diff --git a/roles/redis/templates/redis.conf.j2 b/roles/redis/templates/redis.conf.j2 index 0004d7b7..6d807084 100644 --- a/roles/redis/templates/redis.conf.j2 +++ b/roles/redis/templates/redis.conf.j2 @@ -145,7 +145,7 @@ timeout 0 # # A reasonable value for this option is 300 seconds, which is the new # Redis default starting with Redis 3.2.1. -tcp-keepalive 300 +tcp-keepalive 60 ################################# TLS/SSL ##################################### @@ -622,6 +622,7 @@ repl-diskless-load disabled # value is 10 seconds. # # repl-ping-replica-period 10 +repl-ping-replica-period 5 # The following option sets the replication timeout for: # @@ -635,6 +636,7 @@ repl-diskless-load disabled # value is 60 seconds. # # repl-timeout 60 +repl-timeout 30 # Disable TCP_NODELAY on the replica socket after SYNC? # @@ -728,7 +730,7 @@ replica-priority 100 # min-replicas-max-lag is set to 10. {% if redis_replication_enabled | bool %} min-replicas-to-write 1 -min-replicas-max-lag 30 +min-replicas-max-lag 10 {% endif %} # A Redis master is able to list the address and port of the attached @@ -905,7 +907,7 @@ replica-announce-port {{ redis_port }} {% if redis_auth_enabled %} user default off user admin on allkeys allchannels allcommands >{{ redis_user_admin_password }} -user itential on ~* &* -@all +@read +@write +@scripting +@connection +@pubsub +script|load +script|exists -script|flush -flushall -flushdb -save -bgsave -bgrewriteaof -replicaof -psync -replconf -shutdown -failover -cluster -asking -sync -readonly -readwrite +info +role >{{ redis_user_itential_password }} +user itential on ~* &* -@all +@read +@write +@stream +@transaction +@sortedset +@list +@hash +@string +@fast +@scripting +@connection +@pubsub +script|load +script|exists -script|flush -flushall -flushdb -save -bgsave -bgrewriteaof -replicaof -psync -replconf -shutdown -failover -cluster -asking -sync -readonly -readwrite +info +role >{{ redis_user_itential_password }} user prometheus on -@all +@connection +memory -readonly +strlen +config|get +xinfo +pfcount +zcard +type +xlen -readwrite -command +client -wait +scard +llen +hlen +get +eval +slowlog +cluster|info -hello -echo +info +latency +scan -reset -auth -asking >{{ redis_user_prometheus_password }} {% if redis_replication_enabled %} user repluser on allchannels +psync +replconf +ping >{{ redis_user_repluser_password }} diff --git a/roles/redis/templates/sentinel.conf.j2 b/roles/redis/templates/sentinel.conf.j2 index fbb0b532..a40fd02d 100644 --- a/roles/redis/templates/sentinel.conf.j2 +++ b/roles/redis/templates/sentinel.conf.j2 @@ -133,7 +133,7 @@ user sentineluser on >{{ redis_user_sentineluser_password }} &* -@all +auth +cli # Down). # # Default is 30 seconds. -sentinel down-after-milliseconds {{ redis_master_name }} 10000 +sentinel down-after-milliseconds {{ redis_master_name }} 5000 # IMPORTANT NOTE: starting with Redis 6.2 ACL capability is supported for # Sentinel mode, please refer to the Redis website https://redis.io/topics/acl @@ -237,7 +237,7 @@ sentinel parallel-syncs {{ redis_master_name }} 1 # the exact parallel-syncs progression as specified. # # Default is 3 minutes. -sentinel failover-timeout {{ redis_master_name }} 30000 +sentinel failover-timeout {{ redis_master_name }} 60000 # SCRIPTS EXECUTION #