Newer
Older
# Copyright 2025 Chris Croome
#
# This file is part of the Webarchitects Valkey Ansible role.
#
# The Webarchitects Valkey Ansible role is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
#
# The Webarchitects Valkey Ansible role is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with the Webarchitects Valkey Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
argument_specs:
main:
author: Chris Croome
description: Ansible role for installing and configuring nftables on Debian.
short_description: The main entry point for the Valkey role.
options:
valkey:
type: bool
required: true
description: Run the tasks in this role.
valkey_apt_backports:
type: str
required: true
description: String that will be present in the apt cache policy when backports are enabled.
elements: dict
required: true
description: A list of Valkey instances and their configuration.
config_file:
type: str
required: true
description: The path to the valkey instance configuration file.
state:
type: str
required: true
choices:
- absent
- enabled
description: The state of the Valkey instance.
config:
type: dict
required: false
description: A dictionary of keys and values for the Valkey configuration.
options:
include:
type: list
elements: str
description: Include one or more other config files.
required: false
loadmodule:
type: list
elements: str
description: Load modules at startup.
required: false
bind:
type: str
required: false
description: One or more IP addresses that the instance should bind to, each address can be prefixed by "-", which means that the server will not fail to start if the address is not available.
bind_source_addr:
type: str
required: false
description: Configure a specific address to bind to.
protected_mode:
type: bool
required: false
description: When protected mode is on and the default user has no password, the server only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address (::1) or Unix domain sockets.
tcp_backlog:
description: In high requests-per-second environments you need a high backlog in order to avoid slow clients connection issues.
enable_protected_configs:
type: str
choices:
- "local"
- "no"
- "yes"
required: false
description: Enable protected configs.
enable_debug_command:
type: str
choices:
- "local"
- "no"
- "yes"
required: false
description: Enable debug command.
enable_module_command:
type: str
choices:
- "local"
- "no"
- "yes"
required: false
description: Enable module command.
port:
type: list
elements: int
required: true
description: A list of port numbers to accept connections on, the default is 6379. If port 0 is specified the server will not listen on a TCP socket.
unixsocket:
type: str
required: false
description: The path for the Unix socket that will be used to listen for incoming connections. There is no default, so the server will not listen on a unix socket when not specified.
unixsocketgroup:
type: str
required: false
description: UNIX socket group.
unixsocketperm:
type: int
required: false
description: The Unix socket octal permissions, default 700.
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
socket_mark_id:
type: int
required: false
description: The ID represents a connection mark. The default value is 0, which implies no marking is required.
tls_port:
type: str
required: false
description: TLS port.
tls_cert_file:
type: str
required: false
description: TLS cert file.
tls_key_file:
type: str
required: false
description: TLS key file.
tls_key_file_pass:
type: str
required: false
description: TLS key file password.
tls_client_cert_file:
type: str
required: false
description: TLS client cert file.
tls_client_key_file:
type: str
required: false
description: TLS client key file.
tls_client_key_file_pass:
type: str
required: false
description: TLS client key file password.
tls_dh_params_file:
type: str
required: false
description: TLS DH params file.
tls_ca_cert_file:
type: str
required: false
description: TLS CA cert file.
tls_ca_cert_dir:
type: str
required: false
description: TLS CA cert dirextory.
tls_auth_clients:
type: str
choices:
- "no"
- "optional"
required: false
description: TLS auth clients.
tls_replication:
type: bool
required: false
description: TLS replications.
tls_cluster:
type: bool
required: false
description: TLS cluster.
tls_protocols:
type: str
required: false
description: TLS protocols.
tls_ciphers:
type: str
required: false
description: TLS ciphers.
tls_ciphersuites:
type: str
required: false
description: TLS cipher suites.
tls_prefer_server_ciphers:
type: bool
required: false
description: TLS prefer server ciphers.
tls_session_caching:
type: bool
required: false
description: TLS session caching.
tls_session_cache_size:
type: int
required: false
description: TLS session cache size.
tls_session_cache_timeout:
type: int
required: false
description: TLS session cache timeout.
timeout:
type: int
required: false
description: Close the connection after a client is idle for N seconds (0 to disable).
tcp_keepalive:
type: int
required: false
description: On Linux, the specified value (in seconds) is the period used to send ACKs.
daemonize:
type: bool
required: false
description: When the server is supervised by upstart or systemd, this parameter has no impact.
dbfilename:
type: str
required: false
description: The filename where to dump the DB.
loglevel:
type: str
choices:
- debug
- nothing
- notice
- verbose
- warning
required: false
description: The loglevel.
logfile:
type: str
required: false
description: The log file path.
