": [ + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/infra-agent/debian.yml", + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/debian.yml" + ] + } + }, + { + "id": "nr_infra_is_having_data", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/assertions/recipe-is-valid/roles", + "params": { + "recipe_validation_nrql_url": "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/debian.yml" + } + } + ] + } + } + diff --git a/test/definitions/ohi/linux/jmx-jetty-rhel.json b/test/definitions/ohi/linux/jmx-jetty-rhel.json new file mode 100644 index 000000000..de3f30988 --- /dev/null +++ b/test/definitions/ohi/linux/jmx-jetty-rhel.json @@ -0,0 +1,58 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + + "resources": [{ + "id": "host1", + "display_name": "AwsLinux2InfraJMXInstallHost", + "provider": "aws", + "type": "ec2", + "size": "t3.micro", + "ami_name": "amazonlinux-2-base*", + "user_name": "ec2-user" + }], + + "services": [{ + "id": "jmx1", + "destinations": ["host1"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/jmx-jetty/install/rhel/roles", + "port": 9999, + "params":{ + "create_env_var": true + } + }], + + "instrumentations": { + "resources": [ + { + "id": "nr_infra_jmx", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/newrelic-cli/install-recipe/roles", + "params": { + "recipe_content_url": [ + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/infra-agent/amazonlinux2.yml", + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/rhel.yml" + ] + } + }, + { + "id": "nr_infra_is_having_data", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/assertions/recipe-is-valid/roles", + "params": { + "recipe_validation_nrql_url": "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/rhel.yml" + } + } + ] + } + } + diff --git a/test/definitions/ohi/linux/jmx-tomcat-debian.json b/test/definitions/ohi/linux/jmx-tomcat-debian.json new file mode 100644 index 000000000..2899abef5 --- /dev/null +++ b/test/definitions/ohi/linux/jmx-tomcat-debian.json @@ -0,0 +1,58 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + + "resources": [{ + "id": "host1", + "display_name": "Debian10InfraJMXInstallHost", + "provider": "aws", + "type": "ec2", + "size": "t3.micro", + "ami_name": "SupportedImages debian-10-amd64-*", + "user_name": "admin" + }], + + "services": [{ + "id": "jmx1", + "destinations": ["host1"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/jmx-tomcat/install/debian/roles", + "port": 9999, + "params":{ + "create_env_var": true + } + }], + + "instrumentations": { + "resources": [ + { + "id": "nr_infra_jmx", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/newrelic-cli/install-recipe/roles", + "params": { + "recipe_content_url": [ + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/infra-agent/debian.yml", + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/debian.yml" + ] + } + }, + { + "id": "nr_infra_is_having_data", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/assertions/recipe-is-valid/roles", + "params": { + "recipe_validation_nrql_url": "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/debian.yml" + } + } + ] + } + } + diff --git a/test/definitions/ohi/linux/jmx-tomcat-rhel.json b/test/definitions/ohi/linux/jmx-tomcat-rhel.json new file mode 100644 index 000000000..f5ab2e161 --- /dev/null +++ b/test/definitions/ohi/linux/jmx-tomcat-rhel.json @@ -0,0 +1,58 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + + "resources": [{ + "id": "host1", + "display_name": "AwsLinux2InfraJMXInstallHost", + "provider": "aws", + "type": "ec2", + "size": "t3.micro", + "ami_name": "amazonlinux-2-base*", + "user_name": "ec2-user" + }], + + "services": [{ + "id": "jmx1", + "destinations": ["host1"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/jmx-tomcat/install/rhel/roles", + "port": 9999, + "params":{ + "create_env_var": true + } + }], + + "instrumentations": { + "resources": [ + { + "id": "nr_infra_jmx", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/newrelic-cli/install-recipe/roles", + "params": { + "recipe_content_url": [ + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/infra-agent/amazonlinux2.yml", + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/rhel.yml" + ] + } + }, + { + "id": "nr_infra_is_having_data", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/assertions/recipe-is-valid/roles", + "params": { + "recipe_validation_nrql_url": "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/jmx/rhel.yml" + } + } + ] + } + } + diff --git a/test/deploy/linux/jmx-jboss/install/debian/roles/configure/tasks/main.yml b/test/deploy/linux/jmx-jboss/install/debian/roles/configure/tasks/main.yml new file mode 100644 index 000000000..0803f9ecc --- /dev/null +++ b/test/deploy/linux/jmx-jboss/install/debian/roles/configure/tasks/main.yml @@ -0,0 +1,112 @@ +--- +- debug: + msg: Install JMX-Jboss + +- name: Set default create_env_var (default not create) + set_fact: + create_env_var: "false" + when: create_env_var is undefined + +- name: Install Java + apt: + name: ['default-jdk'] + update_cache: yes + state: latest + become: true + +- name: Add wildfly group for Jboss + shell: groupadd -r wildfly + become: true + +- name: Add wildfly user for Jboss + shell: useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly + become: true + +- name: Download JBoss package + shell: wget https://download.jboss.org/wildfly/18.0.1.Final/wildfly-18.0.1.Final.tar.gz -P /tmp + become: true + +- name: Unpack Jboss to opt + shell: tar xf /tmp/wildfly-18.0.1.Final.tar.gz -C /opt/ + become: true + +- name: Download CometD + shell: wget https://download.cometd.org/cometd-5.0.0-distribution.tar.gz + become: true + +- name: Extract CometD + shell: tar zxvf cometd-5.0.0-distribution.tar.gz -C /tmp/ + become: true + +- name: Create a symbolic link for Jboss + shell: ln -s /opt/wildfly-18.0.1.Final /opt/wildfly + become: true + +- name: Change ownership of jboss to wildfly user + shell: 'chown -RH wildfly: /opt/wildfly-18.0.1.Final' + become: true + +- name: Create dir for jboss config + shell: mkdir -p /etc/wildfly + become: true + +- name: Copy config file to the created directory + shell: cp /opt/wildfly-18.0.1.Final/docs/contrib/scripts/systemd/wildfly.conf /etc/wildfly/ + become: true + +- name: Copy launch script to bin directory of wildfly + shell: cp /opt/wildfly-18.0.1.Final/docs/contrib/scripts/systemd/launch.sh /opt/wildfly-18.0.1.Final/bin/ + become: true + +- name: Add executable flag to scripts in bin directory + shell: sh -c 'chmod +x /opt/wildfly-18.0.1.Final/bin/*.sh' + become: true + +- name: Copy systemd unit file + shell: cp /opt/wildfly-18.0.1.Final/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/ + become: true + +- name: Reload system-daemon + shell: systemctl daemon-reload + become: true + +- name: Start and enable wildfly service + shell: systemctl start wildfly && systemctl enable wildfly + become: true + +- name: Create management user + shell: /opt/wildfly/bin/add-user.sh admin1234 Password1! --silent + become: true + +- name: Install JBoss Custom Connector + shell: mkdir -p /usr/lib/nrjmx/connectors && sudo cp /opt/wildfly/bin/client/* /usr/lib/nrjmx/connectors/ + become: true + +- name: Deploy CometD war file + shell: cp /tmp/cometd-5.0.0/cometd-demo/target/cometd-demo-5.0.0.war /opt/wildfly-18.0.1.Final/standalone/deployments/ + become: true + +- name: Restart wildfly service + shell: systemctl restart wildfly + become: true + +- block: + - name: Export USERNAME + shell: "echo export NR_CLI_JMX_USERNAME=admin1234 >> ~/.bashrc" + - name: Export PASSWORD + shell: "echo export NR_CLI_JMX_PASSWORD=Password1! >> ~/.bashrc" + - name: Export HOSTNAME + shell: "echo export NR_CLI_JMX_HOST=localhost >> ~/.bashrc" + - name: Export DB_PORT + shell: "echo export NR_CLI_JMX_PORT=9990 >> ~/.bashrc" + - name: Export Enable_SSL + shell: "echo export NR_CLI_SSL_ENABLED=n >> ~/.bashrc" + - name: Export KEYSTORE + shell: "echo export NR_CLI_KEYSTORE=notUsed >> ~/.bashrc" + - name: Export KEYSTORE_PASSWORD + shell: "echo export NR_CLI_KEYSTORE_PASSWORD=notUsed >> ~/.bashrc" + - name: Export TRUST STORE + shell: "echo export NR_CLI_TRUSTSTORE=notUsed >> ~/.bashrc" + - name: Export TRUST STORE PASSWORD + shell: "echo export NR_CLI_TRUSTSTORE_PASSWORD=notUsed >> ~/.bashrc" + when: create_env_var|bool diff --git a/test/deploy/linux/jmx-jboss/install/rhel/roles/configure/tasks/main.yml b/test/deploy/linux/jmx-jboss/install/rhel/roles/configure/tasks/main.yml new file mode 100644 index 000000000..04474db38 --- /dev/null +++ b/test/deploy/linux/jmx-jboss/install/rhel/roles/configure/tasks/main.yml @@ -0,0 +1,112 @@ +--- +- debug: + msg: Install JMX-Jboss + +- name: Set default create_env_var (default not create) + set_fact: + create_env_var: "false" + when: create_env_var is undefined + +- name: Install Java + yum: + name: ["java"] + update_cache: yes + state: latest + become: true + +- name: Add wildfly group for Jboss + shell: groupadd -r wildfly + become: true + +- name: Add wildfly user for Jboss + shell: useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly + become: true + +- name: Download JBoss package + shell: wget https://download.jboss.org/wildfly/18.0.1.Final/wildfly-18.0.1.Final.tar.gz -P /tmp + become: true + +- name: Unpack Jboss to opt + shell: tar xf /tmp/wildfly-18.0.1.Final.tar.gz -C /opt/ + become: true + +- name: Download CometD + shell: wget https://download.cometd.org/cometd-5.0.0-distribution.tar.gz + become: true + +- name: Extract CometD + shell: tar zxvf cometd-5.0.0-distribution.tar.gz -C /tmp/ + become: true + +- name: Create a symbolic link for Jboss + shell: ln -s /opt/wildfly-18.0.1.Final /opt/wildfly + become: true + +- name: Change ownership of jboss to wildfly user + shell: "chown -RH wildfly: /opt/wildfly-18.0.1.Final" + become: true + +- name: Create dir for jboss config + shell: mkdir -p /etc/wildfly + become: true + +- name: Copy config file to the created directory + shell: cp /opt/wildfly-18.0.1.Final/docs/contrib/scripts/systemd/wildfly.conf /etc/wildfly/ + become: true + +- name: Copy launch script to bin directory of wildfly + shell: cp /opt/wildfly-18.0.1.Final/docs/contrib/scripts/systemd/launch.sh /opt/wildfly-18.0.1.Final/bin/ + become: true + +- name: Add executable flag to scripts in bin directory + shell: sh -c 'chmod +x /opt/wildfly-18.0.1.Final/bin/*.sh' + become: true + +- name: Copy systemd unit file + shell: cp /opt/wildfly-18.0.1.Final/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/ + become: true + +- name: Reload system-daemon + shell: systemctl daemon-reload + become: true + +- name: Start and enable wildfly service + shell: systemctl start wildfly && systemctl enable wildfly + become: true + +- name: Create management user + shell: /opt/wildfly/bin/add-user.sh admin1234 Password1! --silent + become: true + +- name: Install JBoss Custom Connector + shell: mkdir -p /usr/lib/nrjmx/connectors && sudo cp /opt/wildfly/bin/client/* /usr/lib/nrjmx/connectors/ + become: true + +- name: Deploy CometD war file + shell: cp /tmp/cometd-5.0.0/cometd-demo/target/cometd-demo-5.0.0.war /opt/wildfly-18.0.1.Final/standalone/deployments/ + become: true + +- name: Restart wildfly service + shell: systemctl restart wildfly + become: true + +- block: + - name: Export USERNAME + shell: "echo export NR_CLI_JMX_USERNAME=admin1234 >> ~/.bashrc" + - name: Export PASSWORD + shell: "echo export NR_CLI_JMX_PASSWORD=Password1! >> ~/.bashrc" + - name: Export HOSTNAME + shell: "echo export NR_CLI_JMX_HOST=localhost >> ~/.bashrc" + - name: Export DB_PORT + shell: "echo export NR_CLI_JMX_PORT=9990 >> ~/.bashrc" + - name: Export Enable_SSL + shell: "echo export NR_CLI_SSL_ENABLED=n >> ~/.bashrc" + - name: Export KEYSTORE + shell: "echo export NR_CLI_KEYSTORE=notUsed >> ~/.bashrc" + - name: Export KEYSTORE_PASSWORD + shell: "echo export NR_CLI_KEYSTORE_PASSWORD=notUsed >> ~/.bashrc" + - name: Export TRUST STORE + shell: "echo export NR_CLI_TRUSTSTORE=notUsed >> ~/.bashrc" + - name: Export TRUST STORE PASSWORD + shell: "echo export NR_CLI_TRUSTSTORE_PASSWORD=notUsed >> ~/.bashrc" + when: create_env_var|bool diff --git a/test/deploy/linux/jmx-jetty/install/debian/roles/configure/tasks/main.yml b/test/deploy/linux/jmx-jetty/install/debian/roles/configure/tasks/main.yml new file mode 100644 index 000000000..7846b27b9 --- /dev/null +++ b/test/deploy/linux/jmx-jetty/install/debian/roles/configure/tasks/main.yml @@ -0,0 +1,114 @@ +--- +- debug: + msg: Install JMX-Jetty + +- name: update packages + shell: apt-get update -y + become: true + +- name: Set default create_env_var (default not create) + set_fact: + create_env_var: "false" + when: create_env_var is undefined + +- name: install wget + shell: apt-get -y install wget + become: true + +- name: install java + shell: apt-get install default-jdk -y + become: true + +- name: download jetty + shell: wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.17.v20190418/jetty-distribution-9.4.17.v20190418.tar.gz + become: true + +- name: Download CometD + shell: wget https://download.cometd.org/cometd-5.0.0-distribution.tar.gz + become: true + +- name: Extract CometD + shell: tar zxvf cometd-5.0.0-distribution.tar.gz + become: true + +- name: extract jetty + shell: tar -zxvf jetty-distribution-9.4.17.v20190418.tar.gz + become: true + +- name: move jetty directory to opt + shell: mv jetty-distribution-9.4.17.v20190418 /opt/jetty + become: true + +- name: Create user + shell: useradd -m jetty + become: true + +- name: change ownership of jetty + shell: chown -R jetty:jetty /opt/jetty/ + become: true + +- name: Create jetty pid + shell: mkdir /var/run/jetty + become: true + +- name: Change ownership of jetty pid + shell: chown -R jetty:jetty /var/run/jetty + become: true + +- name: Create symlink + shell: ln -s /opt/jetty/bin/jetty.sh /etc/init.d/jetty + become: true + +- name: add jetty web server to the startup + shell: update-rc.d jetty defaults + become: true + +- name: Create jetty base + shell: mkdir /opt/jetty/my_base/ + become: true + +- name: Allow user to write files in jetty base + shell: chown -R jetty:jetty /opt/jetty/my_base/ + become: true + +- name: Replace jetty file + template: + src: jetty + dest: /etc/default/jetty + become: true + +- name: Replace start.ini file + template: + src: start.ini + dest: /opt/jetty/my_base/start.ini + become: true + +- name: Add CometD war file + shell: cp cometd-5.0.0/cometd-demo/target/cometd-demo-5.0.0.war /opt/jetty/my_base/webapps + become: true + +- name: start jetty + shell: service jetty start + become: true + +- block: + - name: Export USERNAME + shell: "echo export NR_CLI_JMX_USERNAME=admin >> ~/.bashrc" + - name: Export PASSWORD + shell: "echo export NR_CLI_JMX_PASSWORD=admin >> ~/.bashrc" + - name: Export HOSTNAME + shell: "echo export NR_CLI_JMX_HOST=localhost >> ~/.bashrc" + - name: Export DB_PORT + shell: "echo export NR_CLI_JMX_PORT=9999 >> ~/.bashrc" + - name: Export Enable_SSL + shell: "echo export NR_CLI_SSL_ENABLED=n >> ~/.bashrc" + - name: Export KEYSTORE + shell: "echo export NR_CLI_KEYSTORE=notUsed >> ~/.bashrc" + - name: Export KEYSTORE_PASSWORD + shell: "echo export NR_CLI_KEYSTORE_PASSWORD=notUsed >> ~/.bashrc" + - name: Export TRUST STORE + shell: "echo export NR_CLI_TRUSTSTORE=notUsed >> ~/.bashrc" + - name: Export TRUST STORE PASSWORD + shell: "echo export NR_CLI_TRUSTSTORE_PASSWORD=notUsed >> ~/.bashrc" + when: create_env_var|bool + diff --git a/test/deploy/linux/jmx-jetty/install/debian/roles/configure/templates/jetty b/test/deploy/linux/jmx-jetty/install/debian/roles/configure/templates/jetty new file mode 100644 index 000000000..fbedda8c2 --- /dev/null +++ b/test/deploy/linux/jmx-jetty/install/debian/roles/configure/templates/jetty @@ -0,0 +1,6 @@ +JETTY_HOME=/opt/jetty +JETTY_BASE=/opt/jetty/my_base +JETTY_USER=jetty +JETTY_PORT=8080 +JETTY_HOST=127.0.0.1 +JETTY_ARGS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.rmi.port=9999 -Djava.rmi.server.hostname=127.0.0.1" diff --git a/test/deploy/linux/jmx-jetty/install/debian/roles/configure/templates/start.ini b/test/deploy/linux/jmx-jetty/install/debian/roles/configure/templates/start.ini new file mode 100644 index 000000000..1e837aa15 --- /dev/null +++ b/test/deploy/linux/jmx-jetty/install/debian/roles/configure/templates/start.ini @@ -0,0 +1,197 @@ +#=========================================================== +# Jetty Startup +# +# Starting Jetty from this {jetty.home} is not recommended. +# +# A proper {jetty.base} directory should be configured, instead +# of making changes to this {jetty.home} directory. +# +# See documentation about {jetty.base} at +# http://www.eclipse.org/jetty/documentation/current/startup.html +# +# A demo-base directory has been provided as an example of +# this sort of setup. +# +# $ cd demo-base +# $ java -jar ../start.jar +# +#=========================================================== + +# To disable the warning message, comment the following line +--module=home-base-warning + +# --------------------------------------- +# Module: ext +# Adds all jar files discovered in $JETTY_HOME/lib/ext +# and $JETTY_BASE/lib/ext to the servers classpath. +# --------------------------------------- +--module=ext + + +# --------------------------------------- +# Module: server +# Enables the core Jetty server on the classpath. +# --------------------------------------- +--module=server + +### Common HTTP configuration +## Scheme to use to build URIs for secure redirects +# jetty.httpConfig.secureScheme=https + +## Port to use to build URIs for secure redirects +# jetty.httpConfig.securePort=8443 + +## Response content buffer size (in bytes) +# jetty.httpConfig.outputBufferSize=32768 + +## Max response content write length that is buffered (in bytes) +# jetty.httpConfig.outputAggregationSize=8192 + +## Max request headers size (in bytes) +# jetty.httpConfig.requestHeaderSize=8192 + +## Max response headers size (in bytes) +# jetty.httpConfig.responseHeaderSize=8192 + +## Whether to send the Server: header +# jetty.httpConfig.sendServerVersion=true + +## Whether to send the Date: header +# jetty.httpConfig.sendDateHeader=false + +## Max per-connection header cache size (in nodes) +# jetty.httpConfig.headerCacheSize=4096 + +## Whether, for requests with content, delay dispatch until some content has arrived +# jetty.httpConfig.delayDispatchUntilContent=true + +## Maximum number of error dispatches to prevent looping +# jetty.httpConfig.maxErrorDispatches=10 + +## Cookie compliance mode for parsing request Cookie headers: RFC2965, RFC6265 +# jetty.httpConfig.requestCookieCompliance=RFC6265 + +## Cookie compliance mode for generating response Set-Cookie: RFC2965, RFC6265 +# jetty.httpConfig.responseCookieCompliance=RFC6265 + +## multipart/form-data compliance mode of: LEGACY(slow), RFC7578(fast) +# jetty.httpConfig.multiPartFormDataCompliance=LEGACY + +### Server configuration +## Whether ctrl+c on the console gracefully stops the Jetty server +# jetty.server.stopAtShutdown=true + +## Timeout in ms to apply when stopping the server gracefully +# jetty.server.stopTimeout=5000 + +## Dump the state of the Jetty server, components, and webapps after startup +# jetty.server.dumpAfterStart=false + +## Dump the state of the Jetty server, components, and webapps before shutdown +# jetty.server.dumpBeforeStop=false + +# --------------------------------------- +# Module: jsp +# Enables JSP for all webapplications deployed on the server. +# --------------------------------------- +--module=jsp + + +# --------------------------------------- +# Module: resources +# Adds the $JETTY_HOME/resources and/or $JETTY_BASE/resources +# directory to the server classpath. Useful for configuration +# property files (eg jetty-logging.properties) +# --------------------------------------- +--module=resources + + +# --------------------------------------- +# Module: deploy +# Enables webapplication deployment from the webapps directory. +# --------------------------------------- +--module=deploy + +# Monitored directory name (relative to $jetty.base) +# jetty.deploy.monitoredDir=webapps +# - OR - +# Monitored directory path (fully qualified) +# jetty.deploy.monitoredPath=/var/www/webapps + +# Defaults Descriptor for all deployed webapps +# jetty.deploy.defaultsDescriptorPath=${jetty.base}/etc/webdefault.xml + +# Monitored directory scan period (seconds) +# jetty.deploy.scanInterval=1 + +# Whether to extract *.war files +# jetty.deploy.extractWars=true + +# --------------------------------------- +# Module: jstl +# Enables JSTL for all webapplications deployed on the server +# --------------------------------------- +--module=jstl + + +# --------------------------------------- +# Module: websocket +# Enable websockets for deployed web applications +# --------------------------------------- +--module=websocket + + +# --------------------------------------- +# Module: http +# Enables a HTTP connector on the server. +# By default HTTP/1 is support, but HTTP2C can +# be added to the connector with the http2c module. +# --------------------------------------- +--module=http + +### HTTP Connector Configuration + +## Connector host/address to bind to +# jetty.http.host=0.0.0.0 + +## Connector port to listen on +# jetty.http.port=8080 + +## Connector idle timeout in milliseconds +# jetty.http.idleTimeout=30000 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.http.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.http.