redis for pcf documentation v1 - pivotal software · 2019-07-01 · redis is an easy to use, high...
TRANSCRIPT
-
RedisforPCF®
Documentation
v1.12
Published:7May2019
©2019PivotalSoftware,Inc.AllRightsReserved.
-
235
13152025272831424549586668858692
103107
TableofContents
TableofContentsRedisforPCFRedisforPCFReleaseNotesIsRedisforPCFrightforyourenterprise?On-DemandServiceOfferingDedicated-VMandShared-VMServiceOfferingsNetworkingforOn-DemandServicesRedisforPCFSecurityIntroductionforOperatorsInstallingRedisforPCFUpgradingRedisforPCFSettingLimitsforOn-DemandServiceInstancesConfiguringAutomatedServiceBackupsMonitoringRedisforPCFRedisforPCFSmokeTestsTroubleshootingRedisforPCFIntroductionforAppDevelopersQuickstartGuideforAppDevelopersUsingRedisforPCFTroubleshootingInstancesSampleRedisConfiguration
©CopyrightPivotalSoftwareInc,2013-2019 2 1.12
-
RedisforPCFPagelastupdated:
ThisisdocumentationforRedisforPivotalCloudFoundry(PCF).YoucandownloadtheRedisforPCFtilefromPivotalNetwork .
Thisdocumentation:
DescribesfeaturesandarchitectureofRedisforPCF.
InstructsthePCFoperatoronhowtoinstall,configure,maintain,andbackupRedisforPCF.
Instructstheappdeveloperonhowtochooseaserviceplan,createanddeleteRedisserviceinstances,andbindanapp.
ProductSnapshotElement Details
Version v1.12.9
Releasedate February26,2019
Softwarecomponentversion RedisOSSv4.0.11
CompatibleOpsManagerversion(s) v2.0.x,v2.1.x,andv2.2.x
CompatiblePivotalApplicationService(PAS)version(s) v2.0.x,v2.1.x,andv2.2.x
IaaSsupport AWS,Azure,GCP,OpenStack,andvSphere
IPsecsupport Yes
AboutRedisRedisisaneasytouse,highspeedkey-valuestorethatcanbeusedasadatabase,cache,andmessagebroker.Itsupportsarangeofdatastructuresincludingstrings,lists,hashes,sets,bitmaps,hyperloglogs,andgeospatialindexes.ItiseasytoinstallandconfigureandispopularwithengineersasastraightforwardNoSQLdatastore.Itisusedforeverythingfromaquickwaytostoredatafordevelopmentandtestingthroughtoenterprise-scaleappslikeTwitter.
AboutRedisforPCF
RedisforPCFpackagesRedisforeasydeploymentandoperabilityonPivotalCloudFoundry(PCF).
RedisforPCFoffersOn-Demand,Dedicated-VM,andShared-VMservices.
On-DemandService—ProvidesadedicatedVMrunningaRedisinstance.Theoperatorcanconfigureuptothreeplanswithdifferentconfigurations,memorysizes,andquotas.AppdeveloperscanprovisionaninstanceforanyoftheOn-DemandplansofferedandconfigurecertainRedissettings.
Dedicated-VMService—ProvidesadedicatedVMrunningaRedisinstance.TheDedicated-VMServiceispre-provisionedbytheoperatorwithafixednumberofVMsandmemorysize.Appdeveloperscanthenuseoneofthosepre-provisionedVMs.
Shared-VMService—ProvidessupportforanumberofRedisinstancesrunninginasingleVM.Itisdesignedfortestinganddevelopment.TheShared-VMinstancesarepre-configuredbytheoperatorwithamaxnumberofinstancesandmemorysize.AppdeveloperscanthenprovisionaRedisprocess.
Formoreinformationontheplans,see:
On-DemandServiceOffering
Dedicated-VMandShared-VMServiceOfferings
Note:RedisforPCF1.12isnolongersupportedbecauseithasreachedtheEndofGeneralSupportphase.Tostayuptodatewiththelatestsoftwareandsecurityupdates,upgradetoasupportedversion.
Note:AsofRedisforPCFv1.11,theon-demandserviceisatfeatureparitywiththededicated-VMservice.Thededicated-VMserviceplanwillbedeprecated.Pivotalrecommendsusingtheon-demandserviceplan.
©CopyrightPivotalSoftwareInc,2013-2019 3 1.12
https://network.pivotal.io/products/p-redis
-
IsRedisforPCFrightforyourenterprise?Forinformationonrecommendedusecases,andtheenterprise-readinessofRedisforPCF,seeIsRedisforPCFrightforyourenterprise?.
UpgradingtotheLatestVersionForinformationonhowtoupgradeandthesupportedupgradepaths,seeUpgradingRedisforPCF.
MoreInformationThefollowingtablelistswhereyoucanfindtopicsrelatedtotheinformationonthispage:
Formoreinformationabout… See…
Productcompatibility ProductVersionMatrix
HowtoupgradeRedisforPCF UpgradingRedisforPCF
HowtouseRedis RedisDocumentation
RedisforPCFandOtherPCFServicesSomePCFservicesofferon-demandserviceplans.Theseplansletdevelopersprovisionserviceinstanceswhentheywant.
Thesecontrastwiththemorecommonpre-provisionedserviceplans,whichrequireoperatorstoprovisiontheserviceinstancesduringinstallationandconfigurationthroughtheservicetileUI.
ThefollowingPCFservicesofferon-demandserviceplans:
MySQLforPCFv2.0andlater
RabbitMQforPCF
RedisforPCF
PivotalCloudCache(PCC)
Theseservicespackageanddelivertheiron-demandserviceofferingsdifferently.Forexample,someservices,likeRedisforPCF,haveonetile,andyouconfigurethetiledifferentlydependingonwhetheryouwanton-demandserviceplansorpre-provisionedserviceplans.
Forotherservices,likePCCandMySQLforPCF,onlyon-demandserviceplansareavailable.
ThefollowingtablelistsandcontraststhedifferentwaysthatPCFservicespackageon-demandandpre-provisionedserviceofferings.
PCFservicetile Standaloneproductrelatedtotheservice Versionssupportingondemand Versionssupportingpre-provisioned
RabbitMQforPCF PivotalRabbitMQ v1.8andlater Allversions
RedisforPCF Redis v1.8andlater Allversions
MySQLforPCF MySQL v2.x NA
PCC PivotalGemFire Allversions NA
FeedbackPleaseprovideanybugs,featurerequests,orquestionstothePivotalCloudFoundryFeedbacklist.
©CopyrightPivotalSoftwareInc,2013-2019 4 1.12
http://docs.pivotal.io/compatibility-matrix.pdfhttp://redis.io/documentationmailto:"[email protected]"
-
RedisforPCFReleaseNotesPagelastupdated:
v1.12.9ReleaseDate:February26,2019
SecurityFixesBumpedGoversionusedtov1.10.8forhttps://github.com/golang/go/issues/29903
KnownIssuesThisreleasehasthefollowingissues:
The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .
CompatibilityThefollowingcomponentsarecompatiblewiththisrelease:
Component Version
Stemcell 3468.x
PCF v2.0.x,v2.1.x,andv2.2.x
cf-redis-release v434.0.268/td>
on-demand-service-broker v0.25.0
consul v198.0.0
routing v0.179.0
service-metrics v1.5.13
service-backup v18.1.16
syslog-migration v11.1.1
loggregator-agent v2.3
RedisOSS v4.0.11
v1.12.8ReleaseDate:November29,2018
SecurityFixesThisreleaseincludesthefollowingsecurityfix:
CriticalCVE-2018-15759:OnDemandServicesSDKTimingAttackVulnerability
KnownIssues
©CopyrightPivotalSoftwareInc,2013-2019 5 1.12
https://github.com/golang/go/issues/29903https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://pivotal.io/security/cve-2018-15759
-
Thisreleasehasthefollowingissues:
The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .
CompatibilityThefollowingcomponentsarecompatiblewiththisrelease:
Component Version
Stemcell 3468.x
PCF v2.0.x,v2.1.x,andv2.2.x
cf-redis-release v434.0.26
on-demand-service-broker v0.24.0
consul v198.0.0
routing v0.179.0
service-metrics v1.5.13
service-backup v18.1.15
syslog-migration v11.1.1
loggregator-agent v2.3
RedisOSS v4.0.11
v1.12.7ReleaseDate:October31,2018
FeaturesOn-demandRedisnowsupportssecuremanifests,whichavoidsplaintextsecretsinmanifestsbypassingthesetotheODBtostoreinBOSHCredHub.
FixedIssuesThisreleasefixesthefollowingissue:
Insomenetworkconditions,thesmoke-testserrandwouldtimeoutduetodigtakinglongerthanonesecond.
KnownIssuesThisreleasehasthefollowingissues:
CVE-2018-15759 .
The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .
CompatibilityThefollowingcomponentsarecompatiblewiththisrelease:
©CopyrightPivotalSoftwareInc,2013-2019 6 1.12
https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-rules
-
Component VersionStemcell 3468.x
PCF v2.0.x,v2.1.x,andv2.2.x
cf-redis-release v434.0.25
on-demand-service-broker v0.21.2
consul v198.0.0
routing v0.179.0
service-metrics v1.5.13
service-backup v18.1.15
syslog-migration v11.1.1
loggregator-agent v2.3
RedisOSS v4.0.11
v1.12.6ReleaseDate:September19,2018
FixedIssuesThisreleasefixesthefollowingissue:
The upgrade-all-service-instances errandandotherBOSHlifecycleactionsnolongerfailwhentheprocessmanagermonitistryingtorestarttheRedisprocess.
KnownIssuesInsomenetworkconditions,thesmoke-testserrandcantimeoutduetodigtakinglongerthanonesecond.
Thisreleasehasthefollowingissues:
CVE-2018-15759 .
The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .
CompatibilityThefollowingcomponentsarecompatiblewiththisrelease:
Component Version
Stemcell 3468.x
PCF v2.0.x,v2.1.x,andv2.2.x
cf-redis-release v434.0.20
on-demand-service-broker v0.21.2
consul v196.0.0
routing v0.179.0
service-metrics v1.5.13
service-backup v18.1.13
syslog-migration v11.1.1
loggregator-agent v2.2
RedisOSS v4.0.11
©CopyrightPivotalSoftwareInc,2013-2019 7 1.12
https://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-rules
-
v1.12.5
ReleaseDate:August28,2018
FixesTheCf-RedisServiceBrokernowspecifiesabuildpackintheRedisApppushedduringitssmoketests.Previously,ifanenvironmenthasalargenumberofbuildpacks,thesmoketestsmaytimeoutloopingthroughthebuildpacksinordertofindtheappropriateone.
KnownIssuesCVE-2018-15759 .
Insomenetworkconditions,thesmoke-testserrandcantimeoutduetodigtakinglongerthanonesecond.
The upgrade-all-service-instances errandandotherboshlifecycleactionsfailduetotheprocessmanagermonittryingtorestarttheRedisprocessresultinginfailuretoproperlyunmountthepersistentstorage.
The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .
Compatibility
Component Version
Stemcell 3468.x
PCF v2.0.x,v2.1.x,andv2.2.x
cf-redis-release v434.0.15
on-demand-service-broker v0.21.2
consul v195.0.0
routing v0.179.0
service-metrics v1.5.13
service-backup v18.1.13
syslog-migration v11.1.1
loggregator-agent v2.0
RedisOSS v4.0.8
v1.12.3ReleaseDate:July25,2018
FixesFixespreviousversionnotworkingwithany3468stemcellversion.
KnownIssuesCVE-2018-15759 .
warning:Pivotalrecommendsthatyoudonotinstallthisversionbecauseofthe upgrade-all-service-instances knownissuebelow.Installv1.12.6instead.Ifyourunthe upgrade-all-service-instances errandonthisversionyoumusttakemanualstepstoupgradeyourserviceinstances.SpeaktosupportorseeUpgrade-all-service-instanceserrandfailsinRedisforPCFv1.12.5&v1.13.2 inthePivotalSupportknowledgebase.
©CopyrightPivotalSoftwareInc,2013-2019 8 1.12
https://community.pivotal.io/s/article/upgrade-all-service-instances-errand-fails-in-redis-for-pcf-v1-12-5--v1-13-2https://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://pivotal.io/security/cve-2018-15759
-
Insomenetworkconditions,thesmoke-testserrandcantimeoutduetodigtakinglongerthanonesecond.
The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .
TheCf-RedisServiceBrokerdoesnotspecifyabuildpackintheRedisApppushedduringitssmoketests.Asaresult,ifanenvironmenthasalargenumberofbuildpacks,thesmoketestsmaytimeoutloopingthroughthebuildpacksinordertofindtheappropriateone.
