From 9109b0badcedb328accb5572494563173e59a8a3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 Mar 2024 17:19:03 +0200 Subject: [PATCH] Add support for KeyDB and do not recommend Redis anymore Fixes https://github.com/mother-of-all-self-hosting/mash-playbook/issues/175 --- docs/running-multiple-instances.md | 58 +++++++++++------------ docs/services/authelia.md | 16 +++---- docs/services/authentik.md | 60 +++++++++++------------ docs/services/funkwhale.md | 60 +++++++++++------------ docs/services/keydb.md | 39 +++++++++++++++ docs/services/lago.md | 58 +++++++++++------------ docs/services/netbox.md | 64 ++++++++++++------------- docs/services/nextcloud.md | 76 +++++++++++++++--------------- docs/services/outline.md | 12 ++--- docs/services/peertube.md | 60 +++++++++++------------ docs/services/redis.md | 2 + docs/supported-services.md | 1 + templates/group_vars_mash_servers | 32 +++++++++++++ templates/requirements.yml | 4 ++ 14 files changed, 310 insertions(+), 232 deletions(-) create mode 100644 docs/services/keydb.md diff --git a/docs/running-multiple-instances.md b/docs/running-multiple-instances.md index 294bbd7..416df17 100644 --- a/docs/running-multiple-instances.md +++ b/docs/running-multiple-instances.md @@ -4,11 +4,11 @@ The way this playbook is structured, each Ansible role can only be invoked once If you need multiple instances (of whichever service), you'll need some workarounds as described below. -The example below focuses on hosting multiple [Redis](services/redis.md) instances, but you can apply it to hosting multiple instances or whole stacks of any kind. +The example below focuses on hosting multiple [KeyDB](services/keydb.md) instances, but you can apply it to hosting multiple instances or whole stacks of any kind. -Let's say you're managing a host called `mash.example.com` which installs both [PeerTube](services/peertube.md) and [NetBox](services/netbox.md). Both of these services require a [Redis](services/redis.md) instance. If you simply add `redis_enabled: true` to your `mash.example.com` host's `vars.yml` file, you'd get a Redis instance (`mash-redis`), but it's just one instance. As described in our [Redis](services/redis.md) documentation, this is a security problem and potentially fragile as both services may try to read/write the same data and get in conflict with one another. +Let's say you're managing a host called `mash.example.com` which installs both [PeerTube](services/peertube.md) and [NetBox](services/netbox.md). Both of these services require a [KeyDB](services/keydb.md) instance. If you simply add `keydb_enabled: true` to your `mash.example.com` host's `vars.yml` file, you'd get a KeyDB instance (`mash-keydb`), but it's just one instance. As described in our [KeyDB](services/keydb.md) documentation, this is a security problem and potentially fragile as both services may try to read/write the same data and get in conflict with one another. -We propose that you **don't** add `redis_enabled: true` to your main `mash.example.com` file, but do the following: +We propose that you **don't** add `keydb_enabled: true` to your main `mash.example.com` file, but do the following: ## Re-do your inventory to add supplementary hosts @@ -40,7 +40,7 @@ When running Ansible commands later on, you can use the `-l` flag to limit which ## Adjust the configuration of the supplementary hosts to use a new "namespace" -Multiple hosts targetting the same server as described above still causes conflicts, because services will use the same paths (e.g. `/mash/redis`) and service/container names (`mash-redis`) everywhere. +Multiple hosts targetting the same server as described above still causes conflicts, because services will use the same paths (e.g. `/mash/keydb`) and service/container names (`mash-keydb`) everywhere. To avoid conflicts, adjust the `vars.yml` file for the new hosts (`mash.example.com-netbox-deps` and `mash.example.com-peertube-deps`) and set non-default and unique values in the `mash_playbook_service_identifier_prefix` and `mash_playbook_service_base_directory_name_prefix` variables. Examples below: @@ -73,15 +73,15 @@ mash_playbook_service_base_directory_name_prefix: 'netbox-' ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## ``` @@ -114,30 +114,30 @@ mash_playbook_service_base_directory_name_prefix: 'peertube-' ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## ``` -The above configuration will create **2** Redis instances: +The above configuration will create **2** KeyDB instances: -- `mash-netbox-redis` with its base data path in `/mash/netbox-redis` -- `mash-peertube-redis` with its base data path in `/mash/peertube-redis` +- `mash-netbox-keydb` with its base data path in `/mash/netbox-keydb` +- `mash-peertube-keydb` with its base data path in `/mash/peertube-keydb` These instances reuse the `mash` user and group and the `/mash` data path, but are not in conflict with each other. ## Adjust the configuration of the base host -Now that we've created separate Redis instances for both PeerTube and NetBox, we need to put them to use by editing the `vars.yml` file of the main host (the one that installs PeerTbue and NetBox) to wire them to their Redis instances. +Now that we've created separate KeyDB instances for both PeerTube and NetBox, we need to put them to use by editing the `vars.yml` file of the main host (the one that installs PeerTbue and NetBox) to wire them to their KeyDB instances. You'll need configuration (`inventory/host_vars/mash.example.com/vars.yml`) like this: @@ -152,17 +152,17 @@ netbox_enabled: true # Other NetBox configuration here -# Point NetBox to its dedicated Redis instance -netbox_environment_variable_redis_host: mash-netbox-redis -netbox_environment_variable_redis_cache_host: mash-netbox-redis +# Point NetBox to its dedicated KeyDB instance +netbox_environment_variable_redis_host: mash-netbox-keydb +netbox_environment_variable_redis_cache_host: mash-netbox-keydb -# Make sure the NetBox service (mash-netbox.service) starts after its dedicated Redis service (mash-netbox-redis.service) +# Make sure the NetBox service (mash-netbox.service) starts after its dedicated KeyDB service (mash-netbox-keydb.service) netbox_systemd_required_services_list_custom: - - mash-netbox-redis.service + - mash-netbox-keydb.service -# Make sure the NetBox container is connected to the container network of its dedicated Redis service (mash-netbox-redis) +# Make sure the NetBox container is connected to the container network of its dedicated KeyDB service (mash-netbox-keydb) netbox_container_additional_networks_custom: - - mash-netbox-redis + - mash-netbox-keydb ######################################################################## # # @@ -180,16 +180,16 @@ netbox_container_additional_networks_custom: # Other PeerTube configuration here -# Point PeerTube to its dedicated Redis instance -peertube_config_redis_hostname: mash-peertube-redis +# Point PeerTube to its dedicated KeyDB instance +peertube_config_redis_hostname: mash-peertube-keydb -# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated Redis service (mash-peertube-redis.service) +# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated KeyDB service (mash-peertube-keydb.service) peertube_systemd_required_services_list_custom: - - "mash-peertube-redis.service" + - "mash-peertube-keydb.service" -# Make sure the PeerTube container is connected to the container network of its dedicated Redis service (mash-peertube-redis) +# Make sure the PeerTube container is connected to the container network of its dedicated KeyDB service (mash-peertube-keydb) peertube_container_additional_networks_custom: - - "mash-peertube-redis" + - "mash-peertube-keydb" ######################################################################## # # @@ -201,9 +201,9 @@ peertube_container_additional_networks_custom: ## Questions & Answers -**Can't I just use the same Redis instance for multiple services?