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.http.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.http.acceptorPriorityDelta=0 + +## Connect Timeout in milliseconds +# jetty.http.connectTimeout=15000 + +## HTTP Compliance: RFC7230, RFC7230_LEGACY, RFC2616, RFC2616_LEGACY, LEGACY or CUSTOMn +# jetty.http.compliance=RFC7230_LEGACY + +# --------------------------------------- +# Module: jmx-remote +# Enables remote RMI access to JMX +# --------------------------------------- +--module=jmx-remote + +## The host/address to bind the RMI server to. +jetty.jmxremote.rmiserverhost=localhost + +## The port the RMI server listens to (0 means a random port is chosen). +jetty.jmxremote.rmiserverport=9999 + +## The host/address to bind the RMI registry to. +jetty.jmxremote.rmiregistryhost=localhost + +## The port the RMI registry listens to. +jetty.jmxremote.rmiregistryport=9999 diff --git a/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/tasks/main.yml b/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/tasks/main.yml new file mode 100644 index 000000000..044ab08c0 --- /dev/null +++ b/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/tasks/main.yml @@ -0,0 +1,114 @@ +--- +- debug: + msg: Install JMX-Jetty + +- name: Set default create_env_var (default not create) + set_fact: + create_env_var: "false" + when: create_env_var is undefined + +- name: update packages + shell: yum update -y + become: true + +- name: install wget + shell: yum -y install wget + become: true + +- name: install java + shell: yum -y install java-1.8.0-openjdk + become: true + +- name: download jetty + shell: wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.17.v20190418/jetty-distribution-9.4.17.v20190418.tar.gz + become: true + +- name: Download CometD + shell: wget https://download.cometd.org/cometd-5.0.0-distribution.tar.gz + become: true + +- name: Extract CometD + shell: tar zxvf cometd-5.0.0-distribution.tar.gz + become: true + +- name: extract jetty + shell: tar -zxvf jetty-distribution-9.4.17.v20190418.tar.gz + become: true + +- name: move jetty directory to opt + shell: mv jetty-distribution-9.4.17.v20190418 /opt/jetty + become: true + +- name: Create user + shell: useradd -m jetty + become: true + +- name: change ownership of jetty + shell: chown -R jetty:jetty /opt/jetty/ + become: true + +- name: Create jetty pid + shell: mkdir /var/run/jetty + become: true + +- name: Change ownership of jetty pid + shell: chown -R jetty:jetty /var/run/jetty + become: true + +- name: Create symlink + shell: ln -s /opt/jetty/bin/jetty.sh /etc/init.d/jetty + become: true + +- name: add jetty web server to the startup + shell: chkconfig --add jetty + become: true + +- name: Create jetty base + shell: mkdir /opt/jetty/my_base/ + become: true + +- name: Allow user to write files in jetty base + shell: chown -R jetty:jetty /opt/jetty/my_base/ + become: true + +- name: Replace jetty file + template: + src: jetty + dest: /etc/default/jetty + become: true + +- name: Replace start.ini file + template: + src: start.ini + dest: /opt/jetty/my_base/start.ini + become: true + +- name: Add CometD war file + shell: cp cometd-5.0.0/cometd-demo/target/cometd-demo-5.0.0.war /opt/jetty/my_base/webapps + become: true + +- name: start jetty + shell: service jetty start + become: true + +- block: + - name: Export USERNAME + shell: "echo export NR_CLI_JMX_USERNAME=admin >> ~/.bashrc" + - name: Export PASSWORD + shell: "echo export NR_CLI_JMX_PASSWORD=admin >> ~/.bashrc" + - name: Export HOSTNAME + shell: "echo export NR_CLI_JMX_HOST=localhost >> ~/.bashrc" + - name: Export DB_PORT + shell: "echo export NR_CLI_JMX_PORT=9999 >> ~/.bashrc" + - name: Export Enable_SSL + shell: "echo export NR_CLI_SSL_ENABLED=n >> ~/.bashrc" + - name: Export KEYSTORE + shell: "echo export NR_CLI_KEYSTORE=notUsed >> ~/.bashrc" + - name: Export KEYSTORE_PASSWORD + shell: "echo export NR_CLI_KEYSTORE_PASSWORD=notUsed >> ~/.bashrc" + - name: Export TRUST STORE + shell: "echo export NR_CLI_TRUSTSTORE=notUsed >> ~/.bashrc" + - name: Export TRUST STORE PASSWORD + shell: "echo export NR_CLI_TRUSTSTORE_PASSWORD=notUsed >> ~/.bashrc" + when: create_env_var|bool + diff --git a/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/templates/jetty b/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/templates/jetty new file mode 100644 index 000000000..fbedda8c2 --- /dev/null +++ b/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/templates/jetty @@ -0,0 +1,6 @@ +JETTY_HOME=/opt/jetty +JETTY_BASE=/opt/jetty/my_base +JETTY_USER=jetty +JETTY_PORT=8080 +JETTY_HOST=127.0.0.1 +JETTY_ARGS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.rmi.port=9999 -Djava.rmi.server.hostname=127.0.0.1" diff --git a/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/templates/start.ini b/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/templates/start.ini new file mode 100644 index 000000000..1e837aa15 --- /dev/null +++ b/test/deploy/linux/jmx-jetty/install/rhel/roles/configure/templates/start.ini @@ -0,0 +1,197 @@ +#=========================================================== +# Jetty Startup +# +# Starting Jetty from this {jetty.home} is not recommended. +# +# A proper {jetty.base} directory should be configured, instead +# of making changes to this {jetty.home} directory. +# +# See documentation about {jetty.base} at +# http://www.eclipse.org/jetty/documentation/current/startup.html +# +# A demo-base directory has been provided as an example of +# this sort of setup. +# +# $ cd demo-base +# $ java -jar ../start.jar +# +#=========================================================== + +# To disable the warning message, comment the following line +--module=home-base-warning + +# --------------------------------------- +# Module: ext +# Adds all jar files discovered in $JETTY_HOME/lib/ext +# and $JETTY_BASE/lib/ext to the servers classpath. +# --------------------------------------- +--module=ext + + +# --------------------------------------- +# Module: server +# Enables the core Jetty server on the classpath. +# --------------------------------------- +--module=server + +### Common HTTP configuration +## Scheme to use to build URIs for secure redirects +# jetty.httpConfig.secureScheme=https + +## Port to use to build URIs for secure redirects +# jetty.httpConfig.securePort=8443 + +## Response content buffer size (in bytes) +# jetty.httpConfig.outputBufferSize=32768 + +## Max response content write length that is buffered (in bytes) +# jetty.httpConfig.outputAggregationSize=8192 + +## Max request headers size (in bytes) +# jetty.httpConfig.requestHeaderSize=8192 + +## Max response headers size (in bytes) +# jetty.httpConfig.responseHeaderSize=8192 + +## Whether to send the Server: header +# jetty.httpConfig.sendServerVersion=true + +## Whether to send the Date: header +# jetty.httpConfig.sendDateHeader=false + +## Max per-connection header cache size (in nodes) +# jetty.httpConfig.headerCacheSize=4096 + +## Whether, for requests with content, delay dispatch until some content has arrived +# jetty.httpConfig.delayDispatchUntilContent=true + +## Maximum number of error dispatches to prevent looping +# jetty.httpConfig.maxErrorDispatches=10 + +## Cookie compliance mode for parsing request Cookie headers: RFC2965, RFC6265 +# jetty.httpConfig.requestCookieCompliance=RFC6265 + +## Cookie compliance mode for generating response Set-Cookie: RFC2965, RFC6265 +# jetty.httpConfig.responseCookieCompliance=RFC6265 + +## multipart/form-data compliance mode of: LEGACY(slow), RFC7578(fast) +# jetty.httpConfig.multiPartFormDataCompliance=LEGACY + +### Server configuration +## Whether ctrl+c on the console gracefully stops the Jetty server +# jetty.server.stopAtShutdown=true + +## Timeout in ms to apply when stopping the server gracefully +# jetty.server.stopTimeout=5000 + +## Dump the state of the Jetty server, components, and webapps after startup +# jetty.server.dumpAfterStart=false + +## Dump the state of the Jetty server, components, and webapps before shutdown +# jetty.server.dumpBeforeStop=false + +# --------------------------------------- +# Module: jsp +# Enables JSP for all webapplications deployed on the server. +# --------------------------------------- +--module=jsp + + +# --------------------------------------- +# Module: resources +# Adds the $JETTY_HOME/resources and/or $JETTY_BASE/resources +# directory to the server classpath. Useful for configuration +# property files (eg jetty-logging.properties) +# --------------------------------------- +--module=resources + + +# --------------------------------------- +# Module: deploy +# Enables webapplication deployment from the webapps directory. +# --------------------------------------- +--module=deploy + +# Monitored directory name (relative to $jetty.base) +# jetty.deploy.monitoredDir=webapps +# - OR - +# Monitored directory path (fully qualified) +# jetty.deploy.monitoredPath=/var/www/webapps + +# Defaults Descriptor for all deployed webapps +# jetty.deploy.defaultsDescriptorPath=${jetty.base}/etc/webdefault.xml + +# Monitored directory scan period (seconds) +# jetty.deploy.scanInterval=1 + +# Whether to extract *.war files +# jetty.deploy.extractWars=true + +# --------------------------------------- +# Module: jstl +# Enables JSTL for all webapplications deployed on the server +# --------------------------------------- +--module=jstl + + +# --------------------------------------- +# Module: websocket +# Enable websockets for deployed web applications +# --------------------------------------- +--module=websocket + + +# --------------------------------------- +# Module: http +# Enables a HTTP connector on the server. +# By default HTTP/1 is support, but HTTP2C can +# be added to the connector with the http2c module. +# --------------------------------------- +--module=http + +### HTTP Connector Configuration + +## Connector host/address to bind to +# jetty.http.host=0.0.0.0 + +## Connector port to listen on +# jetty.http.port=8080 + +## Connector idle timeout in milliseconds +# jetty.http.idleTimeout=30000 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.http.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.http.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.http.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.http.acceptorPriorityDelta=0 + +## Connect Timeout in milliseconds +# jetty.http.connectTimeout=15000 + +## HTTP Compliance: RFC7230, RFC7230_LEGACY, RFC2616, RFC2616_LEGACY, LEGACY or CUSTOMn +# jetty.http.compliance=RFC7230_LEGACY + +# --------------------------------------- +# Module: jmx-remote +# Enables remote RMI access to JMX +# --------------------------------------- +--module=jmx-remote + +## The host/address to bind the RMI server to. +jetty.jmxremote.rmiserverhost=localhost + +## The port the RMI server listens to (0 means a random port is chosen). +jetty.jmxremote.rmiserverport=9999 + +## The host/address to bind the RMI registry to. +jetty.jmxremote.rmiregistryhost=localhost + +## The port the RMI registry listens to. +jetty.jmxremote.rmiregistryport=9999 diff --git a/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/tasks/main.yml b/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/tasks/main.yml new file mode 100644 index 000000000..e5606dc1f --- /dev/null +++ b/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/tasks/main.yml @@ -0,0 +1,96 @@ +--- +- debug: + msg: Install JMX-Tomcat + +- name: Set default create_env_var (default not create) + set_fact: + create_env_var: "false" + when: create_env_var is undefined + +- name: add tomcatgroup + shell: groupadd tomcat + become: true + +- name: add tomcat user + shell: useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat + become: true + +- name: Download Tomcat + shell: wget https://downloads.apache.org/tomcat/tomcat-7/v7.0.107/bin/apache-tomcat-7.0.107.zip -P /tmp + become: true + +- name: Install unzip and java + apt: + name: ['unzip', 'default-jdk'] + update_cache: yes + state: latest + become: true + +- name: export JAVA_HOME + shell: export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::") + become: true + +- name: Unpack Tomcat + shell: unzip /tmp/apache-tomcat-7.0.107.zip -d /opt + become: true + +- name: Give ownership + shell: chgrp -R tomcat /opt/apache-tomcat-7.0.107/ + become: true + +- name: give read access + shell: chmod -R g+r /opt/apache-tomcat-7.0.107/conf + become: true + +- name: give execute access + shell: chmod g+x /opt/apache-tomcat-7.0.107/conf + become: true + +- name: Make the tomcat user the owner of the webapps, work, temp, and logs directories + shell: chown -R tomcat /opt/apache-tomcat-7.0.107/webapps/ /opt/apache-tomcat-7.0.107/work/ /opt/apache-tomcat-7.0.107/temp/ /opt/apache-tomcat-7.0.107/logs/ + become: true + +- name: Copy file with JMX configured + template: + src: setenv.sh + dest: /opt/apache-tomcat-7.0.107/bin/setenv.sh + become: true + +- name: Create service tomcat file + template: + src: tomcat.service + dest: /etc/systemd/system/tomcat.service + become: true + +- name: Set permissions for tomcat scripts + shell: chmod 755 /opt/apache-tomcat-7.0.107/bin/*.sh + become: true + +- name: reload daemon + shell: systemctl daemon-reload + become: true + +- name: Start tomcat + shell: systemctl start tomcat && systemctl enable tomcat + become: true + +- block: + - name: Export USERNAME + shell: "echo export NR_CLI_JMX_USERNAME=admin >> ~/.bashrc" + - name: Export PASSWORD + shell: "echo export NR_CLI_JMX_PASSWORD=admin >> ~/.bashrc" + - name: Export HOSTNAME + shell: "echo export NR_CLI_JMX_HOST=localhost >> ~/.bashrc" + - name: Export DB_PORT + shell: "echo export NR_CLI_JMX_PORT=9999 >> ~/.bashrc" + - name: Export Enable_SSL + shell: "echo export NR_CLI_SSL_ENABLED=n >> ~/.bashrc" + - name: Export KEYSTORE + shell: "echo export NR_CLI_KEYSTORE=notUsed >> ~/.bashrc" + - name: Export KEYSTORE_PASSWORD + shell: "echo export NR_CLI_KEYSTORE_PASSWORD=notUsed >> ~/.bashrc" + - name: Export TRUST STORE + shell: "echo export NR_CLI_TRUSTSTORE=notUsed >> ~/.bashrc" + - name: Export TRUST STORE PASSWORD + shell: "echo export NR_CLI_TRUSTSTORE_PASSWORD=notUsed >> ~/.bashrc" + when: create_env_var|bool diff --git a/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/templates/setenv.sh b/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/templates/setenv.sh new file mode 100644 index 000000000..2fc5ebca4 --- /dev/null +++ b/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/templates/setenv.sh @@ -0,0 +1 @@ +CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false" diff --git a/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/templates/tomcat.service b/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/templates/tomcat.service new file mode 100644 index 000000000..d91f7ec33 --- /dev/null +++ b/test/deploy/linux/jmx-tomcat/install/debian/roles/configure/templates/tomcat.service @@ -0,0 +1,25 @@ +[Unit] +Description=Apache Tomcat Web Application Container +After=network.target + +[Service] +Type=forking + +Environment=JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64 +Environment=CATALINA_PID=/opt/apache-tomcat-7.0.107/temp/tomcat.pid +Environment=CATALINA_HOME=/opt/apache-tomcat-7.0.107 +Environment=CATALINA_BASE=/opt/apache-tomcat-7.0.107 +Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC' +Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom' + +ExecStart=/opt/apache-tomcat-7.0.107/bin/startup.sh +ExecStop=/opt/apache-tomcat-7.0.107/shutdown.sh + +User=tomcat +Group=tomcat +UMask=0007 +RestartSec=10 +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/tasks/main.yml b/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/tasks/main.yml new file mode 100644 index 000000000..8d0f90734 --- /dev/null +++ b/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/tasks/main.yml @@ -0,0 +1,97 @@ +--- +- debug: + msg: Install JMX-Tomcat + +- name: Set default create_env_var (default not create) + set_fact: + create_env_var: "false" + when: create_env_var is undefined + +- name: update packages + shell: yum update -y + become: true + +- name: add tomcatgroup + shell: groupadd tomcat + become: true + +- name: add tomcat user + shell: useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat + become: true + +- name: Download Tomcat + shell: wget https://downloads.apache.org/tomcat/tomcat-7/v7.0.107/bin/apache-tomcat-7.0.107.zip -P /tmp + become: true + +- name: Install unzip and java + shell: yum install java -y + become: true + +- name: export JAVA_HOME + shell: export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::") + become: true + +- name: Unpack Tomcat + shell: unzip /tmp/apache-tomcat-7.0.107.zip -d /opt + become: true + +- name: Give ownership + shell: chgrp -R tomcat /opt/apache-tomcat-7.0.107/ + become: true + +- name: give read access + shell: chmod -R g+r /opt/apache-tomcat-7.0.107/conf + become: true + +- name: give execute access + shell: chmod g+x /opt/apache-tomcat-7.0.107/conf + become: true + +- name: Make the tomcat user the owner of the webapps, work, temp, and logs directories + shell: chown -R tomcat /opt/apache-tomcat-7.0.107/webapps/ /opt/apache-tomcat-7.0.107/work/ /opt/apache-tomcat-7.0.107/temp/ /opt/apache-tomcat-7.0.107/logs/ + become: true + +- name: Copy file with JMX configured + template: + src: setenv.sh + dest: /opt/apache-tomcat-7.0.107/bin/setenv.sh + become: true + +- name: Create service tomcat file + template: + src: tomcat.service + dest: /etc/systemd/system/tomcat.service + become: true + +- name: Set permissions for tomcat scripts + shell: chmod 755 /opt/apache-tomcat-7.0.107/bin/*.sh + become: true + +- name: reload daemon + shell: systemctl daemon-reload + become: true + +- name: Start tomcat + shell: systemctl start tomcat && systemctl enable tomcat + become: true + +- block: + - name: Export USERNAME + shell: "echo export NR_CLI_JMX_USERNAME=admin >> ~/.bashrc" + - name: Export PASSWORD + shell: "echo export NR_CLI_JMX_PASSWORD=admin >> ~/.bashrc" + - name: Export HOSTNAME + shell: "echo export NR_CLI_JMX_HOST=localhost >> ~/.bashrc" + - name: Export DB_PORT + shell: "echo export NR_CLI_JMX_PORT=9999 >> ~/.bashrc" + - name: Export Enable_SSL + shell: "echo export NR_CLI_SSL_ENABLED=n >> ~/.bashrc" + - name: Export KEYSTORE + shell: "echo export NR_CLI_KEYSTORE=notUsed >> ~/.bashrc" + - name: Export KEYSTORE_PASSWORD + shell: "echo export NR_CLI_KEYSTORE_PASSWORD=notUsed >> ~/.bashrc" + - name: Export TRUST STORE + shell: "echo export NR_CLI_TRUSTSTORE=notUsed >> ~/.bashrc" + - name: Export TRUST STORE PASSWORD + shell: "echo export NR_CLI_TRUSTSTORE_PASSWORD=notUsed >> ~/.bashrc" + when: create_env_var|bool diff --git a/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/templates/setenv.sh b/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/templates/setenv.sh new file mode 100644 index 000000000..2fc5ebca4 --- /dev/null +++ b/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/templates/setenv.sh @@ -0,0 +1 @@ +CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false" diff --git a/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/templates/tomcat.service b/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/templates/tomcat.service new file mode 100644 index 000000000..afa7b185b --- /dev/null +++ b/test/deploy/linux/jmx-tomcat/install/rhel/roles/configure/templates/tomcat.service @@ -0,0 +1,25 @@ +[Unit] +Description=Apache Tomcat Web Application Container +After=network.target + +[Service] +Type=forking + +Environment=JAVA_HOME=/usr/lib/jvm/java-11-amazon-corretto.x86_64 +Environment=CATALINA_PID=/opt/apache-tomcat-7.0.107/temp/tomcat.pid +Environment=CATALINA_HOME=/opt/apache-tomcat-7.0.107 +Environment=CATALINA_BASE=/opt/apache-tomcat-7.0.107 +Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC' +Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom' + +ExecStart=/opt/apache-tomcat-7.0.107/bin/startup.sh +ExecStop=/opt/apache-tomcat-7.0.107/shutdown.sh + +User=tomcat +Group=tomcat +UMask=0007 +RestartSec=10 +Restart=always + +[Install] +WantedBy=multi-user.target \ No newline at end of file From d8a0fe3bf35d0680d6e2ee47117da89f42df5134 Mon Sep 17 00:00:00 2001 From: Justin Eveland Date: Thu, 21 Jan 2021 23:00:48 -0500 Subject: [PATCH 2/5] fix: remove logMatch (isn't specific to JMX) --- recipes/newrelic/jmx/debian.yml | 7 ------- recipes/newrelic/jmx/rhel.yml | 6 ------ 2 files changed, 13 deletions(-) diff --git a/recipes/newrelic/jmx/debian.yml b/recipes/newrelic/jmx/debian.yml index d05843f01..3a03ea045 100644 --- a/recipes/newrelic/jmx/debian.yml +++ b/recipes/newrelic/jmx/debian.yml @@ -32,13 +32,6 @@ processMatch: # - java.*tomcat # - java.*jetty -# Matches partial list of the Log forwarding parameters -# https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent#parameters -logMatch: - - name: tomcat - file: /var/log/tomcat/catalina.out - - # NRQL the newrelic-cli will use to validate the agent/integration this recipe # installed is successfully sending data to New Relic validationNrql: "SELECT count(*) from JVMSample where hostname like '{{.HOSTNAME}}%' FACET entityGuid SINCE 10 minutes ago" diff --git a/recipes/newrelic/jmx/rhel.yml b/recipes/newrelic/jmx/rhel.yml index cd6f6fa0b..033bf5566 100644 --- a/recipes/newrelic/jmx/rhel.yml +++ b/recipes/newrelic/jmx/rhel.yml @@ -36,12 +36,6 @@ processMatch: # - java.*tomcat # - java.