Compatibility
Component Version
Stemcell 3468.x
PCF v2.0.x,v2.1.x,andv2.2.x
cf-redis-release v434.0.10
on-demand-service-broker v0.21.2
consul v192.0.0
routing v0.169.0
service-metrics v1.5.11
service-backup v18.1.9
syslog-migration v10.0.0
loggregator v101.3
RedisOSS v4.0.8
v1.12.2ReleaseDate:July20,2018
FeaturesNewfeaturesandchangesinthisrelease:
Thisreleaseupdatesthepackagedgolangversionto1.10.3.
FixesAOFrewritenowoccursinthedrainscriptforsharedVMs.Aspartofthis,the BGREWRITEAOF commandhasbeenaliased.ThealiasisavailableintheCredentialstabonthetile.
KnownIssuesCVE-2018-15759 .
Insomenetworkconditions,thesmoke-testserrandcantimeoutduetodigtakinglongerthanonesecond.
The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .
Canonlybeinstalledwithspecificstemcellversion,3468.54.
TheCf-RedisServiceBrokerdoesnotspecifyabuildpackintheRedisApppushedduringitssmoketests.Asaresult,ifanenvironmenthasalargenumberofbuildpacks,thesmoketestsmaytimeoutloopingthroughthebuildpacksinordertofindtheappropriateone.
©CopyrightPivotalSoftwareInc,2013-2019 9 1.12
https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-rules
-
Compatibility
Component Version
Stemcell 3468.54
PCF v2.0.x,v2.1.x,andv2.2.x
cf-redis-release v434.0.10
on-demand-service-broker v0.21.2
consul v192.0.0
routing v0.169.0
service-metrics v1.5.11
service-backup v18.1.9
syslog-migration v10.0.0
loggregator v101.3
RedisOSS v4.0.8
v1.12.1ReleaseDate:May24,2018
FeaturesNewfeaturesandchangesinthisrelease:
Permissionsarestricterforservice-relatedfilesanddirectories,specificallythoserelatingtothe redis.conf andRedis pid files.
UpdatesservicedisplaynameforOn-DemandRedisServiceto“RedisOn-Demand”intheAppsManagermarketplace.
FixedIssuesFixesanintermittentissuethatcancauseexecutingarestoretofail.
Itisnowpossibletoupdatethearbitraryparametersofaserviceinstanceinan update-service command.
Upgradesandstemcellbumpsnolongerfailifshared-vmsaredownorunresponsive.
Thedefaultpersistenceforon-demandinstancesisnowpartialpersistenceusingRDBfiles.Thisfixestheissueofdiskusageinflationfromfrequentinstancerestarts.
KnownIssuesCVE-2018-15759 .
Insomenetworkconditions,thesmoke-testserrandcantimeoutduetodigtakinglongerthanonesecond.
The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .
AOFrewritedoesnotoccurinthedrainscriptforshared-vms.
TheCf-RedisServiceBrokerdoesnotspecifyabuildpackintheRedisApppushedduringitssmoketests.Asaresult,ifanenvironmenthasalargenumberofbuildpacks,thesmoketestsmaytimeoutloopingthroughthebuildpacksinordertofindtheappropriateone.
Compatibility
Component Version
Stemcell 3468.x
PCF v2.0.xandv2.1.x
©CopyrightPivotalSoftwareInc,2013-2019 10 1.12
https://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-rules
-
cf-redis-release v434.0.6
on-demand-service-broker v0.21.2
consul v192.0.0
routing v0.169.0
service-metrics v1.5.11
service-backup v18.1.9
syslog-migration v10.0.0
loggregator v101.3
RedisOSS v4.0.8
v1.12.0ReleaseDate:April24,2018
FeaturesNewfeaturesandchangesinthisrelease:
UpdatesthepackagedOSSRedisversiontov4.0.8.FormoreinformationaboutnewfeaturesinRedisv4.0.8,seetheRedisreleasenotes .
Introducesabetafeatureforon-demandinstancesthatallowsaRedisinstancetobesharedwithanotherspace.Formoreinformationonthisfeature,seeSharingaRedisInstancewithAnotherSpace(Beta).
Thereisnolongeralimitonthemaximumnumberofon-demandinstancesthatcanbedeployedfromtheRedisforPCFtile.
TheRedisappend-onlyfileisoptimizedforsizewhenRedisrestartsformoreefficientdiskusage.
Tiledeploymentnolongerfailsiftherearenosharedsystemdomainsbecausesmoketestsnowusethesystemdomain.
SupportsstemcellswithoutTransparentHugePages(THP)kernelmodules.
Reintroducescolocatederrandsforfasterdeployments.
KnownIssuesCVE-2018-15759 .
Insomenetworkconditions,thesmoke-testserrandcantimeoutduetodigtakinglongerthanonesecond.
Theredis-odbservicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.
TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehaviour,seeErrandRunRules .
Theredis-odbfailsifarbitraryparametersarechangedinan update-service command.
ExecutingarestoremayfailtocompleteandleavetheCONFIGcommandunaliased.
Upgradesandstemcellbumpsfailifanyshared-vmsaredownorunresponsive.
AOFrewritedoesnotoccurinthedrainscriptforshared-vms.
DefaultpersistenceissettofullpersistenceusinganAOFfile.Ifaninstanceisrestartedfrequently(forexample,forupgrades),thisfilecangrowsignificantly,leadingtoverylargepersistentdiskusage.IfyourRedisinstancehassignificantlylargerpersistentdiskusagethanexpected,checkthesizeofyour appendonly.aof file(usuallyat /var/vcap/store/redis )toverifyifthisisthesourceoftheusage.Ifso,youcanhaveRedisrewritetheAOFfilebyrunningtheBGREWRITEAOF command.
TheCf-RedisServiceBrokerdoesnotspecifyabuildpackintheRedisApppushedduringitssmoketests.Asaresult,ifanenvironmenthasalargenumberofbuildpacks,thesmoketestsmaytimeoutloopingthroughthebuildpacksinordertofindtheappropriateone.
Compatibility
Component Version
Stemcell 3468.x
PCF v2.0.xandv2.1.x
©CopyrightPivotalSoftwareInc,2013-2019 11 1.12
http://download.redis.io/redis-stable/00-RELEASENOTEShttps://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://redis.io/commands/bgrewriteaof
-
cf-redis-release v433.0.0
on-demand-service-broker v0.20.0
consul v191.0.0
routing v0.169.0
service-metrics v1.5.11
service-backup v18.1.9
syslog-migration v10.0.0
loggregator v101.3
RedisOSS v4.0.8
ViewReleaseNotesforAnotherVersionToviewthereleasenotesforanotherproductversion,selecttheversionfromthedropdownatthetopofthispage.
©CopyrightPivotalSoftwareInc,2013-2019 12 1.12
-
IsRedisforPCFrightforyourenterprise?Pagelastupdated:
ThistopicprovidesrecommendedusecasesforRedisforPivotalCloudFoundry(PCF)andinformationfordeterminingtheproduct’sfitforyourenterprise’susecase.
RecommendedUseCasesDedicated-VMandShared-VMplansaredesignedfordatastoreusecases.On-Demandplans,introducedinRedisforPCFv1.8,areconfiguredbydefaultforcacheusecasesbutcanalsobeusedasadatastore.
Rediscanbeusedinmanydifferentways,including:
Key/valuestore:ForstringsandmorecomplexdatastructuresincludingHashes,Lists,Sets,andSortedSets
Sessioncache:Persistenceenabledpreservationofstate
Fullpagecache:Persistenceenabledpreservationofstate
Databasecache:Middle-tierdatabasecachingtospeedupcommonqueries
Dataingestion:BecauseRedisisinmemory,itcaningestdataveryquickly
Messagequeues:Listandsetoperations. PUSH , POP ,andblockingqueuecommands.
Leaderboardsandcounting:Incrementsanddecrementssetsandsortedsetsusing ZRANGE , ZADD , ZREVRANGE , ZRANK , INCRBY ,and GETSET
Pub/Sub:Builtinpublishandsubscribeoperations: PUBLISH , SUBSCRIBE ,and UNSUBSCRIBE
SLOBenchmarkTheRedisforPCFteammaintainsamonthlyServiceLevelObjective(SLO)of99.95%uptimefortheRedisforPCFofferingonPivotalWebServices.Thisisprovidedasabenchmark.SLOsforseparateofferingsoftheRedisforPCFservicevarybasedonvariablessuchasinfrastructure,networking,andrelevantpoliciesaroundsecurityupgrades.
ServiceOfferingsFordescriptionsofthethreeRedisforPCFserviceofferings,see:
On-DemandServiceOffering
Dedicated-VMandShared-VMServiceOfferings
Enterprise-ReadinessChecklistReviewthefollowingtabletodetermineifRedisforPCFhasthefeaturesneededtosupportyourenterprise.
Resilience MoreInformation
Availability
AllRedisforPCFservicesaresinglenodeswithoutclusteringcapabilities.Thismeansthatplanneddowntime(e.g.,upgrades)canresultin2–10minutesofdowntime,dependingonthenatureoftheupgrade.Unplanneddowntime(e.g.,VMfailure)alsoaffectstheRedisservice.RedisforPCFhasbeenusedsuccessfullyinenterprise-readyappsthatcantoleratedowntime.Pre-existingdataisnotlostduringdowntimewiththedefaultpersistenceconfiguration.Successfulappsincludethosewherethedowntimeispassivelyhandledorwheretheapphandlesfailoverlogic.
RecommendedUseCases
SupportforMultipleAZs
Note:TheShared-VMserviceshouldonlybeusedfordevelopmentandtesting.Donotuseforproduction.
Note:AsofRedisforPCFv1.11,theon-demandserviceisatfeatureparitywiththededicated-VMservice.Thededicated-VMserviceplanwillbedeprecated.Pivotalrecommendsusingtheon-demandserviceplan.
©CopyrightPivotalSoftwareInc,2013-2019 13 1.12
-
FailureRecovery
VMfailuresandprocessfailuresarehandledautomaticallybyBOSHandRedisforPCF.ManualbackupandrestoreinstructionsareavailableforallthreeRedisservices.AutomaticbackupcapabilitiesareenabledforallthreeRedisservices.
ManualBackupandRestoreFlow AutomaticBackupsforDedicated-VMService
IsolationIsolationisprovidedwhenusingtheOn-DemandandDedicated-VMservice.IndividualappsandworkflowsshouldhavetheirownRedisforPCFinstancetomaximizeisolation.
Day2Operations MoreInformation
ResourcePlanning
OperatorscanconfigurethenumberofVMsandthesizeofthoseVMs.FortheOn-Demandservice,theoperatordoesthisbycreatingplanswithspecificVMsizesandquotasforeachplan.FortheDedicated-VMandShared-VMservices,thenumberandsizeofVMsarepre-provisionedbytheoperator.BOSHerrandsusedforregistration,upgradeandcleanupuseshort-livedVMsthatcannotbeconfiguredbutcanbeturnedonoroff.
On-DemandResourcePlanning Pre-provisioningDedicated-VMandShared-VMInstances
HealthMonitoring
TheOn-DemandserviceandDedicated-VMserviceemitmetrics.TheseincludeRedis-specificmetricsandRedisforPCFmetrics.GuidanceoncriticalmetricsandalertinglevelsiscapturedwiththeRedisforPCFKeyPerformanceIndicators(KPIs).
KeyPerformanceIndicators
Scalability
FortheOn-DemandService,theoperatorcanconfigurethreeplanswithdifferentresourcesizes.TheoperatorcanalsoscaleuptheVMsizeassociatedwiththeplan.Additionally,theoperatorcanincreasethequota,whichcapsthenumberofinstancesallowedforeachOn-Demandplan.FortheDedicated-VMService,theoperatorscanchangethenumberofdedicatednodesdeployedaswellaschangetheVMsizeassociatedfortheDedicated-VMs.Topreventdataloss,onlyscalingupissupported.FortheShared-VMService,theoperatorscanchangetheRedisinstancememorylimitaswellaschangetheinstancelimit.Topreventdataloss,onlyscalingupissupported.
ScalingtheOn-DemandServiceScalingtheDedicated-VMService
LoggingAllRedisservicesemitlogs.Operatorscanconfiguresyslogforwardingtoaremotedestination.ThisenablesviewinglogsfromeveryVMintheRedisforPCFdeploymentinoneplace,effectivetroubleshootingwhenlogsarelostonthesourceVM,andsettingupalertsforimportanterrorlogstomonitorthedeployment.
Configuringsyslogforwarding
CustomizationTheOn-Demandservicecanbeconfiguredtobestfittheneedsofaspecificapp.TheDedicated-VMandShared-VMservicecannotbecustomized.
ConfiguringtheOn-Demandservice
UpgradesForinformationaboutpreparinganupgradeandaboutunderstandingtheeffectsonyourRedisforPCFandotherservices,seeUpgradingRedisforPCF.RedisforPCFupgradesrunapostdeploymentBOSHerrandcalledsmoketeststovalidatethesuccessoftheupgrade.
