redis for pcf documentation v1 - pivotal software · 2019-07-01 · redis is an easy to use, high...

RedisforPCF®

Documentation

v1.12

Published:7May2019

©2019PivotalSoftware,Inc.AllRightsReserved.

235

13152025272831424549586668858692

103107

TableofContents

TableofContentsRedisforPCFRedisforPCFReleaseNotesIsRedisforPCFrightforyourenterprise?On-DemandServiceOfferingDedicated-VMandShared-VMServiceOfferingsNetworkingforOn-DemandServicesRedisforPCFSecurityIntroductionforOperatorsInstallingRedisforPCFUpgradingRedisforPCFSettingLimitsforOn-DemandServiceInstancesConfiguringAutomatedServiceBackupsMonitoringRedisforPCFRedisforPCFSmokeTestsTroubleshootingRedisforPCFIntroductionforAppDevelopersQuickstartGuideforAppDevelopersUsingRedisforPCFTroubleshootingInstancesSampleRedisConfiguration

©CopyrightPivotalSoftwareInc,2013-2019 2 1.12

RedisforPCFPagelastupdated:

ThisisdocumentationforRedisforPivotalCloudFoundry(PCF).YoucandownloadtheRedisforPCFtilefromPivotalNetwork .

Thisdocumentation:

DescribesfeaturesandarchitectureofRedisforPCF.

InstructsthePCFoperatoronhowtoinstall,configure,maintain,andbackupRedisforPCF.

Instructstheappdeveloperonhowtochooseaserviceplan,createanddeleteRedisserviceinstances,andbindanapp.

ProductSnapshotElement Details

Version v1.12.9

Releasedate February26,2019

Softwarecomponentversion RedisOSSv4.0.11

CompatibleOpsManagerversion(s) v2.0.x,v2.1.x,andv2.2.x

CompatiblePivotalApplicationService(PAS)version(s) v2.0.x,v2.1.x,andv2.2.x

IaaSsupport AWS,Azure,GCP,OpenStack,andvSphere

IPsecsupport Yes

AboutRedisRedisisaneasytouse,highspeedkey-valuestorethatcanbeusedasadatabase,cache,andmessagebroker.Itsupportsarangeofdatastructuresincludingstrings,lists,hashes,sets,bitmaps,hyperloglogs,andgeospatialindexes.ItiseasytoinstallandconfigureandispopularwithengineersasastraightforwardNoSQLdatastore.Itisusedforeverythingfromaquickwaytostoredatafordevelopmentandtestingthroughtoenterprise-scaleappslikeTwitter.

AboutRedisforPCF

RedisforPCFpackagesRedisforeasydeploymentandoperabilityonPivotalCloudFoundry(PCF).

RedisforPCFoffersOn-Demand,Dedicated-VM,andShared-VMservices.

On-DemandService—ProvidesadedicatedVMrunningaRedisinstance.Theoperatorcanconfigureuptothreeplanswithdifferentconfigurations,memorysizes,andquotas.AppdeveloperscanprovisionaninstanceforanyoftheOn-DemandplansofferedandconfigurecertainRedissettings.

Dedicated-VMService—ProvidesadedicatedVMrunningaRedisinstance.TheDedicated-VMServiceispre-provisionedbytheoperatorwithafixednumberofVMsandmemorysize.Appdeveloperscanthenuseoneofthosepre-provisionedVMs.

Shared-VMService—ProvidessupportforanumberofRedisinstancesrunninginasingleVM.Itisdesignedfortestinganddevelopment.TheShared-VMinstancesarepre-configuredbytheoperatorwithamaxnumberofinstancesandmemorysize.AppdeveloperscanthenprovisionaRedisprocess.

Formoreinformationontheplans,see:

On-DemandServiceOffering

Dedicated-VMandShared-VMServiceOfferings

Note:RedisforPCF1.12isnolongersupportedbecauseithasreachedtheEndofGeneralSupportphase.Tostayuptodatewiththelatestsoftwareandsecurityupdates,upgradetoasupportedversion.

Note:AsofRedisforPCFv1.11,theon-demandserviceisatfeatureparitywiththededicated-VMservice.Thededicated-VMserviceplanwillbedeprecated.Pivotalrecommendsusingtheon-demandserviceplan.


https://network.pivotal.io/products/p-redis

IsRedisforPCFrightforyourenterprise?Forinformationonrecommendedusecases,andtheenterprise-readinessofRedisforPCF,seeIsRedisforPCFrightforyourenterprise?.

UpgradingtotheLatestVersionForinformationonhowtoupgradeandthesupportedupgradepaths,seeUpgradingRedisforPCF.

MoreInformationThefollowingtablelistswhereyoucanfindtopicsrelatedtotheinformationonthispage:

Formoreinformationabout… See…

Productcompatibility ProductVersionMatrix

HowtoupgradeRedisforPCF UpgradingRedisforPCF

HowtouseRedis RedisDocumentation

RedisforPCFandOtherPCFServicesSomePCFservicesofferon-demandserviceplans.Theseplansletdevelopersprovisionserviceinstanceswhentheywant.

Thesecontrastwiththemorecommonpre-provisionedserviceplans,whichrequireoperatorstoprovisiontheserviceinstancesduringinstallationandconfigurationthroughtheservicetileUI.

ThefollowingPCFservicesofferon-demandserviceplans:

MySQLforPCFv2.0andlater

RabbitMQforPCF

RedisforPCF

PivotalCloudCache(PCC)

Theseservicespackageanddelivertheiron-demandserviceofferingsdifferently.Forexample,someservices,likeRedisforPCF,haveonetile,andyouconfigurethetiledifferentlydependingonwhetheryouwanton-demandserviceplansorpre-provisionedserviceplans.

Forotherservices,likePCCandMySQLforPCF,onlyon-demandserviceplansareavailable.

ThefollowingtablelistsandcontraststhedifferentwaysthatPCFservicespackageon-demandandpre-provisionedserviceofferings.

PCFservicetile Standaloneproductrelatedtotheservice Versionssupportingondemand Versionssupportingpre-provisioned

RabbitMQforPCF PivotalRabbitMQ v1.8andlater Allversions

RedisforPCF Redis v1.8andlater Allversions

MySQLforPCF MySQL v2.x NA

PCC PivotalGemFire Allversions NA

FeedbackPleaseprovideanybugs,featurerequests,orquestionstothePivotalCloudFoundryFeedbacklist.


http://docs.pivotal.io/compatibility-matrix.pdfhttp://redis.io/documentationmailto:"[email protected]"

RedisforPCFReleaseNotesPagelastupdated:

v1.12.9ReleaseDate:February26,2019

SecurityFixesBumpedGoversionusedtov1.10.8forhttps://github.com/golang/go/issues/29903

KnownIssuesThisreleasehasthefollowingissues:

The redis-odb servicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.

TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehavior,seeErrandRunRules .

CompatibilityThefollowingcomponentsarecompatiblewiththisrelease:

Component Version

Stemcell 3468.x

PCF v2.0.x,v2.1.x,andv2.2.x

cf-redis-release v434.0.268/td>

on-demand-service-broker v0.25.0

consul v198.0.0

routing v0.179.0

service-metrics v1.5.13

service-backup v18.1.16

syslog-migration v11.1.1

loggregator-agent v2.3

RedisOSS v4.0.11

v1.12.8ReleaseDate:November29,2018

SecurityFixesThisreleaseincludesthefollowingsecurityfix:

CriticalCVE-2018-15759:OnDemandServicesSDKTimingAttackVulnerability

KnownIssues


https://github.com/golang/go/issues/29903https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://pivotal.io/security/cve-2018-15759

Thisreleasehasthefollowingissues:




Component Version

Stemcell 3468.x


cf-redis-release v434.0.26


consul v198.0.0

routing v0.179.0





RedisOSS v4.0.11

v1.12.7ReleaseDate:October31,2018

FeaturesOn-demandRedisnowsupportssecuremanifests,whichavoidsplaintextsecretsinmanifestsbypassingthesetotheODBtostoreinBOSHCredHub.

FixedIssuesThisreleasefixesthefollowingissue:

Insomenetworkconditions,thesmoke-testserrandwouldtimeoutduetodigtakinglongerthanonesecond.

KnownIssuesThisreleasehasthefollowingissues:

CVE-2018-15759 .





https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-rules

Component VersionStemcell 3468.x




consul v198.0.0

routing v0.179.0





RedisOSS v4.0.11

v1.12.6ReleaseDate:September19,2018

FixedIssuesThisreleasefixesthefollowingissue:

The upgrade-all-service-instances errandandotherBOSHlifecycleactionsnolongerfailwhentheprocessmanagermonitistryingtorestarttheRedisprocess.

KnownIssuesInsomenetworkconditions,thesmoke-testserrandcantimeoutduetodigtakinglongerthanonesecond.

Thisreleasehasthefollowingissues:

CVE-2018-15759 .




Component Version

Stemcell 3468.x




consul v196.0.0

routing v0.179.0





RedisOSS v4.0.11


https://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-rules

v1.12.5

ReleaseDate:August28,2018

FixesTheCf-RedisServiceBrokernowspecifiesabuildpackintheRedisApppushedduringitssmoketests.Previously,ifanenvironmenthasalargenumberofbuildpacks,thesmoketestsmaytimeoutloopingthroughthebuildpacksinordertofindtheappropriateone.

KnownIssuesCVE-2018-15759 .

Insomenetworkconditions,thesmoke-testserrandcantimeoutduetodigtakinglongerthanonesecond.

The upgrade-all-service-instances errandandotherboshlifecycleactionsfailduetotheprocessmanagermonittryingtorestarttheRedisprocessresultinginfailuretoproperlyunmountthepersistentstorage.



Compatibility

Component Version

Stemcell 3468.x




consul v195.0.0

routing v0.179.0





RedisOSS v4.0.8

v1.12.3ReleaseDate:July25,2018

FixesFixespreviousversionnotworkingwithany3468stemcellversion.


warning:Pivotalrecommendsthatyoudonotinstallthisversionbecauseofthe upgrade-all-service-instances knownissuebelow.Installv1.12.6instead.Ifyourunthe upgrade-all-service-instances errandonthisversionyoumusttakemanualstepstoupgradeyourserviceinstances.SpeaktosupportorseeUpgrade-all-service-instanceserrandfailsinRedisforPCFv1.12.5&v1.13.2 inthePivotalSupportknowledgebase.


https://community.pivotal.io/s/article/upgrade-all-service-instances-errand-fails-in-redis-for-pcf-v1-12-5--v1-13-2https://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://pivotal.io/security/cve-2018-15759




TheCf-RedisServiceBrokerdoesnotspecifyabuildpackintheRedisApppushedduringitssmoketests.Asaresult,ifanenvironmenthasalargenumberofbuildpacks,thesmoketestsmaytimeoutloopingthroughthebuildpacksinordertofindtheappropriateone.

Compatibility

Component Version

Stemcell 3468.x




consul v192.0.0

routing v0.169.0




loggregator v101.3

RedisOSS v4.0.8

v1.12.2ReleaseDate:July20,2018

FeaturesNewfeaturesandchangesinthisrelease:

Thisreleaseupdatesthepackagedgolangversionto1.10.3.

FixesAOFrewritenowoccursinthedrainscriptforsharedVMs.Aspartofthis,the BGREWRITEAOF commandhasbeenaliased.ThealiasisavailableintheCredentialstabonthetile.





Canonlybeinstalledwithspecificstemcellversion,3468.54.



https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-rules

Compatibility

Component Version

Stemcell 3468.54




consul v192.0.0

routing v0.169.0




loggregator v101.3

RedisOSS v4.0.8

v1.12.1ReleaseDate:May24,2018


Permissionsarestricterforservice-relatedfilesanddirectories,specificallythoserelatingtothe redis.conf andRedis pid files.

UpdatesservicedisplaynameforOn-DemandRedisServiceto“RedisOn-Demand”intheAppsManagermarketplace.

FixedIssuesFixesanintermittentissuethatcancauseexecutingarestoretofail.

Itisnowpossibletoupdatethearbitraryparametersofaserviceinstanceinan update-service command.

Upgradesandstemcellbumpsnolongerfailifshared-vmsaredownorunresponsive.

Thedefaultpersistenceforon-demandinstancesisnowpartialpersistenceusingRDBfiles.Thisfixestheissueofdiskusageinflationfromfrequentinstancerestarts.





AOFrewritedoesnotoccurinthedrainscriptforshared-vms.


Compatibility

Component Version

Stemcell 3468.x

PCF v2.0.xandv2.1.x


https://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-rules



consul v192.0.0

routing v0.169.0




loggregator v101.3

RedisOSS v4.0.8

v1.12.0ReleaseDate:April24,2018


UpdatesthepackagedOSSRedisversiontov4.0.8.FormoreinformationaboutnewfeaturesinRedisv4.0.8,seetheRedisreleasenotes .

Introducesabetafeatureforon-demandinstancesthatallowsaRedisinstancetobesharedwithanotherspace.Formoreinformationonthisfeature,seeSharingaRedisInstancewithAnotherSpace(Beta).