*jetty -# Matches partial list of the Log forwarding parameters -# https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent#parameters -logMatch: - - name: tomcat - file: /var/log/tomcat/catalina.out - # NRQL the newrelic-cli will use to validate the agent/integration this recipe # installed is successfully sending data to New Relic validationNrql: "SELECT count(*) from JVMSample where hostname like '{{.HOSTNAME}}%' FACET entityGuid SINCE 10 minutes ago" From 33f1674fb5021408d706a0f9d38913109967fd83 Mon Sep 17 00:00:00 2001 From: Daniel Gola Date: Fri, 22 Jan 2021 05:01:39 +0100 Subject: [PATCH 3/5] feat(redis-rhel): create default configuration for redis recipe (#139) Co-authored-by: Jakub Kotkowiak Co-authored-by: Justin Eveland --- recipes/newrelic/redis/rhel.yml | 136 +++ test/definitions/ohi/linux/redis-rhel.json | 56 + .../rhel/roles/configure/tasks/main.yml | 41 + .../rhel/roles/configure/templates/redis.conf | 1052 +++++++++++++++++ 4 files changed, 1285 insertions(+) create mode 100644 recipes/newrelic/redis/rhel.yml create mode 100644 test/definitions/ohi/linux/redis-rhel.json create mode 100644 test/deploy/linux/redis/install/rhel/roles/configure/tasks/main.yml create mode 100644 test/deploy/linux/redis/install/rhel/roles/configure/templates/redis.conf diff --git a/recipes/newrelic/redis/rhel.yml b/recipes/newrelic/redis/rhel.yml new file mode 100644 index 000000000..fbf3ed1e8 --- /dev/null +++ b/recipes/newrelic/redis/rhel.yml @@ -0,0 +1,136 @@ +# Visit our schema definition for additional information on this file format +# https://github.com/newrelic/open-install-library/blob/main/docs/recipe-spec/recipe-spec.md#schema-definition + +name: redis-open-source-integration +displayName: Redis Open Source Integration +description: New Relic install recipe for default Redis Open Source on-host integration (via Infra-Agent) +repository: https://github.com/newrelic/nri-redis + +installTargets: + - type: host + os: linux + platform: "amazon" + platformVersion: "2" + - type: host + os: linux + platform: "redhat" + - type: host + os: linux + platform: "centos" + +# keyword convention for dealing with search terms that could land someone on this instrumentation project +keywords: + - Infrastructure + - Integration + - redis + +# Examine Infrastructure events for correlated data +processMatch: + - redis + +# Matches partial list of the Log forwarding parameters +# https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent#parameters +logMatch: + - name: redis + file: /var/log/redis/redis.log + +# NRQL the newrelic-cli will use to validate the agent/integration this recipe +# installed is successfully sending data to New Relic +validationNrql: "SELECT count(*) from RedisSample where hostname like '{{.HOSTNAME}}%' FACET entityGuid SINCE 10 minutes ago" + +# Prompts for input from the user. These variables then become +# available to go-task in the form of {{.VAR_NAME}} +inputVars: + - name: "NR_CLI_HOSTNAME" + prompt: "Please enter your Redis hostname below. If none is provided, the default value: localhost, will be used." + default: "localhost" + - name: "NR_CLI_PASSWORD" + prompt: "Please enter a password if your Redis server is password protected." + secret: true + - name: "NR_CLI_PORT" + prompt: "Please enter your Redis port below. If none is provided, the default value: 6379, will be used." + default: 6379 + - name: "NR_CLI_KEYS" + prompt: "If you would like to see metrics related to the length of selected keys, please enter the keys as a comma separated list in the following format 0:KEY_1, 1:KEY_2:" + +install: + + version: "3" + silent: true + + tasks: + default: + cmds: + - task: assert_pre_req + - task: setup + - task: restart + + assert_pre_req: + cmds: + - | + SERVICE_EXIST=$(sudo systemctl status newrelic-infra.service | grep "Active" | wc -l) + if [ $SERVICE_EXIST -eq 0 ]; then + echo "The newrelic-infra agent service is NOT installed on the host, but is required to install this integration." >> /dev/stderr + exit 1 + fi + setup: + label: "Installing redis integration..." + cmds: + - | + sudo mkdir -p "/etc/newrelic-infra/integrations.d" + - | + sudo yum update -y + - | + sudo yum install nri-redis -y + - | + if [ -f /etc/newrelic-infra/integrations.d/redis-config.yml ]; then + sudo rm /etc/newrelic-infra/integrations.d/redis-config.yml; + fi + + - | + sudo tee /etc/newrelic-infra/integrations.d/redis-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.redis + + instances: + - name: redis-metrics + command: metrics + arguments: + hostname: {{.NR_CLI_HOSTNAME}} + port: {{.NR_CLI_PORT}} + keys: {{.NR_CLI_KEYS}} + config_inventory: true + password: {{.NR_CLI_PASSWORD}} + keys_limit: 30 + # New users should leave this property as `true`, to identify the + # monitored entities as `remote`. Setting this property to `false` (the + # default value) is deprecated and will be removed soon, disallowing + # entities that are identified as `local`. + # Please check the documentation to get more information about local + # versus remote entities: + # https://github.com/newrelic/infra-integrations-sdk/blob/master/docs/entity-definition.md + remote_monitoring: true + # New users should leave this property as `true`, to uniquely identify the monitored entities when using + # Unix sockets. + use_unix_socket: true + + - name: redis-inventory + command: inventory + arguments: + hostname: {{.NR_CLI_HOSTNAME}} + port: {{.NR_CLI_PORT}} + password: ${{.NR_CLI_PASSWORD}} + # New users should leave this property as `true`, to identify the + # monitored entities as `remote`. Setting this property to `false` (the + # default value) is deprecated and will be removed soon, disallowing + # entities that are identified as `local`. + # Please check the documentation to get more information about local + # versus remote entities: + # https://github.com/newrelic/infra-integrations-sdk/blob/master/docs/entity-definition.md + remote_monitoring: true + # New users should leave this property as `true`, to uniquely identify the monitored entities when using + # Unix sockets. + use_unix_socket: true + EOT + restart: + cmds: + - sudo systemctl restart newrelic-infra.service \ No newline at end of file diff --git a/test/definitions/ohi/linux/redis-rhel.json b/test/definitions/ohi/linux/redis-rhel.json new file mode 100644 index 000000000..f1e6e7f01 --- /dev/null +++ b/test/definitions/ohi/linux/redis-rhel.json @@ -0,0 +1,56 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + + "resources": [{ + "id": "host1", + "display_name": "AwsLinux2InfraRedisInstallHost", + "provider": "aws", + "type": "ec2", + "size": "t3.nano", + "ami_name": "amazonlinux-2-base*" + }], + + "services": [{ + "id": "redis1", + "destinations": ["host1"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/redis/install/rhel/roles", + "port": 6379, + "params":{ + "create_env_var": true + } + }], + + "instrumentations": { + "resources": [ + { + "id": "nr_infra_redis", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/newrelic-cli/install-recipe/roles", + "params": { + "recipe_content_url": [ + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/infra-agent/amazonlinux2.yml", + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/redis/rhel.yml" + ] + } + }, + { + "id": "nr_infra_is_having_data", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library", + "deploy_script_path": "test/deploy/assertions/recipe-is-valid/roles", + "params": { + "recipe_validation_nrql_url": "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/redis/rhel.yml" + } + } + ] + } + } diff --git a/test/deploy/linux/redis/install/rhel/roles/configure/tasks/main.yml b/test/deploy/linux/redis/install/rhel/roles/configure/tasks/main.yml new file mode 100644 index 000000000..c64b44a50 --- /dev/null +++ b/test/deploy/linux/redis/install/rhel/roles/configure/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- debug: + msg: Install ElasticSearch + +- name: Set default create_env_var (default not create) + set_fact: + create_env_var: "false" + when: create_env_var is undefined + +- name: update packages + shell: yum update -y + become: true + +- name: Copy Epel repo file + shell: amazon-linux-extras install epel -y + become: true + +- name: install Redis from EPEL repository + shell: yum install redis -y + become: true + +- name: Copy redis config + template: + src: redis.conf + dest: /etc/redis.conf + become: true + +- name: run redis + shell: service redis start + become: true + +- block: + - name: Export PASSWORD + shell: "echo export NR_CLI_PASSWORD=notUsed >> ~/.bashrc" + - name: Export KEYS + shell: "echo export NR_CLI_KEYS=None >> ~/.bashrc" + - name: Export HOSTNAME + shell: "echo export NR_CLI_HOSTNAME=localhost >> ~/.bashrc" + - name: Export PORT + shell: "echo export NR_CLI_PORT=6379 >> ~/.bashrc" + when: create_env_var|bool diff --git a/test/deploy/linux/redis/install/rhel/roles/configure/templates/redis.conf b/test/deploy/linux/redis/install/rhel/roles/configure/templates/redis.conf new file mode 100644 index 000000000..0c2e0ca4c --- /dev/null +++ b/test/deploy/linux/redis/install/rhel/roles/configure/templates/redis.conf @@ -0,0 +1,1052 @@ +# Redis configuration file example. +# +# Note that in order to read the configuration file, Redis must be +# started with the file path as first argument: +# +# ./redis-server /path/to/redis.conf + +# Note on units: when memory size is needed, it is possible to specify +# it in the usual form of 1k 5GB 4M and so forth: +# +# 1k => 1000 bytes +# 1kb => 1024 bytes +# 1m => 1000000 bytes +# 1mb => 1024*1024 bytes +# 1g => 1000000000 bytes +# 1gb => 1024*1024*1024 bytes +# +# units are case insensitive so 1GB 1Gb 1gB are all the same. + +################################## INCLUDES ################################### + +# Include one or more other config files here. This is useful if you +# have a standard template that goes to all Redis servers but also need +# to customize a few per-server settings. Include files can include +# other files, so use this wisely. +# +# Notice option "include" won't be rewritten by command "CONFIG REWRITE" +# from admin or Redis Sentinel. Since Redis always uses the last processed +# line as value of a configuration directive, you'd better put includes +# at the beginning of this file to avoid overwriting config change at runtime. +# +# If instead you are interested in using includes to override configuration +# options, it is better to use include as the last line. +# +# include /path/to/local.conf +# include /path/to/other.conf + +################################## NETWORK ##################################### + +# By default, if no "bind" configuration directive is specified, Redis listens +# for connections from all the network interfaces available on the server. +# It is possible to listen to just one or multiple selected interfaces using +# the "bind" configuration directive, followed by one or more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +# bind 127.0.0.1 ::1 +# +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the +# internet, binding to all the interfaces is dangerous and will expose the +# instance to everybody on the internet. So by default we uncomment the +# following bind directive, that will force Redis to listen only into +# the IPv4 lookback interface address (this means Redis will be able to +# accept connections only from clients running into the same computer it +# is running). +# +# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES +# JUST COMMENT THE FOLLOWING LINE. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +bind 127.0.0.1 + +# Protected mode is a layer of security protection, in order to avoid that +# Redis instances left open on the internet are accessed and exploited. +# +# When protected mode is on and if: +# +# 1) The server is not binding explicitly to a set of addresses using the +# "bind" directive. +# 2) No password is configured. +# +# The server only accepts connections from clients connecting from the +# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain +# sockets. +# +# By default protected mode is enabled. You should disable it only if +# you are sure you want clients from other hosts to connect to Redis +# even if no authentication is configured, nor a specific set of interfaces +# are explicitly listed using the "bind" directive. +protected-mode yes + +# Accept connections on the specified port, default is 6379 (IANA #815344). +# If port 0 is specified Redis will not listen on a TCP socket. +port 6379 + +# TCP listen() backlog. +# +# In high requests-per-second environments you need an high backlog in order +# to avoid slow clients connections issues. Note that the Linux kernel +# will silently truncate it to the value of /proc/sys/net/core/somaxconn so +# make sure to raise both the value of somaxconn and tcp_max_syn_backlog +# in order to get the desired effect. +tcp-backlog 511 + +# Unix socket. +# +# Specify the path for the Unix socket that will be used to listen for +# incoming connections. There is no default, so Redis will not listen +# on a unix socket when not specified. +# +# unixsocket /tmp/redis.sock +# unixsocketperm 700 + +# Close the connection after a client is idle for N seconds (0 to disable) +timeout 0 + +# TCP keepalive. +# +# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence +# of communication. This is useful for two reasons: +# +# 1) Detect dead peers. +# 2) Take the connection alive from the point of view of network +# equipment in the middle. +# +# On Linux, the specified value (in seconds) is the period used to send ACKs. +# Note that to close the connection the double of the time is needed. +# On other kernels the period depends on the kernel configuration. +# +# A reasonable value for this option is 300 seconds, which is the new +# Redis default starting with Redis 3.2.1. +tcp-keepalive 300 + +################################# GENERAL ##################################### + +# By default Redis does not run as a daemon. Use 'yes' if you need it. +# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. +daemonize no + +# If you run Redis from upstart or systemd, Redis can interact with your +# supervision tree. Options: +# supervised no - no supervision interaction +# supervised upstart - signal upstart by putting Redis into SIGSTOP mode +# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET +# supervised auto - detect upstart or systemd method based on +# UPSTART_JOB or NOTIFY_SOCKET environment variables +# Note: these supervision methods only signal "process is ready." +# They do not enable continuous liveness pings back to your supervisor. +supervised no + +# If a pid file is specified, Redis writes it where specified at startup +# and removes it at exit. +# +# When the server runs non daemonized, no pid file is created if none is +# specified in the configuration. When the server is daemonized, the pid file +# is used even if not specified, defaulting to "/var/run/redis.pid". +# +# Creating a pid file is best effort: if Redis is not able to create it +# nothing bad happens, the server will start and run normally. +pidfile /var/run/redis_6379.pid + +# Specify the server verbosity level. +# This can be one of: +# debug (a lot of information, useful for development/testing) +# verbose (many rarely useful info, but not a mess like the debug level) +# notice (moderately verbose, what you want in production probably) +# warning (only very important / critical messages are logged) +loglevel notice + +# Specify the log file name. Also the empty string can be used to force +# Redis to log on the standard output. Note that if you use standard +# output for logging but daemonize, logs will be sent to /dev/null +logfile /var/log/redis/redis.log + +# To enable logging to the system logger, just set 'syslog-enabled' to yes, +# and optionally update the other syslog parameters to suit your needs. +# syslog-enabled no + +# Specify the syslog identity. +# syslog-ident redis + +# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. +# syslog-facility local0 + +# Set the number of databases. The default database is DB 0, you can select +# a different one on a per-connection basis using SELECT where +# dbid is a number between 0 and 'databases'-1 +databases 16 + +################################ SNAPSHOTTING ################################ +# +# Save the DB on disk: +# +# save +# +# Will save the DB if both the given number of seconds and the given +# number of write operations against the DB occurred. +# +# In the example below the behaviour will be to save: +# after 900 sec (15 min) if at least 1 key changed +# after 300 sec (5 min) if at least 10 keys changed +# after 60 sec if at least 10000 keys changed +# +# Note: you can disable saving completely by commenting out all "save" lines. +# +# It is also possible to remove all the previously configured save +# points by adding a save directive with a single empty string argument +# like in the following example: +# +# save "" + +save 900 1 +save 300 10 +save 60 10000 + +# By default Redis will stop accepting writes if RDB snapshots are enabled +# (at least one save point) and the latest background save failed. +# This will make the user aware (in a hard way) that data is not persisting +# on disk properly, otherwise chances are that no one will notice and some +# disaster will happen. +# +# If the background saving process will start working again Redis will +# automatically allow writes again. +# +# However if you have setup your proper monitoring of the Redis server +# and persistence, you may want to disable this feature so that Redis will +# continue to work as usual even if there are problems with disk, +# permissions, and so forth. +stop-writes-on-bgsave-error yes + +# Compress string objects using LZF when dump .rdb databases? +# For default that's set to 'yes' as it's almost always a win. +# If you want to save some CPU in the saving child set it to 'no' but +# the dataset will likely be bigger if you have compressible values or keys. +rdbcompression yes + +# Since version 5 of RDB a CRC64 checksum is placed at the end of the file. +# This makes the format more resistant to corruption but there is a performance +# hit to pay (around 10%) when saving and loading RDB files, so you can disable it +# for maximum performances. +# +# RDB files created with checksum disabled have a checksum of zero that will +# tell the loading code to skip the check. +rdbchecksum yes + +# The filename where to dump the DB +dbfilename dump.rdb + +# The working directory. +# +# The DB will be written inside this directory, with the filename specified +# above using the 'dbfilename' configuration directive. +# +# The Append Only File will also be created inside this directory. +# +# Note that you must specify a directory here, not a file name. +dir /var/lib/redis + +################################# REPLICATION ################################# + +# Master-Slave replication. Use slaveof to make a Redis instance a copy of +# another Redis server. A few things to understand ASAP about Redis replication. +# +# 1) Redis replication is asynchronous, but you can configure a master to +# stop accepting writes if it appears to be not connected with at least +# a given number of slaves. +# 2) Redis slaves are able to perform a partial resynchronization with the +# master if the replication link is lost for a relatively small amount of +# time. You may want to configure the replication backlog size (see the next +# sections of this file) with a sensible value depending on your needs. +# 3) Replication is automatic and does not need user intervention. After a +# network partition slaves automatically try to reconnect to masters +# and resynchronize with them. +# +# slaveof + +# If the master is password protected (using the "requirepass" configuration +# directive below) it is possible to tell the slave to authenticate before +# starting the replication synchronization process, otherwise the master will +# refuse the slave request. +# +# masterauth + +# When a slave loses its connection with the master, or when the replication +# is still in progress, the slave can act in two different ways: +# +# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will +# still reply to client requests, possibly with out of date data, or the +# data set may just be empty if this is the first synchronization. +# +# 2) if slave-serve-stale-data is set to 'no' the slave will reply with +# an error "SYNC with master in progress" to all the kind of commands +# but to INFO and SLAVEOF. +# +slave-serve-stale-data yes + +# You can configure a slave instance to accept writes or not. Writing against +# a slave instance may be useful to store some ephemeral data (because data +# written on a slave will be easily deleted after resync with the master) but +# may also cause problems if clients are writing to it because of a +# misconfiguration. +# +# Since Redis 2.6 by default slaves are read-only. +# +# Note: read only slaves are not designed to be exposed to untrusted clients +# on the internet. It's just a protection layer against misuse of the instance. +# Still a read only slave exports by default all the administrative commands +# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve +# security of read only slaves using 'rename-command' to shadow all the +# administrative / dangerous commands. +slave-read-only yes + +# Replication SYNC strategy: disk or