** +**Can't I just use the same KeyDB instance for multiple services?** -> You may or you may not. See the [Redis](services/redis.md) documentation for why you shouldn't do this. +> You may or you may not. See the [KeyDB](services/keydb.md) documentation for why you shouldn't do this. **Can't I just create one host and a separate stack for each service** (e.g. Nextcloud + all dependencies on one inventory host; PeerTube + all dependencies on another inventory host; with both inventory hosts targetting the same server)? diff --git a/docs/services/authelia.md b/docs/services/authelia.md index 90e8dc8..a3bc5e7 100644 --- a/docs/services/authelia.md +++ b/docs/services/authelia.md @@ -16,9 +16,9 @@ This service requires the following other services: - (optional) a MySQL / [MariaDB](mariadb.md) database - if enabled for your Ansible inventory host (and you don't also enable Postgres), Authelia will be connected to the MariaDB server automatically - or SQLite, used by default when none of the above database choices is enabled for your Ansible inventory host -- (optional, but recommended) [Redis](redis.md) +- (optional, but recommended) [KeyDB](keydb.md) - for storing session information in a persistent manner - - if Redis is not enabled, session information is stored in-memory and restarting Authelia destroys user sessions + - if KeyDB is not enabled, session information is stored in-memory and restarting Authelia destroys user sessions - a [Traefik](traefik.md) reverse-proxy server - for serving the Authelia portal website @@ -87,11 +87,11 @@ authelia_config_access_control_rules: - domain: 'service1.example.com' policy: one_factor -# The configuration below connects Authelia to the Redis instance, for session storage purposes. -# You may wish to run a separate Redis instance for Authelia, because Redis is not multi-tenant. +# The configuration below connects Authelia to the KeyDB instance, for session storage purposes. +# You may wish to run a separate KeyDB instance for Authelia, because KeyDB is not multi-tenant. # Read more in docs/services/redis.md. -# If Redis is not available, session data will be stored in memory and will be lost on container restart. -authelia_config_session_redis_host: "{{ redis_identifier if redis_enabled else '' }}" +# If KeyDB is not available, session data will be stored in memory and will be lost on container restart. +authelia_config_session_redis_host: "{{ keydb_identifier if keydb_enabled else '' }}" ######################################################################## # # @@ -111,9 +111,9 @@ On the Authelia base URL, there's a portal website where you can log in and mana ### Session storage -As mentioned in the default configuration above (see `authelia_config_session_redis_host`), you may wish to run [Redis](redis.md) for storing session data. +As mentioned in the default configuration above (see `authelia_config_session_redis_host`), you may wish to run [KeyDB](keydb.md) for storing session data. -You may wish to run a separate Redis instance for Authelia, because Redis is not multi-tenant. See [our Redis documentation page](redis.md) for additional details. When running a separate instance of Redis, you may need to connect Authelia to the Redis instance's container network via the `authelia_container_additional_networks_custom` variable. +You may wish to run a separate KeyDB instance for Authelia, because KeyDB is not multi-tenant. See [our KeyDB documentation page](keydb.md) for additional details. When running a separate instance of KeyDB, you may need to connect Authelia to the KeyDB instance's container network via the `authelia_container_additional_networks_custom` variable. ### Authentication storage providers diff --git a/docs/services/authentik.md b/docs/services/authentik.md index 2d669f9..7b9fe7e 100644 --- a/docs/services/authentik.md +++ b/docs/services/authentik.md @@ -10,7 +10,7 @@ This service requires the following other services: - a [Postgres](postgres.md) database -- a [Redis](redis.md) data-store, installation details [below](#redis) +- a [KeyDB](keydb.md) data-store, installation details [below](#keydb) - a [Traefik](traefik.md) reverse-proxy server @@ -32,7 +32,7 @@ authentik_hostname: authentik.example.com # Put a strong secret below, generated with `pwgen -s 64 1` or in another way authentik_secret_key: '' -# Redis configuration, as described below +# KeyDB configuration, as described below ######################################################################## # # @@ -41,28 +41,28 @@ authentik_secret_key: '' ######################################################################## ``` -### Redis +### KeyDB -As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to authentik](#creating-a-redis-instance-dedicated-to-authentik). +As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to authentik](#creating-a-keydb-instance-dedicated-to-authentik). -If you're only running authentik on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-authentik). +If you're only running authentik on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-authentik). -#### Using the shared Redis instance for authentik +#### Using the shared KeyDB instance for authentik -To install a single (non-dedicated) Redis instance (`mash-redis`) and hook authentik to it, add the following **additional** configuration: +To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook authentik to it, add the following **additional** configuration: ```yaml ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## @@ -75,16 +75,16 @@ redis_enabled: true # Base configuration as shown above -# Point authentik to the shared Redis instance -authentik_config_redis_hostname: "{{ redis_identifier }}" +# Point authentik to the shared KeyDB instance +authentik_config_redis_hostname: "{{ keydb_identifier }}" -# Make sure the authentik service (mash-authentik.service) starts after the shared Redis service (mash-redis.service) +# Make sure the authentik service (mash-authentik.service) starts after the shared KeyDB