UpgradesSmokeTests
Encryption MoreInformation
EncryptedCommunicationinTransit
RedisforPCFhasbeentestedwiththeIPsecAdd-onforPCF.BeyondthatRedisforPCFdoesnotprovideadditionalencryptionontopofRedis.
SecuringDatainTransitwiththeIPsecadd-on OSRedisSecurity
SupportforMultipleAZsRedisforPCFsupportsconfiguringmultipleavailabilityzones(AZs).However,assigningmultipleAZstoRedisinstancesdoesnotguaranteehighavailabilityasclusteredRedisisnotsupported.Redisinstancesoperateassinglenodes.
On-DemandplanscanbeconfiguredtodeployinstancestoanyAZ.
Shared-VMinstancesrunonasinglenodeintheAZinwhichthetileisdeployed.
Dedicated-VMinstancescanbeassignedtoanyoftheconfiguredAZs.
©CopyrightPivotalSoftwareInc,2013-2019 14 1.12
https://docs.pivotal.io/redis/1-12/manual-br.htmlhttps://docs.pivotal.io/redis/1-9/architecture.html#resourcehttps://docs.pivotal.io/redis/1-9/installing.html#dedicated-vm-confighttps://docs.pivotal.io/addon-ipsec/index.htmlhttps://redis.io/topics/security
-
On-DemandServiceOfferingPagelastupdated:
RedisforPCFoffersOn-Demand,Dedicated-VM,andShared-VMserviceplans.Thissectiondescribesthearchitecture,lifecycle,andconfigurationsoftheon-demandplan,aswellasnetworkinginformationfortheon-demandservice.ForsimilarinformationfortheDedicated-VMandShared-VMplans,seeDedicated-VMandShared-VMServiceOfferings.
ArchitectureDiagramforOn-DemandPlanThisdiagramshowsthearchitectureoftheservicebrokerandon-demandplansandhowtheuser’sappbindstoaRedisinstance.
©CopyrightPivotalSoftwareInc,2013-2019 15 1.12
-
On-DemandServicePlans
ThreeOn-DemandCachePlansOn-demandplansarebestfitforcacheusecasesandareconfiguredassuchbydefault.
©CopyrightPivotalSoftwareInc,2013-2019 16 1.12
-
RedisforPCFoffersthreeon-demandplansasthe p.redis servicewithinthePCFRedistile.BelowisadescriptionofeachplanasitappearsintheMarketplaceanditsintendedusecase.
SmallCachePlan:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwithabout1GBofmemoryandmorethan2.5GBofpersistentdisk.
MediumCachePlan:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwithabout2GBofmemoryandmorethan5GBofpersistentdisk.
LargeCache:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwithabout4GBofmemoryandmorethan10GBofpersistentdisk.
Foreachserviceplan,theoperatorcanconfigurethePlanname,Plandescription,ServerVMtypeandServerDisktype,orchoosetodisabletheplancompletely.Setthepersistentdisksizetoatleast2.5timesthememoryoftheinstance.
FeaturesofOn-DemandServicePlansEachon-demandserviceinstanceisdeployedtoitsownVMandissuitableforproductionworkloads.
Theserviceplansareoperator-configuredandenabled.Onceenabled,appdeveloperscanviewtheavailableplansintheMarketplaceandprovisionaRedisinstancefromthatplan.
Operatorscanupdatethecacheplansettings,includingtheVMsizeanddisksize,aftertheplanshavebeencreated.
OperatorsandappdeveloperscanchangecertainRedisconfigurationsfromthedefault.SeeConfigurationforOn-DemandServicePlansformoreinformation.
Thedefault maxmemory-policy is allkeys-lru andcanbeupdatedforothercachepolicies.
Themaximumnumberofinstancesismanagedbyaper-planandglobalquota.Forinformationonsettingquotas,seeSettingLimitsforOn-DemandServiceInstances.
ConfigurationofOn-DemandServicePlansForon-demandplans,certainRedisconfigurationscanbesetbytheoperatorduringplanconfiguration,andbytheappdeveloperduringinstanceprovisioning.OtherRedisconfigurationscannotbechangedfromthedefault.
OperatorConfigurableRedisSettingsTheRedissettingsthatanoperatorcanconfigureinthetileUIinclude:
RedisClientTimeout
RedisTCPKeepalive
MaxClients
LuaScripting
PlanQuota
Formoreinformation,seeAdditionalRedisConfigurations.
AppDeveloperConfigurableRedisSettingsTheRedissettingsthatanappdevelopercanconfigureinclude:
maxmemory-policy
notify-keyspace-events
slowlog-log-slower-than
slowlog-max-len .
Formoreinformation,seeCustomizeanOn-DemandServiceInstance.
©CopyrightPivotalSoftwareInc,2013-2019 17 1.12
-
OperatorNotesforOn-DemandServicePlansInstancesoftheon-demandplancanbedeployeduntiltheirnumberreacheseitheranoperator-setper-planquotaoraglobalquota.Forinformationonsettingquotas,seeSettingLimitsforOn-DemandServiceInstances.
InstancesareprovisionedbasedontheOn-DemandServicesSDK andservicebrokeradapterassociatedwiththisplan.
maxmemory in redis.conf issetto45%ofthesystemmemory.
Anyon-demandplancanbedisabledfromtheplanpageinOpsManager.
KnownLimitationsforOn-DemandServicePlansLimitationsfortheOn-DemandServiceinclude:
OperatorsmustnotdownsizetheVMsordisksizeasthiscancausedatalossinpre-existinginstances.
Operatorscanupdatecertainplansettingsaftertheplanshavebeencreated.Toensureupgradeshappenacrossallinstances,settheupgradeinstanceserrandtoOn.
IftheoperatorupdatestheVMsize,disksize,ortheRedisconfigurationsettings(enablingLuaScripting,max-clients,timeout,andTCPkeep-alive),thesesettingsareimplementedinallinstancesalreadycreated.
LifecycleforOn-DemandServicePlanHereisthelifecycleofRedisforPCF,fromanoperatorinstallingthetilethroughanappdeveloperusingtheservicethenanoperatordeletingthetile.
©CopyrightPivotalSoftwareInc,2013-2019 18 1.12
http://docs.pivotal.io/on-demand-service-broker/
-
©CopyrightPivotalSoftwareInc,2013-2019 19 1.12
-
Dedicated-VMandShared-VMServiceOfferingsPagelastupdated:
RedisforPivotalCloudFoundry(PCF)offersOn-Demand,Dedicated-VM,andShared-VMserviceplans.Thissectiondescribesthearchitecture,lifecycle,andconfigurationsofDedicated-VMandShared-VMplans.ForsimilarinformationfortheOn-Demandserviceplan,seeOn-DemandServiceOffering.
AboutthePre-ProvisionedPlansRedisforPCFincludestwopre-provisionedserviceplans:
Dedicated-VMPlanAninstanceofthisplanprovisionsasingleRedisprocessonasinglededicatedVM.Thisplanissuitableforproductionworkloadsandworkloadsthatrequireisolationordedicatedhardware.
Shared-VMPlanAninstanceofthisplanprovisionsasingleRedisprocessonasinglesharedVM.Thisplanissuitableforworkloadswhichdonotrequirededicatedhardware.
ArchitectureDiagramforSharedandDedicatedPlansThisdiagramshowshowthearchitectureoftheservicebrokerandShared-VMandDedicated-VMplansandhowtheuser’sappbindstoaRedisinstance.
Note:AsofRedisforPCFv1.11,theon-demandserviceisatfeatureparitywiththededicated-VMservice.Thededicated-VMserviceplanwillbedeprecated.Pivotalrecommendsusingtheon-demandserviceplan.
©CopyrightPivotalSoftwareInc,2013-2019 20 1.12
-
ConfigurationforDedicated-VMandShared-VMServicePlansForDedicated-VMandShared-VMplans,thedefaultRedisconfigurationscannotbechanged.Asample redis.conf fromaDedicated-VMplaninstanceisprovidedhere.
Redisisconfiguredwitha maxmemory-policy of no-eviction .Thispolicymeansthatwhenthememoryisfull,theservicedoesnotevictanykeysorperformanywriteoperationsuntilmemorybecomesavailable.
Persistenceisconfiguredforboth RDB and AOF .
Bydefault,themaximumnumberofconnections, maxclients ,issetat10000.Redismightreducethisnumberwhenrunonasystemwithalowmaximumnumberoffiledescriptors.YoucanretrievetheactualsettingonyourRedisserviceinstanceswiththeRediscommand CONFIGGETmaxclients .YoucanusetheRediscommand CONFIGSETmaxclients totemporarilyreduce maxclients ,butyoucannotincreaseitabove10000.Thereisnowaytoconfiguresharedanddedicatedplanstouseacustomlimit.
Replicationandeventnotificationarenotconfigured.
ConfigurationfortheDedicated-VMServicePlanAninstanceofthisplan,provisionsasingleRedisprocess,onasinglededicatedVM.Thisplanissuitableforproductionworkloadsandworkloadsthatrequireisolationordedicatedhardware.
©CopyrightPivotalSoftwareInc,2013-2019 21 1.12
-
OperatorNotesfortheDedicated-VMServicePlanThefollowingRediscommandsareenabled:
MONITOR
SAVE
BGSAVE
BGREWRITEAOF
The maxmemory valuefortheRedisprocessissettobe45%oftheRAMforthatinstance.
ThepersistentdiskshouldbesettobeatleastthesizeoftheRAMavailabletotheVMorgreater,inordertoaccountforthefinalandtemporaryRDBfilegeneratedbytheRedisbackgroundsave.
Thisplandeploystheoperator-configurednumberofdedicatedRedisVMsalongsideasingleservicebrokerVM.
Theseinstancesarepre-provisionedduringthedeploymentofthetilefromOpsManagerintoapool.TheVMsareprovisionedandconfiguredwithaRedisprocessreadytobeusedwhenaninstanceofthe dedicated-vm planisrequested.
Adefaultdeploymentprovisions 5instances ofthe dedicated-vm planintothepool.Thisnumbercanbeincreasedonthe ResourceConfig tabinOpsManager,eitherintheinitialdeploymentorthereafter.ThenumberofVMscannotbedecreasedoncedeployed.
Whenauserprovisionsaninstance,itismarkedasinuseandtakenoutofthepool.
Whenauserdeprovisionsaninstance,theinstanceiscleansedofanydataandconfigurationtorestoreittoafreshstateandplacedbackintothepool,readytobeusedagain.
Thisplancanbedisabledbysettingthenumberofinstancesofthe Dedicatednode jobinOpsManagerto 0 .
ThenumberofDedicated-VMplaninstancesavailabletodevelopersissetbytheoperator.Configurationsofupto100Dedicated-VMplaninstanceshavebeentested.
Youcandisablethisplanbysettingthenumberofinstancesofthe Dedicatednode jobinOpsManagerto 0 .
KnownLimitationsoftheDedicated-VMServicePlan
Limitationsofthe dedicated-vm planinclude:
NoabilitytochangetheRedisconfiguration.The CONFIG commandisdisabled.
CannotscaledownthenumberofVMsontheplanoncedeployed.
CannotscaledownthesizeofVMsontheplanoncedeployed(thisprotectsagainstdataloss).
ConfigurationfortheShared-VMServicePlanAninstanceofthisplanprovisionsasingleRedisprocessonasinglesharedVM.Thisplanissuitableforworkloadswhichdonotrequirededicatedhardware.
OperatorNotesfortheShared-VMPlanThisplandeploysaRedisinstanceinasharedVMandasingleservicebrokerVM.
Thisplancanbedisabledbysettingthe Maxinstanceslimit onthe Shared-VMPlan tabinOpsManagertobe 0 .
Themaximumnumberofinstancescanbeincreasedfromthedefault5tothevaluethatyouwant.IfyouincreasethenumberofinstancesthatcanberunonthissingleVM,youshouldconsiderincreasingtheresourcesallocatedtotheVM,inparticularRAMandCPU.Youcanovercommittosomeextent,butmaystarttoseeperformancedegradations.
YoucanalsoincreasethemaximumamountofRAMallocatedtoeachRedisprocess(serviceinstance)thatisrunningonthisVM
Ifyoudecreasetheserviceinstancelimit,anyinstancesthatarerunningwherethecountisnowgreaterthanthelimitarenotterminated.Theyarelefttoberemovednaturally,untilthetotalcountdropsbelowthenewlimityoucannotcreateanynewinstances.
Forexampleifyouhadalimitof10andallwereusedandreducedthisto8,thetwoinstanceswillbeleftrunninguntilyouterminatethemyourself.