socket. +# +# ------------------------------------------------------- +# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY +# ------------------------------------------------------- +# +# New slaves and reconnecting slaves that are not able to continue the replication +# process just receiving differences, need to do what is called a "full +# synchronization". An RDB file is transmitted from the master to the slaves. +# The transmission can happen in two different ways: +# +# 1) Disk-backed: The Redis master creates a new process that writes the RDB +# file on disk. Later the file is transferred by the parent +# process to the slaves incrementally. +# 2) Diskless: The Redis master creates a new process that directly writes the +# RDB file to slave sockets, without touching the disk at all. +# +# With disk-backed replication, while the RDB file is generated, more slaves +# can be queued and served with the RDB file as soon as the current child producing +# the RDB file finishes its work. With diskless replication instead once +# the transfer starts, new slaves arriving will be queued and a new transfer +# will start when the current one terminates. +# +# When diskless replication is used, the master waits a configurable amount of +# time (in seconds) before starting the transfer in the hope that multiple slaves +# will arrive and the transfer can be parallelized. +# +# With slow disks and fast (large bandwidth) networks, diskless replication +# works better. +repl-diskless-sync no + +# When diskless replication is enabled, it is possible to configure the delay +# the server waits in order to spawn the child that transfers the RDB via socket +# to the slaves. +# +# This is important since once the transfer starts, it is not possible to serve +# new slaves arriving, that will be queued for the next RDB transfer, so the server +# waits a delay in order to let more slaves arrive. +# +# The delay is specified in seconds, and by default is 5 seconds. To disable +# it entirely just set it to 0 seconds and the transfer will start ASAP. +repl-diskless-sync-delay 5 + +# Slaves send PINGs to server in a predefined interval. It's possible to change +# this interval with the repl_ping_slave_period option. The default value is 10 +# seconds. +# +# repl-ping-slave-period 10 + +# The following option sets the replication timeout for: +# +# 1) Bulk transfer I/O during SYNC, from the point of view of slave. +# 2) Master timeout from the point of view of slaves (data, pings). +# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings). +# +# It is important to make sure that this value is greater than the value +# specified for repl-ping-slave-period otherwise a timeout will be detected +# every time there is low traffic between the master and the slave. +# +# repl-timeout 60 + +# Disable TCP_NODELAY on the slave socket after SYNC? +# +# If you select "yes" Redis will use a smaller number of TCP packets and +# less bandwidth to send data to slaves. But this can add a delay for +# the data to appear on the slave side, up to 40 milliseconds with +# Linux kernels using a default configuration. +# +# If you select "no" the delay for data to appear on the slave side will +# be reduced but more bandwidth will be used for replication. +# +# By default we optimize for low latency, but in very high traffic conditions +# or when the master and slaves are many hops away, turning this to "yes" may +# be a good idea. +repl-disable-tcp-nodelay no + +# Set the replication backlog size. The backlog is a buffer that accumulates +# slave data when slaves are disconnected for some time, so that when a slave +# wants to reconnect again, often a full resync is not needed, but a partial +# resync is enough, just passing the portion of data the slave missed while +# disconnected. +# +# The bigger the replication backlog, the longer the time the slave can be +# disconnected and later be able to perform a partial resynchronization. +# +# The backlog is only allocated once there is at least a slave connected. +# +# repl-backlog-size 1mb + +# After a master has no longer connected slaves for some time, the backlog +# will be freed. The following option configures the amount of seconds that +# need to elapse, starting from the time the last slave disconnected, for +# the backlog buffer to be freed. +# +# A value of 0 means to never release the backlog. +# +# repl-backlog-ttl 3600 + +# The slave priority is an integer number published by Redis in the INFO output. +# It is used by Redis Sentinel in order to select a slave to promote into a +# master if the master is no longer working correctly. +# +# A slave with a low priority number is considered better for promotion, so +# for instance if there are three slaves with priority 10, 100, 25 Sentinel will +# pick the one with priority 10, that is the lowest. +# +# However a special priority of 0 marks the slave as not able to perform the +# role of master, so a slave with priority of 0 will never be selected by +# Redis Sentinel for promotion. +# +# By default the priority is 100. +slave-priority 100 + +# It is possible for a master to stop accepting writes if there are less than +# N slaves connected, having a lag less or equal than M seconds. +# +# The N slaves need to be in "online" state. +# +# The lag in seconds, that must be <= the specified value, is calculated from +# the last ping received from the slave, that is usually sent every second. +# +# This option does not GUARANTEE that N replicas will accept the write, but +# will limit the window of exposure for lost writes in case not enough slaves +# are available, to the specified number of seconds. +# +# For example to require at least 3 slaves with a lag <= 10 seconds use: +# +# min-slaves-to-write 3 +# min-slaves-max-lag 10 +# +# Setting one or the other to 0 disables the feature. +# +# By default min-slaves-to-write is set to 0 (feature disabled) and +# min-slaves-max-lag is set to 10. + +# A Redis master is able to list the address and port of the attached +# slaves in different ways. For example the "INFO replication" section +# offers this information, which is used, among other tools, by +# Redis Sentinel in order to discover slave instances. +# Another place where this info is available is in the output of the +# "ROLE" command of a masteer. +# +# The listed IP and address normally reported by a slave is obtained +# in the following way: +# +# IP: The address is auto detected by checking the peer address +# of the socket used by the slave to connect with the master. +# +# Port: The port is communicated by the slave during the replication +# handshake, and is normally the port that the slave is using to +# list for connections. +# +# However when port forwarding or Network Address Translation (NAT) is +# used, the slave may be actually reachable via different IP and port +# pairs. The following two options can be used by a slave in order to +# report to its master a specific set of IP and port, so that both INFO +# and ROLE will report those values. +# +# There is no need to use both the options if you need to override just +# the port or the IP address. +# +# slave-announce-ip 5.5.5.5 +# slave-announce-port 1234 + +################################## SECURITY ################################### + +# Require clients to issue AUTH before processing any other +# commands. This might be useful in environments in which you do not trust +# others with access to the host running redis-server. +# +# This should stay commented out for backward compatibility and because most +# people do not need auth (e.g. they run their own servers). +# +# Warning: since Redis is pretty fast an outside user can try up to +# 150k passwords per second against a good box. This means that you should +# use a very strong password otherwise it will be very easy to break. +# +requirepass notUsed + +# Command renaming. +# +# It is possible to change the name of dangerous commands in a shared +# environment. For instance the CONFIG command may be renamed into something +# hard to guess so that it will still be available for internal-use tools +# but not available for general clients. +# +# Example: +# +# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 +# +# It is also possible to completely kill a command by renaming it into +# an empty string: +# +# rename-command CONFIG "" +# +# Please note that changing the name of commands that are logged into the +# AOF file or transmitted to slaves may cause problems. + +################################### LIMITS #################################### + +# Set the max number of connected clients at the same time. By default +# this limit is set to 10000 clients, however if the Redis server is not +# able to configure the process file limit to allow for the specified limit +# the max number of allowed clients is set to the current file limit +# minus 32 (as Redis reserves a few file descriptors for internal uses). +# +# Once the limit is reached Redis will close all the new connections sending +# an error 'max number of clients reached'. +# +# maxclients 10000 + +# Don't use more memory than the specified amount of bytes. +# When the memory limit is reached Redis will try to remove keys +# according to the eviction policy selected (see maxmemory-policy). +# +# If Redis can't remove keys according to the policy, or if the policy is +# set to 'noeviction', Redis will start to reply with errors to commands +# that would use more memory, like SET, LPUSH, and so on, and will continue +# to reply to read-only commands like GET. +# +# This option is usually useful when using Redis as an LRU cache, or to set +# a hard memory limit for an instance (using the 'noeviction' policy). +# +# WARNING: If you have slaves attached to an instance with maxmemory on, +# the size of the output buffers needed to feed the slaves are subtracted +# from the used memory count, so that network problems / resyncs will +# not trigger a loop where keys are evicted, and in turn the output +# buffer of slaves is full with DELs of keys evicted triggering the deletion +# of more keys, and so forth until the database is completely emptied. +# +# In short... if you have slaves attached it is suggested that you set a lower +# limit for maxmemory so that there is some free RAM on the system for slave +# output buffers (but this is not needed if the policy is 'noeviction'). +# +# maxmemory + +# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory +# is reached. You can select among five behaviors: +# +# volatile-lru -> remove the key with an expire set using an LRU algorithm +# allkeys-lru -> remove any key according to the LRU algorithm +# volatile-random -> remove a random key with an expire set +# allkeys-random -> remove a random key, any key +# volatile-ttl -> remove the key with the nearest expire time (minor TTL) +# noeviction -> don't expire at all, just return an error on write operations +# +# Note: with any of the above policies, Redis will return an error on write +# operations, when there are no suitable keys for eviction. +# +# At the date of writing these commands are: set setnx setex append +# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd +# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby +# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby +# getset mset msetnx exec sort +# +# The default is: +# +# maxmemory-policy noeviction + +# LRU and minimal TTL algorithms are not precise algorithms but approximated +# algorithms (in order to save memory), so you can tune it for speed or +# accuracy. For default Redis will check five keys and pick the one that was +# used less recently, you can change the sample size using the following +# configuration directive. +# +# The default of 5 produces good enough results. 10 Approximates very closely +# true LRU but costs a bit more CPU. 3 is very fast but not very accurate. +# +# maxmemory-samples 5 + +############################## APPEND ONLY MODE ############################### + +# By default Redis asynchronously dumps the dataset on disk. This mode is +# good enough in many applications, but an issue with the Redis process or +# a power outage may result into a few minutes of writes lost (depending on +# the configured save points). +# +# The Append Only File is an alternative persistence mode that provides +# much better durability. For instance using the default data fsync policy +# (see later in the config file) Redis can lose just one second of writes in a +# dramatic event like a server power outage, or a single write if something +# wrong with the Redis process itself happens, but the operating system is +# still running correctly. +# +# AOF and RDB persistence can be enabled at the same time without problems. +# If the AOF is enabled on startup Redis will load the AOF, that is the file +# with the better durability guarantees. +# +# Please check http://redis.io/topics/persistence for more information. + +appendonly no + +# The name of the append only file (default: "appendonly.aof") + +appendfilename "appendonly.aof" + +# The fsync() call tells the Operating System to actually write data on disk +# instead of waiting for more data in the output buffer. Some OS will really flush +# data on disk, some other OS will just try to do it ASAP. +# +# Redis supports three different modes: +# +# no: don't fsync, just let the OS flush the data when it wants. Faster. +# always: fsync after every write to the append only log. Slow, Safest. +# everysec: fsync only one time every second. Compromise. +# +# The default is "everysec", as that's usually the right compromise between +# speed and data safety. It's up to you to understand if you can relax this to +# "no" that will let the operating system flush the output buffer when +# it wants, for better performances (but if you can live with the idea of +# some data loss consider the default persistence mode that's snapshotting), +# or on the contrary, use "always" that's very slow but a bit safer than +# everysec. +# +# More details please check the following article: +# http://antirez.com/post/redis-persistence-demystified.html +# +# If unsure, use "everysec". + +# appendfsync always +appendfsync everysec +# appendfsync no + +# When the AOF fsync policy is set to always or everysec, and a background +# saving process (a background save or AOF log background rewriting) is +# performing a lot of I/O against the disk, in some Linux configurations +# Redis may block too long on the fsync() call. Note that there is no fix for +# this currently, as even performing fsync in a different thread will block +# our synchronous write(2) call. +# +# In order to mitigate this problem it's possible to use the following option +# that will prevent fsync() from being called in the main process while a +# BGSAVE or BGREWRITEAOF is in progress. +# +# This means that while another child is saving, the durability of Redis is +# the same as "appendfsync none". In practical terms, this means that it is +# possible to lose up to 30 seconds of log in the worst scenario (with the +# default Linux settings). +# +# If you have latency problems turn this to "yes". Otherwise leave it as +# "no" that is the safest pick from the point of view of durability. + +no-appendfsync-on-rewrite no + +# Automatic rewrite of the append only file. +# Redis is able to automatically rewrite the log file implicitly calling +# BGREWRITEAOF when the AOF log size grows by the specified percentage. +# +# This is how it works: Redis remembers the size of the AOF file after the +# latest rewrite (if no rewrite has happened since the restart, the size of +# the AOF at startup is used). +# +# This base size is compared to the current size. If the current size is +# bigger than the specified percentage, the rewrite is triggered. Also +# you need to specify a minimal size for the AOF file to be rewritten, this +# is useful to avoid rewriting the AOF file even if the percentage increase +# is reached but it is still pretty small. +# +# Specify a percentage of zero in order to disable the automatic AOF +# rewrite feature. + +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb + +# An AOF file may be found to be truncated at the end during the Redis +# startup process, when the AOF data gets loaded back into memory. +# This may happen when the system where Redis is running +# crashes, especially when an ext4 filesystem is mounted without the +# data=ordered option (however this can't happen when Redis itself +# crashes or aborts but the operating system still works correctly). +# +# Redis can either exit with an error when this happens, or load as much +# data as possible (the default now) and start if the AOF file is found +# to be truncated at the end. The following option controls this behavior. +# +# If aof-load-truncated is set to yes, a truncated AOF file is loaded and +# the Redis server starts emitting a log to inform the user of the event. +# Otherwise if the option is set to no, the server aborts with an error +# and refuses to start. When the option is set to no, the user requires +# to fix the AOF file using the "redis-check-aof" utility before to restart +# the server. +# +# Note that if the AOF file will be found to be corrupted in the middle +# the server will still exit with an error. This option only applies when +# Redis will try to read more data from the AOF file but not enough bytes +# will be found. +aof-load-truncated yes + +################################ LUA SCRIPTING ############################### + +# Max execution time of a Lua script in milliseconds. +# +# If the maximum execution time is reached Redis will log that a script is +# still in execution after the maximum allowed time and will start to +# reply to queries with an error. +# +# When a long running script exceeds the maximum execution time only the +# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be +# used to stop a script that did not yet called write commands. The second +# is the only way to shut down the server in the case a write command was +# already issued by the script but the user doesn't want to wait for the natural +# termination of the script. +# +# Set it to 0 or a negative value for unlimited execution without warnings. +lua-time-limit 5000 + +################################ REDIS CLUSTER ############################### +# +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however +# in order to mark it as "mature" we need to wait for a non trivial percentage +# of users to deploy it in production. +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +# +# Normal Redis instances can't be part of a Redis Cluster; only nodes that are +# started as cluster nodes can. In order to start a Redis instance as a +# cluster node enable the cluster support uncommenting the following: +# +# cluster-enabled yes + +# Every cluster node has a cluster configuration file. This file is not +# intended to be edited by hand. It is created and updated by Redis nodes. +# Every Redis Cluster node requires a different cluster configuration file. +# Make sure that instances running in the same system do not have +# overlapping cluster configuration file names. +# +# cluster-config-file nodes-6379.conf + +# Cluster node timeout is the amount of milliseconds a node must be unreachable +# for it to be considered in failure state. +# Most other internal time limits are multiple of the node timeout. +# +# cluster-node-timeout 15000 + +# A slave of a failing master will avoid to start a failover if its data +# looks too old. +# +# There is no simple way for a slave to actually have a exact measure of +# its "data age", so the following two checks are performed: +# +# 1) If there are multiple slaves able to failover, they exchange messages +# in order to try to give an advantage to the slave with the best +# replication offset (more data from the master processed). +# Slaves will try to get their rank by offset, and apply to the start +# of the failover a delay proportional to their rank. +# +# 2) Every single slave computes the time of the last interaction with +# its master. This can be the last ping or command received (if the master +# is still in the "connected" state), or the time that elapsed since the +# disconnection with the master (if the replication link is currently down). +# If the last interaction is too old, the slave will not try to failover +# at all. +# +# The point "2" can be tuned by user. Specifically a slave will not perform +# the failover if, since the last interaction with the master, the time +# elapsed is greater than: +# +# (node-timeout * slave-validity-factor) + repl-ping-slave-period +# +# So for example if node-timeout is 30 seconds, and the slave-validity-factor +# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the +# slave will not try to failover if it was not able to talk with the master +# for longer than 310 seconds. +# +# A large slave-validity-factor may allow slaves with too old data to failover +# a master, while a too small value may prevent the cluster from being able to +# elect a slave at all. +# +# For maximum availability, it is possible to set the slave-validity-factor +# to a value of 0, which means, that slaves will always try to failover the +# master regardless of the last time they interacted with the master. +# (However they'll always try to apply a delay proportional to their +# offset rank). +# +# Zero is the