Thereisnolongeralimitonthemaximumnumberofon-demandinstancesthatcanbedeployedfromtheRedisforPCFtile.

TheRedisappend-onlyfileisoptimizedforsizewhenRedisrestartsformoreefficientdiskusage.

Tiledeploymentnolongerfailsiftherearenosharedsystemdomainsbecausesmoketestsnowusethesystemdomain.

SupportsstemcellswithoutTransparentHugePages(THP)kernelmodules.

Reintroducescolocatederrandsforfasterdeployments.



Theredis-odbservicebrokerlistensonport 12345 .Thisisinconsistentwithotherservices.

TheWhenChangedoptionforerrandshasunexpectedbehavior.Donotselectthischoiceasanerrandrun-rule.Formoreinformationaboutthisunexpectedbehaviour,seeErrandRunRules .

Theredis-odbfailsifarbitraryparametersarechangedinan update-service command.

ExecutingarestoremayfailtocompleteandleavetheCONFIGcommandunaliased.

Upgradesandstemcellbumpsfailifanyshared-vmsaredownorunresponsive.

AOFrewritedoesnotoccurinthedrainscriptforshared-vms.

DefaultpersistenceissettofullpersistenceusinganAOFfile.Ifaninstanceisrestartedfrequently(forexample,forupgrades),thisfilecangrowsignificantly,leadingtoverylargepersistentdiskusage.IfyourRedisinstancehassignificantlylargerpersistentdiskusagethanexpected,checkthesizeofyour appendonly.aof file(usuallyat /var/vcap/store/redis )toverifyifthisisthesourceoftheusage.Ifso,youcanhaveRedisrewritetheAOFfilebyrunningtheBGREWRITEAOF command.


Compatibility

Component Version

Stemcell 3468.x

PCF v2.0.xandv2.1.x


http://download.redis.io/redis-stable/00-RELEASENOTEShttps://pivotal.io/security/cve-2018-15759https://docs.pivotal.io/tiledev/tile-errands.html#run-ruleshttps://redis.io/commands/bgrewriteaof



consul v191.0.0

routing v0.169.0




loggregator v101.3

RedisOSS v4.0.8

ViewReleaseNotesforAnotherVersionToviewthereleasenotesforanotherproductversion,selecttheversionfromthedropdownatthetopofthispage.


IsRedisforPCFrightforyourenterprise?Pagelastupdated:

ThistopicprovidesrecommendedusecasesforRedisforPivotalCloudFoundry(PCF)andinformationfordeterminingtheproduct’sfitforyourenterprise’susecase.

RecommendedUseCasesDedicated-VMandShared-VMplansaredesignedfordatastoreusecases.On-Demandplans,introducedinRedisforPCFv1.8,areconfiguredbydefaultforcacheusecasesbutcanalsobeusedasadatastore.

Rediscanbeusedinmanydifferentways,including:

Key/valuestore:ForstringsandmorecomplexdatastructuresincludingHashes,Lists,Sets,andSortedSets

Sessioncache:Persistenceenabledpreservationofstate

Fullpagecache:Persistenceenabledpreservationofstate

Databasecache:Middle-tierdatabasecachingtospeedupcommonqueries

Dataingestion:BecauseRedisisinmemory,itcaningestdataveryquickly

Messagequeues:Listandsetoperations. PUSH , POP ,andblockingqueuecommands.

Leaderboardsandcounting:Incrementsanddecrementssetsandsortedsetsusing ZRANGE , ZADD , ZREVRANGE , ZRANK , INCRBY ,and GETSET

Pub/Sub:Builtinpublishandsubscribeoperations: PUBLISH , SUBSCRIBE ,and UNSUBSCRIBE

SLOBenchmarkTheRedisforPCFteammaintainsamonthlyServiceLevelObjective(SLO)of99.95%uptimefortheRedisforPCFofferingonPivotalWebServices.Thisisprovidedasabenchmark.SLOsforseparateofferingsoftheRedisforPCFservicevarybasedonvariablessuchasinfrastructure,networking,andrelevantpoliciesaroundsecurityupgrades.

ServiceOfferingsFordescriptionsofthethreeRedisforPCFserviceofferings,see:

On-DemandServiceOffering

Dedicated-VMandShared-VMServiceOfferings

Enterprise-ReadinessChecklistReviewthefollowingtabletodetermineifRedisforPCFhasthefeaturesneededtosupportyourenterprise.

Resilience MoreInformation

Availability

AllRedisforPCFservicesaresinglenodeswithoutclusteringcapabilities.Thismeansthatplanneddowntime(e.g.,upgrades)canresultin2–10minutesofdowntime,dependingonthenatureoftheupgrade.Unplanneddowntime(e.g.,VMfailure)alsoaffectstheRedisservice.RedisforPCFhasbeenusedsuccessfullyinenterprise-readyappsthatcantoleratedowntime.Pre-existingdataisnotlostduringdowntimewiththedefaultpersistenceconfiguration.Successfulappsincludethosewherethedowntimeispassivelyhandledorwheretheapphandlesfailoverlogic.

RecommendedUseCases

SupportforMultipleAZs

Note:TheShared-VMserviceshouldonlybeusedfordevelopmentandtesting.Donotuseforproduction.



FailureRecovery

VMfailuresandprocessfailuresarehandledautomaticallybyBOSHandRedisforPCF.ManualbackupandrestoreinstructionsareavailableforallthreeRedisservices.AutomaticbackupcapabilitiesareenabledforallthreeRedisservices.

ManualBackupandRestoreFlow AutomaticBackupsforDedicated-VMService

IsolationIsolationisprovidedwhenusingtheOn-DemandandDedicated-VMservice.IndividualappsandworkflowsshouldhavetheirownRedisforPCFinstancetomaximizeisolation.

Day2Operations MoreInformation

ResourcePlanning

OperatorscanconfigurethenumberofVMsandthesizeofthoseVMs.FortheOn-Demandservice,theoperatordoesthisbycreatingplanswithspecificVMsizesandquotasforeachplan.FortheDedicated-VMandShared-VMservices,thenumberandsizeofVMsarepre-provisionedbytheoperator.BOSHerrandsusedforregistration,upgradeandcleanupuseshort-livedVMsthatcannotbeconfiguredbutcanbeturnedonoroff.

On-DemandResourcePlanning Pre-provisioningDedicated-VMandShared-VMInstances

HealthMonitoring

TheOn-DemandserviceandDedicated-VMserviceemitmetrics.TheseincludeRedis-specificmetricsandRedisforPCFmetrics.GuidanceoncriticalmetricsandalertinglevelsiscapturedwiththeRedisforPCFKeyPerformanceIndicators(KPIs).