ThenumberofSharedVMinstancesavailabletodevelopersissetbytheoperator.ThemaximumnumberofsharedVMinstancesisrelativetothememoryallocatedtoeachSharedVMinstanceandthetotalmemoryoftheRedisservicebroker.Fordetails,seeConfiguringServicePlans.
KnownLimitationsoftheShared-VMPlan
Limitationsofthe shared-vm planinclude:
©CopyrightPivotalSoftwareInc,2013-2019 22 1.12
-
ItcannotbescaledbeyondasingleVM.
Thefollowingcommandsaredisabled: CONFIG , MONITOR , SAVE , BGSAVE , SHUTDOWN , BGREWRITEAOF , SLAVEOF , DEBUG ,and SYNC .
ConstrainingCPUand/ordiskusageisnotsupported.
BecausetheShared-VMplandoesnotmanage“noisyneighbor”problems,Pivotaldoesnotrecommenditforproductionapps.
LifecycleforDedicated-VMandShared-VMServicePlansHereisthelifecycleofRedisforPCF,fromanoperatorinstallingthetilethroughanappdeveloperusingtheservicethenanoperatordeletingthetile.
©CopyrightPivotalSoftwareInc,2013-2019 23 1.12
-
©CopyrightPivotalSoftwareInc,2013-2019 24 1.12
-
NetworkingforOn-DemandServicesPagelastupdated:
ThissectiondescribesnetworkingconsiderationsfortheRedisforPivotalCloudFoundry(PCF)on-demandservice.
ServiceNetworkRequirementWhenyoudeployPCF,youmustcreateastaticallydefinednetworktohostthecomponentvirtualmachinesthatconstitutethePCFinfrastructure.
PCFcomponents,liketheCloudControllerandUAA,runonthisinfrastructurenetwork.On-demandPCFservicesmayrequirethatyouhostthemonanetworkthatrunsseparatelyfromthisnetwork.Youcanalsodeploytilesonseparateservicenetworkstomeetyourownsecurityrequirement.
PCFv2.0andEarlierInPCFv2.0andearlier,cloudoperatorspre-provisionserviceinstancesfromOpsManager.Foreachservice,OpsManagerallocatesandrecoversstaticIPaddressesfromapre-definedblockofaddresses.
Toenableon-demandservicesinPCFv2.0andearlier,operatorsmustcreateaservicenetworksinBOSHDirectorandselecttheServiceNetworkcheckbox.Operatorsthencanselecttheservicenetworktohoston-demandserviceinstanceswhentheyconfigurethetileforthatservice.
PCFv2.1andLaterPCFv2.1andlaterincludedynamicnetworking.InPCFv2.1andlater,operatorscanusedynamicnetworkingwithasynchronousserviceprovisioningtodefinedynamically-provisionedservicenetworks.Formoreinformation,seeDefaultNetworkandServiceNetwork.
InPCFv2.1andlater,on-demandservicesareenabledbydefaultonallnetworks.OperatorscancreateseparatenetworkstohostservicesinBOSHDirector,butdoingsoisoptional.Operatorsselectwhichnetworkhostson-demandserviceinstanceswhentheyconfigurethetileforthatservice.
DefaultNetworkandServiceNetworkOn-demandPCFservicesrelyontheBOSH2.0abilitytodynamicallydeployVMsinadedicatednetwork.Theon-demandservicebrokerusesthiscapabilitytocreatesingle-tenantserviceinstancesinadedicatedservicenetwork.
On-demandservicesusethedynamically-provisionedservicenetworktohostthesingle-tenantworkerVMsthatrunasserviceinstanceswithindevelopmentspaces.ThisarchitectureletsdevelopersprovisionIaaSresourcesfortheirserviceinstancesatcreationtime,ratherthantheoperatorpre-provisioningafixedquantityofIaaSresourceswhentheydeploytheservicebroker.
Bymakingservicessingle-tenant,whereeachinstancerunsonadedicatedVMratherthansharingVMswithunrelatedprocesses,on-demandserviceseliminatethe“noisyneighbor”problemwhenoneapphogsresourcesonasharedcluster.Single-tenantservicescanalsosupportregulatorycompliancewheresensitivedatamustbecompartmentalizedacrossseparatemachines.
Anon-demandservicesplitsitsoperationsbetweenthedefaultnetworkandtheservicenetwork.Sharedcomponentsoftheservice,suchasexecutivecontrollersanddatabases,runcentrallyonthedefaultnetworkalongwiththeCloudController,UAA,andotherPCFcomponents.Theworkerpooldeployedtospecificspacesrunsontheservicenetwork.
ThediagrambelowshowsworkerVMsinanon-demandserviceinstancerunningonaseparateservicesnetwork,whileothercomponentsrunonthedefaultnetwork.
RequiredNetworkingRulesforOn-DemandServicesBeforedeployingaservicetilethatusestheon-demandservicebroker(ODB),requesttheneedednetworkconnectionstoallowcomponentsofPivotalCloudFoundry(PCF)tocommunicatewithODB.
ThespecificsofhowtoopenthoseconnectionsvariesforeachIaaS.
©CopyrightPivotalSoftwareInc,2013-2019 25 1.12
-
Seethefollowingtableforkeycomponentsandtheirresponsibilitiesinanon-demandarchitecture.
KeyComponents TheirResponsibilities
BOSHDirector
CreatesandupdatesserviceinstancesasinstructedbyODB.
BOSHAgentIncludesanagentoneveryVMthatitdeploys.TheagentlistensforinstructionsfromtheBOSHDirectorandcarriesoutthoseinstructions.TheagentreceivesjobspecificationsfromtheBOSHDirectorandusesthemtoassignarole,orjob,totheVM.
BOSHUAA IssuesOAuth2tokensforclientstousewhentheyactonbehalfofBOSHusers.
PAS Containstheappsthatareconsumingservices
ODB InstructsBOSHtocreateandupdateservices,andconnectstoservicestocreatebindings.
Deployedserviceinstance
Runsthegivendataservice.Forexample,thedeployedRedisforPCFserviceinstancerunstheRedisforPCFdataservice.
Regardlessofthespecificnetworklayout,theoperatormustensurenetworkrulesaresetupsothatconnectionsareopenasdescribedinthetablebelow.
SourceComponent
DestinationComponent
DefaultTCPPort Notes
ODBBOSHDirector
BOSHUAA255558443 Thedefaultportsarenotconfigurable.
ODB PAS 8443 Thedefaultportisnotconfigurable.
ErrandVMs
PAS
ODB
Deployedserviceinstances
84438080637912345
Thedefaultportsarenotconfigurable.
BOSHAgent BOSHDirector 4222
TheBOSHAgentrunsoneveryVMinthesystem,includingtheBOSHDirectorVM.TheBOSHAgentinitiatestheconnectionwiththeBOSHDirector.Thedefaultportisnotconfigurable.
Thecommunicationbetweenthesecomponentsistwo-way.
DeployedappsonPAS
Deployedserviceinstances
6379 ThisisthedefaultportwhereRedisisdeployed.
PAS ODB 12345 Thedefaultportisnotconfigurable.
ForacompletelistofportsandrangesusedinRedisforPCF,seeNetworkConfiguration.
©CopyrightPivotalSoftwareInc,2013-2019 26 1.12
-
RedisforPCFSecurityPagelastupdated:
SecurityPivotalrecommendsthefollowingbestpracticesforsecurity:
(Required)ToallowthisservicetohavenetworkaccessyoumustcreateApplicationSecurityGroups.Formoreinformation,seeNetworks,Security,andAssigningAZs.
RunRedisforPCFinitsownnetwork.Formoreinformationaboutcreatingservicenetworks,seeCreatingNetworksinOpsManager .
YoucanuseRedisforPCFwiththeIPsecAdd-onforPCF.ForinformationabouttheIPsecAdd-onforPCF,seeSecuringDatainTransitwiththeIPsecAdd-on .
DonotuseasingleRedisforPCFinstanceformulti-tenancy.AsingleRedisinstanceoftheOn-DemandorDedicated-VMserviceshouldonlysupportasingleworkload.
TheShared-VMserviceisdesignedformulti-tenancy,butyoushouldnotuseitforproductionusecasesbecauseitisnotconsideredadequatelysecureforthatpurpose.
Neverchangethenetworkthatapre-existingDedicated-VMdeploymentworkswith.Ifthenetworkischanged,thebindingsfortheexistingDedicated-VMinstancesstopworking,buttheseinstancesstillappearasavailabletonewapps.Becausetheexistinginstancesmighthavedataonthemandnewappscanbindtothem,datamightunintentionallybeleakedtonewappsthatbindtotheseinstances.
©CopyrightPivotalSoftwareInc,2013-2019 27 1.12
https://docs.pivotal.io/pivotalcf/1-11/customizing/gcp-om-config.html#networkhttps://docs.pivotal.io/addon-ipsec/index.html
-
IntroductionforOperatorsPagelastupdated:
ThistopicisforPivotalCloudFoundry(PCF)operators.Itintroducessomebestpractices,butdoesnotprovidedetailsaboutoperation.
BestPracticesPivotalrecommendsthatoperatorsfollowtheseguidelines:
ResourceAllocation—WorkwithappdeveloperstoanticipatememoryrequirementsandtoconfigureVMsizes.InstancesofDedicted-VMandShared-VMserviceshaveidenticalVMsizes.However,withtheOn-Demandservice,appdeveloperscanchoosefromthreedifferentplans,eachwithitsownVMsizeandquota.SeetheserviceofferingfortheOn-DemandPlanandResourceUsagePlanningforOn-Demandplans.
Logs—Configureasyslogoutput.Storinglogsinanexternalservicehelpsoperatorsdebugissuesbothcurrentandhistorical.SeeConfigureSyslogOutput.
Monitoring—Setupamonitoringdashboardformetricstotrackthehealthoftheinstallation.
BackingUpData—WhenusingRedisforpersistence,configureautomaticbackupssothatdatacanberestoredinanemergency.Validatethebacked-updatawithatestrestore.SeeConfiguringAutomatedBackupsandManuallyBackingupandRestoring .
Using—InstancesoftheOn-DemandandDedicated-VMservicesrunondedicatedVMs.Appsinproductionshouldhaveadedicatedoron-demandinstancetopreventperformanceissuescausedbysharinganinstance.TheShared-VMservicesharesaVMacrossmanyinstances,andPivotalrecommendsthatyouonlyuseitfordevelopmentandtesting.SeetheserviceofferingsfortheOn-DemandPlanandtheDedicatedandSharedPlans.
RedisKeyCountandMemorySizeRediscanhandleupto2 keys,andwastestedinpracticetohandleatleast250millionkeysperinstance.Everyhash,list,set,andsortedset,canhold2 elements.VMmemoryismorelikelytobealimitingfactorthannumberofkeysthatcanbehandled.
ErrandsRedisforPCFincludestheerrandslistedbelow.
Post-DeployErrandsBrokerRegistrar—Registersthecf-redis-brokerwithPCFtoofferthe p-redis service( shared-vm and dedicated-vm plans).
SmokeTests—Runslifecycletestsfor shared-vm and dedicated-vm plansifthesehavebeenenabledandthereisremainingquotaavailable.Thetestscoverprovisioning,binding,reading,writing,unbinding,anddeprovisioningofserviceinstances.
RegisterOn-DemandBroker—Registerstheon-demandRedisbrokerwithPCFtoofferthe p.redis service(on-demandplans).
On-DemandSmokeTests—Runslifecycletestsforenabledplansofthe p.redis serviceifthereisremainingquotaavailable.Thetestscoverprovisioning,binding,reading,writing,unbindinganddeprovisioningofserviceinstances.
UpgradeAllOn-DemandServiceInstances—Upgradeson-demandserviceinstancestousethelatestplanconfiguration,servicereleases,andstemcell.
Theabovepost-deployerrandsarerunbydefaultwheneverApplyChangesistriggered,whetherornottherehasbeenaconfigurationchangeintheRedisforPCFtileitself.
Pre-DeleteErrandsBrokerDeregistrar—Deregistersthe cf-redis-broker .
DeleteAllOn-DemandServiceInstancesandDeregisterBroker—Deletesallon-demandinstancesandderegisterstheon-demandRedisbroker.
Theabovepre-deleteerrandsarerunbydefaultwhenevertheRedisforPCFtileisdeleted.
32
32
©CopyrightPivotalSoftwareInc,2013-2019 28 1.12
https://docs.pivotal.io/redis/1-12/manual-br.html
-
TurningoffPost-DeployErrandsPivotalrecommendsthatyourunthepost-deployerrandsatanytriggerofApplyChanges.However,thispracticecanextendthedurationofapplyingchangesbyseveralminuteseverytime.Thissectionhelpsyoudecidewhenitissafetoskipsomepost-deployerrands.