only value able to guarantee that when all the partitions heal +# the cluster will always be able to continue. +# +# cluster-slave-validity-factor 10 + +# Cluster slaves are able to migrate to orphaned masters, that are masters +# that are left without working slaves. This improves the cluster ability +# to resist to failures as otherwise an orphaned master can't be failed over +# in case of failure if it has no working slaves. +# +# Slaves migrate to orphaned masters only if there are still at least a +# given number of other working slaves for their old master. This number +# is the "migration barrier". A migration barrier of 1 means that a slave +# will migrate only if there is at least 1 other working slave for its master +# and so forth. It usually reflects the number of slaves you want for every +# master in your cluster. +# +# Default is 1 (slaves migrate only if their masters remain with at least +# one slave). To disable migration just set it to a very large value. +# A value of 0 can be set but is useful only for debugging and dangerous +# in production. +# +# cluster-migration-barrier 1 + +# By default Redis Cluster nodes stop accepting queries if they detect there +# is at least an hash slot uncovered (no available node is serving it). +# This way if the cluster is partially down (for example a range of hash slots +# are no longer covered) all the cluster becomes, eventually, unavailable. +# It automatically returns available as soon as all the slots are covered again. +# +# However sometimes you want the subset of the cluster which is working, +# to continue to accept queries for the part of the key space that is still +# covered. In order to do so, just set the cluster-require-full-coverage +# option to no. +# +# cluster-require-full-coverage yes + +# In order to setup your cluster make sure to read the documentation +# available at http://redis.io web site. + +################################## SLOW LOG ################################### + +# The Redis Slow Log is a system to log queries that exceeded a specified +# execution time. The execution time does not include the I/O operations +# like talking with the client, sending the reply and so forth, +# but just the time needed to actually execute the command (this is the only +# stage of command execution where the thread is blocked and can not serve +# other requests in the meantime). +# +# You can configure the slow log with two parameters: one tells Redis +# what is the execution time, in microseconds, to exceed in order for the +# command to get logged, and the other parameter is the length of the +# slow log. When a new command is logged the oldest one is removed from the +# queue of logged commands. + +# The following time is expressed in microseconds, so 1000000 is equivalent +# to one second. Note that a negative number disables the slow log, while +# a value of zero forces the logging of every command. +slowlog-log-slower-than 10000 + +# There is no limit to this length. Just be aware that it will consume memory. +# You can reclaim memory used by the slow log with SLOWLOG RESET. +slowlog-max-len 128 + +################################ LATENCY MONITOR ############################## + +# The Redis latency monitoring subsystem samples different operations +# at runtime in order to collect data related to possible sources of +# latency of a Redis instance. +# +# Via the LATENCY command this information is available to the user that can +# print graphs and obtain reports. +# +# The system only logs operations that were performed in a time equal or +# greater than the amount of milliseconds specified via the +# latency-monitor-threshold configuration directive. When its value is set +# to zero, the latency monitor is turned off. +# +# By default latency monitoring is disabled since it is mostly not needed +# if you don't have latency issues, and collecting data has a performance +# impact, that while very small, can be measured under big load. Latency +# monitoring can easily be enabled at runtime using the command +# "CONFIG SET latency-monitor-threshold " if needed. +latency-monitor-threshold 0 + +############################# EVENT NOTIFICATION ############################## + +# Redis can notify Pub/Sub clients about events happening in the key space. +# This feature is documented at http://redis.io/topics/notifications +# +# For instance if keyspace events notification is enabled, and a client +# performs a DEL operation on key "foo" stored in the Database 0, two +# messages will be published via Pub/Sub: +# +# PUBLISH __keyspace@0__:foo del +# PUBLISH __keyevent@0__:del foo +# +# It is possible to select the events that Redis will notify among a set +# of classes. Every class is identified by a single character: +# +# K Keyspace events, published with __keyspace@__ prefix. +# E Keyevent events, published with __keyevent@__ prefix. +# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... +# $ String commands +# l List commands +# s Set commands +# h Hash commands +# z Sorted set commands +# x Expired events (events generated every time a key expires) +# e Evicted events (events generated when a key is evicted for maxmemory) +# A Alias for g$lshzxe, so that the "AKE" string means all the events. +# +# The "notify-keyspace-events" takes as argument a string that is composed +# of zero or multiple characters. The empty string means that notifications +# are disabled. +# +# Example: to enable list and generic events, from the point of view of the +# event name, use: +# +# notify-keyspace-events Elg +# +# Example 2: to get the stream of the expired keys subscribing to channel +# name __keyevent@0__:expired use: +# +# notify-keyspace-events Ex +# +# By default all notifications are disabled because most users don't need +# this feature and the feature has some overhead. Note that if you don't +# specify at least one of K or E, no events will be delivered. +notify-keyspace-events "" + +############################### ADVANCED CONFIG ############################### + +# Hashes are encoded using a memory efficient data structure when they have a +# small number of entries, and the biggest entry does not exceed a given +# threshold. These thresholds can be configured using the following directives. +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 + +# Lists are also encoded in a special way to save a lot of space. +# The number of entries allowed per internal list node can be specified +# as a fixed maximum size or a maximum number of elements. +# For a fixed maximum size, use -5 through -1, meaning: +# -5: max size: 64 Kb <-- not recommended for normal workloads +# -4: max size: 32 Kb <-- not recommended +# -3: max size: 16 Kb <-- probably not recommended +# -2: max size: 8 Kb <-- good +# -1: max size: 4 Kb <-- good +# Positive numbers mean store up to _exactly_ that number of elements +# per list node. +# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), +# but if your use case is unique, adjust the settings as necessary. +list-max-ziplist-size -2 + +# Lists may also be compressed. +# Compress depth is the number of quicklist ziplist nodes from *each* side of +# the list to *exclude* from compression. The head and tail of the list +# are always uncompressed for fast push/pop operations. Settings are: +# 0: disable all list compression +# 1: depth 1 means "don't start compressing until after 1 node into the list, +# going from either the head or tail" +# So: [head]->node->node->...->node->[tail] +# [head], [tail] will always be uncompressed; inner nodes will compress. +# 2: [head]->[next]->node->node->...->node->[prev]->[tail] +# 2 here means: don't compress head or head->next or tail->prev or tail, +# but compress all nodes between them. +# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] +# etc. +list-compress-depth 0 + +# Sets have a special encoding in just one case: when a set is composed +# of just strings that happen to be integers in radix 10 in the range +# of 64 bit signed integers. +# The following configuration setting sets the limit in the size of the +# set in order to use this special memory saving encoding. +set-max-intset-entries 512 + +# Similarly to hashes and lists, sorted sets are also specially encoded in +# order to save a lot of space. This encoding is only used when the length and +# elements of a sorted set are below the following limits: +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 + +# HyperLogLog sparse representation bytes limit. The limit includes the +# 16 bytes header. When an HyperLogLog using the sparse representation crosses +# this limit, it is converted into the dense representation. +# +# A value greater than 16000 is totally useless, since at that point the +# dense representation is more memory efficient. +# +# The suggested value is ~ 3000 in order to have the benefits of +# the space efficient encoding without slowing down too much PFADD, +# which is O(N) with the sparse encoding. The value can be raised to +# ~ 10000 when CPU is not a concern, but space is, and the data set is +# composed of many HyperLogLogs with cardinality in the 0 - 15000 range. +hll-sparse-max-bytes 3000 + +# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in +# order to help rehashing the main Redis hash table (the one mapping top-level +# keys to values). The hash table implementation Redis uses (see dict.c) +# performs a lazy rehashing: the more operation you run into a hash table +# that is rehashing, the more rehashing "steps" are performed, so if the +# server is idle the rehashing is never complete and some more memory is used +# by the hash table. +# +# The default is to use this millisecond 10 times every second in order to +# actively rehash the main dictionaries, freeing memory when possible. +# +# If unsure: +# use "activerehashing no" if you have hard latency requirements and it is +# not a good thing in your environment that Redis can reply from time to time +# to queries with 2 milliseconds delay. +# +# use "activerehashing yes" if you don't have such hard requirements but +# want to free memory asap when possible. +activerehashing yes + +# The client output buffer limits can be used to force disconnection of clients +# that are not reading data from the server fast enough for some reason (a +# common reason is that a Pub/Sub client can't consume messages as fast as the +# publisher can produce them). +# +# The limit can be set differently for the three different classes of clients: +# +# normal -> normal clients including MONITOR clients +# slave -> slave clients +# pubsub -> clients subscribed to at least one pubsub channel or pattern +# +# The syntax of every client-output-buffer-limit directive is the following: +# +# client-output-buffer-limit +# +# A client is immediately disconnected once the hard limit is reached, or if +# the soft limit is reached and remains reached for the specified number of +# seconds (continuously). +# So for instance if the hard limit is 32 megabytes and the soft limit is +# 16 megabytes / 10 seconds, the client will get disconnected immediately +# if the size of the output buffers reach 32 megabytes, but will also get +# disconnected if the client reaches 16 megabytes and continuously overcomes +# the limit for 10 seconds. +# +# By default normal clients are not limited because they don't receive data +# without asking (in a push way), but just after a request, so only +# asynchronous clients may create a scenario where data is requested faster +# than it can read. +# +# Instead there is a default limit for pubsub and slave clients, since +# subscribers and slaves receive data in a push fashion. +# +# Both the hard or the soft limit can be disabled by setting them to zero. +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit slave 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 + +# Redis calls an internal function to perform many background tasks, like +# closing connections of clients in timeout, purging expired keys that are +# never requested, and so forth. +# +# Not all tasks are performed with the same frequency, but Redis checks for +# tasks to perform according to the specified "hz" value. +# +# By default "hz" is set to 10. Raising the value will use more CPU when +# Redis is idle, but at the same time will make Redis more responsive when +# there are many keys expiring at the same time, and timeouts may be +# handled with more precision. +# +# The range is between 1 and 500, however a value over 100 is usually not +# a good idea. Most users should use the default of 10 and raise this up to +# 100 only in environments where very low latency is required. +hz 10 + +# When a child rewrites the AOF file, if the following option is enabled +# the file will be fsync-ed every 32 MB of data generated. This is useful +# in order to commit the file to the disk more incrementally and avoid +# big latency spikes. +aof-rewrite-incremental-fsync yes From a87c0d86201d949af6eb5a4aea1edb08e3cc15e7 Mon Sep 17 00:00:00 2001 From: JakubKotkowiak <52407257+JakubKotkowiak@users.noreply.github.com> Date: Fri, 22 Jan 2021 05:02:19 +0100 Subject: [PATCH 4/5] feat(debian): add redis debian recipe (#140) Co-authored-by: Justin Eveland --- recipes/newrelic/redis/debian.yml | 138 ++ test/definitions/ohi/linux/redis-debian.json | 58 + .../debian/roles/configure/tasks/main.yml | 36 + .../roles/configure/templates/redis.conf | 1377 +++++++++++++++++ 4 files changed, 1609 insertions(+) create mode 100644 recipes/newrelic/redis/debian.yml create mode 100644 test/definitions/ohi/linux/redis-debian.json create mode 100644 test/deploy/linux/redis/install/debian/roles/configure/tasks/main.yml create mode 100644 test/deploy/linux/redis/install/debian/roles/configure/templates/redis.conf diff --git a/recipes/newrelic/redis/debian.yml b/recipes/newrelic/redis/debian.yml new file mode 100644 index 000000000..edbf72f1c --- /dev/null +++ b/recipes/newrelic/redis/debian.yml @@ -0,0 +1,138 @@ +# Visit our schema definition for additional information on this file format +# https://github.com/newrelic/open-install-library/blob/main/docs/recipe-spec/recipe-spec.md#schema-definition + +name: redis-open-source-integration +displayName: Redis Open Source Integration +description: New Relic install recipe for default Redis Open Source on-host integration (via Infra-Agent) +repository: https://github.com/newrelic/nri-redis + +installTargets: + - type: host + os: linux + platform: "debian" + - type: host + os: linux + platform: "ubuntu" + +# keyword convention for dealing with search terms that could land someone on this instrumentation project +keywords: + - Infrastructure + - Integration + - redis + +# Examine Infrastructure events for correlated data +processMatch: + - redis + +# Matches partial list of the Log forwarding parameters +# https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent#parameters +logMatch: + - name: redis + file: /var/log/redis/redis-server.log + +# NRQL the newrelic-cli will use to validate the agent/integration this recipe +# installed is successfully sending data to New Relic +validationNrql: "SELECT count(*) from RedisSample where hostname like '{{.HOSTNAME}}' FACET entityGuid SINCE 10 minutes ago" + +# Prompts for input from the user. These variables then become +# available to go-task in the form of {{.VAR_NAME}} +inputVars: + - name: "NR_CLI_HOSTNAME" + prompt: "Please enter your Redis hostname below. If none is provided, the default value: localhost, will be used." + default: "localhost" + - name: "NR_CLI_PASSWORD" + prompt: "Please enter a password if your Redis server is password protected." + secret: true + - name: "NR_CLI_PORT" + prompt: "Please enter your Redis port below. If none is provided, the default value: 6379, will be used." + default: 6379 + - name: "NR_CLI_KEYS" + prompt: "If you would like to see metrics related to the length of selected keys, please enter the keys as a comma separated list in the following format 0:KEY_1, 1:KEY_2:" + +install: + + version: "3" + silent: true + + tasks: + default: + cmds: + - task: assert_pre_req + - task: setup + - task: restart + + assert_pre_req: + cmds: + - | + SERVICE_EXIST=$(sudo systemctl status newrelic-infra.service | grep "Active" | wc -l) + if [ $SERVICE_EXIST -eq 0 ]; then + echo "The newrelic-infra agent service is NOT installed on the host, but is required to install this integration." >> /dev/stderr + exit 1 + fi + + setup: + label: "Installing redis integration..." + cmds: + - | + sudo mkdir -p "/etc/newrelic-infra/integrations.d" + - | + sudo apt-get update + - | + sudo apt-get install nri-redis -y + - | + if [ -f /etc/newrelic-infra/integrations.d/redis-config.yml ]; then + sudo rm /etc/newrelic-infra/integrations.d/redis-config.yml; + fi + + - | + sudo tee /etc/newrelic-infra/integrations.d/redis-config.yml > /dev/null <<"EOT" + integration_name: com.newrelic.redis + + instances: + - name: redis-metrics + command: metrics + arguments: + hostname: {{.NR_CLI_HOSTNAME}} + port: {{.NR_CLI_PORT}} + keys: {{.NR_CLI_KEYS}} + password: {{.NR_CLI_PASSWORD}} + config_inventory: true + keys_limit: 30 + + # New users should leave this property as `true`, to identify the + # monitored entities as `remote`. Setting this property to `false` (the + # default value) is deprecated and will be removed soon, disallowing + # entities that are identified as `local`. + # Please check the documentation to get more information about local + # versus remote entities: + # https://github.com/newrelic/infra-integrations-sdk/blob/master/docs/entity-definition.md + remote_monitoring: true + + # New users should leave this property as `true`, to uniquely identify the monitored entities when using + # Unix sockets. + use_unix_socket: true + + - name: redis-inventory + command: inventory + arguments: + hostname: {{.NR_CLI_HOSTNAME}} + port: {{.NR_CLI_PORT}} + password: {{.NR_CLI_PASSWORD}} + + # New users should leave this property as `true`, to identify the + # monitored entities as `remote`. Setting this property to `false` (the + # default value) is deprecated and will be removed soon, disallowing + # entities that are identified as `local`. + # Please check the documentation to get more information about local + # versus remote entities: + # https://github.com/newrelic/infra-integrations-sdk/blob/master/docs/entity-definition.md + remote_monitoring: true + + # New users should leave this property as `true`, to uniquely identify the monitored entities when using + # Unix sockets. + use_unix_socket: true + EOT + + restart: + cmds: + - sudo systemctl restart newrelic-infra.service diff --git a/test/definitions/ohi/linux/redis-debian.json b/test/definitions/ohi/linux/redis-debian.json new file mode 100644 index 000000000..959e46a45 --- /dev/null +++ b/test/definitions/ohi/linux/redis-debian.json @@ -0,0 +1,58 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + + "resources": [{ + "id": "host1", + "display_name": "Debian10InfraRedisInstallHost", + "provider": "aws", + "type": "ec2", + "size": "t3.small", + "ami_name": "SupportedImages debian-10-amd64-*", + "user_name": "admin" + }], + + "services": [{ + "id": "redis1", + "destinations": ["host1"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/redis/install/debian/roles", + "port": 6379, + "params":{ + "create_env_var": true + } + }], + + "instrumentations": { + "resources": [ + { + "id": "nr_infra_redis", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/newrelic-cli/install-recipe/roles", + "params": { + "recipe_content_url": [ + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/infra-agent/debian.yml", + "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/redis/debian.yml" + ] + } + }, + { + "id": "nr_infra_is_having_data", + "resource_ids": ["host1"], + "provider": "newrelic", + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/assertions/recipe-is-valid/roles", + "params": { + "recipe_validation_nrql_url": "https://raw.githubusercontent.com/newrelic/open-install-library/main/recipes/newrelic/redis/debian.yml" + } + } + ] + } + } + diff --git a/test/deploy/linux/redis/install/debian/roles/configure/tasks/main.yml b/test/deploy/linux/redis/install/debian/roles/configure/tasks/main.yml new file mode 100644 index 000000000..bd8cbb318 --- /dev/null +++ b/test/deploy/linux/redis/install/debian/roles/configure/tasks/main.yml @@ -0,0 +1,36 @@ +--- +- debug: + msg: Install Redis + +- name: Set default create_env_var (default not create) + set_fact: + create_env_var: "false" + when: create_env_var is undefined + +- name: Install redis + apt: + name: ['redis'] + update_cache: yes + state: latest + become: yes + +- name: Copy redis config + template: + src: redis.conf + dest: /etc/redis/redis.conf + become: true + +- name: Restart Redis + shell: "systemctl restart redis" + become: true + +- block: + - name: Export USERNAME + shell: "echo export NR_CLI_PASSWORD=notUsed >> ~/.bashrc" + - name: Export PASSWORD + shell: "echo export NR_CLI_KEYS=None >> ~/.bashrc" + - name: Export HOSTNAME + shell: "echo export NR_CLI_HOSTNAME=localhost >> ~/.bashrc" + - name: Export ES_PORT + shell: "echo export NR_CLI_PORT=6379 >> ~/.bashrc" + when: create_env_var|bool diff --git a/test/deploy/linux/redis/install/debian/roles/configure/templates/redis.conf b/test/deploy/linux/redis/install/debian/roles/configure/templates/redis.conf new file mode 100644 index 000000000..bdef1240a --- /dev/null +++ b/test/deploy/linux/redis/install/debian/roles/configure/templates/redis.conf @@ -0,0 +1,1377 @@ +# Redis configuration file example. +# +# Note that in order to read the configuration file, Redis must be +# started with the file path as first argument: +# +# ./redis-server /path/to/redis.conf + +# Note on units: when memory size is needed, it is possible to specify +# it in the usual form of 1k 5GB 4M and so forth: +# +# 1k => 1000 bytes +# 1kb => 1024 bytes +# 1m => 1000000 bytes +# 1mb => 1024*1024 bytes +# 1g => 1000000000 bytes +# 1gb => 1024*1024*1024 bytes +# +# units are case insensitive so 1GB 1Gb 1gB are all the same. + +################################## INCLUDES ################################### + +# Include one or more other config files here. This is useful if you +# have a standard template that goes to all Redis servers but also need +# to customize a few per-server settings. Include files can include +# other files, so use this wisely. +# +# Notice option "include" won't be rewritten by command "CONFIG REWRITE" +# from admin or Redis Sentinel. Since Redis always uses the last processed +# line as value of a configuration directive, you'd better put includes +# at the beginning of this file to avoid overwriting config change at runtime. +# +# If instead you are interested in using includes to override configuration +# options, it is better to use include as the last line. +# +# include /path/to/local.conf +# include /path/to/other.conf + +################################## MODULES ##################################### + +# Load modules at startup. If the server is not able to load modules +# it will abort. It is possible to use multiple loadmodule directives. +# +# loadmodule /path/to/my_module.so +# loadmodule /path/to/other_module.so + +################################## NETWORK ##################################### + +# By default, if no "bind" configuration directive is specified, Redis listens +# for connections from all the network interfaces available on the server. +# It is possible to listen to just one or multiple selected interfaces using +# the "bind" configuration directive, followed by one or more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +# bind 127.0.0.1 ::1 +# +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the +# internet, binding to all the interfaces is dangerous and will expose the +# instance to everybody on the internet. So by default we uncomment the +# following bind directive, that will force Redis to listen only into +# the IPv4 loopback interface address (this means Redis will be able to +# accept connections only from clients running into the same computer it +# is running). +# +# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES +# JUST COMMENT THE FOLLOWING LINE. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +bind 127.0.0.1 ::1 + +# Protected mode is a layer of security protection, in order to avoid that +# Redis instances left open on the internet are accessed and exploited. +# +# When protected mode is on and if: +# +# 1) The server is not binding explicitly to a set of addresses using the +# "bind" directive. +# 2) No password is configured. +# +# The server only accepts connections from clients connecting from the +# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain +# sockets. +# +# By default protected mode is enabled. You should disable it only if +# you are sure you want clients from other hosts to connect to Redis +# even if no authentication is configured, nor a specific set of interfaces +# are explicitly listed using the "bind" directive. +protected-mode yes + +# Accept connections on the specified port, default is 6379 (IANA #815344). +# If port 0 is specified Redis will not listen on a TCP socket. +port 6379 + +# TCP listen() backlog. +# +# In high requests-per-second environments you need an high backlog in order +# to avoid slow clients connections issues. Note that the Linux kernel +# will silently truncate it to the value of /proc/sys/net/core/somaxconn so +# make sure to raise both the value of somaxconn and tcp_max_syn_backlog +# in order to get the desired effect. +tcp-backlog 511 + +# Unix socket. +# +# Specify the path for the Unix socket that will be used to listen for +# incoming connections. There is no default, so Redis will not listen +# on a unix socket when not specified. +# +# unixsocket /var/run/redis/redis-server.sock +# unixsocketperm 700 + +# Close the connection after a client is idle for N seconds (0 to disable) +timeout 0 + +# TCP keepalive. +# +# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence +# of communication. This is useful for two reasons: +# +# 1) Detect dead peers. +# 2) Take the connection alive from the point of view of network +# equipment in the middle. +# +# On Linux, the specified value (in seconds) is the period used to send ACKs. +# Note that to close the connection the double of the time is needed. +# On other kernels the period depends on the kernel configuration. +# +# A reasonable value for this option is 300 seconds, which is the new +# Redis default starting with Redis 3.2.1. +tcp-keepalive 300 + +################################# GENERAL ##################################### + +# By default Redis does not run as a daemon. Use 'yes' if you need it. +# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. +daemonize yes + +# If you run Redis from upstart or systemd, Redis can interact with your +# supervision tree. Options: +# supervised no - no supervision interaction +# supervised upstart - signal upstart by putting Redis into SIGSTOP mode +# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET +# supervised auto - detect upstart or systemd method based on +# UPSTART_JOB or NOTIFY_SOCKET environment variables +# Note: these supervision methods only signal "process is ready." +# They do not enable continuous liveness pings back to your supervisor. +supervised no + +# If a pid file is specified, Redis writes it where specified at startup +# and removes it at exit. +# +# When the server runs non daemonized, no pid file is created if none is +# specified in the configuration. When the server is daemonized, the pid file +# is used even if not specified, defaulting to "/var/run/redis.pid". +# +# Creating a pid file is best effort: if Redis is not able to create it +# nothing bad happens, the server will start and run normally. +pidfile /var/run/redis/redis-server.pid + +# Specify the server verbosity level. +# This can be one of: +# debug (a lot of information, useful for development/testing) +# verbose (many rarely useful info, but not a mess like the debug level) +# notice (moderately verbose, what you want in production probably) +# warning (only very important / critical messages are logged) +loglevel notice + +# Specify the log file name. Also the empty string can be used to force +# Redis to log on the standard output. Note that if you use standard +# output for logging but daemonize, logs will be sent to /dev/null +logfile /var/log/redis/redis-server.log + +# To enable logging to the system logger, just set 'syslog-enabled' to yes, +# and optionally update the other syslog parameters to suit your needs. +# syslog-enabled no + +# Specify the syslog identity. +# syslog-ident redis + +# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. +# syslog-facility local0 + +# Set the number of databases. The default database is DB 0, you can select +# a different one on a per-connection basis using SELECT where +# dbid is a number between 0 and 'databases'-1 +databases 16 + +# By default Redis shows an ASCII art logo only when started to log to the +# standard output and if the standard output is a TTY. Basically this means +# that normally a logo is displayed only in interactive sessions. +# +# However it is possible to force the pre-4.0 behavior and always show a +# ASCII art logo in startup logs by setting the following option to yes. +always-show-logo yes + +################################ SNAPSHOTTING ################################ +# +# Save the DB on disk: +# +# save +# +# Will save the DB if both the given number of seconds and the given +# number of write operations against the DB occurred. +# +# In the example below the behaviour will be to save: +# after 900 sec (15 min) if at least 1 key changed +# after 300 sec (5 min) if at least 10 keys changed +# after 60 sec if at least 10000 keys changed +# +# Note: you can disable saving completely by commenting out all "save" lines. +# +# It is also possible to remove all the previously configured save +# points by adding a save directive with a single empty string argument +# like in the following example: +# +# save "" + +save 900 1 +save 300 10 +save 60 10000 + +# By default Redis will stop accepting writes if RDB snapshots are enabled +# (at least one save point) and the latest background save failed. +# This will make the user aware (in a hard way) that data is not persisting +# on disk properly, otherwise chances are that no one will notice and some +# disaster will happen. +# +# If the background saving process will start working again Redis will +# automatically allow writes again. +# +# However if you have setup your proper monitoring of the Redis server +# and persistence, you may want to disable this feature so that Redis will +# continue to work as usual even if there are problems with disk, +# permissions, and so forth. +stop-writes-on-bgsave-error yes + +# Compress string objects using LZF when dump .rdb databases? +# For default that's set to 'yes' as it's almost always a win. +# If you want to save some CPU in the saving child set it to 'no' but +# the dataset will likely be bigger if you have compressible values or keys. +rdbcompression yes + +# Since version 5 of RDB a CRC64 checksum is placed at the end of the file. +# This makes the format more resistant to corruption but there is a performance +# hit to pay (around 10%) when saving and loading RDB files, so you can disable it +# for maximum performances. +# +# RDB files created with checksum disabled have a checksum of zero that will +# tell the loading code to skip the check. +rdbchecksum yes + +# The filename where to dump the DB +dbfilename dump.rdb + +# The working directory. +# +# The DB will be written inside this directory, with the filename specified +# above using the 'dbfilename' configuration directive. +# +# The Append Only File will also be created inside this directory. +# +# Note that you must specify a directory here, not a file name. +dir /var/lib/redis + +################################# REPLICATION ################################# + +# Master-Replica replication. Use replicaof to make a Redis instance a copy of +# another Redis server. A few things to understand ASAP about Redis replication. +# +# +------------------+ +---------------+ +# | Master | ---> | Replica | +# | (receive writes) | | (exact copy) | +# +------------------+ +---------------+ +# +# 1) Redis replication is asynchronous, but you can configure a master to +# stop accepting writes if it appears to be not connected with at least +# a given number of replicas. +# 2) Redis replicas are able to perform a partial resynchronization with the +# master if the replication link is lost for a relatively small amount of +# time. You may want to configure the replication backlog size (see the next +# sections of this file) with a sensible value depending on your needs. +# 3) Replication is automatic and does not need user intervention. After a +# network partition replicas automatically try to reconnect to masters +# and resynchronize with them. +# +# replicaof + +# If the master is password protected (using the "requirepass" configuration +# directive below) it is possible to tell the replica to authenticate before +# starting the replication synchronization process, otherwise the master will +# refuse the replica request. +# +# masterauth + +# When a replica loses its connection with the master, or when the replication +# is still in progress, the replica can act in two different ways: +# +# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will +# still reply to client requests, possibly with out of date data, or the +# data set may just be empty if this is the first synchronization. +# +# 2) if replica-serve-stale-data is set to 'no' the replica will reply with +# an error "SYNC with master in progress" to all the kind of commands +# but to INFO, replicaOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, +# SUBSCRIBE, UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, +# COMMAND, POST, HOST: and LATENCY. +# +replica-serve-stale-data yes + +# You can configure a replica instance to accept writes or not. Writing against +# a replica instance may be useful to store some ephemeral data (because data +# written on a replica will be easily deleted after resync with the master) but +# may also cause problems if clients are writing to it because of a +# misconfiguration. +# +# Since Redis 2.6 by default replicas are read-only. +# +# Note: read only replicas are not designed to be exposed to untrusted clients +# on the internet. It's just a protection layer against misuse of the instance. +# Still a read only replica exports by default all the administrative commands +# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve +# security of read only replicas using 'rename-command' to shadow all the +# administrative / dangerous commands. +replica-read-only yes + +# Replication SYNC strategy: disk or socket. +# +# ------------------------------------------------------- +# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY +# ------------------------------------------------------- +# +# New replicas and reconnecting replicas that are not able to continue the replication +# process just receiving differences, need to do what is called a "full +# synchronization". An RDB file is transmitted from the master to the replicas. +# The transmission can happen in two different ways: +# +# 1) Disk-backed: The Redis master creates a new process that writes the RDB +# file on disk. Later the file is transferred by the parent +# process to the replicas incrementally. +# 2) Diskless: The Redis master creates a new process that directly writes the +# RDB file to replica sockets, without touching the disk at all. +# +# With disk-backed replication, while the RDB file is generated, more replicas +# can be queued and served with the RDB file as soon as the current child producing +# the RDB file finishes its work. With diskless replication instead once +# the transfer starts, new replicas arriving will be queued and a new transfer +# will start when the current one terminates. +# +# When diskless replication is used, the master waits a configurable amount of +# time (in seconds) before starting the transfer in the hope that multiple replicas +# will arrive and the transfer can be parallelized. +# +# With slow disks and fast (large bandwidth) networks, diskless replication +# works better. +repl-diskless-sync no + +# When diskless replication is enabled, it is possible to configure the delay +# the server waits in order to spawn the child that transfers the RDB via socket +# to the replicas. +# +# This is important since once the transfer starts, it is not possible to serve +# new replicas arriving, that will be queued for the next RDB transfer, so the server +# waits a delay in order to let more replicas arrive. +# +# The delay is specified in seconds, and by default is 5 seconds. To disable +# it entirely just set it to 0 seconds and the transfer will start ASAP. +repl-diskless-sync-delay 5 + +# Replicas send PINGs to server in a predefined interval. It's possible to change +# this interval with the repl_ping_replica_period option. The default value is 10 +# seconds. +# +# repl-ping-replica-period 10 + +# The following option sets the replication timeout for: +# +# 1) Bulk transfer I/O during SYNC, from the point of view of replica. +# 2) Master timeout from the point of view of replicas (data, pings). +# 3) Replica timeout from the point of view of masters (REPLCONF ACK pings). +# +# It is important to make sure that this value is greater than the value +# specified for repl-ping-replica-period otherwise a timeout will be detected +# every time there is low traffic between the master and the replica. +# +# repl-timeout 60 + +# Disable TCP_NODELAY on the replica socket after SYNC? +# +# If you select "yes" Redis will use a smaller number of TCP packets and +# less bandwidth to send data to replicas. But this can add a delay for +# the data to appear on the replica side, up to 40 milliseconds with +# Linux kernels using a default configuration. +# +# If you select "no" the delay for data to appear on the replica side will +# be reduced but more bandwidth will be used for replication. +# +# By default we optimize for low latency, but in very high traffic conditions +# or when the master and replicas are many hops away, turning this to "yes" may +# be a good idea. +repl-disable-tcp-nodelay no + +# Set the replication backlog size. The backlog is a buffer that accumulates +# replica data when replicas are disconnected for some time, so that when a replica +# wants to reconnect again, often a full resync is not needed, but a partial +# resync is enough, just passing the portion of data the replica missed while +# disconnected. +# +# The bigger the replication backlog, the longer the time the replica can be +# disconnected and later be able to perform a partial resynchronization. +# +# The backlog is only allocated once there is at least a replica connected. +# +# repl-backlog-size 1mb + +# After a master has no longer connected replicas for some time, the backlog +# will be freed. The following option configures the amount of seconds that +# need to elapse, starting from the time the last replica disconnected, for +# the backlog buffer to be freed. +# +# Note that replicas never free the backlog for timeout, since they may be +# promoted to masters later, and should be able to correctly "partially +# resynchronize" with the replicas: hence they should always accumulate backlog. +# +# A value of 0 means to never release the backlog. +# +# repl-backlog-ttl 3600 + +# The replica priority is an integer number published by Redis in the INFO output. +# It is used by Redis Sentinel in order to select a replica to promote into a +# master if the master is no longer working correctly. +# +# A replica with a low priority number is considered better for promotion, so +# for instance if there are three replicas with priority 10, 100, 25 Sentinel will +# pick the one with priority 10, that is the lowest. +# +# However a special priority of 0 marks the replica as not able to perform the +# role of master, so a replica with priority of 0 will never be selected by +# Redis Sentinel for promotion. +# +# By default the priority is 100. +replica-priority 100 + +# It is possible for a master to stop accepting writes if there are less than +# N replicas connected, having a lag less or equal than M seconds. +# +# The N replicas need to be in "online" state. +# +# The lag in seconds, that must be <= the specified value, is calculated from +# the last ping received from the replica, that is usually sent every second. +# +# This option does not GUARANTEE that N replicas will accept the write, but +# will limit the window of exposure for lost writes in case not enough replicas +# are available, to the specified number of seconds. +# +# For example to require at least 3 replicas with a lag <= 10 seconds use: +# +# min-replicas-to-write 3 +# min-replicas-max-lag 10 +# +# Setting one or the other to 0 disables the feature. +# +# By default min-replicas-to-write is set to 0 (feature disabled) and +# min-replicas-max-lag is set to 10. + +# A Redis master is able to list the address and port of the attached +# replicas in different ways. For example the "INFO replication" section +# offers this information, which is used, among other tools, by +# Redis Sentinel in order to discover replica instances. +# Another place where this info is available is in the output of the +# "ROLE" command of a master. +# +# The listed IP and address normally reported by a replica is obtained +# in the following way: +# +# IP: The address is auto detected by checking the peer address +# of the socket used by the replica to connect with the master. +# +# Port: The port is communicated by the replica during the replication +# handshake, and is normally the port that the replica is using to +# listen for connections. +# +# However when port forwarding or Network Address Translation (NAT) is +# used, the replica may be actually reachable via different IP and port +# pairs. The following two options can be used by a replica in order to +# report to its master a specific set of IP and port, so that both INFO +# and ROLE will report those values. +# +# There is no need to use both the options if you need to override just +# the port or the IP address. +# +# replica-announce-ip 5.5.5.5 +# replica-announce-port 1234 + +################################## SECURITY ################################### + +# Require clients to issue AUTH before processing any other +# commands. This might be useful in environments in which you do not trust +# others with access to the host running redis-server. +# +# This should stay commented out for backward compatibility