KeyPerformanceIndicators

Scalability

FortheOn-DemandService,theoperatorcanconfigurethreeplanswithdifferentresourcesizes.TheoperatorcanalsoscaleuptheVMsizeassociatedwiththeplan.Additionally,theoperatorcanincreasethequota,whichcapsthenumberofinstancesallowedforeachOn-Demandplan.FortheDedicated-VMService,theoperatorscanchangethenumberofdedicatednodesdeployedaswellaschangetheVMsizeassociatedfortheDedicated-VMs.Topreventdataloss,onlyscalingupissupported.FortheShared-VMService,theoperatorscanchangetheRedisinstancememorylimitaswellaschangetheinstancelimit.Topreventdataloss,onlyscalingupissupported.

ScalingtheOn-DemandServiceScalingtheDedicated-VMService

LoggingAllRedisservicesemitlogs.Operatorscanconfiguresyslogforwardingtoaremotedestination.ThisenablesviewinglogsfromeveryVMintheRedisforPCFdeploymentinoneplace,effectivetroubleshootingwhenlogsarelostonthesourceVM,andsettingupalertsforimportanterrorlogstomonitorthedeployment.

Configuringsyslogforwarding

CustomizationTheOn-Demandservicecanbeconfiguredtobestfittheneedsofaspecificapp.TheDedicated-VMandShared-VMservicecannotbecustomized.

ConfiguringtheOn-Demandservice

UpgradesForinformationaboutpreparinganupgradeandaboutunderstandingtheeffectsonyourRedisforPCFandotherservices,seeUpgradingRedisforPCF.RedisforPCFupgradesrunapostdeploymentBOSHerrandcalledsmoketeststovalidatethesuccessoftheupgrade.

UpgradesSmokeTests

Encryption MoreInformation

EncryptedCommunicationinTransit

RedisforPCFhasbeentestedwiththeIPsecAdd-onforPCF.BeyondthatRedisforPCFdoesnotprovideadditionalencryptionontopofRedis.

SecuringDatainTransitwiththeIPsecadd-on OSRedisSecurity

SupportforMultipleAZsRedisforPCFsupportsconfiguringmultipleavailabilityzones(AZs).However,assigningmultipleAZstoRedisinstancesdoesnotguaranteehighavailabilityasclusteredRedisisnotsupported.Redisinstancesoperateassinglenodes.

On-DemandplanscanbeconfiguredtodeployinstancestoanyAZ.

Shared-VMinstancesrunonasinglenodeintheAZinwhichthetileisdeployed.

Dedicated-VMinstancescanbeassignedtoanyoftheconfiguredAZs.


https://docs.pivotal.io/redis/1-12/manual-br.htmlhttps://docs.pivotal.io/redis/1-9/architecture.html#resourcehttps://docs.pivotal.io/redis/1-9/installing.html#dedicated-vm-confighttps://docs.pivotal.io/addon-ipsec/index.htmlhttps://redis.io/topics/security

On-DemandServiceOfferingPagelastupdated:

RedisforPCFoffersOn-Demand,Dedicated-VM,andShared-VMserviceplans.Thissectiondescribesthearchitecture,lifecycle,andconfigurationsoftheon-demandplan,aswellasnetworkinginformationfortheon-demandservice.ForsimilarinformationfortheDedicated-VMandShared-VMplans,seeDedicated-VMandShared-VMServiceOfferings.

ArchitectureDiagramforOn-DemandPlanThisdiagramshowsthearchitectureoftheservicebrokerandon-demandplansandhowtheuser’sappbindstoaRedisinstance.


On-DemandServicePlans

ThreeOn-DemandCachePlansOn-demandplansarebestfitforcacheusecasesandareconfiguredassuchbydefault.


RedisforPCFoffersthreeon-demandplansasthe p.redis servicewithinthePCFRedistile.BelowisadescriptionofeachplanasitappearsintheMarketplaceanditsintendedusecase.

SmallCachePlan:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwithabout1GBofmemoryandmorethan2.5GBofpersistentdisk.

MediumCachePlan:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwithabout2GBofmemoryandmorethan5GBofpersistentdisk.

LargeCache:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwithabout4GBofmemoryandmorethan10GBofpersistentdisk.

Foreachserviceplan,theoperatorcanconfigurethePlanname,Plandescription,ServerVMtypeandServerDisktype,orchoosetodisabletheplancompletely.Setthepersistentdisksizetoatleast2.5timesthememoryoftheinstance.

FeaturesofOn-DemandServicePlansEachon-demandserviceinstanceisdeployedtoitsownVMandissuitableforproductionworkloads.

Theserviceplansareoperator-configuredandenabled.Onceenabled,appdeveloperscanviewtheavailableplansintheMarketplaceandprovisionaRedisinstancefromthatplan.

Operatorscanupdatethecacheplansettings,includingtheVMsizeanddisksize,aftertheplanshavebeencreated.

OperatorsandappdeveloperscanchangecertainRedisconfigurationsfromthedefault.SeeConfigurationforOn-DemandServicePlansformoreinformation.

Thedefault maxmemory-policy is allkeys-lru andcanbeupdatedforothercachepolicies.

Themaximumnumberofinstancesismanagedbyaper-planandglobalquota.Forinformationonsettingquotas,seeSettingLimitsforOn-DemandServiceInstances.

ConfigurationofOn-DemandServicePlansForon-demandplans,certainRedisconfigurationscanbesetbytheoperatorduringplanconfiguration,andbytheappdeveloperduringinstanceprovisioning.OtherRedisconfigurationscannotbechangedfromthedefault.

OperatorConfigurableRedisSettingsTheRedissettingsthatanoperatorcanconfigureinthetileUIinclude:

RedisClientTimeout

RedisTCPKeepalive

MaxClients

LuaScripting

PlanQuota

Formoreinformation,seeAdditionalRedisConfigurations.

AppDeveloperConfigurableRedisSettingsTheRedissettingsthatanappdevelopercanconfigureinclude:

maxmemory-policy

notify-keyspace-events

slowlog-log-slower-than

slowlog-max-len .

Formoreinformation,seeCustomizeanOn-DemandServiceInstance.


OperatorNotesforOn-DemandServicePlansInstancesoftheon-demandplancanbedeployeduntiltheirnumberreacheseitheranoperator-setper-planquotaoraglobalquota.Forinformationonsettingquotas,seeSettingLimitsforOn-DemandServiceInstances.

InstancesareprovisionedbasedontheOn-DemandServicesSDK andservicebrokeradapterassociatedwiththisplan.

maxmemory in redis.conf issetto45%ofthesystemmemory.

