Redis - Features

Redis is self-service deployable via our cloud platform management tool: ITCare.

Topologies

Two topologies are available:

  • Standalone instance

  • Sentinel cluster

In both cases, you can choose whether or not to persist data on disk at the time of the creation request, see Persistence

Standalone instance

Once deployed, the stand-alone instance can be accessed on listening port 6379.

Sentinel cluster

The Redis Sentinel cluster is deployed on 3 instances distributed over all the Availability Zones of an Area.

Once deployed, the cluster is accessible on listening port 6379.

Special features in cluster mode

  • Each instance runs Redis and Sentinel processes

  • Sentinel listening port: 26379

  • Of the 3 instances, one is primary and the other two are replicas

  • Replicas are open read-only

Persistence

Persistence refers to the writing of data to durable storage, such as a solid-state disk (SSD). Redis provides a range of persistence options. These include:

  • RDB (Redis Database): RDB persistence performs point-in-time snapshots of your dataset at specified intervals.

  • AOF (Append Only File): AOF persistence logs every write operation received by the server. These operations can then be replayed again at server startup, reconstructing the original dataset. Commands are logged using the same format as the Redis protocol itself.

  • No persistence: You can disable persistence completely. This is sometimes used when caching.

  • RDB + AOF: You can also combine both AOF and RDB in the same instance.

Scenario
Parameter

if RDB is enabled

  • save 3600 1

  • save 300 100

  • save 60 10000

if AOF is enabled

  • append fsync every sec

Resiliency

If the primary is down, a replica will be automatically promoted as the new primary and the other replica will be reconfigured automatically to follow the new master.

Sentinel will give you the master node and the replicas nodes.

Features

This section is to list which feature / capabilities are available to customer, and how to request / perform them :

Self Service

Customer can perform action autonomously.

On Request

Customer can request for the action to be done to cegedim.cloud support team.

Features
Self Service
On Request
Comments

SSH access

SSH access is disabled and reserved to cegedim.cloud administrators.

Redis/Sentinel access

Customer can log in with an account to Redis and Sentinel (password defined by customer in the provisioning wizard).

Change configuration file

On request via ticket.

High level diagram

Configuration

Product configuration

Parameter
Custom value
Enforced
Comments

bind

@IP 127.0.0.1

Listening address

timeout

300

Close the connection after a client is idle for N seconds (0 to disable)

logfile

/var/log/redis/redis-server.log

Log file path

supervised

systemd

Supervision interaction

If AOF persistence is active, the following parameters will be applied:

Parameter
Custom value
Enforced

appendonly

yes

dir

/var/lib/redis/persistance

appendfsync

everysec

if RDB is active, the following parameters will be applied:

Parameter
Custom value
Enforced

save

3600 1

save

300 100

save

60 10000

rdb_compression

yes

rdbchecksum

yes

dir

/var/lib/redis/persistance

Kernel configuration

The following kernel parameters have been modified to optimize operating system performance for Redis :

  • vm.overcommit_memory = 1

  • vm.swappiness = 1

  • net.core.somaxconn = 65535

Security

Authentification

The authentication mode used is internal: Redis 6 ACL.

Passwords are hashed with SHA-256 and do not appear in plain text in the ACL file.

Autorisations

Redis 6 ACLs are used to manage authorizations.

On Sentinel, the dedicated client account has rights to :

~* &* +@all -@dangerous +ACL|GETUSER +INFO +sentinel|GET-MASTER-ADDR-BY-NAME +sentinel|IS-MASTER-DOWN-BY-ADDR +sentinel|MASTER +sentinel|MASTERS +sentinel|MYID +sentinel|REPLICAS +sentinel|SLAVES +sentinel|SENTINELS

On Redis, the dedicated customer account has rights to :

~* &* +@all -@dangerous +ACL|GETUSER +INFO +CONFIG|GET +CONFIG|HELP

Secure Transport

The customer can choose whether or not to activate TLS transport when requesting self-service creation via ITCare.

Password

This section describes password management:

Password
Stored by cegedim.cloud
Stored by customer
Enforced
Hash

customer account

SHA-256

ANY other account

SHA-256

cgdm_admin account

SHA-256

cgdm_monitor account

SHA-256

Monitoring

The following items are monitored and are accessible in ITCare.

Alerts
Description

DBS_REDIS_CLI_CLIENTS

Check connected clients count

DBS_REDIS_CLI_AOF_STATUS

Check aof status

DBS_REDIS_CLI_COMMANDS

Number of commands processed

DBS_REDIS_CLI_CONNECTIONS

Number of connections

DBS_REDIS_CLI_CPU

CPU usage

DBS_REDIS_CLI_MEMORY

Memory usage

DBS_REDIS_CLI_REPL_REPLICAS_COUNT

Check replicas count

DBS_REDIS_CLI_RDB_STATUS

RDB status

DBS_REDIS_SENTINEL_MASTER_UP

Checks the status of the master from Sentinel

DBS_REDIS_SENTINEL_SLAVES_COUNT

Check replicas count from Sentinel

DBS_REDIS_SENTINEL_SENTINELS_COUNT

Check Sentinelscount

DBS_REDIS_SENTINEL_QUORUM

Check quorum status

TLS_REDIS_CERT_EXPIRATION

Check Redis certificate expiration

TLS_SENTINEL_CERT_EXPIRATION

Check Sentinel certificate expiration

Last updated