and because most +# people do not need auth (e.g. they run their own servers). +# +# Warning: since Redis is pretty fast an outside user can try up to +# 150k passwords per second against a good box. This means that you should +# use a very strong password otherwise it will be very easy to break. +# +requirepass notUsed + +# Command renaming. +# +# It is possible to change the name of dangerous commands in a shared +# environment. For instance the CONFIG command may be renamed into something +# hard to guess so that it will still be available for internal-use tools +# but not available for general clients. +# +# Example: +# +# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 +# +# It is also possible to completely kill a command by renaming it into +# an empty string: +# +# rename-command CONFIG "" +# +# Please note that changing the name of commands that are logged into the +# AOF file or transmitted to replicas may cause problems. + +################################### CLIENTS #################################### + +# Set the max number of connected clients at the same time. By default +# this limit is set to 10000 clients, however if the Redis server is not +# able to configure the process file limit to allow for the specified limit +# the max number of allowed clients is set to the current file limit +# minus 32 (as Redis reserves a few file descriptors for internal uses). +# +# Once the limit is reached Redis will close all the new connections sending +# an error 'max number of clients reached'. +# +# maxclients 10000 + +############################## MEMORY MANAGEMENT ################################ + +# Set a memory usage limit to the specified amount of bytes. +# When the memory limit is reached Redis will try to remove keys +# according to the eviction policy selected (see maxmemory-policy). +# +# If Redis can't remove keys according to the policy, or if the policy is +# set to 'noeviction', Redis will start to reply with errors to commands +# that would use more memory, like SET, LPUSH, and so on, and will continue +# to reply to read-only commands like GET. +# +# This option is usually useful when using Redis as an LRU or LFU cache, or to +# set a hard memory limit for an instance (using the 'noeviction' policy). +# +# WARNING: If you have replicas attached to an instance with maxmemory on, +# the size of the output buffers needed to feed the replicas are subtracted +# from the used memory count, so that network problems / resyncs will +# not trigger a loop where keys are evicted, and in turn the output +# buffer of replicas is full with DELs of keys evicted triggering the deletion +# of more keys, and so forth until the database is completely emptied. +# +# In short... if you have replicas attached it is suggested that you set a lower +# limit for maxmemory so that there is some free RAM on the system for replica +# output buffers (but this is not needed if the policy is 'noeviction'). +# +# maxmemory + +# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory +# is reached. You can select among five behaviors: +# +# volatile-lru -> Evict using approximated LRU among the keys with an expire set. +# allkeys-lru -> Evict any key using approximated LRU. +# volatile-lfu -> Evict using approximated LFU among the keys with an expire set. +# allkeys-lfu -> Evict any key using approximated LFU. +# volatile-random -> Remove a random key among the ones with an expire set. +# allkeys-random -> Remove a random key, any key. +# volatile-ttl -> Remove the key with the nearest expire time (minor TTL) +# noeviction -> Don't evict anything, just return an error on write operations. +# +# LRU means Least Recently Used +# LFU means Least Frequently Used +# +# Both LRU, LFU and volatile-ttl are implemented using approximated +# randomized algorithms. +# +# Note: with any of the above policies, Redis will return an error on write +# operations, when there are no suitable keys for eviction. +# +# At the date of writing these commands are: set setnx setex append +# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd +# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby +# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby +# getset mset msetnx exec sort +# +# The default is: +# +# maxmemory-policy noeviction + +# LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated +# algorithms (in order to save memory), so you can tune it for speed or +# accuracy. For default Redis will check five keys and pick the one that was +# used less recently, you can change the sample size using the following +# configuration directive. +# +# The default of 5 produces good enough results. 10 Approximates very closely +# true LRU but costs more CPU. 3 is faster but not very accurate. +# +# maxmemory-samples 5 + +# Starting from Redis 5, by default a replica will ignore its maxmemory setting +# (unless it is promoted to master after a failover or manually). It means +# that the eviction of keys will be just handled by the master, sending the +# DEL commands to the replica as keys evict in the master side. +# +# This behavior ensures that masters and replicas stay consistent, and is usually +# what you want, however if your replica is writable, or you want the replica to have +# a different memory setting, and you are sure all the writes performed to the +# replica are idempotent, then you may change this default (but be sure to understand +# what you are doing). +# +# Note that since the replica by default does not evict, it may end using more +# memory than the one set via maxmemory (there are certain buffers that may +# be larger on the replica, or data structures may sometimes take more memory and so +# forth). So make sure you monitor your replicas and make sure they have enough +# memory to never hit a real out-of-memory condition before the master hits +# the configured maxmemory setting. +# +# replica-ignore-maxmemory yes + +############################# LAZY FREEING #################################### + +# Redis has two primitives to delete keys. One is called DEL and is a blocking +# deletion of the object. It means that the server stops processing new commands +# in order to reclaim all the memory associated with an object in a synchronous +# way. If the key deleted is associated with a small object, the time needed +# in order to execute the DEL command is very small and comparable to most other +# O(1) or O(log_N) commands in Redis. However if the key is associated with an +# aggregated value containing millions of elements, the server can block for +# a long time (even seconds) in order to complete the operation. +# +# For the above reasons Redis also offers non blocking deletion primitives +# such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and +# FLUSHDB commands, in order to reclaim memory in background. Those commands +# are executed in constant time. Another thread will incrementally free the +# object in the background as fast as possible. +# +# DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled. +# It's up to the design of the application to understand when it is a good +# idea to use one or the other. However the Redis server sometimes has to +# delete keys or flush the whole database as a side effect of other operations. +# Specifically Redis deletes objects independently of a user call in the +# following scenarios: +# +# 1) On eviction, because of the maxmemory and maxmemory policy configurations, +# in order to make room for new data, without going over the specified +# memory limit. +# 2) Because of expire: when a key with an associated time to live (see the +# EXPIRE command) must be deleted from memory. +# 3) Because of a side effect of a command that stores data on a key that may +# already exist. For example the RENAME command may delete the old key +# content when it is replaced with another one. Similarly SUNIONSTORE +# or SORT with STORE option may delete existing keys. The SET command +# itself removes any old content of the specified key in order to replace +# it with the specified string. +# 4) During replication, when a replica performs a full resynchronization with +# its master, the content of the whole database is removed in order to +# load the RDB file just transferred. +# +# In all the above cases the default is to delete objects in a blocking way, +# like if DEL was called. However you can configure each case specifically +# in order to instead release memory in a non-blocking way like if UNLINK +# was called, using the following configuration directives: + +lazyfree-lazy-eviction no +lazyfree-lazy-expire no +lazyfree-lazy-server-del no +replica-lazy-flush no + +############################## APPEND ONLY MODE ############################### + +# By default Redis asynchronously dumps the dataset on disk. This mode is +# good enough in many applications, but an issue with the Redis process or +# a power outage may result into a few minutes of writes lost (depending on +# the configured save points). +# +# The Append Only File is an alternative persistence mode that provides +# much better durability. For instance using the default data fsync policy +# (see later in the config file) Redis can lose just one second of writes in a +# dramatic event like a server power outage, or a single write if something +# wrong with the Redis process itself happens, but the operating system is +# still running correctly. +# +# AOF and RDB persistence can be enabled at the same time without problems. +# If the AOF is enabled on startup Redis will load the AOF, that is the file +# with the better durability guarantees. +# +# Please check http://redis.io/topics/persistence for more information. + +appendonly no + +# The name of the append only file (default: "appendonly.aof") + +appendfilename "appendonly.aof" + +# The fsync() call tells the Operating System to actually write data on disk +# instead of waiting for more data in the output buffer. Some OS will really flush +# data on disk, some other OS will just try to do it ASAP. +# +# Redis supports three different modes: +# +# no: don't fsync, just let the OS flush the data when it wants. Faster. +# always: fsync after every write to the append only log. Slow, Safest. +# everysec: fsync only one time every second. Compromise. +# +# The default is "everysec", as that's usually the right compromise between +# speed and data safety. It's up to you to understand if you can relax this to +# "no" that will let the operating system flush the output buffer when +# it wants, for better performances (but if you can live with the idea of +# some data loss consider the default persistence mode that's snapshotting), +# or on the contrary, use "always" that's very slow but a bit safer than +# everysec. +# +# More details please check the following article: +# http://antirez.com/post/redis-persistence-demystified.html +# +# If unsure, use "everysec". + +# appendfsync always +appendfsync everysec +# appendfsync no + +# When the AOF fsync policy is set to always or everysec, and a background +# saving process (a background save or AOF log background rewriting) is +# performing a lot of I/O against the disk, in some Linux configurations +# Redis may block too long on the fsync() call. Note that there is no fix for +# this currently, as even performing fsync in a different thread will block +# our synchronous write(2) call. +# +# In order to mitigate this problem it's possible to use the following option +# that will prevent fsync() from being called in the main process while a +# BGSAVE or BGREWRITEAOF is in progress. +# +# This means that while another child is saving, the durability of Redis is +# the same as "appendfsync none". In practical terms, this means that it is +# possible to lose up to 30 seconds of log in the worst scenario (with the +# default Linux settings). +# +# If you have latency problems turn this to "yes". Otherwise leave it as +# "no" that is the safest pick from the point of view of durability. + +no-appendfsync-on-rewrite no + +# Automatic rewrite of the append only file. +# Redis is able to automatically rewrite the log file implicitly calling +# BGREWRITEAOF when the AOF log size grows by the specified percentage. +# +# This is how it works: Redis remembers the size of the AOF file after the +# latest rewrite (if no rewrite has happened since the restart, the size of +# the AOF at startup is used). +# +# This base size is compared to the current size. If the current size is +# bigger than the specified percentage, the rewrite is triggered. Also +# you need to specify a minimal size for the AOF file to be rewritten, this +# is useful to avoid rewriting the AOF file even if the percentage increase +# is reached but it is still pretty small. +# +# Specify a percentage of zero in order to disable the automatic AOF +# rewrite feature. + +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb + +# An AOF file may be found to be truncated at the end during the Redis +# startup process, when the AOF data gets loaded back into memory. +# This may happen when the system where Redis is running +# crashes, especially when an ext4 filesystem is mounted without the +# data=ordered option (however this can't happen when Redis itself +# crashes or aborts but the operating system still works correctly). +# +# Redis can either exit with an error when this happens, or load as much +# data as possible (the default now) and start if the AOF file is found +# to be truncated at the end. The following option controls this behavior. +# +# If aof-load-truncated is set to yes, a truncated AOF file is loaded and +# the Redis server starts emitting a log to inform the user of the event. +# Otherwise if the option is set to no, the server aborts with an error +# and refuses to start. When the option is set to no, the user requires +# to fix the AOF file using the "redis-check-aof" utility before to restart +# the server. +# +# Note that if the AOF file will be found to be corrupted in the middle +# the server will still exit with an error. This option only applies when +# Redis will try to read more data from the AOF file but not enough bytes +# will be found. +aof-load-truncated yes + +# When rewriting the AOF file, Redis is able to use an RDB preamble in the +# AOF file for faster rewrites and recoveries. When this option is turned +# on the rewritten AOF file is composed of two different stanzas: +# +# [RDB file][AOF tail] +# +# When loading Redis recognizes that the AOF file starts with the "REDIS" +# string and loads the prefixed RDB file, and continues loading the AOF +# tail. +aof-use-rdb-preamble yes + +################################ LUA SCRIPTING ############################### + +# Max execution time of a Lua script in milliseconds. +# +# If the maximum execution time is reached Redis will log that a script is +# still in execution after the maximum allowed time and will start to +# reply to queries with an error. +# +# When a long running script exceeds the maximum execution time only the +# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be +# used to stop a script that did not yet called write commands. The second +# is the only way to shut down the server in the case a write command was +# already issued by the script but the user doesn't want to wait for the natural +# termination of the script. +# +# Set it to 0 or a negative value for unlimited execution without warnings. +lua-time-limit 5000 + +################################ REDIS CLUSTER ############################### +# +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however +# in order to mark it as "mature" we need to wait for a non trivial percentage +# of users to deploy it in production. +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +# +# Normal Redis instances can't be part of a Redis Cluster; only nodes that are +# started as cluster nodes can. In order to start a Redis instance as a +# cluster node enable the cluster support uncommenting the following: +# +# cluster-enabled yes + +# Every cluster node has a cluster configuration file. This file is not +# intended to be edited by hand. It is created and updated by Redis nodes. +# Every Redis Cluster node requires a different cluster configuration file. +# Make sure that instances running in the same system do not have +# overlapping cluster configuration file names. +# +# cluster-config-file nodes-6379.conf + +# Cluster node timeout is the amount of milliseconds a node must be unreachable +# for it to be considered in failure state. +# Most other internal time limits are multiple of the node timeout. +# +# cluster-node-timeout 15000 + +# A replica of a failing master will avoid to start a failover if its data +# looks too old. +# +# There is no simple way for a replica to actually have an exact measure of +# its "data age", so the following two checks are performed: +# +# 1) If there are multiple replicas able to failover, they exchange messages +# in order to try to give an advantage to the replica with the best +# replication offset (more data from the master processed). +# Replicas will try to get their rank by offset, and apply to the start +# of the failover a delay proportional to their rank. +# +# 2) Every single replica computes the time of the last interaction with +# its master. This can be the last ping or command received (if the master +# is still in the "connected" state), or the time that elapsed since the +# disconnection with the master (if the replication link is currently down). +# If the last interaction is too old, the replica will not try to failover +# at all. +# +# The point "2" can be tuned by user. Specifically a replica will not perform +# the failover if, since the last interaction with the master, the time +# elapsed is greater than: +# +# (node-timeout * replica-validity-factor) + repl-ping-replica-period +# +# So for example if node-timeout is 30 seconds, and the replica-validity-factor +# is 10, and assuming a default repl-ping-replica-period of 10 seconds, the +# replica will not try to failover if it was not able to talk with the master +# for longer than 310 seconds. +# +# A large replica-validity-factor may allow replicas with too old data to failover +# a master, while a too small value may prevent the cluster from being able to +# elect a replica at all. +# +# For maximum availability, it is possible to set the replica-validity-factor +# to a value of 0, which means, that replicas will always try to failover the +# master regardless of the last time they interacted with the master. +# (However they'll always try to apply a delay proportional to their +# offset rank). +# +# Zero is the only value able to guarantee that when all the partitions heal +# the cluster will always be able to continue. +# +# cluster-replica-validity-factor 10 + +# Cluster replicas are able to migrate to orphaned masters, that are masters +# that are left without working replicas. This improves the cluster ability +# to resist to failures as otherwise an orphaned master can't be failed over +# in case of failure if it has no working replicas. +# +# Replicas migrate to orphaned masters only if there are still at least a +# given number of other working replicas for their old master. This number +# is the "migration barrier". A migration barrier of 1 means that a replica +# will migrate only if there is at least 1 other working replica for its master +# and so forth. It usually reflects the number of replicas you want for every +# master in your cluster. +# +# Default is 1 (replicas migrate only if their masters remain with at least +# one replica). To disable migration just set it to a very large value. +# A value of 0 can be set but is useful only for debugging and dangerous +# in production. +# +# cluster-migration-barrier 1 + +# By default Redis Cluster nodes stop accepting queries if they detect there +# is at least an hash slot uncovered (no available node is serving it). +# This way if the cluster is partially down (for example a range of hash slots +# are no longer covered) all the cluster becomes, eventually, unavailable. +# It automatically returns available as soon as all the slots are covered again. +# +# However sometimes you want the subset of the cluster which is working, +# to continue to accept queries for the part of the key space that is still +# covered. In order to do so, just set the cluster-require-full-coverage +# option to no. +# +# cluster-require-full-coverage yes + +# This option, when set to yes, prevents replicas from trying to failover its +# master during master failures. However the master can still perform a +# manual failover, if forced to do so. +# +# This is useful in different scenarios, especially in the case of multiple +# data center operations, where we want one side to never be promoted if not +# in the case of a total DC failure. +# +# cluster-replica-no-failover no + +# In order to setup your cluster make sure to read the documentation +# available at http://redis.io web site. + +########################## CLUSTER DOCKER/NAT support ######################## + +# In certain deployments, Redis Cluster nodes address discovery fails, because +# addresses are NAT-ted or because ports are forwarded (the typical case is +# Docker and other containers). +# +# In order to make Redis Cluster working in such environments, a static +# configuration where each node knows its public