Newer
Older
# Copyright 2025 Chris Croome
#
# This file is part of the Webarchitects Valkey Ansible role.
#
# The Webarchitects Valkey Ansible role is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
#
# The Webarchitects Valkey Ansible role is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with the Webarchitects Valkey Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
argument_specs:
main:
author: Chris Croome
description: Ansible role for installing and configuring nftables on Debian.
short_description: The main entry point for the Valkey role.
options:
valkey:
type: bool
required: true
description: Run the tasks in this role.
valkey_apt_backports:
type: str
required: true
description: String that will be present in the apt cache policy when backports are enabled.
elements: dict
required: true
description: A list of Valkey instances and their configuration.
config_file:
type: str
required: true
description: The path to the valkey instance configuration file.
state:
type: str
required: true
choices:
- absent
- enabled
description: The state of the Valkey instance.
config:
type: dict
required: false
description: A dictionary of keys and values for the Valkey configuration.
options:
include:
type: list
elements: str
description: Include one or more other config files.
required: false
loadmodule:
type: list
elements: str
description: Load modules at startup.
required: false
bind:
type: str
required: false
description: One or more IP addresses that the instance should bind to, each address can be prefixed by "-", which means that the server will not fail to start if the address is not available.
bind_source_addr:
type: str
required: false
description: Configure a specific address to bind to.
protected_mode:
type: bool
required: false
description: When protected mode is on and the default user has no password, the server only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address (::1) or Unix domain sockets.
tcp_backlog:
description: In high requests-per-second environments you need a high backlog in order to avoid slow clients connection issues.
enable_protected_configs:
type: str
choices:
- "local"
- "no"
- "yes"
required: false
description: Enable protected configs.
enable_debug_command:
type: str
choices:
- "local"
- "no"
- "yes"
required: false
description: Enable debug command.
enable_module_command:
type: str
choices:
- "local"
- "no"
- "yes"
required: false
description: Enable module command.
port:
type: list
elements: int
required: true
description: A list of port numbers to accept connections on, the default is 6379. If port 0 is specified the server will not listen on a TCP socket.
unixsocket:
type: str
required: false
description: The path for the Unix socket that will be used to listen for incoming connections. There is no default, so the server will not listen on a unix socket when not specified.
unixsocketgroup:
type: str
required: false
description: UNIX socket group.
unixsocketperm:
type: int
required: false
description: The Unix socket octal permissions, default 700.
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
socket_mark_id:
type: int
required: false
description: The ID represents a connection mark. The default value is 0, which implies no marking is required.
tls_port:
type: str
required: false
description: TLS port.
tls_cert_file:
type: str
required: false
description: TLS cert file.
tls_key_file:
type: str
required: false
description: TLS key file.
tls_key_file_pass:
type: str
required: false
description: TLS key file password.
tls_client_cert_file:
type: str
required: false
description: TLS client cert file.
tls_client_key_file:
type: str
required: false
description: TLS client key file.
tls_client_key_file_pass:
type: str
required: false
description: TLS client key file password.
tls_dh_params_file:
type: str
required: false
description: TLS DH params file.
tls_ca_cert_file:
type: str
required: false
description: TLS CA cert file.
tls_ca_cert_dir:
type: str
required: false
description: TLS CA cert dirextory.
tls_auth_clients:
type: str
choices:
- "no"
- "optional"
required: false
description: TLS auth clients.
tls_replication:
type: bool
required: false
description: TLS replications.
tls_cluster:
type: bool
required: false
description: TLS cluster.
tls_protocols:
type: str
required: false
description: TLS protocols.
tls_ciphers:
type: str
required: false
description: TLS ciphers.
tls_ciphersuites:
type: str
required: false
description: TLS cipher suites.
tls_prefer_server_ciphers:
type: bool
required: false
description: TLS prefer server ciphers.
tls_session_caching:
type: bool
required: false
description: TLS session caching.
tls_session_cache_size:
type: int
required: false
description: TLS session cache size.