service (mash-keydb.service) authentik_systemd_required_services_list_custom: - - "{{ redis_identifier }}.service" + - "{{ keydb_identifier }}.service" -# Make sure the authentik container is connected to the container network of the shared Redis service (mash-redis) +# Make sure the authentik container is connected to the container network of the shared KeyDB service (mash-keydb) authentik_container_additional_networks_custom: - - "{{ redis_identifier }}" + - "{{ keydb_identifier }}" ######################################################################## # # @@ -93,12 +93,12 @@ authentik_container_additional_networks_custom: ######################################################################## ``` -This will create a `mash-redis` Redis instance on this host. +This will create a `mash-keydb` KeyDB instance on this host. -This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to authentik](#creating-a-redis-instance-dedicated-to-authentik). +This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to authentik](#creating-a-keydb-instance-dedicated-to-authentik). -#### Creating a Redis instance dedicated to authentik +#### Creating a KeyDB instance dedicated to authentik The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. @@ -134,20 +134,20 @@ mash_playbook_service_base_directory_name_prefix: 'authentik-' ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## ``` -This will create a `mash-authentik-redis` instance on this host with its data in `/mash/authentik-redis`. +This will create a `mash-authentik-keydb` instance on this host with its data in `/mash/authentik-keydb`. Then, adjust your main inventory host's variables file (`inventory/host_vars/authentik.example.com/vars.yml`) like this: @@ -160,16 +160,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/aut # Base configuration as shown above -# Point authentik to its dedicated Redis instance -authentik_config_redis_hostname: mash-authentik-redis +# Point authentik to its dedicated KeyDB instance +authentik_config_redis_hostname: mash-authentik-keydb -# Make sure the authentik service (mash-authentik.service) starts after its dedicated Redis service (mash-authentik-redis.service) +# Make sure the authentik service (mash-authentik.service) starts after its dedicated KeyDB service (mash-authentik-keydb.service) authentik_systemd_required_services_list_custom: - - "mash-authentik-redis.service" + - "mash-authentik-keydb.service" -# Make sure the authentik container is connected to the container network of its dedicated Redis service (mash-authentik-redis) +# Make sure the authentik container is connected to the container network of its dedicated KeyDB service (mash-authentik-keydb) authentik_container_additional_networks_custom: - - "mash-authentik-redis" + - "mash-authentik-keydb" ######################################################################## # # @@ -181,7 +181,7 @@ authentik_container_additional_networks_custom: ## Installation -If you've decided to install a dedicated Redis instance for authentik, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `authentik.example.com-deps`), before running installation for the main one (e.g. `authentik.example.com`). +If you've decided to install a dedicated KeyDB instance for authentik, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `authentik.example.com-deps`), before running installation for the main one (e.g. `authentik.example.com`). ## Usage diff --git a/docs/services/funkwhale.md b/docs/services/funkwhale.md index 2295078..a094ec0 100644 --- a/docs/services/funkwhale.md +++ b/docs/services/funkwhale.md @@ -8,7 +8,7 @@ This service requires the following other services: - a [Postgres](postgres.md) database -- a [Redis](redis.md) data-store, installation details [below](#redis) +- a [KeyDB](keydb.md) data-store, installation details [below](#keydb) - a [Traefik](traefik.md) reverse-proxy server @@ -30,7 +30,7 @@ funkwhale_hostname: mash.example.com # Put a strong secret below, generated with `pwgen -s 64 1` or in another way funkwhale_django_secret_key: '' -# Redis configuration, as described below +# KeyDB configuration, as described below ######################################################################## # # @@ -39,28 +39,28 @@ funkwhale_django_secret_key: '' ######################################################################## ``` -### Redis +### KeyDB -As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to funkwhale](#creating-a-redis-instance-dedicated-to-funkwhale). +As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to funkwhale](#creating-a-keydb-instance-dedicated-to-funkwhale). -If you're only running funkwhale on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-funkwhale). +If you're only running funkwhale on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-funkwhale). -#### Using the shared Redis instance for funkwhale +#### Using the shared KeyDB instance for funkwhale -To install a single (non-dedicated) Redis instance (`mash-redis`) and hook funkwhale to it, add the following **additional** configuration: +To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook funkwhale to it, add the following **additional** configuration: ```yaml ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## @@ -73,16 +73,16 @@ redis_enabled: true # Base configuration as shown above -# Point funkwhale to the shared Redis instance -funkwhale_config_redis_hostname: "{{ redis_identifier }}" +# Point funkwhale to the shared KeyDB instance +funkwhale_config_redis_hostname: "{{ keydb_identifier }}" -# Make sure the funkwhale API service (mash-funkwhale-api.service) starts after the shared Redis service +# Make sure the funkwhale API service (mash-funkwhale-api.service) starts after the shared KeyDB service funkwhale_api_systemd_required_services_list_custom: - - "{{ redis_identifier }}.service" + - "{{ keydb_identifier }}.service" -# Make sure the funkwhale API service (mash-funkwhale-api.service) is connected to the container network of the shared Redis service +# Make sure the funkwhale API service (mash-funkwhale-api.service) is connected to the container network of the shared KeyDB service funkwhale_api_container_additional_networks_custom: - - "{{ redis_container_network }}" + - "{{ keydb_container_network }}" ######################################################################## # # @@ -91,12 +91,12 @@ funkwhale_api_container_additional_networks_custom: ######################################################################## ``` -This will create a `mash-redis` Redis instance on this host. +This will create a `mash-keydb` KeyDB instance on this host. -This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to funkwhale](#creating-a-redis-instance-dedicated-to-funkwhale). +This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to funkwhale](#creating-a-keydb-instance-dedicated-to-funkwhale). -#### Creating a Redis instance dedicated to funkwhale +#### Creating a KeyDB instance dedicated to funkwhale