address is needed. The +# following two options are used for this scope, and are: +# +# * cluster-announce-ip +# * cluster-announce-port +# * cluster-announce-bus-port +# +# Each instruct the node about its address, client port, and cluster message +# bus port. The information is then published in the header of the bus packets +# so that other nodes will be able to correctly map the address of the node +# publishing the information. +# +# If the above options are not used, the normal Redis Cluster auto-detection +# will be used instead. +# +# Note that when remapped, the bus port may not be at the fixed offset of +# clients port + 10000, so you can specify any port and bus-port depending +# on how they get remapped. If the bus-port is not set, a fixed offset of +# 10000 will be used as usually. +# +# Example: +# +# cluster-announce-ip 10.1.1.5 +# cluster-announce-port 6379 +# cluster-announce-bus-port 6380 + +################################## SLOW LOG ################################### + +# The Redis Slow Log is a system to log queries that exceeded a specified +# execution time. The execution time does not include the I/O operations +# like talking with the client, sending the reply and so forth, +# but just the time needed to actually execute the command (this is the only +# stage of command execution where the thread is blocked and can not serve +# other requests in the meantime). +# +# You can configure the slow log with two parameters: one tells Redis +# what is the execution time, in microseconds, to exceed in order for the +# command to get logged, and the other parameter is the length of the +# slow log. When a new command is logged the oldest one is removed from the +# queue of logged commands. + +# The following time is expressed in microseconds, so 1000000 is equivalent +# to one second. Note that a negative number disables the slow log, while +# a value of zero forces the logging of every command. +slowlog-log-slower-than 10000 + +# There is no limit to this length. Just be aware that it will consume memory. +# You can reclaim memory used by the slow log with SLOWLOG RESET. +slowlog-max-len 128 + +################################ LATENCY MONITOR ############################## + +# The Redis latency monitoring subsystem samples different operations +# at runtime in order to collect data related to possible sources of +# latency of a Redis instance. +# +# Via the LATENCY command this information is available to the user that can +# print graphs and obtain reports. +# +# The system only logs operations that were performed in a time equal or +# greater than the amount of milliseconds specified via the +# latency-monitor-threshold configuration directive. When its value is set +# to zero, the latency monitor is turned off. +# +# By default latency monitoring is disabled since it is mostly not needed +# if you don't have latency issues, and collecting data has a performance +# impact, that while very small, can be measured under big load. Latency +# monitoring can easily be enabled at runtime using the command +# "CONFIG SET latency-monitor-threshold " if needed. +latency-monitor-threshold 0 + +############################# EVENT NOTIFICATION ############################## + +# Redis can notify Pub/Sub clients about events happening in the key space. +# This feature is documented at http://redis.io/topics/notifications +# +# For instance if keyspace events notification is enabled, and a client +# performs a DEL operation on key "foo" stored in the Database 0, two +# messages will be published via Pub/Sub: +# +# PUBLISH __keyspace@0__:foo del +# PUBLISH __keyevent@0__:del foo +# +# It is possible to select the events that Redis will notify among a set +# of classes. Every class is identified by a single character: +# +# K Keyspace events, published with __keyspace@__ prefix. +# E Keyevent events, published with __keyevent@__ prefix. +# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... +# $ String commands +# l List commands +# s Set commands +# h Hash commands +# z Sorted set commands +# x Expired events (events generated every time a key expires) +# e Evicted events (events generated when a key is evicted for maxmemory) +# A Alias for g$lshzxe, so that the "AKE" string means all the events. +# +# The "notify-keyspace-events" takes as argument a string that is composed +# of zero or multiple characters. The empty string means that notifications +# are disabled. +# +# Example: to enable list and generic events, from the point of view of the +# event name, use: +# +# notify-keyspace-events Elg +# +# Example 2: to get the stream of the expired keys subscribing to channel +# name __keyevent@0__:expired use: +# +# notify-keyspace-events Ex +# +# By default all notifications are disabled because most users don't need +# this feature and the feature has some overhead. Note that if you don't +# specify at least one of K or E, no events will be delivered. +notify-keyspace-events "" + +############################### ADVANCED CONFIG ############################### + +# Hashes are encoded using a memory efficient data structure when they have a +# small number of entries, and the biggest entry does not exceed a given +# threshold. These thresholds can be configured using the following directives. +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 + +# Lists are also encoded in a special way to save a lot of space. +# The number of entries allowed per internal list node can be specified +# as a fixed maximum size or a maximum number of elements. +# For a fixed maximum size, use -5 through -1, meaning: +# -5: max size: 64 Kb <-- not recommended for normal workloads +# -4: max size: 32 Kb <-- not recommended +# -3: max size: 16 Kb <-- probably not recommended +# -2: max size: 8 Kb <-- good +# -1: max size: 4 Kb <-- good +# Positive numbers mean store up to _exactly_ that number of elements +# per list node. +# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), +# but if your use case is unique, adjust the settings as necessary. +list-max-ziplist-size -2 + +# Lists may also be compressed. +# Compress depth is the number of quicklist ziplist nodes from *each* side of +# the list to *exclude* from compression. The head and tail of the list +# are always uncompressed for fast push/pop operations. Settings are: +# 0: disable all list compression +# 1: depth 1 means "don't start compressing until after 1 node into the list, +# going from either the head or tail" +# So: [head]->node->node->...->node->[tail] +# [head], [tail] will always be uncompressed; inner nodes will compress. +# 2: [head]->[next]->node->node->...->node->[prev]->[tail] +# 2 here means: don't compress head or head->next or tail->prev or tail, +# but compress all nodes between them. +# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] +# etc. +list-compress-depth 0 + +# Sets have a special encoding in just one case: when a set is composed +# of just strings that happen to be integers in radix 10 in the range +# of 64 bit signed integers. +# The following configuration setting sets the limit in the size of the +# set in order to use this special memory saving encoding. +set-max-intset-entries 512 + +# Similarly to hashes and lists, sorted sets are also specially encoded in +# order to save a lot of space. This encoding is only used when the length and +# elements of a sorted set are below the following limits: +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 + +# HyperLogLog sparse representation bytes limit. The limit includes the +# 16 bytes header. When an HyperLogLog using the sparse representation crosses +# this limit, it is converted into the dense representation. +# +# A value greater than 16000 is totally useless, since at that point the +# dense representation is more memory efficient. +# +# The suggested value is ~ 3000 in order to have the benefits of +# the space efficient encoding without slowing down too much PFADD, +# which is O(N) with the sparse encoding. The value can be raised to +# ~ 10000 when CPU is not a concern, but space is, and the data set is +# composed of many HyperLogLogs with cardinality in the 0 - 15000 range. +hll-sparse-max-bytes 3000 + +# Streams macro node max size / items. The stream data structure is a radix +# tree of big nodes that encode multiple items inside. Using this configuration +# it is possible to configure how big a single node can be in bytes, and the +# maximum number of items it may contain before switching to a new node when +# appending new stream entries. If any of the following settings are set to +# zero, the limit is ignored, so for instance it is possible to set just a +# max entires limit by setting max-bytes to 0 and max-entries to the desired +# value. +stream-node-max-bytes 4096 +stream-node-max-entries 100 + +# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in +# order to help rehashing the main Redis hash table (the one mapping top-level +# keys to values). The hash table implementation Redis uses (see dict.c) +# performs a lazy rehashing: the more operation you run into a hash table +# that is rehashing, the more rehashing "steps" are performed, so if the +# server is idle the rehashing is never complete and some more memory is used +# by the hash table. +# +# The default is to use this millisecond 10 times every second in order to +# actively rehash the main dictionaries, freeing memory when possible. +# +# If unsure: +# use "activerehashing no" if you have hard latency requirements and it is +# not a good thing in your environment that Redis can reply from time to time +# to queries with 2 milliseconds delay. +# +# use "activerehashing yes" if you don't have such hard requirements but +# want to free memory asap when possible. +activerehashing yes + +# The client output buffer limits can be used to force disconnection of clients +# that are not reading data from the server fast enough for some reason (a +# common reason is that a Pub/Sub client can't consume messages as fast as the +# publisher can produce them). +# +# The limit can be set differently for the three different classes of clients: +# +# normal -> normal clients including MONITOR clients +# replica -> replica clients +# pubsub -> clients subscribed to at least one pubsub channel or pattern +# +# The syntax of every client-output-buffer-limit directive is the following: +# +# client-output-buffer-limit +# +# A client is immediately disconnected once the hard limit is reached, or if +# the soft limit is reached and remains reached for the specified number of +# seconds (continuously). +# So for instance if the hard limit is 32 megabytes and the soft limit is +# 16 megabytes / 10 seconds, the client will get disconnected immediately +# if the size of the output buffers reach 32 megabytes, but will also get +# disconnected if the client reaches 16 megabytes and continuously overcomes +# the limit for 10 seconds. +# +# By default normal clients are not limited because they don't receive data +# without asking (in a push way), but just after a request, so only +# asynchronous clients may create a scenario where data is requested faster +# than it can read. +# +# Instead there is a default limit for pubsub and replica clients, since +# subscribers and replicas receive data in a push fashion. +# +# Both the hard or the soft limit can be disabled by setting them to zero. +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit replica 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 + +# Client query buffers accumulate new commands. They are limited to a fixed +# amount by default in order to avoid that a protocol desynchronization (for +# instance due to a bug in the client) will lead to unbound memory usage in +# the query buffer. However you can configure it here if you have very special +# needs, such us huge multi/exec requests or alike. +# +# client-query-buffer-limit 1gb + +# In the Redis protocol, bulk requests, that are, elements representing single +# strings, are normally limited ot 512 mb. However you can change this limit +# here. +# +# proto-max-bulk-len 512mb + +# Redis calls an internal function to perform many background tasks, like +# closing connections of clients in timeout, purging expired keys that are +# never requested, and so forth. +# +# Not all tasks are performed with the same frequency, but Redis checks for +# tasks to perform according to the specified "hz" value. +# +# By default "hz" is set to 10. Raising the value will use more CPU when +# Redis is idle, but at the same time will make Redis more responsive when +# there are many keys expiring at the same time, and timeouts may be +# handled with more precision. +# +# The range is between 1 and 500, however a value over 100 is usually not +# a good idea. Most users should use the default of 10 and raise this up to +# 100 only in environments where very low latency is required. +hz 10 + +# Normally it is useful to have an HZ value which is proportional to the +# number of clients connected. This is useful in order, for instance, to +# avoid too many clients are processed for each background task invocation +# in order to avoid latency spikes. +# +# Since the default HZ value by default is conservatively set to 10, Redis +# offers, and enables by default, the ability to use an adaptive HZ value +# which will temporary raise when there are many connected clients. +# +# When dynamic HZ is enabled, the actual configured HZ will be used as +# as a baseline, but multiples of the configured HZ value will be actually +# used as needed once more clients are connected. In this way an idle +# instance will use very little CPU time while a busy instance will be +# more responsive. +dynamic-hz yes + +# When a child rewrites the AOF file, if the following option is enabled +# the file will be fsync-ed every 32 MB of data generated. This is useful +# in order to commit the file to the disk more incrementally and avoid +# big latency spikes. +aof-rewrite-incremental-fsync yes + +# When redis saves RDB file, if the following option is enabled +# the file will be fsync-ed every 32 MB of data generated. This is useful +# in order to commit the file to the disk more incrementally and avoid +# big latency spikes. +rdb-save-incremental-fsync yes + +# Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good +# idea to start with the default settings and only change them after investigating +# how to improve the performances and how the keys LFU change over time, which +# is possible to inspect via the OBJECT FREQ command. +# +# There are two tunable parameters in the Redis LFU implementation: the +# counter logarithm factor and the counter decay time. It is important to +# understand what the two parameters mean before changing them. +# +# The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis +# uses a probabilistic increment with logarithmic behavior. Given the value +# of the old counter, when a key is accessed, the counter is incremented in +# this way: +# +# 1. A random number R between 0 and 1 is extracted. +# 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1). +# 3. The counter is incremented only if R < P. +# +# The default lfu-log-factor is 10. This is a table of how the frequency +# counter changes with a different number of accesses with different +# logarithmic factors: +# +# +--------+------------+------------+------------+------------+------------+ +# | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits | +# +--------+------------+------------+------------+------------+------------+ +# | 0 | 104 | 255 | 255 | 255 | 255 | +# +--------+------------+------------+------------+------------+------------+ +# | 1 | 18 | 49 | 255 | 255 | 255 | +# +--------+------------+------------+------------+------------+------------+ +# | 10 | 10 | 18 | 142 | 255 | 255 | +# +--------+------------+------------+------------+------------+------------+ +# | 100 | 8 | 11 | 49 | 143 | 255 | +# +--------+------------+------------+------------+------------+------------+ +# +# NOTE: The above table was obtained by running the following commands: +# +# redis-benchmark -n 1000000 incr foo +# redis-cli object freq foo +# +# NOTE 2: The counter initial value is 5 in order to give new objects a chance +# to accumulate hits. +# +# The counter decay time is the time, in minutes, that must elapse in order +# for the key counter to be divided by two (or decremented if it has a value +# less <= 10). +# +# The default value for the lfu-decay-time is 1. A Special value of 0 means to +# decay the counter every time it happens to be scanned. +# +# lfu-log-factor 10 +# lfu-decay-time 1 + +########################### ACTIVE DEFRAGMENTATION ####################### +# +# WARNING THIS FEATURE IS EXPERIMENTAL. However it was stress tested +# even in production and manually tested by multiple engineers for some +# time. +# +# What is active defragmentation? +# ------------------------------- +# +# Active (online) defragmentation allows a Redis server to compact the +# spaces left between small allocations and deallocations of data in memory, +# thus allowing to reclaim back memory. +# +# Fragmentation is a natural process that happens with every allocator (but +# less so with Jemalloc, fortunately) and certain workloads. Normally a server +# restart is needed in order to lower the fragmentation, or at least to flush +# away all the data and create it again. However thanks to this feature +# implemented by Oran Agra for Redis 4.0 this process can happen at runtime +# in an "hot" way, while the server is running. +# +# Basically when the fragmentation is over a certain level (see the +# configuration options below) Redis will start to create new copies of the +# values in contiguous memory regions by exploiting certain specific Jemalloc +# features (in order to understand if an allocation is causing fragmentation +# and to allocate it in a better place), and at the same time, will release the +# old copies of the data. This process, repeated incrementally for all the keys +# will cause the fragmentation to drop back to normal values. +# +# Important things to understand: +# +# 1. This feature is disabled by default, and only works if you compiled Redis +# to use the copy of Jemalloc we ship with the source code of Redis. +# This is the default with Linux builds. +# +# 2. You never need to enable this feature if you don't have fragmentation +# issues. +# +# 3. Once you experience fragmentation, you can enable this feature when +# needed with the command "CONFIG SET activedefrag yes". +# +# The configuration parameters are able to fine tune the behavior of the +# defragmentation process. If you are not sure about what they mean it is +# a good idea to leave the defaults untouched. + +# Enabled active defragmentation +# activedefrag yes + +# Minimum amount of fragmentation waste to start active defrag +# active-defrag-ignore-bytes 100mb + +# Minimum percentage of fragmentation to start active defrag +# active-defrag-threshold-lower 10 + +# Maximum percentage of fragmentation at which we use maximum effort +# active-defrag-threshold-upper 100 + +# Minimal effort for defrag in CPU percentage +# active-defrag-cycle-min 5 + +# Maximal effort for defrag in CPU percentage +# active-defrag-cycle-max 75 + +# Maximum number of set/hash/zset/list fields that will be processed from +# the main dictionary scan +# active-defrag-max-scan-fields 1000 From 49864f5c5ce9d58d3ae23a936233f7a97b5e4629 Mon Sep 17 00:00:00 2001 From: Justin Eveland Date: Fri, 22 Jan 2021 10:01:37 -0500 Subject: [PATCH 5/5] feat: add manual test w/ 4 integrations --- .../linux/nginx-mysql-jmx-redis-linux2.json | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 test/manual/definitions/ohi/linux/nginx-mysql-jmx-redis-linux2.json diff --git a/test/manual/definitions/ohi/linux/nginx-mysql-jmx-redis-linux2.json b/test/manual/definitions/ohi/linux/nginx-mysql-jmx-redis-linux2.json new file mode 100644 index 000000000..837835bc5 --- /dev/null +++ b/test/manual/definitions/ohi/linux/nginx-mysql-jmx-redis-linux2.json @@ -0,0 +1,58 @@ +{ + "global_tags": { + "owning_team": "OpenSource", + "Environment": "development", + "Department": "Product", + "Product": "Virtuoso" + }, + + "resources": [{ + "id": "nmjrlinux2", + "display_name": "NginxMySqlJmxRedisLinux2Host", + "provider": "aws", + "type": "ec2", + "size": "t3.small", + "ami_name": "amazonlinux-2-base*", + "user_name": "ec2-user" + }], + + "services": [{ + "id": "nginx1", + "destinations": ["nmjrlinux2"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/nginx/install/linux2/roles", + "port": 80, + "params": { + "create_env_var": true, + "open_status_url": true + } + },{ + "id": "mysql1", + "destinations": ["nmjrlinux2"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/mysql/install/rhel/roles", + "port": 9999, + "params": { + "create_env_var": true, + "create_newrelic_user": true + } + },{ + "id": "jmx1", + "destinations": ["nmjrlinux2"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/jmx-jboss/install/rhel/roles", + "port": 9990, + "params": { + "create_env_var": true + } + },{ + "id": "redis1", + "destinations": ["nmjrlinux2"], + "source_repository": "https://github.com/newrelic/open-install-library.git", + "deploy_script_path": "test/deploy/linux/redis/install/rhel/roles", + "port": 6379, + "params": { + "create_env_var": true + } + }] +} \ No newline at end of file