ChangestoRedisforPCFTileConfiguration
IfthechangesincludeconfigurationchangesontheRedisforPCFtileoranewstemcellversion,theoperatormustrunallpost-deployerrands.
InstallingAnotherTile
WheninstallinganothertilethatdoesnotmakeanychangestotheBOSHDirectororthePivotalApplicationService(PAS),itisnotnecessarytorunanyoftheRedisforPCFtile’spost-deployerrands.
ChangestoOtherTiles
SometimesthechangedoesnotincludechangestotheRedisforPCFtile’sconfiguration.ThenitmightnotbenecessarytorunalloftheRedisforPCFtile’spost-deployerrands.
BrokerRegistrarErrandRequiredtoruniftheCFsystemdomainischangedinthePAStile.
NotnecessarytorunifthechangeonlyinvolvesothertilesexceptPAStile.
RegisterOn-DemandBrokerErrandRequiredtorunifthenetworkrangethattheRedisOn-demandBrokerisdeployedinischangedintheBOSHDirectortile.
NotnecessarytorunifthechangeonlyinvolvesothertilesexceptBOSHDirector.
SmokeTestsandOn-DemandSmokeTestsErrandsRequiredtoruniftheirrespectiveregisterbrokererrandisrequired.
Requiredtorunbothifanewerstemcellminorversionisuploaded.TheRedisforPCFtilefloatstothenewestminorversion.Formoreinformation,seeUnderstandingFloatingStemcells .
GoodpracticetorunbothforanychangeintheBOSHDirectororPAStile.
NotnecessarytoruneitherifthechangeonlyinvolvesothertilesexceptPASandBOSHDirector.
UpgradeAllOn-DemandServiceInstancesErrandRequiredtorunifanewerstemcellminorversionisuploaded.TheRedisforPCFtilefloatstothenewestminorversion.Formoreinformation,seeUnderstandingFloatingStemcells .
Notnecessarytoruniftherearenoon-demandinstancesprovisioned.
SmokeTestsOpsManagerrunsRedisforPCFsmoketestsasapost-installerrand.Youcanalsorunthesmoketestserrandusingthefollowingprocedure:
1. Retrievethedeploymentnameoftheinstalledproduct.Tofindthedeploymentname,dothefollowingsteps:
a. FromtheOpsManagerUI,clicktheRedisforPCFtile.
PivotalrecommendsagainstchangingtheBOSHDirector’snetworkconfigurationinawaythatchangestherangeswheretheRedisforPCFtiledeploysVMs.
©CopyrightPivotalSoftwareInc,2013-2019 29 1.12
https://docs.pivotal.io/pivotalcf/customizing/understanding-stemcells.htmlhttps://docs.pivotal.io/pivotalcf/customizing/understanding-stemcells.html
-
b. CopythepartoftheURLthatstartswith“p-redis-”.
2. Runthesmoketestserrand:bosh-dREDIS-DEPLOYMENT-NAMErun-errandsmoke-tests
Formoreinformation,seeRedisforPCFSmokeTests.
Note:Smoketestsfailunlessyouenableglobaldefaultapplicationsecuritygroups(ASGs).YoucanenableglobaldefaultASGsbybindingtheASGtothe system orgwithoutspecifyingaspace.ToenableglobaldefaultASGs,use cfbind-running-security-
group.
©CopyrightPivotalSoftwareInc,2013-2019 30 1.12
-
InstallingRedisforPCFPagelastupdated:
ThistopicdescribestheprocessofinstallingRedisforPCF.ItcoverstasksfromdownloadingthefilefromthePivotalNetworkthroughverifyingtheinstallationafterconfiguration.
Role-BasedAccessinOpsManagerOpsManageradministratorscanuseRole-BasedAccessControl(RBAC)tomanagewhichoperatorscanmakedeploymentchanges,viewcredentials,andmanageuserrolesinOpsManager.Therefore,yourrolepermissionsmightnotallowyoutoperformeveryprocedureinthisoperatorguide.
FormoreinformationaboutrolesinOpsManager,seeUnderstandRolesinOpsManager .
DownloadandInstalltheTileToaddRedisforPivotalCloudFoundry(PCF)toOpsManager,followtheprocedureforaddingPCFOpsManagertiles:
1. DownloadtheRedisforPCFfilefromPivotalNetwork .SelectthelatestreleasefromtheReleasesdropdown.
2. InthePCFOpsManagerInstallationDashboard,clickImportaProducttouploadtheRedisforPCFfile.
3. Clickthe+signnexttotheuploadedproductdescriptiontoaddthetiletoyourstagingarea.
4. ToconfigureRedisforPCF,clickthenewlyaddedtile.
5. Aftercompletingtherequiredconfiguration,clickApplyChangestoinstalltheservice.
ForguidanceonportsandrangesusedintheRedisservice,seeSelectNetworksbelow.
AssignAZsandNetworksToassignAZsandnetworks,clicktheAssignAZsandNetworkssettingstab.
©CopyrightPivotalSoftwareInc,2013-2019 31 1.12
https://docs.pivotal.io/pivotalcf/opsguide/config-rbac.html#abouthttps://network.pivotal.io/products/p-redis
-
AssignAZsInRedisforPCFv1.9andlater,youcanassignmultipleAZstoRedisjobs,howeverthisdoesnotguaranteehighavailability.Formoreinformation,seeSupportforMultipleAZs.
ToassignAZs,dothefollowing:
1. IntheAssignAZsandNetworkstab,makeyourselectionsunderPlacesingletonjobsinandBalanceotherjobsin.
2. ClickSave.
SelectNetworksYoucanuseRedisforPCFwithorwithoutusingtheon-demandservice.TousetheRedisforPCFon-demandservice,youmustselectanetworkinwhichtheserviceinstancesarecreated.Formoreinformation,seeNetworkingforOn-DemandServices.
Toselectnetworks,dothefollowing:
1. IntheAssignAZsandNetworkstab,selectaNetwork.
PivotalrecommendsthateachtypeofPCFserviceruninitsownnetwork.Forexample,runRedisforPCFonaseparatenetworkfromRabbitMQforPCF.
2. Ifusingtheon-demandservice,selectaServiceNetwork.Otherwise,selectanemptyservicenetwork .
PortRangesUsedinRedisforPCF
ThefollowingportsandrangesareusedinRedisforPCF:
Port Protocol DirectionandNetwork Reason
83008301
TCPTCPandUDP
InboundtoCloudFoundrynetwork,outboundfromservicebrokerandserviceinstancenetworks*
CommunicationbetweentheCFconsul_serverandconsul_agentsonRedisdeployment;usedformetrics
8202 TCPInboundtoCloudFoundrynetwork,outboundfromservicebrokerandserviceinstancenetworks*
UsedbytheRedismetron_agenttoforwardmetricstotheCloudFoundryLoggregator
12350 TCPOutboundfromCloudFoundrytothecf-redis-brokerservicebrokernetwork
(Onlyifusingacf-redis-broker)Accesstothecf-redis-brokerfromthecloudcontrollers.
12345 TCPOutboundfromCloudFoundrytotheon-demandservicebrokernetwork
(OnlyifusinganOn-Demandservice)Foraccesstotheon-demandservicebrokerfromthecloudcontrollers
6379 TCPOutboundfromCloudFoundrytoanyserviceinstancenetworks(dedicated-nodeandon-demand)
Accesstoalldedicatednodesandon-demandnodesfromtheDiegoCellandDiegoBrainnetwork(s)
32768-61000
TCPOutboundfromCloudFoundrytothecf-redis-brokerservicebrokernetwork
FromtheDiegoCellandDiegoBrainnetwork(s)totheservicebrokerVM.Thisisonlyrequiredforthesharedserviceplan.
80or443(Typically)
httporhttpsrespectively
Outboundfromanyserviceinstancenetworks Accesstothebackupblobstore
844325555
TCPOutboundfromanyon-demandservicebrokernetworktotheBOSHDirectornetwork
Fortheon-demandservice,theon-demandservicebrokerneedstotalktotheBOSHDirector
*Typicallytheservicebrokernetworkandserviceinstancenetwork(s)arethesame.
ConfigureRedisforPCFServicePlansClicktheRedisforPCFtileintheOpsManagerInstallationDashboardtodisplaytheconfigurationpageandallocateresourcestoRedisserviceplans.
Note:InOpsManagerv2.0andearlier,aspecificnetworkwasdesignatedastheServiceNetworktoreserveIPsfortheon-demandservice.InOpsManagerv2.1andlater,IPsarenolongermanagedinthisway.AllnetworksarenowavailabletouseasaServiceNetwork.
©CopyrightPivotalSoftwareInc,2013-2019 32 1.12
https://discuss.pivotal.io/hc/en-us/articles/115010154387
-
On-DemandServiceSettings1. ClickOn-DemandServiceSettings,andthenentertheMaximumserviceinstancesacrossallon-demandplans.Themaximumnumberof
instancesyousetforallyouron-demandplanscombinedcannotexceedthisnumber.
Formoreinformation,seeSettingLimitsforOn-DemandServiceInstances.
2. SelecttheAllowoutboundinternetaccessfromserviceinstancescheckbox.Youmustselectthischeckboxtoallowexternallogforwarding,sendbackupartifactstoexternaldestinations,andcommunicatewithanexternalBOSHblobstore.
3. (Optional)SelectthecheckboxtoenableServiceInstanceSharing.ThisisaBetafeature.Turningonsharingenablesthisexperimentalfeatureforallon-demandinstances.
4. Toconfigureanon-demandplan,clickOn-DemandPlan1,2,or3.
Youcanconfigureuptothreeon-demandplanswithappropriatememoryanddisksizesforyourusecase(s).ResourceconfigurationoptionsmayvaryondifferentIaaSes.
Thedefaultnamesofthethreeon-demandplansprovidedreflectthatinstancesoftheseplansareintendedtobeusedfordifferentcachesizes:
cache-small:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwith~1GBofmemoryand>2.5GBofpersistentdiskcache-medium:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwith~2GBofmemoryand>5GBofpersistentdiskcache-large:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwith~4GBofmemoryand>10GBofpersistentdisk
Note:OutboundnetworktrafficrulesalsodependonyourIaaSsettings.ConsultyournetworkorIaaSadministratortoensurethatyourIaaSallowsoutboundtraffictotheexternalnetworksyouneed.
Note:Toenablethisfeatureauserwithadminprivilegesmustrun cfenable-feature-flagservice_instance_sharing .Forinformationaboutthisfeature,seeSharingaRedisInstancewithAnotherSpace(Beta).
©CopyrightPivotalSoftwareInc,2013-2019 33 1.12
-
5. Configurethefollowingsettingsforyouron-demandplan(s).Anypre-populateddefaultsettingsarepre-configuredaccordingtothememoryanddisksizeofeachplan.
Field Description
Plan SelectPlanActiveorPlanInactive.Aninactiveplandoesnotneedanyfurtherconfiguration.
PlanName EnteranamethatwillappearintheMarketplace.
PlanDescription EnteradescriptionthatwillappearintheMarketplace.Specifydetailsthatwillberelevanttoappdevelopers.
PlanQuotaEnterthemaximumnumberofinstancesofthisplanthatappdeveloperscancreate.Formoreinformation,seeSettingLimitsforOn-DemandServiceInstances.
CFServiceAccessSelectaserviceaccesslevel.Thissettingdoesnotmodifythepermissionsthathavebeenpreviouslyset,andallowsformanualaccesstobeconfiguredfromtheCLI.
AZtodeployRedis ThisistheAZinwhichtodeploytheRedisinstancesfromtheplan.ThismustbeoneoftheAZsoftheservicenetwork
©CopyrightPivotalSoftwareInc,2013-2019 34 1.12
-
instancesofthisplan (configuredintheBOSHDirectortile).
ServerVMtypeSelecttheVMtype.Pivotalrecommendsthatthepersistentdiskshouldbeatleast2.5xtheVMmemoryfortheon-demandbrokerand3.5xtheVMmemoryforcf-redis-broker.
ServerDisktypeSelectthedisktype.Pivotalrecommendsthatthepersistentdiskshouldbeatleast2.5xtheVMmemoryfortheon-demandbrokerand3.5xtheVMmemoryforcf-redis-broker.
RedisClientTimeout Thisfieldreferstotheservertimeoutforanidleclientspecifiedinseconds.Thedefaultsettingis3600.Adjustthissettingasneeded.
RedisTCPKeepaliveRedisTCPKeepalivereferstotheinterval(inseconds)atwhichTCPACKSaresenttoclients.Thedefaultsettingis60.Adjustthissettingasneeded.
MaxClientsMaxClientsreferstothemaximumnumberofclientsthatcanbeconnectedatanyonetime.Perplan,thedefaultsettingis1000forsmall,5000formediumand10000forlarge.Adjustthissettingasneeded.
LuaScripting EnableordisableLuaScriptingasneeded.PivotalrecommendsthatLuaScriptingbedisabled.