The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. @@ -132,20 +132,20 @@ mash_playbook_service_base_directory_name_prefix: 'funkwhale-' ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## ``` -This will create a `mash-funkwhale-redis` instance on this host with its data in `/mash/funkwhale-redis`. +This will create a `mash-funkwhale-keydb` instance on this host with its data in `/mash/funkwhale-keydb`. Then, adjust your main inventory host's variables file (`inventory/host_vars/funkwhale.example.com/vars.yml`) like this: @@ -158,16 +158,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/fun # Base configuration as shown above -# Point funkwhale to its dedicated Redis instance -funkwhale_config_redis_hostname: mash-funkwhale-redis +# Point funkwhale to its dedicated KeyDB instance +funkwhale_config_redis_hostname: mash-funkwhale-keydb -# Make sure the funkwhale API service (mash-funkwhale-api.service) starts after its dedicated Redis service +# Make sure the funkwhale API service (mash-funkwhale-api.service) starts after its dedicated KeyDB service funkwhale_api_systemd_required_services_list_custom: - - "mash-funkwhale-redis.service" + - "mash-funkwhale-keydb.service" -# Make sure the funkwhale API service (mash-funkwhale-api.service) is connected to the container network of its dedicated Redis service +# Make sure the funkwhale API service (mash-funkwhale-api.service) is connected to the container network of its dedicated KeyDB service funkwhale_api_container_additional_networks_custom: - - "mash-funkwhale-redis" + - "mash-funkwhale-keydb" ######################################################################## # # @@ -179,7 +179,7 @@ funkwhale_api_container_additional_networks_custom: ## Installation -If you've decided to install a dedicated Redis instance for funkwhale, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `funkwhale.example.com-deps`), before running installation for the main one (e.g. `funkwhale.example.com`). +If you've decided to install a dedicated KeyDB instance for funkwhale, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `funkwhale.example.com-deps`), before running installation for the main one (e.g. `funkwhale.example.com`). ## Usage diff --git a/docs/services/keydb.md b/docs/services/keydb.md new file mode 100644 index 0000000..a29627c --- /dev/null +++ b/docs/services/keydb.md @@ -0,0 +1,39 @@ +# KeyDB + +[KeyDB](https://docs.keydb.dev/) is an open source, in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. + +We used to advocate for using [Redis](redis.md), but since [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/) we recommend that you use KeyDB instead. KeyDB is compatible with Redis, so switching should be straightforward. You can learn more about the switch from Redis to KeyDB in [this changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/50813c600db1c47b1f3e76707b81fe05d6c46ef5/CHANGELOG.md#backward-compatibility-break-the-playbook-now-defaults-to-keydb-instead-of-redis) for [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy). + +Some of the services installed by this playbook require a KeyDB data store. + +**Warning**: Because KeyDB is not as flexible as [Postgres](postgres.md) when it comes to authentication and data separation, it's **recommended that you run separate KeyDB instances** (one for each service). KeyDB supports multiple database and a [SELECT](https://docs.keydb.dev/docs/commands/#select) command for switching between them. However, **reusing the same KeyDB instance is not good enough** because: + +- if all services use the same KeyDB instance and database (id = 0), services may conflict with one another +- the number of databases is limited to [16 by default](https://github.com/Snapchat/KeyDB/blob/0731a0509a82af5114da1b5aa6cf8ba84c06e134/keydb.conf#L342-L345), which may or may not be enough. With configuration changes, this is solveable. +- some services do not support switching the KeyDB database and always insist on using the default one (id = 0) +- KeyDB [does not support different authentication credentials for its different databases](https://stackoverflow.com/a/37262596), so each service can potentially read and modify other services' data + +If you're only hosting a single service (like [PeerTube](peertube.md) or [NetBox](netbox.md)) on your server, you can get away with running a single instance. If you're hosting multiple services, you should prepare separate instances for each service. + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process to **host a single instance of the KeyDB service**: + +```yaml +######################################################################## +# # +# keydb # +# # +######################################################################## + +keydb_enabled: true + +######################################################################## +# # +# /keydb # +# # +######################################################################## +``` + +To **host multiple instances of the KeyDB service**, follow the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation or the **KeyDB** section (if available) of the service you're installing. diff --git a/docs/services/lago.md b/docs/services/lago.md index b8bd981..494625e 100644 --- a/docs/services/lago.md +++ b/docs/services/lago.md @@ -8,7 +8,7 @@ This service requires the following other services: - a [Postgres](postgres.md) database -- a [Redis](redis.md) data-store, installation details [below](#redis) +- a [KeyDB](keydb.md) data-store, installation details [below](#keydb) - a [Traefik](traefik.md) reverse-proxy server @@ -34,7 +34,7 @@ lago_api_environment_variable_lago_rsa_private_key: '' # unless you'd like to run a server with public registration enabled. lago_front_environment_variable_lago_disable_signup: false -# Redis configuration, as described below +# KeyDB configuration, as described below ######################################################################## # # @@ -63,28 +63,28 @@ We recommend installing with public registration enabled at first, creating your It should be noted that disabling public signup with this variable merely disables the Sign-Up page in the web interface, but [does not actually disable signups due to a Lago bug](https://github.com/getlago/lago/issues/220). -### Redis +### KeyDB -As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to Lago](#creating-a-redis-instance-dedicated-to-lago). +As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to Lago](#creating-a-keydb-instance-dedicated-to-lago). -If you're only running Lago on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-lago). +If you're only running Lago on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-lago). -#### Using the shared Redis instance for Lago +#### Using the shared KeyDB instance for Lago -To install a single (non-dedicated) Redis instance (`mash-redis`) and hook Lago to it, add the following **additional** configuration: +To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook Lago to it, add the following **additional** configuration: ```yaml ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## @@ -97,16 +97,16 @@ redis_enabled: true # Base configuration as shown above -# Point Lago to the shared Redis instance -lago_redis_hostname: "{{ redis_identifier }}" +# Point Lago to the shared KeyDB instance +lago_redis_hostname: "{{ keydb_identifier }}" -# Make sure the Lago service (mash-lago.service) starts after the shared Redis service (mash-redis.service) +# Make sure the Lago service (mash-lago.service) starts after the shared KeyDB service (mash-keydb.service) lago_api_systemd_required_services_list_custom: - - "{{ redis_identifier }}.service" + - "{{ keydb_identifier }}.service" -# Make sure the Lago container is connected to the container network of the shared Redis service (mash-redis) +# Make sure the Lago container is connected to the container network of the shared KeyDB service (mash-keydb) lago_api_container_additional_networks_custom: - - "{{ redis_identifier }}" + - "{{ keydb_identifier }}" ######################################################################## # # @@ -115,11 +115,11 @@ lago_api_container_additional_networks_custom: ######################################################################## ``` -This will create a `mash-redis` Redis instance on this host. +This will create a `mash-keydb` KeyDB instance on this host. -This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to Lago](#creating-a-redis-instance-dedicated-to-lago). +This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to Lago](#creating-a-keydb-instance-dedicated-to-lago). -#### Creating a Redis instance dedicated to Lago +#### Creating a KeyDB instance dedicated to Lago The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. @@ -155,20 +155,20 @@ mash_playbook_service_base_directory_name_prefix: 'lago-' ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## ``` -This will create a `mash-lago-redis` instance on this host with its data in `/mash/lago-redis`. +This will create a `mash-lago-keydb` instance on this host with its data in `/mash/lago-keydb`. Then, adjust your main inventory host's variables file (`inventory/host_vars/lago.example.com/vars.yml`) like this: @@ -181,16 +181,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/lag # Base configuration as shown above -# Point Lago to its dedicated Redis instance -lago_redis_hostname: mash-lago-redis +# Point Lago to its dedicated KeyDB instance +lago_redis_hostname: mash-lago-keydb -# Make sure the Lago service (mash-lago.service) starts after its dedicated Redis service (mash-lago-redis.service) +# Make sure the Lago service (mash-lago.service) starts after its dedicated KeyDB service (mash-lago-keydb.service) lago_api_systemd_required_services_list_custom: - - "mash-lago-redis.service" + - "mash-lago-keydb.service" -# Make sure the Lago container is connected to the container network of its dedicated Redis service (mash-lago-redis) +# Make sure the Lago container is connected to the container network of its dedicated KeyDB service (mash-lago-keydb) lago_api_container_additional_networks_custom: - - "mash-lago-redis" + - "mash-lago-keydb" ######################################################################## # # diff --git a/docs/services/netbox.md b/docs/services/netbox.md index 7e761c8..82932f7 100644 --- a/docs/services/netbox.md +++ b/docs/services/netbox.md @@ -8,7 +8,7 @@ This service requires the following other services: - a [Postgres](postgres.md) database -- a [Redis](redis.md) data-store, installation details [below](#redis) +- a [KeyDB](keydb.md) data-store, installation details [below](#keydb) - a [Traefik](traefik.md) reverse-proxy server @@ -38,7 +38,7 @@ netbox_environment_variable_superuser_email: your.email@example.com # Changing the password subsequently will not affect the user's password. netbox_environment_variable_superuser_password: '' -# Redis configuration, as described below +# KeyDB configuration, as described below ######################################################################## # # @@ -60,28 +60,28 @@ If `netbox_environment_variable_superuser_*` variables are specified, NetBox wil [Single-Sign-On](#single-sign-on-sso-integration) is also supported. -### Redis +### KeyDB -As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to NetBox](#creating-a-redis-instance-dedicated-to-netbox). +As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to NetBox](#creating-a-keydb-instance-dedicated-to-netbox). -If you're only running NetBox on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-netbox). +If you're only running NetBox on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-netbox). -#### Using the shared Redis instance for NetBox +#### Using the shared KeyDB instance for NetBox -To install a single (non-dedicated) Redis instance (`mash-redis`) and hook NetBox to it, add the following **additional** configuration: +To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook NetBox to it, add the following **additional** configuration: ```yaml ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## @@ -94,17 +94,17 @@ redis_enabled: true # Base configuration as shown above -# Point NetBox to the shared Redis instance -netbox_environment_variable_redis_host: "{{ redis_identifier }}" -netbox_environment_variable_redis_cache_host: "{{ redis_identifier }}" +# Point NetBox to the shared KeyDB instance +netbox_environment_variable_redis_host: "{{ keydb_identifier }}" +netbox_environment_variable_redis_cache_host: "{{ keydb_identifier }}" -# Make sure the NetBox service (mash-netbox.service) starts after the shared Redis service (mash-redis.service) +# Make sure the NetBox service (mash-netbox.service) starts after the shared KeyDB service (mash-keydb.service) netbox_systemd_required_services_list_custom: - - "{{ redis_identifier }}.service" + - "{{ keydb_identifier }}.service" -# Make sure the NetBox container is connected to the container network of the shared Redis service (mash-redis) +# Make sure the NetBox container is connected to the container network of the shared KeyDB service (mash-keydb) netbox_container_additional_networks_custom: - - "{{ redis_identifier }}" + - "{{ keydb_identifier }}" ######################################################################## # # @@ -113,12 +113,12 @@ netbox_container_additional_networks_custom: ######################################################################## ``` -This will create a `mash-redis` Redis instance on this host. +This will create a `mash-keydb` KeyDB instance on this host. -This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to NetBox](#creating-a-redis-instance-dedicated-to-netbox). +This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to NetBox](#creating-a-keydb-instance-dedicated-to-netbox). -#### Creating a Redis instance dedicated to NetBox +#### Creating a KeyDB instance dedicated to NetBox The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. @@ -154,20 +154,20 @@ mash_playbook_service_base_directory_name_prefix: 'netbox-' ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## ``` -This will create a `mash-netbox-redis` instance on this host with its data in `/mash/netbox-redis`. +This will create a `mash-netbox-keydb` instance on this host with its data in `/mash/netbox-keydb`. Then, adjust your main inventory host's variables file (`inventory/host_vars/netbox.example.com/vars.yml`) like this: @@ -181,17 +181,17 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/net # Base configuration as shown above -# Point NetBox to its dedicated Redis instance -netbox_environment_variable_redis_host: mash-netbox-redis -netbox_environment_variable_redis_cache_host: mash-netbox-redis +# Point NetBox to its dedicated KeyDB instance +netbox_environment_variable_redis_host: mash-netbox-keydb +netbox_environment_variable_redis_cache_host: mash-netbox-keydb -# Make sure the NetBox service (mash-netbox.service) starts after its dedicated Redis service (mash-netbox-redis.service) +# Make sure the NetBox service (mash-netbox.service) starts after its dedicated KeyDB service (mash-netbox-keydb.service) netbox_systemd_required_services_list_custom: - - "mash-netbox-redis.service" + - "mash-netbox-keydb.service" -# Make sure the NetBox container is connected to the container network of its dedicated Redis service (mash-netbox-redis) +# Make sure the NetBox container is connected to the container network of its dedicated KeyDB service (mash-netbox-keydb) netbox_container_additional_networks_custom: - - "mash-netbox-redis" + - "mash-netbox-keydb" ######################################################################## # # @@ -257,7 +257,7 @@ For additional environment variables controlling groups and permissions for new ## Installation -If you've decided to install a dedicated Redis instance for NetBox, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `netbox.example.com-deps`), before running installation for the main one (e.g. `netbox.example.com`). +If you've decided to install a dedicated KeyDB instance for NetBox, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `netbox.example.com-deps`), before running installation for the main one (e.g. `netbox.example.com`). ## Usage diff --git a/docs/services/nextcloud.md b/docs/services/nextcloud.md index 1edb422..1884e73 100644 --- a/docs/services/nextcloud.md +++ b/docs/services/nextcloud.md @@ -9,7 +9,7 @@ This service requires the following other services: - a [Postgres](postgres.md) database - a [Traefik](traefik.md) reverse-proxy server -- (optional) a [Redis](redis.md) data-store, installation details [below](#redis) +- (optional) a [KeyDB](keydb.md) data-store, installation details [below](#keydb) - (optional) the [exim-relay](exim-relay.md) mailer @@ -29,7 +29,7 @@ nextcloud_enabled: true nextcloud_hostname: mash.example.com nextcloud_path_prefix: /nextcloud -# Redis configuration, as described below +# KeyDB configuration, as described below ######################################################################## # # @@ -42,23 +42,23 @@ In the example configuration above, we configure the service to be hosted at `ht You can remove the `nextcloud_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`. -### Redis +### KeyDB -Redis can **optionally** be enabled to improve Nextcloud performance. -It's dubious whether using using Redis helps much, so we recommend that you **start without** it, for a simpler deployment. +KeyDB can **optionally** be enabled to improve Nextcloud performance. +It's dubious whether using using KeyDB helps much, so we recommend that you **start without** it, for a simpler deployment. To learn more, read the [Memory caching](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html) section of the Nextcloud documentation. -As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to Nextcloud](#creating-a-redis-instance-dedicated-to-nextcloud). +As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud). -If you're only running Nextcloud on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-nextcloud). +If you're only running Nextcloud on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-nextcloud). -**Regardless** of the method of installing Redis, you may need to adjust your Nextcloud configuration file (e.g. `/mash/nextcloud/data/config/config.php`) to **add** this: +**Regardless** of the method of installing KeyDB, you may need to adjust your Nextcloud configuration file (e.g. `/mash/nextcloud/data/config/config.php`) to **add** this: ```php - 'memcache.distributed' => '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => [ + 'memcache.distributed' => '\OC\Memcache\KeyDB', + 'memcache.locking' => '\OC\Memcache\KeyDB', + 'keydb' => [ 'host' => 'REDIS_HOSTNAME_HERE', 'port' => 6379, ], @@ -66,26 +66,26 @@ If you're only running Nextcloud on this server and don't need to use Redis for Where `REDIS_HOSTNAME_HERE` is to be replaced with: -- `mash-nextcloud-redis`, when [Creating a Redis instance dedicated to Nextcloud](#creating-a-redis-instance-dedicated-to-nextcloud) -- `mash-redis`, when [using a single Redis instance](#using-the-shared-redis-instance-for-nextcloud). +- `mash-nextcloud-keydb`, when [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud) +- `mash-keydb`, when [using a single KeyDB instance](#using-the-shared-keydb-instance-for-nextcloud). -#### Using the shared Redis instance for Nextcloud +#### Using the shared KeyDB instance for Nextcloud -To install a single (non-dedicated) Redis instance (`mash-redis`) and hook Nextcloud to it, add the following **additional** configuration: +To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook Nextcloud to it, add the following **additional** configuration: ```yaml ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## @@ -98,16 +98,16 @@ redis_enabled: true # Base configuration as shown above -# Point Nextcloud to the shared Redis instance -nextcloud_redis_hostname: "{{ redis_identifier }}" +# Point Nextcloud to the shared KeyDB instance +nextcloud_redis_hostname: "{{ keydb_identifier }}" -# Make sure the Nextcloud service (mash-nextcloud.service) starts after the shared Redis service (mash-redis.service) +# Make sure the Nextcloud service (mash-nextcloud.service) starts after the shared KeyDB service (mash-keydb.service) nextcloud_systemd_required_services_list_custom: - - "{{ redis_identifier }}.service" + - "{{ keydb_identifier }}.service" -# Make sure the Nextcloud container is connected to the container network of the shared Redis service (mash-redis) +# Make sure the Nextcloud container is connected to the container network of the shared KeyDB service (mash-keydb) nextcloud_container_additional_networks_custom: - - "{{ redis_identifier }}" + - "{{ keydb_identifier }}" ######################################################################## # # @@ -115,11 +115,11 @@ nextcloud_container_additional_networks_custom: # # ######################################################################## ``` -This will create a `mash-redis` Redis instance on this host. +This will create a `mash-keydb` KeyDB instance on this host. -This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to Nextcloud](#creating-a-redis-instance-dedicated-to-nextcloud). +This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud). -#### Creating a Redis instance dedicated to Nextcloud +#### Creating a KeyDB instance dedicated to Nextcloud The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. @@ -155,20 +155,20 @@ mash_playbook_service_base_directory_name_prefix: 'nextcloud-' ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## ``` -This will create a `mash-nextcloud-redis` instance on this host with its data in `/mash/nextcloud-redis`. +This will create a `mash-nextcloud-keydb` instance on this host with its data in `/mash/nextcloud-keydb`. Then, adjust your main inventory host's variables file (`inventory/host_vars/nextcloud.example.com/vars.yml`) like this: @@ -181,16 +181,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/nex # Base configuration as shown above -# Point Nextcloud to its dedicated Redis instance -nextcloud_redis_hostname: mash-nextcloud-redis +# Point Nextcloud to its dedicated KeyDB instance +nextcloud_redis_hostname: mash-nextcloud-keydb -# Make sure the Nextcloud service (mash-nextcloud.service) starts after its dedicated Redis service (mash-nextcloud-redis.service) +# Make sure the Nextcloud service (mash-nextcloud.service) starts after its dedicated KeyDB service (mash-nextcloud-keydb.service) nextcloud_systemd_required_services_list_custom: - - "mash-nextcloud-redis.service" + - "mash-nextcloud-keydb.service" -# Make sure the Nextcloud container is connected to the container network of its dedicated Redis service (mash-nextcloud-redis) +# Make sure the Nextcloud container is connected to the container network of its dedicated KeyDB service (mash-nextcloud-keydb) nextcloud_container_additional_networks_custom: - - "mash-nextcloud-redis" + - "mash-nextcloud-keydb" ######################################################################## # # @@ -230,7 +230,7 @@ nextcloud_container_image_customizations_samba_enabled: true ## Installation -If you've decided to install a dedicated Redis instance for Nextcloud, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `nextcloud.example.com-deps`), before running installation for the main one (e.g. `nextcloud.example.com`). +If you've decided to install a dedicated KeyDB instance for Nextcloud, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `nextcloud.example.com-deps`), before running installation for the main one (e.g. `nextcloud.example.com`). ## Usage diff --git a/docs/services/outline.md b/docs/services/outline.md index f6a553e..458aaee 100644 --- a/docs/services/outline.md +++ b/docs/services/outline.md @@ -8,7 +8,7 @@ This service requires the following other services: - [Postgres](postgres.md) -- [Redis](redis.md) +- [KeyDB](keydb.md) - a [Traefik](traefik.md) reverse-proxy server @@ -30,14 +30,14 @@ outline_hostname: outline.example.com # This must be generated with: `openssl rand -hex 32` outline_environment_variable_secret_key: '' -# The configuration below connects Outline to the Redis instance, for session storage purposes. -# You may wish to run a separate Redis instance for Outline, because Redis is not multi-tenant. -# Read more in docs/services/redis.md. -outline_redis_hostname: "{{ redis_identifier if redis_enabled else '' }}" +# The configuration below connects Outline to the KeyDB instance, for session storage purposes. +# You may wish to run a separate KeyDB instance for Outline, because KeyDB is not multi-tenant. +# Read more in docs/services/keydb.md. +outline_redis_hostname: "{{ keydb_identifier if keydb_enabled else '' }}" outline_container_additional_networks_custom: | {{ - [redis_container_network] + [keydb_container_network] }} # By default, files are stored locally. diff --git a/docs/services/peertube.md b/docs/services/peertube.md index 0d530c5..98b3db4 100644 --- a/docs/services/peertube.md +++ b/docs/services/peertube.md @@ -8,7 +8,7 @@ This service requires the following other services: - a [Postgres](postgres.md) database -- a [Redis](redis.md) data-store, installation details [below](#redis) +- a [KeyDB](keydb.md) data-store, installation details [below](#keydb) - a [Traefik](traefik.md) reverse-proxy server @@ -47,7 +47,7 @@ peertube_config_root_user_initial_password: '' # Then, replace the example IP range below, and re-run the playbook. # peertube_trusted_proxies_values_custom: ["172.21.0.0/16"] -# Redis configuration, as described below +# KeyDB configuration, as described below ######################################################################## # # @@ -60,28 +60,28 @@ In the example configuration above, we configure the service to be hosted at `ht Hosting PeerTube under a subpath (by configuring the `peertube_path_prefix` variable) does not seem to be possible right now, due to PeerTube limitations. -### Redis +### KeyDB -As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to PeerTube](#creating-a-redis-instance-dedicated-to-peertube). +As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to PeerTube](#creating-a-keydb-instance-dedicated-to-peertube). -If you're only running PeerTube on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-peertube). +If you're only running PeerTube on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-peertube). -#### Using the shared Redis instance for PeerTube +#### Using the shared KeyDB instance for PeerTube -To install a single (non-dedicated) Redis instance (`mash-redis`) and hook PeerTube to it, add the following **additional** configuration: +To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook PeerTube to it, add the following **additional** configuration: ```yaml ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## @@ -94,16 +94,16 @@ redis_enabled: true # Base configuration as shown above -# Point PeerTube to the shared Redis instance -peertube_config_redis_hostname: "{{ redis_identifier }}" +# Point PeerTube to the shared KeyDB instance +peertube_config_redis_hostname: "{{ keydb_identifier }}" -# Make sure the PeerTube service (mash-peertube.service) starts after the shared Redis service (mash-redis.service) +# Make sure the PeerTube service (mash-peertube.service) starts after the shared KeyDB service (mash-keydb.service) peertube_systemd_required_services_list_custom: - - "{{ redis_identifier }}.service" + - "{{ keydb_identifier }}.service" -# Make sure the PeerTube container is connected to the container network of the shared Redis service (mash-redis) +# Make sure the PeerTube container is connected to the container network of the shared KeyDB service (mash-keydb) peertube_container_additional_networks_custom: - - "{{ redis_identifier }}" + - "{{ keydb_identifier }}" ######################################################################## # # @@ -112,12 +112,12 @@ peertube_container_additional_networks_custom: ######################################################################## ``` -This will create a `mash-redis` Redis instance on this host. +This will create a `mash-keydb` KeyDB instance on this host. -This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to PeerTube](#creating-a-redis-instance-dedicated-to-peertube). +This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to PeerTube](#creating-a-keydb-instance-dedicated-to-peertube). -#### Creating a Redis instance dedicated to PeerTube +#### Creating a KeyDB instance dedicated to PeerTube The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. @@ -153,20 +153,20 @@ mash_playbook_service_base_directory_name_prefix: 'peertube-' ######################################################################## # # -# redis # +# keydb # # # ######################################################################## -redis_enabled: true +keydb_enabled: true ######################################################################## # # -# /redis # +# /keydb # # # ######################################################################## ``` -This will create a `mash-peertube-redis` instance on this host with its data in `/mash/peertube-redis`. +This will create a `mash-peertube-keydb` instance on this host with its data in `/mash/peertube-keydb`. Then, adjust your main inventory host's variables file (`inventory/host_vars/peertube.example.com/vars.yml`) like this: @@ -179,16 +179,16 @@ Then, adjust your main inventory host's variables file (`inventory/host_vars/pee # Base configuration as shown above -# Point PeerTube to its dedicated Redis instance -peertube_config_redis_hostname: mash-peertube-redis +# Point PeerTube to its dedicated KeyDB instance +peertube_config_redis_hostname: mash-peertube-keydb -# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated Redis service (mash-peertube-redis.service) +# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated KeyDB service (mash-peertube-keydb.service) peertube_systemd_required_services_list_custom: - - "mash-peertube-redis.service" + - "mash-peertube-keydb.service" -# Make sure the PeerTube container is connected to the container network of its dedicated Redis service (mash-peertube-redis) +# Make sure the PeerTube container is connected to the container network of its dedicated KeyDB service (mash-peertube-keydb) peertube_container_additional_networks_custom: - - "mash-peertube-redis" + - "mash-peertube-keydb" ######################################################################## # # @@ -200,7 +200,7 @@ peertube_container_additional_networks_custom: ## Installation -If you've decided to install a dedicated Redis instance for PeerTube, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `peertube.example.com-deps`), before running installation for the main one (e.g. `peertube.example.com`). +If you've decided to install a dedicated KeyDB instance for PeerTube, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `peertube.example.com-deps`), before running installation for the main one (e.g. `peertube.example.com`). ## Usage diff --git a/docs/services/redis.md b/docs/services/redis.md index 9249ac9..ee4e2e9 100644 --- a/docs/services/redis.md +++ b/docs/services/redis.md @@ -2,6 +2,8 @@ [Redis](https://redis.io/) is an open source, in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. +We used to used to advocate for using Redis, but since [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/) we recommend that you use [KeyDB](keydb.md) instead. KeyDB is compatible with Redis, so switching should be straightforward. You can learn more about the switch from Redis to KeyDB in [this changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/50813c600db1c47b1f3e76707b81fe05d6c46ef5/CHANGELOG.md#backward-compatibility-break-the-playbook-now-defaults-to-keydb-instead-of-redis) for [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy). + Some of the services installed by this playbook require a Redis data store. **Warning**: Because Redis is not as flexible as [Postgres](postgres.md) when it comes to authentication and data separation, it's **recommended that you run separate Redis instances** (one for each service). Redis supports multiple database and a [SELECT](https://redis.io/commands/select/) command for switching between them. However, **reusing the same Redis instance is not good enough** because: diff --git a/docs/supported-services.md b/docs/supported-services.md index 516c294..fdd245a 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -36,6 +36,7 @@ | [InfluxDB](https://www.influxdata.com/) | A self-hosted time-series database. | [Link](services/influxdb.md) | | [Jitsi](https://jitsi.org/) | A fully encrypted, 100% Open Source video conferencing solution | [Link](services/jitsi.md) | | [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) | +| [KeyDB](https://docs.keydb.dev/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/keydb.md) | | [Lago](https://www.getlago.com/) | Open-source metering and usage-based billing | [Link](services/lago.md) | | [languageTool](https://languagetool.org/) | An open source online grammar, style and spell checker | [Link](services/languagetool.md) | | [linkding](https://github.com/sissbruecker/linkding/) | Bookmark manager designed to be minimal and fast. | [Link](services/linkding.md) | diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers index 39b67c1..abeff17 100644 --- a/templates/group_vars_mash_servers +++ b/templates/group_vars_mash_servers @@ -4346,6 +4346,38 @@ redis_gid: "{{ mash_playbook_gid }}" # /role-specific:redis +# role-specific:keydb +######################################################################## +# # +# keydb # +# # +######################################################################## + +keydb_enabled: false + +redis_identifier: "{{ mash_playbook_service_identifier_prefix }}keydb" + +keydb_uid: "{{ mash_playbook_uid }}" +keydb_gid: "{{ mash_playbook_gid }}" + +keydb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}keydb" + +keydb_arch: |- + {{ + ({ + 'amd64': 'x86_64', + 'arm32': 'arm32', + 'arm64': 'arm64', + })[mash_playbook_architecture] + }} + +######################################################################## +# # +# /keydb # +# # +######################################################################## +# /role-specific:keydb + # role-specific:roundcube ######################################################################## diff --git a/templates/requirements.yml b/templates/requirements.yml index 569e8d8..1c7dbe5 100644 --- a/templates/requirements.yml +++ b/templates/requirements.yml @@ -152,6 +152,10 @@ version: v24.0.2-0 name: keycloak activation_prefix: keycloak_ +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git + version: v6.3.4-1 + name: keydb + activation_prefix: keydb_ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-lago.git version: v0.50.0-0 name: lago