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
syslog_enabled:
type: bool
required: false
description: Enable logging to the system logger.
syslog_ident:
type: str
required: false
description: The syslog identity.
syslog_facility:
type: str
choices:
- user
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
crash_log_enabled:
type: bool
required: false
description: Disable the built in crash log.
crash_memcheck_enabled:
type: bool
required: false
description: Disable the fast memory check that's run as part of the crash log.
databases:
type: int
required: false
description: Set the number of databases.
always_show_logo:
type: bool
required: false
description: Show a ASCII art logo in startup logs.
hide_user_data_from_log:
type: bool
required: false
description: Prevent sensitive user information, such as PII, from being recorded in the server log file.
set_proc_title:
type: bool
required: false
description: Leave the process name as executed.
proc_title_template:
type: str
required: false
description: Process title template.
locale_collate:
type: str
required: false
description: Set the local environment which is used for string comparison operations. Empty String indicates the locale is derived from the environment variables.
extended_redis_compatibility:
type: bool
required: false
description: Extended Redis OSS compatibility mode makes Valkey pretend to be Redis.
save:
type: str
required: false
description: Save the DB to disk.
stop_writes_on_bgsave_error:
type: bool
required: false
description: By default the server will stop accepting writes if RDB snapshots are enabled (at least one save point) and the latest background save failed.
rdbcompression:
type: bool
required: false
description: Compress string objects using LZF when dump .rdb databases?
rdbchecksum:
type: bool
required: false
description: Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
sanitize_dump_payload:
type: str
choices:
- "clients"
- "no"
- "yes"
required: false
description: Enables or disables full sanitization checks for ziplist and listpack etc.
rdb_del_sync_files:
type: bool
required: false
description: Remove RDB files used by replication in instances without persistence enabled.
dir:
type: str
required: false
description: The DB will be written inside this directory, with the filename specified using the 'dbfilename' configuration directive.
replicaof:
type: str
required: false
description: Use replicaof to make a server a copy of another server.
primaryauth:
type: str
required: false
description: If the primary is password protected (using the "requirepass" configuration directive) it is possible to tell the replica to authenticate before starting the replication synchronization process, otherwise the primary will refuse the replica request.
primaryuser:
type: str
required: false
description: When primaryuser is specified, the replica will authenticate against its primary using the new AUTH form, AUTH <username> <password>.
replica_serve_stale_data:
type: bool
required: false
description: When a replica loses its connection with the primary, or when the replication is still in progress, the replica can act in two different ways.
replica_read_only:
type: bool
required: false
description: Read only replicas are not designed to be exposed to untrusted clients on the internet.
repl_diskless_sync:
type: bool
required: false
description: With slow disks and fast (large bandwidth) networks, diskless replication works better.
repl_diskless_load:
type: str
choices:
- disabled
- on-empty-db
- swapdb
required: false
description: Replica load mode.
dual_channel_replication_enabled:
type: bool
required: false
description: Dual channel replication sync.
repl_ping_replica_period:
type: int
required: false
description: Master send PINGs to its replicas in a predefined interval.
repl_timeout:
type: int
required: false
description: Replication timeout.
repl_disable_tcp_nodelay:
type: bool
required: false
description: Disable TCP_NODELAY on the replica socket after SYNC?
repl_backlog_size:
type: str
required: false
description: The replication backlog size.
repl_backlog_ttl:
type: int
required: false
description: The amount of seconds that need to elapse, starting from the time the last replica disconnected, for the backlog buffer to be freed.
replica_priority:
type: int
required: false
description: The replica priority is an integer number published by the server in the INFO output.
propagation_error_behavior:
type: str
choices:
- ignore
- panic
- panic-on-replicas
required: false
description: The propagation error behavior.
# TODO line 800 ish onwards...
pidfile:
type: str
required: false
description: Path to the pid file.
requirepass:
type: str
required: false
description: The instance default password.
valkey_enabled:
type: bool
required: true
description: Enable and start Valkey.
valkey_jpq:
type: dict
required: true
description: A dictionary of JMESPath query strings.
options:
pkgs_absent:
type: str
required: true
description: JMESPath query string for the packages absent.
pkgs_present:
type: str
required: true
description: JMESPath query string for the packages present.
pkgs_present_backports:
type: str
required: true
description: JMESPath query string for the backports packages present.
service:
type: str
required: true
description: JMESPath query string for the Valkey service.
valkey_pkgs:
type: list
elements: dict
required: true
description: A list of distros and deb packages that should be absent and present.
options:
name:
type: str
required: true
description: The Linux distro name.
choices:
- bookworm
- noble
- trixie
pkgs_absent:
type: list
required: false
description: A list of deb packages that should be absent.
pkgs_present:
type: list
required: false
description: A list of deb packages that should be present.
pkgs_present_backports:
type: list
description: A list of deb packages that should be present from backports.
valkey_protected_configs:
type: list
required: false
description: A list of Valkey config to be editing using lineinfile.
valkey_verify:
type: bool
required: true
description: Use the argument specification to verify the variables that start with valkey_.