6. ClickSave.
UpdatingOn-DemandServicePlans
Operatorscanupdatecertainsettingsaftertheplanshavebeencreated.IftheoperatorupdatestheVMsize,disksize,ortheRedisconfigurationsettings(enablingLuaScripting,max-clients,timeoutandTCPkeep-alive),thesesettingsareimplementedinallinstancesthatarealreadycreated.
OperatorsshouldnotdownsizetheVMsordisksizebecausethiscancausedatalossinpre-existinginstances.Additionally,operatorscannotmakeaplanthatwaspreviouslyactive,inactive,untilallinstancesofthatplanhavebeendeleted.
RemovingOn-DemandServicePlans
IfyouwanttoremovetheOn-DemandServicefromyourtile,dothefollowing:
1. GototheResourceConfigpageontheRedisforPCFtile,andsettheRedisOn-DemandBrokerjobinstancesto0.
2. NavigatetotheErrandspageontheRedisforPCFtile,andsetthefollowingerrandstooff:
RegisterOn-demandRedisBrokerOn-demandBrokerSmokeTestsUpgradeallOn-demandRedisServiceInstancesDeregisterOn-demandRedisBroker
3. Createanemptyservicenetwork.Forinstructions,seethisKnowledgeBasearticle .
4. GotoeachofthethreeOn-DemandPlanpagesontheRedisforPCFtile,andseteachplantoPlanInactive.Forexample:
©CopyrightPivotalSoftwareInc,2013-2019 35 1.12
https://discuss.pivotal.io/hc/en-us/articles/115010154387
-
Shared-VMPlan
1. SelecttheShared-VMPlantab.
2. Configurethesefields:
RedisInstanceMemoryLimit—Maximummemoryusedbyashared-VMinstanceRedisServiceInstanceLimit—Maximumnumberofshared-VMinstances
MemoryandinstancelimitsdependonthetotalsystemmemoryofyourRedisbrokerVMandrequiresomeadditionalcalculation.Formoreinformation,seeMemoryLimitsforShared-VMPlansbelow.
3. ClickSave.
4. Ifyoudonotwanttousetheon-demandservice,youmustmakealloftheon-demandserviceplansinactive.Clickthetabforeachon-demandplan,andselectPlanInactive.SeetheexampleinStep4ofRemovingOn-DemandServicePlansabove.
5. TochangetheallocationofresourcesfortheRedisbroker,clicktheResourceConfigtab.
TheRedisbrokerserverrunsalloftheRedisinstancesforyourShared-VMplan.FromtheResourceConfigpage,youcanchangetheCPU,RAM,EphemeralDisk,andPersistentDiskmadeavailable,asneeded.
MemoryLimitsforShared-VMPlans
Additionalcalculationisrequiredtoconfigurememorylimitsforshared-VMplans.Withtheseplans,severalserviceinstancessharetheVM,andtheRedisbrokeralsorunsonthissameVM.Therefore,thememoryusedbyalltheshared-vminstancescombinedshouldbeatmost45%ofthememoryoftheRedisbrokerVM.
Toconfigurethelimitsinthesefields,estimatethemaximummemorythatcouldbeusedbyallyourRedisshared-VMinstancescombined.Ifthatfigureishigherthan45%oftheRedisbrokerVM’stotalsystemmemory,youcandooneofthefollowing:
DecreasetheRedisInstanceMemoryLimit.
DecreasethenumberofinstancesinRedisServiceInstanceLimit.
IncreasetheRAMfortheRedisBrokerintheResourceConfigtabasshownbelow.
©CopyrightPivotalSoftwareInc,2013-2019 36 1.12
-
Herearesomeexamplesforsettingtheselimits:
RedisBrokerVMTotalMemory RedisInstanceMemoryLimit RedisServiceInstanceLimit
16GB 512MB 14
16GB 256MB 28
64GB 512MB 56
Dedicated-VMPlan
1. ToconfiguretheDedicated-VMplan,clicktheResourceConfigtabtochangetheallocationofresourcesfortheDedicatedNode.
Thedefaultconfigurationcreatesfivededicatednodes(VMs).EachnodecanrunoneRedisdedicated-VMinstance.Youcanchangethenumberofdedicatednodes,andconfigurethesizeofthepersistentandephemeraldisks,andtheCPUandRAMforeachnode.ThedefaultVMsizeissmall.ItisimportantthatyousetthecorrectVMsizetohandleanticipatedloads.
Note:ItispossibletoconfigurealargerRedisServiceInstanceLimit,ifyouareconfidentthatthemajorityofthedeployedinstanceswillnotusealargeamountoftheirallocatedmemory,forexampleindevelopmentortestenvironments.
However,thispracticeisnotsupportedandcancauseyourservertorunoutofmemory,preventingusersfromwritinganymoredatatoanyRedisshared-VMinstance.
Note:InRedisforPCFv1.11andlater,theon-demandserviceisatfeatureparitywiththededicated-VMservice.Thededicated-VMserviceplanwillbedeprecated.Pivotalrecommendsusingtheon-demandserviceplan.Todisablededicated-VMplans,seeDisableSharedandDedicatedVMPlansbelow.
©CopyrightPivotalSoftwareInc,2013-2019 37 1.12
-
Withdedicated-VMplans,thereisoneRedisserviceinstanceoneachVM.Themaximummemoryaninstancecanuseshouldbeatmost45%ofthetotalsystemRAMontheVM.Youcansetthiswiththe maxmemory configuration.Theappcanuse100%of maxmemory –thatis,upto45%ofthesystemRAM.Pivotalrecommendsthepersistentdiskbesetto2.5xtheamountofsystemRAM.
2. ClickSave.
3. Ifyoudonotwanttousetheon-demandservice,youmustmakealloftheon-demandserviceplansinactive.Clickthetabforeachon-demandplan,andselectPlanInactive.SeetheexampleinStep4ofRemovingOn-DemandServicePlansabove.
ConfigureResourcesforDedicated-VMandShared-VMPlansToconfigureresourcesfortheShared-VMandDedicated-VMplans,clicktheResourceConfigsettingstabontheRedisforPCFtile.
TheShared-VMplanisontheRedisBrokerresource.
TheDedicated-VMplanisontheDedicatedNoderesource.
ThefollowingarethedefaultresourceandIPrequirementsforRedisforPCFwhenusingtheShared-VMorDedicated-VMplans:
Product Resource Instances CPU Ram Ephemeral Persistent StaticIP DynamicIP
Redis RedisBroker 1 2 3072 4096 9216 1 0
Redis DedicatedNode 5 2 1024 4096 4096 1 0
Redis BrokerRegistrar 1 1 1024 2048 0 0 1
Redis BrokerDe-Registrar 1 1 1024 2048 0 0 1
Redis Compliation 2 2 1024 4096 0 0 1
DisableSharedandDedicatedVMPlansYoucandisableSharedandDedicatedVMPlansbydoingthefollowingwhileconfiguringRedistile:
1. EnsureatleastoneOn-Demandplanisactive.
2. Configurethefollowingtabs:
Shared-VMPlan:a.SetRedisServiceInstanceLimitto0.b.ClickSave.
Errands:a.SetBrokerRegistrartoOff.b.SetSmokeTeststoOff.c.SetBrokerDeregistrartoOff.d.LeaveallfourOn-DemanderrandsOn.e.ClickSave.
ResourceConfig:a.DecreaseRedisBrokerPersistentdisktypetothesmallestsizeavailable.b.DecreaseRedisBrokerVMtypetothesmallestsizeavailable.c.SetDedicatedNodeInstancesto0.d.ClickSave.
AdditionalRedisConfigurationsYoucanupdatecertainplansettingsaftertheplanshavebeencreated.Updatestothesettingsforthecomponentsbelowareimplementedinallexistinginstances:
VMsize
Disksize
©CopyrightPivotalSoftwareInc,2013-2019 38 1.12
-
Redisconfigurationsettings:
LuaScriptingMax-clientsTimeoutTCPkeep-alive
Thefollowingtabledescribespropertiesyoucanupdateintheplanconfigurationpage,shownabove.
Property Default Description
RedisClientTimeout
3600 Servertimeoutforanidleclientspecifiedinseconds(e.g.,3600)
RedisTCPKeepalive
60 Themaxnumberofconnectedclientsatthesametime
MaxClients1000/5000/10000(small/medium/large)
Themaxnumberofconnectedclientsatthesametime
LuaScripting
Enabled Enable/DisableLuascripting
PlanQuota 20MaximumnumberofRedisserviceinstancesforthisplan,acrossallorgsandspaces.Formoreinformation,seeSettingLimitsforOn-DemandServiceInstances.
Forsettingsthatappdeveloperscanconfigure,seeCustomizeanOn-DemandServiceInstance.
ConfigureSyslogForwardingPivotalrecommendsthatoperatorsconfiguresyslogforwardingtoaremotedestination.Forwardingyoursystemlogstoaremotedestinationletsyou:
ViewlogsfromeveryVMintheRedisforPCFdeploymentinoneplace.
EffectivelytroubleshootingwhenlogsarelostonthesourceVM.
Setupalertsforimportanterrorlogstomonitorthedeployment.
AlllogsfollowRFC5424format.
Toconfiguresyslogforwarding,dothefollowing:
1. ClicktheRedisforPCFtiletodisplaytheconfigurationpage,andthenclicktheSyslogtab.
warning:YoumustnotdownsizetheVMsordisksize.Thiscancausedatalossinpre-existinginstances.
©CopyrightPivotalSoftwareInc,2013-2019 39 1.12
-
2. SelecteitherYeswithoutencryptionorYeswithTLSencryption.
3. EntertheSyslogAddressandPort,andselecttheTransportprotocolofyourremotedestination.YoucanonlyuseTCPifyouareusingTLSencryption.
Theinformationrequiredforthesefieldsisprovidedbyyourremotedestination.Addressshouldbesomethingsuchas logs.papertrailapp.com ,andPortwillbeanumbersuchas 41635 .
4. Selecttheformatforyourlogs.RFC5424 isthesuggestedformat.
ForinstancesoftheRedison-demandplan,alllogsfollowRFC5424format.InstancesoftheDedicated-VMandShared-VMplansallowfortheoperatortoselecttheirlogformattobeeithertheirlegacyformatorRFC5424.PCFismovingtowardallsyslogsconsistentlyusingRFC5424format.
5. IfyouselectedYeswithTLSencryption,completethesefields:
PermittedPeerreferstotheremotesyslogdestination.ItallowseachVMtoestablishanencryptedtunnelwiththeremotesyslogdestination.ThePermittedPeeriseithertheacceptedfingerprint(SHA1)ornameoftheremotepeer,forexample *.example.com .TLSCAcertificatereferstothetrustedcertificateauthoritiesfortheremotesyslogdestination.Largecertificatechains(>8kb)arenotsupported.
Note:Tousesyslogforwardingforon-demandinstances,youmustselecttheAllowoutboundinternetaccessfromserviceinstancescheckboxintheOn-DemandServiceSettingstab.
©CopyrightPivotalSoftwareInc,2013-2019 40 1.12
https://tools.ietf.org/html/rfc5424
-
6. ClickSave.
ApplyChangesfromYourConfigurationYourinstallationisnotcompleteuntilyouapplyyourconfigurationchanges.Followthestepsbelow:
1. ReturntotheOpsManagerInstallationDashboard.
2. ClickApplyChanges.
CreateApplicationSecurityGroupsToallowthisservicetohavenetworkaccess,youmustcreateApplicationSecurityGroups(ASGs) .EnsureyoursecuritygroupallowsaccesstotheRedisServiceBrokerVMandDedicatedVMsconfiguredinyourdeployment.YoucanobtaintheIPaddressesfortheseVMsinOpsManagerundertheResourceConfigsectionfortheRedisforPCFtile.
ApplicationContainerNetworkConnectionsApplicationcontainersthatuseinstancesoftheRedisforPCFservicerequirethefollowingoutboundnetworkconnections:
Destination Ports Protocol Reason
ASSIGNED_NETWORK 32768-61000 tcp Enableapplicationtoaccesssharedvmserviceinstance
ASSIGNED_NETWORK 6379 tcp Enableapplicationtoaccessdedicatedvmserviceinstance
CreateanASGcalled redis-app-containers withtheaboveconfigurationandbindittotheappropriatespaceor,togiveallstartedappsaccess,bindtothedefault-running ASGsetandrestartyourapps.Example:
[{"protocol":"tcp","destination":"ASSIGNED_NETWORK","ports":"6379"}]
ValidatingInstallationSmoketestsrunaspartofRedisforPCFinstallationtovalidatethattheinstallsucceeded.Formoreinformation,seeRedisforPCFSmokeTests.