Anyon-demandplancanbedisabledfromtheplanpageinOpsManager.

KnownLimitationsforOn-DemandServicePlansLimitationsfortheOn-DemandServiceinclude:

OperatorsmustnotdownsizetheVMsordisksizeasthiscancausedatalossinpre-existinginstances.

Operatorscanupdatecertainplansettingsaftertheplanshavebeencreated.Toensureupgradeshappenacrossallinstances,settheupgradeinstanceserrandtoOn.

IftheoperatorupdatestheVMsize,disksize,ortheRedisconfigurationsettings(enablingLuaScripting,max-clients,timeout,andTCPkeep-alive),thesesettingsareimplementedinallinstancesalreadycreated.

LifecycleforOn-DemandServicePlanHereisthelifecycleofRedisforPCF,fromanoperatorinstallingthetilethroughanappdeveloperusingtheservicethenanoperatordeletingthetile.


http://docs.pivotal.io/on-demand-service-broker/

Dedicated-VMandShared-VMServiceOfferingsPagelastupdated:

RedisforPivotalCloudFoundry(PCF)offersOn-Demand,Dedicated-VM,andShared-VMserviceplans.Thissectiondescribesthearchitecture,lifecycle,andconfigurationsofDedicated-VMandShared-VMplans.ForsimilarinformationfortheOn-Demandserviceplan,seeOn-DemandServiceOffering.

AboutthePre-ProvisionedPlansRedisforPCFincludestwopre-provisionedserviceplans:

Dedicated-VMPlanAninstanceofthisplanprovisionsasingleRedisprocessonasinglededicatedVM.Thisplanissuitableforproductionworkloadsandworkloadsthatrequireisolationordedicatedhardware.

Shared-VMPlanAninstanceofthisplanprovisionsasingleRedisprocessonasinglesharedVM.Thisplanissuitableforworkloadswhichdonotrequirededicatedhardware.

ArchitectureDiagramforSharedandDedicatedPlansThisdiagramshowshowthearchitectureoftheservicebrokerandShared-VMandDedicated-VMplansandhowtheuser’sappbindstoaRedisinstance.



ConfigurationforDedicated-VMandShared-VMServicePlansForDedicated-VMandShared-VMplans,thedefaultRedisconfigurationscannotbechanged.Asample redis.conf fromaDedicated-VMplaninstanceisprovidedhere.

Redisisconfiguredwitha maxmemory-policy of no-eviction .Thispolicymeansthatwhenthememoryisfull,theservicedoesnotevictanykeysorperformanywriteoperationsuntilmemorybecomesavailable.

Persistenceisconfiguredforboth RDB and AOF .

Bydefault,themaximumnumberofconnections, maxclients ,issetat10000.Redismightreducethisnumberwhenrunonasystemwithalowmaximumnumberoffiledescriptors.YoucanretrievetheactualsettingonyourRedisserviceinstanceswiththeRediscommand CONFIGGETmaxclients .YoucanusetheRediscommand CONFIGSETmaxclients totemporarilyreduce maxclients ,butyoucannotincreaseitabove10000.Thereisnowaytoconfiguresharedanddedicatedplanstouseacustomlimit.

Replicationandeventnotificationarenotconfigured.

ConfigurationfortheDedicated-VMServicePlanAninstanceofthisplan,provisionsasingleRedisprocess,onasinglededicatedVM.Thisplanissuitableforproductionworkloadsandworkloadsthatrequireisolationordedicatedhardware.


OperatorNotesfortheDedicated-VMServicePlanThefollowingRediscommandsareenabled:

MONITOR

SAVE

BGSAVE

BGREWRITEAOF

The maxmemory valuefortheRedisprocessissettobe45%oftheRAMforthatinstance.

ThepersistentdiskshouldbesettobeatleastthesizeoftheRAMavailabletotheVMorgreater,inordertoaccountforthefinalandtemporaryRDBfilegeneratedbytheRedisbackgroundsave.

Thisplandeploystheoperator-configurednumberofdedicatedRedisVMsalongsideasingleservicebrokerVM.

Theseinstancesarepre-provisionedduringthedeploymentofthetilefromOpsManagerintoapool.TheVMsareprovisionedandconfiguredwithaRedisprocessreadytobeusedwhenaninstanceofthe dedicated-vm planisrequested.

Adefaultdeploymentprovisions 5instances ofthe dedicated-vm planintothepool.Thisnumbercanbeincreasedonthe ResourceConfig tabinOpsManager,eitherintheinitialdeploymentorthereafter.ThenumberofVMscannotbedecreasedoncedeployed.

Whenauserprovisionsaninstance,itismarkedasinuseandtakenoutofthepool.

Whenauserdeprovisionsaninstance,theinstanceiscleansedofanydataandconfigurationtorestoreittoafreshstateandplacedbackintothepool,readytobeusedagain.

Thisplancanbedisabledbysettingthenumberofinstancesofthe Dedicatednode jobinOpsManagerto 0 .

ThenumberofDedicated-VMplaninstancesavailabletodevelopersissetbytheoperator.Configurationsofupto100Dedicated-VMplaninstanceshavebeentested.

Youcandisablethisplanbysettingthenumberofinstancesofthe Dedicatednode jobinOpsManagerto 0 .

KnownLimitationsoftheDedicated-VMServicePlan

Limitationsofthe dedicated-vm planinclude:

NoabilitytochangetheRedisconfiguration.The CONFIG commandisdisabled.

CannotscaledownthenumberofVMsontheplanoncedeployed.

CannotscaledownthesizeofVMsontheplanoncedeployed(thisprotectsagainstdataloss).

ConfigurationfortheShared-VMServicePlanAninstanceofthisplanprovisionsasingleRedisprocessonasinglesharedVM.Thisplanissuitableforworkloadswhichdonotrequirededicatedhardware.

OperatorNotesfortheShared-VMPlanThisplandeploysaRedisinstanceinasharedVMandasingleservicebrokerVM.

Thisplancanbedisabledbysettingthe Maxinstanceslimit onthe Shared-VMPlan tabinOpsManagertobe 0 .

Themaximumnumberofinstancescanbeincreasedfromthedefault5tothevaluethatyouwant.IfyouincreasethenumberofinstancesthatcanberunonthissingleVM,youshouldconsiderincreasingtheresourcesallocatedtotheVM,inparticularRAMandCPU.Youcanovercommittosomeextent,butmaystarttoseeperformancedegradations.