tls_session_cache_timeout:
type: int
required: false
description: TLS session cache timeout.
timeout:
type: int
required: false
description: Close the connection after a client is idle for N seconds (0 to disable).
tcp_keepalive:
type: int
required: false
description: On Linux, the specified value (in seconds) is the period used to send ACKs.
daemonize:
type: bool
required: false
description: When the server is supervised by upstart or systemd, this parameter has no impact.
dbfilename:
type: str
required: false
description: The filename where to dump the DB.
loglevel:
type: str
choices:
- debug
- nothing
- notice
- verbose
- warning
required: false
description: The loglevel.
logfile:
type: str
required: false
description: The log file path.
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
syslog_enabled:
type: bool
required: false
description: Enable logging to the system logger.
syslog_ident:
type: str
required: false
description: The syslog identity.
syslog_facility:
type: str
choices:
- user
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
crash_log_enabled:
type: bool
required: false
description: Disable the built in crash log.
crash_memcheck_enabled:
type: bool
required: false
description: Disable the fast memory check that's run as part of the crash log.
databases:
type: int
required: false
description: Set the number of databases.
always_show_logo:
type: bool
required: false
description: Show a ASCII art logo in startup logs.
hide_user_data_from_log:
type: bool
required: false
description: Prevent sensitive user information, such as PII, from being recorded in the server log file.
set_proc_title:
type: bool
required: false
description: Leave the process name as executed.
proc_title_template:
type: str
required: false
description: Process title template.
locale_collate:
type: str
required: false
description: Set the local environment which is used for string comparison operations. Empty String indicates the locale is derived from the environment variables.
extended_redis_compatibility:
type: bool
required: false
description: Extended Redis OSS compatibility mode makes Valkey pretend to be Redis.
save:
type: str
required: false
description: Save the DB to disk.
stop_writes_on_bgsave_error:
type: bool
required: false
description: By default the server will stop accepting writes if RDB snapshots are enabled (at least one save point) and the latest background save failed.
rdbcompression:
type: bool
required: false
description: Compress string objects using LZF when dump .rdb databases?
rdbchecksum:
type: bool
required: false
description: Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
sanitize_dump_payload:
type: str
choices:
- "clients"
- "no"
- "yes"
required: false
description: Enables or disables full sanitization checks for ziplist and listpack etc.
rdb_del_sync_files:
type: bool
required: false
description: Remove RDB files used by replication in instances without persistence enabled.
dir:
type: str
required: false
description: The DB will be written inside this directory, with the filename specified using the 'dbfilename' configuration directive.
replicaof:
type: str
required: false
description: Use replicaof to make a server a copy of another server.
primaryauth:
type: str
required: false
description: If the primary is password protected (using the "requirepass" configuration directive) it is possible to tell the replica to authenticate before starting the replication synchronization process, otherwise the primary will refuse the replica request.
primaryuser:
type: str
required: false
description: When primaryuser is specified, the replica will authenticate against its primary using the new AUTH form, AUTH <username> <password>.
replica_serve_stale_data:
type: bool
required: false
description: When a replica loses its connection with the primary, or when the replication is still in progress, the replica can act in two different ways.
replica_read_only:
type: bool
required: false
description: Read only replicas are not designed to be exposed to untrusted clients on the internet.
repl_diskless_sync:
type: bool
required: false
description: With slow disks and fast (large bandwidth) networks, diskless replication works better.
repl_diskless_load:
type: str
choices:
- disabled
- on-empty-db
- swapdb
required: false
description: Replica load mode.
dual_channel_replication_enabled:
type: bool
required: false
description: Dual channel replication sync.
repl_ping_replica_period:
type: int
required: false
description: Master send PINGs to its replicas in a predefined interval.
repl_timeout:
type: int
required: false
description: Replication timeout.
repl_disable_tcp_nodelay:
type: bool
required: false
description: Disable TCP_NODELAY on the replica socket after SYNC?
repl_backlog_size:
type: str
required: false
description: The replication backlog size.