UninstallingRedisforPCFTouninstallRedisforPCF,dothefollowing:
1. InthePCFOpsManagerInstallationdashboard,clickthetrashcaniconinthelowerrighthandcorneroftheRedisforPCFtile.
2. Confirmdeletionoftheproduct,andthenclickApplyChanges.
Note:WithoutASGs,thisserviceisunusable.
©CopyrightPivotalSoftwareInc,2013-2019 41 1.12
http://docs.pivotal.io/pivotalcf/1-10/adminguide/app-sec-groups.html
-
UpgradingRedisforPCFPagelastupdated:
ThissectioncontainstheupgradeprocedureandupgradepathsforRedisforPCF.
CompatibleUpgradePathsBeforeupgradingRedisforPCF,forcompatibilityinformation,seetheProductVersionMatrix .
UpgradeRedisforPCFThisproductenablesareliableupgradeexperiencebetweenversionsoftheproductthatisdeployedthroughOpsManager.
Forinformationontheupgradepathsforeachreleasedversion,seetheabovetable.
ToupgradeRedisforPCF,dothefollowing:
1. DownloadthelatestversionoftheproductfromPivotalNetwork .
2. Uploadthenew .pivotal filetoOpsManager.
3. Ifrequired,uploadthestemcellassociatedwiththeupdate.
4. Ifrequired,updateanynewmandatoryconfigurationparameters.
5. Pivotalrecommendsthatyourunthe upgrade-all-service-instances errand.Forhowtoruntheerrand,seeUpgradeAllServiceInstances.
6. ClickApplychanges.Therestoftheprocessisautomated.
DuringtheupgradedeploymenteachRedisinstanceexperiencesasmallperiodofdowntimeaseachRedisinstanceisupdatedwiththenewsoftwarecomponents.ThisdowntimeisbecausetheRedisinstancesaresingleVMsoperatinginanonHAsetup.
Thelengthofthedowntimedependsonwhetherthereisastemcellupdatetoreplacetheoperatingsystemimage,orwhethertheexistingVMcansimplyhavetheredissoftwareupdated.StemcellupdatesincuradditionaldowntimewhiletheIaaScreatesthenewVM,whereasupdateswithoutastemcellupdatearefaster.
OpsManagerensurestheinstancesareupdatedwiththenewpackagesandanyconfigurationchangesareappliedautomatically.
Upgradingtoanewerversionoftheproductdoesnotcauseanylossofdataorconfiguration.
DowntimeDuringUpgradesandRedeploysAredeploycausesdowntimeoftheRedisforPCFtile.Thissectionclarifieswhateventstriggeraredeploy.
OpsManagerChangesInOpsManager,anyfieldthatchangesthemanifestcausesaredeployoftheRedisforPCFtile.
PASChangesInPivotalApplicationService(PAS),changestoanyofthefollowingpropertiescantriggerdowntime:
..cf.consul_server.ips —ConsulServerResourceConfig
Note:Existingserviceinstancesarenotupgradedifyoudonotrunthiserrand.Theseinstancesdonotbenefitfromanysecurityfixesornewfeaturesincludedintheupgrade.
©CopyrightPivotalSoftwareInc,2013-2019 42 1.12
http://docs.pivotal.io/compatibility-matrix.pdfhttps://network.pivotal.io/products/p-redis
-
$runtime.system_domain —RuntimeSystemDomain
..cf.ha_proxy.skip_cert_verify.value —DisableSSLcertificateverificationforthisenvironmentinPAS
$runtime.apps_domain —RuntimeAppsDomain
..cf.nats.ips —NATSResourceConfig
$self.service_network —ServiceNetworksinOpsManager
WhentheoperatorappliesanyoftheabovechangestoPAS,downtimeistriggeredforthefollowing:
RedisOn-DemandBrokerinRedisforPCFv1.8andlater
Dedicated-VMandShared-VMServicesinRedisforPCFv1.9andearlier
UpgradingallServiceInstancesForRedisforPCFv1.8andlater,downtimeforserviceinstancesoccursonlyaftertheoperatorrunsthe upgrade-all-service-instances BOSHerrand,afteralltileupgradesarecompletedsuccessfully.
AnychangetoafieldontheRedisforPCFtilecausesBOSHtoredeployboththelegacyandtheOn-DemandRedisBrokersaftertheoperatorrunstheupgrade-all-service-instances errand.
NetworkChangesafterDeploymentThissectionexplainshowchangingthenetworkafterdeployingRedisforPCFaffectsinstancesandapps.
DedicatedandSharedVMsTochangethenetworkfordedicated-VMandshared-VMservices,clickAssignAZsandNetworksintheRedisforPCFtileconfigurationandusetheNetworkdropdown.Thenetworkappliestobothshared-VManddedicated-VMservices.
YoucanalsochangethenetworkbyalteringtheCIDRintheBOSHDirectortile.
Pivotaldiscourageschangingthenetworkthatapre-existingdedicated-VMdeploymentorshared-VMdeploymentworkswith.
Ifthenetworkischanged,appbindingsforexistingdedicated-VMandshared-VMinstancesmightstopworking.Dedicated-VMsmightalsobereallocatedasnewserviceinstanceswithouttheirdatabeingcleaned,resultinginadataleakbetweenapps.
On-DemandServiceInstancesTochangetheservicenetworkforon-demandserviceinstances,clickAssignAZsandNetworksintheRedistileconfigurationandusetheServiceNetworkdropdown.Theservicenetworkappliestoon-demandserviceinstances.
YoucanalsochangetheservicenetworkbyalteringtheCIDRintheBOSHDirectortile.
Ifyouchangetheservicenetwork,youmustunbindandrebindexistingappstotheon-demandRedisinstance.
Newon-demandserviceinstancesareplacedintothenewservicenetwork,butexistingon-demandserviceinstancesarenotmoved.Ifyouneedtomovethedatainon-demandRedisinstancestoanewservicenetwork,youmustcreateanewinstance,migratethedatamanually,anddeletetheoldinstance.
Similarly,changingtheavailabilityzoneforanon-demandplanonlyappliestonewon-demandinstancesanddoesnotalterexistinginstances.
ReleasePolicyWhenanewversionofRedisisreleased,anewversionofRedisforPCFisreleasedsoonafter.
FormoreinformationaboutthePCFreleasepolicy,seeReleasePolicy .
©CopyrightPivotalSoftwareInc,2013-2019 43 1.12
https://docs.pivotal.io/pivotalcf/security/process/pcf-security.html#release-policy
-
©CopyrightPivotalSoftwareInc,2013-2019 44 1.12
-
SettingLimitsforOn-DemandServiceInstancesPagelastupdated:
On-demandprovisioningisintendedtoaccelerateappdevelopmentbyeliminatingtheneedfordevelopmentteamstorequestandwaitforoperatorstocreateaserviceinstance.However,tocontrolcosts,operationsteamsandadministratorsmustensureresponsibleuseofresources.
Thereareseveralwaystocontroltheprovisioningofon-demandserviceinstancesbysettingvariousquotasattheselevels:
Global
Plan
Org
Space
Afteryousetquotas,youcan:
ViewCurrentOrgandSpace-levelQuotas
MonitorQuotaUseandServiceInstanceCount
CalculateResourceCostsforOn-DemandPlans
CreateGlobal-levelQuotasEachPivotalCloudFoundry(PCF)servicehasaseparateservicebroker.Aglobalquotaattheservicelevelsetsthemaximumnumberofserviceinstancesthatcanbecreatedbyagivenservicebroker.Ifaservicehasmorethanoneplan,thenthenumberofserviceinstancesforallplanscombinedcannotexceedtheglobalquotafortheservice.
TheoperatorsetsaglobalquotaforeachPCFserviceindependently.Forexample,ifyouhaveRedisforPCFandRabbitMQforPCF,youmustsetaseparateglobalservicequotaforeachofthem.
Whentheglobalquotaisreachedforaservice,nomoreinstancesofthatservicecanbecreatedunlessthequotaisincreased,orsomeinstancesofthatservicearedeleted.
CreatePlan-levelQuotasAservicemayofferoneormoreplans.Youcansetaseparatequotaperplansothatinstancesofthatplancannotexceedtheplanquota.Foraservicewithmultipleplans,thetotalnumberofinstancescreatedforallplanscombinedcannotexceedtheglobalquotafortheservice.
Whentheplanquotaisreached,nomoreinstancesofthatplancanbecreatedunlesstheplanquotaisincreasedorsomeinstancesofthatplanaredeleted.
CreateandSetOrg-levelQuotasAnorg-levelquotaappliestoallPCFservicesandsetsthemaximumnumberofserviceinstancesanorganizationcancreatewithinPCF.Forexample,ifyousetyourorg-levelquotato100,developerscancreateupto100serviceinstancesinthatorgusinganycombinationofPCFservices.
Whenthisquotaismet,nomoreserviceinstancesofanykindcanbecreatedintheorgunlessthequotaisincreasedorsomeserviceinstancesaredeleted.
Tocreateandsetanorg-levelquota,dothefollowing:
1. Runthiscommandtocreateaquotaforserviceinstancesattheorglevel:
cf create-quota QUOTA-NAME -m TOTAL-MEMORY -i INSTANCE-MEMORY -r ROUTES -s SERVICE-INSTANCES --allow-paid-service-plans
Where:
QUOTA-NAME —AnameforthisquotaTOTAL-MEMORY —MaximummemoryusedbyallserviceinstancescombinedINSTANCE-MEMORY —Maximummemoryusedbyanysingleserviceinstance
©CopyrightPivotalSoftwareInc,2013-2019 45 1.12
-
ROUTES —MaximumnumberofroutesallowedforallserviceinstancescombinedSERVICE-INSTANCES —Maximumnumberofserviceinstancesallowedfortheorg
Forexample:
cfcreate-quotamyquota-m1024mb-i16gb-r30-s50--allow-paid-service-plans
2. Associatethequotayoucreatedabovewithaspecificorgbyrunningthefollowingcommand:
cf set-quota ORG-NAME QUOTA-NAME
Forexample:
cfset-quotadev_orgmyquota
Formoreinformationonmanagingorg-levelquotas,seeCreatingandModifyingQuotaPlans .
CreateandSetSpace-levelQuotasAspace-levelservicequotaappliestoallPCFservicesandsetsthemaximumnumberofserviceinstancesthatcanbecreatedwithinagivenspaceinPCF.Forexample,ifyousetyourspace-levelquotato100,developerscancreateupto100serviceinstancesinthatspaceusinganycombinationofPCFservices.
Whenthisquotaismet,nomoreserviceinstancesofanykindcanbecreatedinthespaceunlessthequotaisupdatedorsomeserviceinstancesaredeleted.
Tocreateandsetaspace-levelquota,dothefollowing:
1. Runthefollowingcommandtocreatethequota:
cf create-space-quota QUOTA-NAME -m TOTAL-MEMORY -i INSTANCE-MEMORY -r ROUTES -s SERVICE-INSTANCES --allow-paid-service-plans
Where:
QUOTA-NAME —AnameforthisquotaTOTAL-MEMORY —MaximummemoryusedbyallserviceinstancescombinedINSTANCE-MEMORY —MaximummemoryusedbyanysingleserviceinstanceROUTES —MaximumnumberofroutesallowedforallserviceinstancescombinedSERVICE-INSTANCES —Maximumnumberofserviceinstancesallowedfortheorg
Forexample:
cfcreate-space-quotamyspacequota-m1024mb-i16gb-r30-s50--allow-paid-service-plans
2. Associatethequotayoucreatedabovewithaspecificspacebyrunningthefollowingcommand:
cf set-space-quota SPACE-NAME QUOTA-NAME
Forexample:
cfset-space-quotamyspacemyspacequota
Formoreinformationonmanagingspace-levelquotas,seeCreatingandModifyingQuotaPlans .
ViewCurrentOrgandSpace-levelQuotasTovieworgquotas,runthefollowingcommand.
cforgORG-NAME
Toviewspacequotas,runthefollowingcommand:
©CopyrightPivotalSoftwareInc,2013-2019 46 1.12
https://docs.pivotal.io/pivotalcf/1-12/adminguide/quota-plans.htmlhttps://docs.pivotal.io/pivotalcf/1-12/adminguide/quota-plans.html
-
cfspaceSPACE-NAME
Formoreinformationonmanagingorgandspace-levelquotas,seetheCreatingandModifyingQuotaPlans .
MonitorQuotaUseandServiceInstanceCountService-levelandplan-levelquotause,andtotalnumberofserviceinstances,areavailablethroughtheon-demandbrokermetricsemittedtoLoggregator.Thesemetricsarelistedbelow:
MetricName Description
on-demand-broker/SERVICE-NAME/quota_remaining Quotaremainingforallinstancesacrossallplans
on-demand-broker/SERVICE-NAME/PLAN-NAME/quota_remaining
Quotaremainingforaspecificplan
on-demand-broker/SERVICE-NAME/total_instances Totalinstancescreatedacrossallplans
on-demand-broker/SERVICE-NAME/PLAN-NAME/total_instances
Totalinstancescreatedforaspecificplan
YoucanalsoviewserviceinstanceusageinformationinAppsManager.Formoreinformation,seeReportingInstanceUsagewithAppsManager .