YoucanalsoincreasethemaximumamountofRAMallocatedtoeachRedisprocess(serviceinstance)thatisrunningonthisVM

Ifyoudecreasetheserviceinstancelimit,anyinstancesthatarerunningwherethecountisnowgreaterthanthelimitarenotterminated.Theyarelefttoberemovednaturally,untilthetotalcountdropsbelowthenewlimityoucannotcreateanynewinstances.

Forexampleifyouhadalimitof10andallwereusedandreducedthisto8,thetwoinstanceswillbeleftrunninguntilyouterminatethemyourself.

ThenumberofSharedVMinstancesavailabletodevelopersissetbytheoperator.ThemaximumnumberofsharedVMinstancesisrelativetothememoryallocatedtoeachSharedVMinstanceandthetotalmemoryoftheRedisservicebroker.Fordetails,seeConfiguringServicePlans.

KnownLimitationsoftheShared-VMPlan

Limitationsofthe shared-vm planinclude:


ItcannotbescaledbeyondasingleVM.

Thefollowingcommandsaredisabled: CONFIG , MONITOR , SAVE , BGSAVE , SHUTDOWN , BGREWRITEAOF , SLAVEOF , DEBUG ,and SYNC .

ConstrainingCPUand/ordiskusageisnotsupported.

BecausetheShared-VMplandoesnotmanage“noisyneighbor”problems,Pivotaldoesnotrecommenditforproductionapps.

LifecycleforDedicated-VMandShared-VMServicePlansHereisthelifecycleofRedisforPCF,fromanoperatorinstallingthetilethroughanappdeveloperusingtheservicethenanoperatordeletingthetile.


NetworkingforOn-DemandServicesPagelastupdated:

ThissectiondescribesnetworkingconsiderationsfortheRedisforPivotalCloudFoundry(PCF)on-demandservice.

ServiceNetworkRequirementWhenyoudeployPCF,youmustcreateastaticallydefinednetworktohostthecomponentvirtualmachinesthatconstitutethePCFinfrastructure.

PCFcomponents,liketheCloudControllerandUAA,runonthisinfrastructurenetwork.On-demandPCFservicesmayrequirethatyouhostthemonanetworkthatrunsseparatelyfromthisnetwork.Youcanalsodeploytilesonseparateservicenetworkstomeetyourownsecurityrequirement.

PCFv2.0andEarlierInPCFv2.0andearlier,cloudoperatorspre-provisionserviceinstancesfromOpsManager.Foreachservice,OpsManagerallocatesandrecoversstaticIPaddressesfromapre-definedblockofaddresses.

Toenableon-demandservicesinPCFv2.0andearlier,operatorsmustcreateaservicenetworksinBOSHDirectorandselecttheServiceNetworkcheckbox.Operatorsthencanselecttheservicenetworktohoston-demandserviceinstanceswhentheyconfigurethetileforthatservice.

PCFv2.1andLaterPCFv2.1andlaterincludedynamicnetworking.InPCFv2.1andlater,operatorscanusedynamicnetworkingwithasynchronousserviceprovisioningtodefinedynamically-provisionedservicenetworks.Formoreinformation,seeDefaultNetworkandServiceNetwork.

InPCFv2.1andlater,on-demandservicesareenabledbydefaultonallnetworks.OperatorscancreateseparatenetworkstohostservicesinBOSHDirector,butdoingsoisoptional.Operatorsselectwhichnetworkhostson-demandserviceinstanceswhentheyconfigurethetileforthatservice.

DefaultNetworkandServiceNetworkOn-demandPCFservicesrelyontheBOSH2.0abilitytodynamicallydeployVMsinadedicatednetwork.Theon-demandservicebrokerusesthiscapabilitytocreatesingle-tenantserviceinstancesinadedicatedservicenetwork.

On-demandservicesusethedynamically-provisionedservicenetworktohostthesingle-tenantworkerVMsthatrunasserviceinstanceswithindevelopmentspaces.ThisarchitectureletsdevelopersprovisionIaaSresourcesfortheirserviceinstancesatcreationtime,ratherthantheoperatorpre-provisioningafixedquantityofIaaSresourceswhentheydeploytheservicebroker.

Bymakingservicessingle-tenant,whereeachinstancerunsonadedicatedVMratherthansharingVMswithunrelatedprocesses,on-demandserviceseliminatethe“noisyneighbor”problemwhenoneapphogsresourcesonasharedcluster.Single-tenantservicescanalsosupportregulatorycompliancewheresensitivedatamustbecompartmentalizedacrossseparatemachines.

Anon-demandservicesplitsitsoperationsbetweenthedefaultnetworkandtheservicenetwork.Sharedcomponentsoftheservice,suchasexecutivecontrollersanddatabases,runcentrallyonthedefaultnetworkalongwiththeCloudController,UAA,andotherPCFcomponents.Theworkerpooldeployedtospecificspacesrunsontheservicenetwork.

ThediagrambelowshowsworkerVMsinanon-demandserviceinstancerunningonaseparateservicesnetwork,whileothercomponentsrunonthedefaultnetwork.

RequiredNetworkingRulesforOn-DemandServicesBeforedeployingaservicetilethatusestheon-demandservicebroker(ODB),requesttheneedednetworkconnectionstoallowcomponentsofPivotalCloudFoundry(PCF)tocommunicatewithODB.

ThespecificsofhowtoopenthoseconnectionsvariesforeachIaaS.


Seethefollowingtableforkeycomponentsandtheirresponsibilitiesinanon-demandarchitecture.

KeyComponents TheirResponsibilities

BOSHDirector

CreatesandupdatesserviceinstancesasinstructedbyODB.

BOSHAgentIncludesanagentoneveryVMthatitdeploys.TheagentlistensforinstructionsfromtheBOSHDirectorandcarriesoutthoseinstructions.TheagentreceivesjobspecificationsfromtheBOSHDirectorandusesthemtoassignarole,orjob,totheVM.

BOSHUAA IssuesOAuth2tokensforclientstousewhentheyactonbehalfofBOSHusers.

PAS Containstheappsthatareconsumingservices

ODB InstructsBOSHtocreateandupdateservices,andconnectstoservicestocreatebindings.

Deployedserviceinstance

Runsthegivendataservice.Forexample,thedeployedRedisforPCFserviceinstancerunstheRedisforPCFdataservice.

Regardlessofthespecificnetworklayout,theoperatormustensurenetworkrulesaresetupsothatconnectionsareopenasdescribedinthetablebelow.

SourceComponent

DestinationComponent

DefaultTCPPort Notes

ODBBOSHDirector

BOSHUAA255558443 Thedefaultportsarenotconfigurable.

ODB PAS 8443 Thedefaultportisnotconfigurable.

ErrandVMs

PAS

ODB

Deployedserviceinstances

84438080637912345

Thedefaultportsarenotconfigurable.

