deploy: Install Redis, listen only on Nexodus VPC

Signed-off-by: Russell Bryant <[email protected]>

deploy/ansible/README.md

@@ -53,3 +53,11 @@ ansible-playbook -i inventory.txt -e @secrets.enc --ask-vault-pass deploy-bot.ym
 ```console
 ansible-playbook -i inventory -e @secrets.enc --ask-vault-pass deploy-nexodus.yml
 ```
+
+## Install Redis
+
+Install Redis and make it listen only on the Nexodus VPC.
+
+```console
+ansible-playbook -i inventory -e @secrets.enc --ask-vault-pass deploy-redis.yml
+```

deploy/ansible/deploy-redis.yml

@@ -0,0 +1,5 @@
+- name: Deploy Redis
+  hosts: labNodes
+  roles:
+    - role: redis
+      become: true

deploy/ansible/redis/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Install redis
+  ansible.builtin.dnf:
+    name: redis
+    state: present
+  become: true
+
+- name: Update redis config to load redis.local.conf
+  ansible.builtin.lineinfile:
+    path: /etc/redis/redis.conf
+    line: 'include /etc/redis/redis.local.conf'
+  become: true
+
+- name: Get Nexodus Tunnel IP (v4)
+  ansible.builtin.shell: nexctl nexd get tunnelip
+  register: nexodus_tunnelip_v4
+  become: true
+
+- name: Get Nexodus Tunnel IP (v6)
+  ansible.builtin.shell: nexctl nexd get tunnelip --ipv6
+  register: nexodus_tunnelip_v6
+  become: true
+
+- name: Generate redis.local.conf
+  ansible.builtin.template:
+    src: redis/templates/redis.local.conf.j2
+    dest: /etc/redis/redis.local.conf
+  become: true
+
+- name: Start redis systemd service
+  ansible.builtin.systemd:
+    name: redis
+    state: started
+    enabled: true
+  become: true

deploy/ansible/redis/templates/redis.local.conf.j2

@@ -0,0 +1,2 @@
+bind {{ nexodus_tunnelip_v4.stdout }} {{ nexodus_tunnelip_v6.stdout }}
+protected-mode no