CalculateResourceCostsforOn-DemandPlansOn-demandplansusededicatedVMs,disks,andvariousotherresourcesfromanIaaS,suchasAWS.Tocalculatemaximumresourcecostforplansindividuallyorcombined,youmultiplythequotabythecostoftheresourcesselectedintheplanconfiguration(s).ThespecificcostsdependonyourIaaS.
ToviewconfigurationsforyourRedisforPCFon-demandplan,dothefollowing:
1. NavigatetoOpsManagerInstallationDashboard>Redis>Settings.
2. Clickthesectionfortheplanyouwanttoview.Forexample,On-DemandPlan1.
TheimagebelowshowsanexamplethatincludestheVMtypeandpersistentdiskselectedfortheserverVMs,aswellasthequotaforthisplan.
Note:Quotametricsarenotemittedifnoquotahasbeenset.
Note:Althoughoperatorscanlimiton-demandinstanceswithplanquotasandaglobalquota,asdescribedintheabovetopics,IaaSresourceusagestillvariesbasedonthenumberofon-demandinstancesprovisioned.
©CopyrightPivotalSoftwareInc,2013-2019 47 1.12
https://docs.pivotal.io/pivotalcf/adminguide/quota-plans.htmlhttps://docs.pivotal.io/pivotalcf/opsguide/accounting-report-apps-man.html
-
CalculateMaximumResourceCostPerOn-DemandPlanTocalculatethemaximumcostofVMsandpersistentdiskforeachplan,dothefollowingcalculation:
planquotaxcostofselectedresources
Forexample,ifyouselectedtheoptionsintheaboveimage,youhaveselectedaVMtypemicroandapersistentdisktype20GB,andtheplanquotais15.TheVMandpersistentdisktypeshaveanassociatedcostfortheIaaSyouareusing.Therefore,tocalculatethemaximumcostofresourcesforthisplan,multiplythecostoftheresourcesselectedbytheplanquota:
(15xcostofmicroVMtype)+(15xcostof20GBpersistentdisk)=maxcostperplan
CalculateMaximumResourceCostforAllOn-DemandPlansTocalculatethemaximumcostforallplanscombined,addtogetherthemaximumcostsforeachplan.Thisassumesthatthesumofyourindividualplanquotasislessthantheglobalquota.
Hereisanexample:
(plan1quotaxplan1resourcecost)+(plan2quotaxplan2resourcecost)=maxcostforallplans
CalculateActualResourceCostofallOn-DemandPlansTocalculatethecurrentactualresourcecostacrossallyouron-demandplans:
1. Findthenumberofinstancescurrentlyprovisionedforeachactiveplanbylookingatthe total_instance metricforthatplan.
2. Multiplythe total_instance countforeachplanbythatplan’sresourcecosts.Recordthecostsforeachplan.
3. AddupthecostsnotedinStep2togetyourtotalcurrentresourcecosts.
Forexample:
(plan1total_instancesxplan1resourcecost)+(plan2total_instancesxplan2resourcecost)=currentcostforallplans
©CopyrightPivotalSoftwareInc,2013-2019 48 1.12
-
ConfiguringAutomatedServiceBackupsPagelastupdated:
ThistopicdescribeshowtoconfigureautomatedbackupsinRedisforPivotalCloudFoundry(PCF).
AboutAutomatedBackupsYoucanconfigureautomaticbackupsforallserviceplantypes:on-demand,dedicated-VM,andshared-VM.
Automatedbackupshavethefollowingfeatures:
Backupsrunonaconfigurableschedule.
Everyinstanceisbackedup.
TheRedisbrokerstatefileisbackedup.
DatafromRedisisflushedtodiskbeforethebackupisstartedbyrunninga BGSAVE oneachinstance.
YoucanconfigureAmazonWebServices(AWS)S3,SCP,Azure,orGoogleCloudStorage(GCS)asyourdestination.
BackupFilesWhenRedisforPCFrunsanautomatedbackup,itlabelsthebackupsinthefollowingways:
Fordedicated-VMandshared-VMplans,backupsarelabeledwithtimestamp,instanceGUID,andplanname.Filesarestoredbydate.
Foron-demandplans,backupsarelabeledwithtimestampandplanname.Filesarestoredbydeployment,thendate.
Backupsarestoredas .rdb files.
Foreachbackupartifact,RedisforPCFalsocreatesafilethatcontainstheMD5checksumforthatartifact.Thiscanbeusedtovalidatethattheartifactisnotcorrupted.
AboutConfiguringBackupsRedisforPCFautomaticallybacksupdatabasestoexternalstorage.
Howandwhere:Therearefouroptionsforhowautomatedbackupstransferbackupdataandwherethedatasavesto:
Option1:BackUpwithAWS:RedisforPCFrunsanAWSS3clientthatsavesbackupstoanS3bucket.Option2:BackUpwithSCP:RedisforPCFrunsanSCPcommandthatsecure-copiesbackupstoaVMorphysicalmachineoperatingoutsideofPCF.SCPstandsforsecurecopyprotocol,andoffersawaytosecurelytransferfilesbetweentwohosts.TheoperatorprovisionsthebackupmachineseparatelyfromtheirPCFinstallation.Thisisthefastestoption.Option3:BackUptoGCS:RedisforPCFrunsanGCSSDKthatsavesbackupstoanGoogleCloudStoragebucket.Option4:BackUptoAzure:RedisforPCFrunsanAzureSDKthatsavesbackupstoanAzurestorageaccount.
When:Backupsfollowaschedulethatyouspecifywithacronexpression.Forgeneralinformationaboutcron,seepackagecron .
Toconfigureautomatedbackups,followtheproceduresbelowaccordingtotheoptionyouchooseforexternalstorage.
Option1:BackUpwithAWSTobackupyourdatabasetoanAmazonS3bucket,completethefollowingprocedures:
CreateaPolicyandAccessKey
ConfigureBackupsinOpsManager
©CopyrightPivotalSoftwareInc,2013-2019 49 1.12
http://godoc.org/github.com/robfig/cron
-
CreateaPolicyandAccessKeyRedisforPCFaccessesyourS3storethroughauseraccount.PivotalrecommendsthatthisaccountbesolelyforRedisforPCF.YoumustapplyaminimalpolicythatletstheuseraccountuploadbackupstoyourS3store.
Dothefollowingtocreateapolicyandaccesskey:
1. NavigatetotheAWSConsoleandlogin.
2. Tocreateanewcustompolicy,gotoIAM>Policies>CreatePolicy>CreateYourOwnPolicyandpasteinthefollowingpermissions:
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:ListBucket","s3:ListBucketMultipartUploads","s3:ListMultipartUploadParts","s3:PutObject"],"Resource":["arn:aws:s3:::MY-BUCKET-NAME","arn:aws:s3:::MY-BUCKET-NAME/*"]}]}
Where MY-BUCKET-NAME isthenameofyourS3bucket.
IftheS3bucketdoesnotalreadyexist,add s3:CreateBucket tothe Action listtocreateit.
3. (Recommended)CreateanewuserforRedisforPCFandrecorditsAccessKeyIDandSecretAccessKey,theusercredentials.
4. (Recommended)AttachthepolicyyoucreatedtotheAWSuseraccountthatRedisforPCFwillusetoaccessS3.GotoIAM>Policies>PolicyActions>Attach.
ConfigureBackupsinOpsManagerDothefollowingtoconnectRedisforPCFtoyourS3account:
1. NavigatetotheOpsManagerInstallationDashboardandclicktheRedisforPCFtile.
2. ClickBackups.
3. UnderBackupconfiguration,selectAWSS3.
©CopyrightPivotalSoftwareInc,2013-2019 50 1.12
-
4. Fillinthefieldsasfollows:
Field Description Mandatory/Optional
AccessKeyID
TheaccesskeyforyourS3account Mandatory
SecretAccessKey
TheSecretKeyassociatedwithyourAccessKey Mandatory
EndpointURL
TheendpointofyourS3account,suchas http://s3.amazonaws.com
Optional,defaultstohttp://s3.amazonaws.com
ifnotspecified
BucketName
Nameofthebucketwheretostorethebackup Mandatory
BucketPath
Pathinsidethebuckettosavebackupsto Mandatory
CronSchedule
Backupsscheduleincrontabformat.Forexample,oncedailyat2amis * 2 * * * .Thisfieldalsoacceptsapre-definedschedule,suchas @yearly , @monthly , @weekly , @daily , @hourly ,or @every TIME ,where TIME isanysupportedtimestring,suchas 1h30m .Formoreinformation,seethecronpackagedocumentation .
Mandatory
BackupTheamountoftime,inseconds,thatthebackupprocesswaitsforthe BGSAVE commandtocompleteonyourinstancebeforetransferringtheRDBfiletoyourconfigureddestination.Ifthetimeoutisreached, Mandatory
©CopyrightPivotalSoftwareInc,2013-2019 51 1.12
https://godoc.org/github.com/robfig/cron#hdr-Predefined_schedules
-
timeout BGSAVE continuesbutbackupsfailandarenotuploaded.Field Description Mandatory/Optional
5. ClickSave.
Option2:BackUpwithSCPTobackupyourdatabaseusingSCP,completethefollowingprocedures:
(Recommended)CreateaPublicandPrivateKeyPair
ConfigureBackupsinOpsManager
(Recommended)CreateaPublicandPrivateKeyPairRedisforPCFaccessesaremotehostasauserwithaprivatekeyforauthentication.PivotalrecommendsthatthisuserandkeypairbesolelyforRedisforPCF.
Dothefollowingtocreateanewpublicandprivatekeypairforauthenticating:
1. DeterminetheremotehostthatyouwillbeusingtostorebackupsforRedisforPCF.EnsurethattheRedisserviceinstancescanaccesstheremotehost.
2. CreateanewuserforRedisforPCFonthedestinationVM.
3. CreateanewpublicandprivatekeypairforauthenticatingastheaboveuseronthedestinationVM.
ConfigureBackupsinOpsManagerDothefollowingtoconnectRedisforPCFtoyourdestinationVM:
1. NavigatetotheOpsManagerInstallationDashboardandclicktheRedisforPCFtile.
2. ClickBackups.
Note:PivotalrecommendsusingaVMoutsidethePCFdeploymentforthedestinationofSCPbackups.AsaresultyoumightneedtoenablepublicIPsfortheRedisVMs.
©CopyrightPivotalSoftwareInc,2013-2019 52 1.12
-
3. UnderBackupconfiguration,selectSCP.
4. Fillinthefieldsasfollows:
Field Description Mandatory/Optional
Username TheusernametousefortransferringbackupstotheSCPserver Mandatory
PrivateKey TheprivateSSHkeyoftheuserconfiguredin Username Mandatory
Hostname ThehostnameorIPaddressoftheSCPserver Mandatory
DestinationDirectory ThepathintheSCPserver,wherethebackupswillbetransferred Mandatory
SCPPort TheSCPportoftheSCPserver Mandatory
CronSchedule
Backupsscheduleincrontabformat.Forexample,oncedailyat2amis * 2 * * * .Thisfieldalsoacceptsapre-definedschedule,suchas @yearly , @monthly , @weekly , @daily , @hourly ,or @every TIME ,where TIME isanysupportedtimestring,suchas 1h30m .Formoreinformation,seethecronpackagedocumentation .
Mandatory
©CopyrightPivotalSoftwareInc,2013-2019 53 1.12
https://godoc.org/github.com/robfig/cron#hdr-Predefined_schedules
-
Backuptimeout
Theamountoftime,inseconds,thatthebackupprocesswaitsforthe BGSAVE commandtocompleteonyourinstancebeforetransferringtheRDBfiletotheSCPserver.Ifthetimeoutisreached, BGSAVEcontinuesbutbackupsfailandarenotuploaded.
Mandatory
FingerprintThefingerprintofthepublickeyoftheSCPserver.Toretrievetheserver’sfingerprint,runssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub .
Optional
Field Description Mandatory/Optional
5. ClickSave.
Option3:BackUpwithGCSTobackupyourdatabaseusingGCS,completethefollowingprocedures:
CreateaServiceAccount
ConfigureBackupsinOpsManager
CreateaServiceAccountRedisforPCFaccessesyourGCSstorethroughaserviceaccount.PivotalrecommendsthatthisaccountbesolelyforRedisforPCF.YoumustapplyaminimalpolicythatletstheuseraccountuploadbackupstoyourGCSstore.
Dothefollowingtocreateaserviceaccountwiththecorrectp