BOSHAgent BOSHDirector 4222

TheBOSHAgentrunsoneveryVMinthesystem,includingtheBOSHDirectorVM.TheBOSHAgentinitiatestheconnectionwiththeBOSHDirector.Thedefaultportisnotconfigurable.

Thecommunicationbetweenthesecomponentsistwo-way.

DeployedappsonPAS

Deployedserviceinstances

6379 ThisisthedefaultportwhereRedisisdeployed.

PAS ODB 12345 Thedefaultportisnotconfigurable.

ForacompletelistofportsandrangesusedinRedisforPCF,seeNetworkConfiguration.


RedisforPCFSecurityPagelastupdated:

SecurityPivotalrecommendsthefollowingbestpracticesforsecurity:

(Required)ToallowthisservicetohavenetworkaccessyoumustcreateApplicationSecurityGroups.Formoreinformation,seeNetworks,Security,andAssigningAZs.

RunRedisforPCFinitsownnetwork.Formoreinformationaboutcreatingservicenetworks,seeCreatingNetworksinOpsManager .

YoucanuseRedisforPCFwiththeIPsecAdd-onforPCF.ForinformationabouttheIPsecAdd-onforPCF,seeSecuringDatainTransitwiththeIPsecAdd-on .

DonotuseasingleRedisforPCFinstanceformulti-tenancy.AsingleRedisinstanceoftheOn-DemandorDedicated-VMserviceshouldonlysupportasingleworkload.

TheShared-VMserviceisdesignedformulti-tenancy,butyoushouldnotuseitforproductionusecasesbecauseitisnotconsideredadequatelysecureforthatpurpose.

Neverchangethenetworkthatapre-existingDedicated-VMdeploymentworkswith.Ifthenetworkischanged,thebindingsfortheexistingDedicated-VMinstancesstopworking,buttheseinstancesstillappearasavailabletonewapps.Becausetheexistinginstancesmighthavedataonthemandnewappscanbindtothem,datamightunintentionallybeleakedtonewappsthatbindtotheseinstances.


https://docs.pivotal.io/pivotalcf/1-11/customizing/gcp-om-config.html#networkhttps://docs.pivotal.io/addon-ipsec/index.html

IntroductionforOperatorsPagelastupdated:

ThistopicisforPivotalCloudFoundry(PCF)operators.Itintroducessomebestpractices,butdoesnotprovidedetailsaboutoperation.

BestPracticesPivotalrecommendsthatoperatorsfollowtheseguidelines:

ResourceAllocation—WorkwithappdeveloperstoanticipatememoryrequirementsandtoconfigureVMsizes.InstancesofDedicted-VMandShared-VMserviceshaveidenticalVMsizes.However,withtheOn-Demandservice,appdeveloperscanchoosefromthreedifferentplans,eachwithitsownVMsizeandquota.SeetheserviceofferingfortheOn-DemandPlanandResourceUsagePlanningforOn-Demandplans.

Logs—Configureasyslogoutput.Storinglogsinanexternalservicehelpsoperatorsdebugissuesbothcurrentandhistorical.SeeConfigureSyslogOutput.

Monitoring—Setupamonitoringdashboardformetricstotrackthehealthoftheinstallation.

BackingUpData—WhenusingRedisforpersistence,configureautomaticbackupssothatdatacanberestoredinanemergency.Validatethebacked-updatawithatestrestore.SeeConfiguringAutomatedBackupsandManuallyBackingupandRestoring .

Using—InstancesoftheOn-DemandandDedicated-VMservicesrunondedicatedVMs.Appsinproductionshouldhaveadedicatedoron-demandinstancetopreventperformanceissuescausedbysharinganinstance.TheShared-VMservicesharesaVMacrossmanyinstances,andPivotalrecommendsthatyouonlyuseitfordevelopmentandtesting.SeetheserviceofferingsfortheOn-DemandPlanandtheDedicatedandSharedPlans.

RedisKeyCountandMemorySizeRediscanhandleupto2 keys,andwastestedinpracticetohandleatleast250millionkeysperinstance.Everyhash,list,set,andsortedset,canhold2 elements.VMmemoryismorelikelytobealimitingfactorthannumberofkeysthatcanbehandled.

ErrandsRedisforPCFincludestheerrandslistedbelow.

Post-DeployErrandsBrokerRegistrar—Registersthecf-redis-brokerwithPCFtoofferthe p-redis service( shared-vm and dedicated-vm plans).

SmokeTests—Runslifecycletestsfor shared-vm and dedicated-vm plansifthesehavebeenenabledandthereisremainingquotaavailable.Thetestscoverprovisioning,binding,reading,writing,unbinding,anddeprovisioningofserviceinstances.

RegisterOn-DemandBroker—Registerstheon-demandRedisbrokerwithPCFtoofferthe p.redis service(on-demandplans).

On-DemandSmokeTests—Runslifecycletestsforenabledplansofthe p.redis serviceifthereisremainingquotaavailable.Thetestscoverprovisioning,binding,reading,writing,unbindinganddeprovisioningofserviceinstances.

UpgradeAllOn-DemandServiceInstances—Upgradeson-demandserviceinstancestousethelatestplanconfiguration,servicereleases,andstemcell.

Theabovepost-deployerrandsarerunbydefaultwheneverApplyChangesistriggered,whetherornottherehasbeenaconfigurationchangeintheRedisforPCFtileitself.

Pre-DeleteErrandsBrokerDeregistrar—Deregistersthe cf-redis-broker .

DeleteAllOn-DemandServiceInstancesandDeregisterBroker—Deletesallon-demandinstancesandderegisterstheon-demandRedisbroker.

Theabovepre-deleteerrandsarerunbydefaultwhenevertheRedisforPCFtileisdeleted.

32

32


https://docs.pivotal.io/redis/1-12/manual-br.html

TurningoffPost-DeployErrandsPivotalrecommendsthatyourunthepost-deployerrandsatanytriggerofApplyChanges.However,thispracticecanextendthedurationofapplyingchangesbyseveralminuteseverytime.Thissectionhelpsyoudecidewhenitissafetoskipsomepost-deployerrands.

ChangestoRedisforPCFTileConfiguration

IfthechangesincludeconfigurationchangesontheRedisforPCFtileoranewstemcellversion,theoperatormustrunallpost-deployerrands.

InstallingAnotherTile

WheninstallinganothertilethatdoesnotmakeanychangestotheBOSHDirectororthePivotalApplicationService(PAS),itisnotnecessarytorunanyoftheRedisforPCFtile’spost-deployerrands.

