itential · steven-schattenberg-itential · Dec 11, 2025 · Sep 30, 2025 · Dec 9, 2025 · Dec 11, 2025
diff --git a/roles/redis/templates/redis.conf.j2 b/roles/redis/templates/redis.conf.j2
@@ -145,7 +145,7 @@ timeout 0
 #
 # A reasonable value for this option is 300 seconds, which is the new
 # Redis default starting with Redis 3.2.1.
-tcp-keepalive 300
+tcp-keepalive 60
 
 ################################# TLS/SSL #####################################
 
@@ -622,6 +622,7 @@ repl-diskless-load disabled
 # value is 10 seconds.
 #
 # repl-ping-replica-period 10
+repl-ping-replica-period 5
 
 # The following option sets the replication timeout for:
 #
@@ -635,6 +636,7 @@ repl-diskless-load disabled
 # value is 60 seconds.
 #
 # repl-timeout 60
+repl-timeout 30
 
 # Disable TCP_NODELAY on the replica socket after SYNC?
 #
@@ -728,7 +730,7 @@ replica-priority 100
 # min-replicas-max-lag is set to 10.
 {% if redis_replication_enabled | bool %}
 min-replicas-to-write 1
-min-replicas-max-lag 30
+min-replicas-max-lag 10
 {% endif %}
 
 # A Redis master is able to list the address and port of the attached
@@ -905,7 +907,7 @@ replica-announce-port {{ redis_port }}
 {% if redis_auth_enabled %}
 user default off
 user admin on allkeys allchannels allcommands >{{ redis_user_admin_password }}
-user itential on ~* &* -@all +@read +@write +@scripting +@connection +@pubsub +script|load +script|exists -script|flush -flushall -flushdb -save -bgsave -bgrewriteaof -replicaof -psync -replconf -shutdown -failover -cluster -asking -sync -readonly -readwrite +info +role >{{ redis_user_itential_password }}
+user itential on ~* &* -@all +@read +@write +@stream +@transaction +@sortedset +@list +@hash +@string +@fast +@scripting +@connection +@pubsub +script|load +script|exists -script|flush -flushall -flushdb -save -bgsave -bgrewriteaof -replicaof -psync -replconf -shutdown -failover -cluster -asking -sync -readonly -readwrite +info +role >{{ redis_user_itential_password }}
 user prometheus on -@all +@connection +memory -readonly +strlen +config|get +xinfo +pfcount +zcard +type +xlen -readwrite -command +client -wait +scard +llen +hlen +get +eval +slowlog +cluster|info -hello -echo +info +latency +scan -reset -auth -asking >{{ redis_user_prometheus_password }}
 {%  if redis_replication_enabled %}
 user repluser on allchannels +psync +replconf +ping >{{ redis_user_repluser_password }}

diff --git a/roles/redis/templates/sentinel.conf.j2 b/roles/redis/templates/sentinel.conf.j2
@@ -133,7 +133,7 @@ user sentineluser on >{{ redis_user_sentineluser_password }} &* -@all +auth +cli
 # Down).
 #
 # Default is 30 seconds.
-sentinel down-after-milliseconds {{ redis_master_name }} 10000
+sentinel down-after-milliseconds {{ redis_master_name }} 5000
 
 # IMPORTANT NOTE: starting with Redis 6.2 ACL capability is supported for
 # Sentinel mode, please refer to the Redis website https://redis.io/topics/acl
@@ -237,7 +237,7 @@ sentinel parallel-syncs {{ redis_master_name }} 1
 #   the exact parallel-syncs progression as specified.
 #
 # Default is 3 minutes.
-sentinel failover-timeout {{ redis_master_name }} 30000
+sentinel failover-timeout {{ redis_master_name }} 60000
 
 # SCRIPTS EXECUTION
 #