repl_backlog_ttl:
type: int
required: false
description: The amount of seconds that need to elapse, starting from the time the last replica disconnected, for the backlog buffer to be freed.
replica_priority:
type: int
required: false
description: The replica priority is an integer number published by the server in the INFO output.
propagation_error_behavior:
type: str
choices:
- ignore
- panic
- panic-on-replicas
required: false
description: The propagation error behavior.
replica_announced:
type: bool
required: false
description: Exclude replica from Sentinel's announcements.
min_replicas_to_write:
type: int
required: false
description: By default min-replicas-to-write is set to 0 (feature disabled).
min_replicas_max_lag:
type: int
required: false
description: By default min-replicas-max-lag is set to 10.
replica_announce_ip:
description: IP address to be used by a replica for the "INFO replication" section and in the output of the "ROLE" command of a primary.
replica_announce_port:
type: int
required: false
description: Port to be used by a replica for the "INFO replication" section and in the output of the "ROLE" command of a primary.
tracking_table_max_keys:
type: int
required: false
description: If you set the value to 0, it means there are no limits, and the server will retain as many keys as needed in the invalidation table.
user:
type: list
elements: str
required: false
description: A list of ACL users and rules.
acllog_max_len:
type: int
required: false
description: Maximum entry length of the ACL Log.
aclfile:
type: str
required: false
description: External ACL file.
requirepass:
type: str
required: false
description: The instance default password.
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
acl_pubsub_default:
type: str
choices:
- allchannels
- resetchannels
required: false
description: Pub/Sub channels permission for new users.
rename_command:
type: list
elements: str
required: false
description: Deprecated option to change the name of dangerous commands.
maxclients:
type: int
required: false
description: The max number of connected clients at the same time, By default this limit is set to 10000 clients, however if the server is not able to configure the process file limit to allow for the specified limit the max number of allowed clients is set to the current file limit minus 32 (as the server reserves a few file descriptors for internal uses).
maxmemory:
type: int
required: false
description: Memory usage limit in bytes.
maxmemory_policy:
type: str
choices:
- allkeys-lfu
- allkeys-lru
- allkeys-random
- noeviction
- volatile-lfu
- volatile-lru
- volatile-random
- volatile-ttl
required: false
description: How the server will select what to remove when maxmemory is reached, the default is noeviction.
maxmemory_samples:
type: int
choices:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
required: false
description: The default of 5 produces good enough results. 10 Approximates very closely true LRU but costs more CPU. 3 is faster but not very accurate. The maximum value that can be set is 64.
maxmemory_eviction_tenacity:
type: int
choices:
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
required: false
description: Default 10, If there is an unusually large amount of write traffic, this value may need to be increased.
# TODO line 1230 ish onwards...
pidfile:
type: str
required: false
description: Path to the pid file.
valkey_enabled:
type: bool
required: true
description: Enable and start Valkey.
valkey_jpq:
type: dict
required: true
description: A dictionary of JMESPath query strings.
options:
pkgs_absent:
type: str
required: true
description: JMESPath query string for the packages absent.
pkgs_present:
type: str
required: true
description: JMESPath query string for the packages present.
pkgs_present_backports:
type: str
required: true
description: JMESPath query string for the backports packages present.
service:
type: str
required: true
description: JMESPath query string for the Valkey service.
valkey_pkgs:
type: list
elements: dict
required: true
description: A list of distros and deb packages that should be absent and present.
options:
name:
type: str
required: true
description: The Linux distro name.
choices:
- bookworm
- noble
- trixie
pkgs_absent:
type: list
required: false
description: A list of deb packages that should be absent.
pkgs_present:
type: list
required: false
description: A list of deb packages that should be present.
pkgs_present_backports:
type: list
description: A list of deb packages that should be present from backports.
valkey_protected_configs:
type: list
required: false
description: A list of Valkey config to be editing using lineinfile.
valkey_verify:
type: bool
required: true
description: Use the argument specification to verify the variables that start with valkey_.