ChangestoOtherTiles

SometimesthechangedoesnotincludechangestotheRedisforPCFtile’sconfiguration.ThenitmightnotbenecessarytorunalloftheRedisforPCFtile’spost-deployerrands.

BrokerRegistrarErrandRequiredtoruniftheCFsystemdomainischangedinthePAStile.

NotnecessarytorunifthechangeonlyinvolvesothertilesexceptPAStile.

RegisterOn-DemandBrokerErrandRequiredtorunifthenetworkrangethattheRedisOn-demandBrokerisdeployedinischangedintheBOSHDirectortile.

NotnecessarytorunifthechangeonlyinvolvesothertilesexceptBOSHDirector.

SmokeTestsandOn-DemandSmokeTestsErrandsRequiredtoruniftheirrespectiveregisterbrokererrandisrequired.

Requiredtorunbothifanewerstemcellminorversionisuploaded.TheRedisforPCFtilefloatstothenewestminorversion.Formoreinformation,seeUnderstandingFloatingStemcells .

GoodpracticetorunbothforanychangeintheBOSHDirectororPAStile.

NotnecessarytoruneitherifthechangeonlyinvolvesothertilesexceptPASandBOSHDirector.

UpgradeAllOn-DemandServiceInstancesErrandRequiredtorunifanewerstemcellminorversionisuploaded.TheRedisforPCFtilefloatstothenewestminorversion.Formoreinformation,seeUnderstandingFloatingStemcells .

Notnecessarytoruniftherearenoon-demandinstancesprovisioned.

SmokeTestsOpsManagerrunsRedisforPCFsmoketestsasapost-installerrand.Youcanalsorunthesmoketestserrandusingthefollowingprocedure:

1. Retrievethedeploymentnameoftheinstalledproduct.Tofindthedeploymentname,dothefollowingsteps:

a. FromtheOpsManagerUI,clicktheRedisforPCFtile.

PivotalrecommendsagainstchangingtheBOSHDirector’snetworkconfigurationinawaythatchangestherangeswheretheRedisforPCFtiledeploysVMs.


https://docs.pivotal.io/pivotalcf/customizing/understanding-stemcells.htmlhttps://docs.pivotal.io/pivotalcf/customizing/understanding-stemcells.html

b. CopythepartoftheURLthatstartswith“p-redis-”.

2. Runthesmoketestserrand:bosh-dREDIS-DEPLOYMENT-NAMErun-errandsmoke-tests

Formoreinformation,seeRedisforPCFSmokeTests.

Note:Smoketestsfailunlessyouenableglobaldefaultapplicationsecuritygroups(ASGs).YoucanenableglobaldefaultASGsbybindingtheASGtothe system orgwithoutspecifyingaspace.ToenableglobaldefaultASGs,use cfbind-running-security-

group.


InstallingRedisforPCFPagelastupdated:

ThistopicdescribestheprocessofinstallingRedisforPCF.ItcoverstasksfromdownloadingthefilefromthePivotalNetworkthroughverifyingtheinstallationafterconfiguration.

Role-BasedAccessinOpsManagerOpsManageradministratorscanuseRole-BasedAccessControl(RBAC)tomanagewhichoperatorscanmakedeploymentchanges,viewcredentials,andmanageuserrolesinOpsManager.Therefore,yourrolepermissionsmightnotallowyoutoperformeveryprocedureinthisoperatorguide.

FormoreinformationaboutrolesinOpsManager,seeUnderstandRolesinOpsManager .

DownloadandInstalltheTileToaddRedisforPivotalCloudFoundry(PCF)toOpsManager,followtheprocedureforaddingPCFOpsManagertiles:

1. DownloadtheRedisforPCFfilefromPivotalNetwork .SelectthelatestreleasefromtheReleasesdropdown.

2. InthePCFOpsManagerInstallationDashboard,clickImportaProducttouploadtheRedisforPCFfile.

3. Clickthe+signnexttotheuploadedproductdescriptiontoaddthetiletoyourstagingarea.

4. ToconfigureRedisforPCF,clickthenewlyaddedtile.

5. Aftercompletingtherequiredconfiguration,clickApplyChangestoinstalltheservice.

ForguidanceonportsandrangesusedintheRedisservice,seeSelectNetworksbelow.

AssignAZsandNetworksToassignAZsandnetworks,clicktheAssignAZsandNetworkssettingstab.


https://docs.pivotal.io/pivotalcf/opsguide/config-rbac.html#abouthttps://network.pivotal.io/products/p-redis

AssignAZsInRedisforPCFv1.9andlater,youcanassignmultipleAZstoRedisjobs,howeverthisdoesnotguaranteehighavailability.Formoreinformation,seeSupportforMultipleAZs.

ToassignAZs,dothefollowing:

1. IntheAssignAZsandNetworkstab,makeyourselectionsunderPlacesingletonjobsinandBalanceotherjobsin.

2. ClickSave.

SelectNetworksYoucanuseRedisforPCFwithorwithoutusingtheon-demandservice.TousetheRedisforPCFon-demandservice,youmustselectanetworkinwhichtheserviceinstancesarecreated.Formoreinformation,seeNetworkingforOn-DemandServices.

Toselectnetworks,dothefollowing:

1. IntheAssignAZsandNetworkstab,selectaNetwork.

PivotalrecommendsthateachtypeofPCFserviceruninitsownnetwork.Forexample,runRedisforPCFonaseparatenetworkfromRabbitMQforPCF.

2. Ifusingtheon-demandservice,selectaServiceNetwork.Otherwise,selectanemptyservicenetwork .

PortRangesUsedinRedisforPCF

ThefollowingportsandrangesareusedinRedisforPCF:

Port Protocol DirectionandNetwork Reason

83008301

TCPTCPandUDP

InboundtoCloudFoundrynetwork,outboundfromservicebrokerandserviceinstancenetworks*

CommunicationbetweentheCFconsul_serverandconsul_agentsonRedisdeployment;usedformetrics

8202 TCPInboundtoCloudFoundrynetwork,outboundfromservicebrokerandserviceinstancenetworks*

UsedbytheRedismetron_agenttoforwardmetricstotheCloudFoundryLoggregator

12350 TCPOutboundfromCloudFoundrytothecf-redis-brokerservicebrokernetwork

(Onlyifusingacf-redis-broker)Accesstothecf-redis-brokerfromthecloudcontrollers.

12345 TCPOutboundfromCloudFoundrytotheon-demandservicebrokernetwork

(OnlyifusinganOn-Demandservice)Foraccesstotheon-demandservicebrokerfromthecloudcontrollers

6379 TCPOutboundfromCloudFoundrytoanyserviceinstancenetworks(dedicated-nodeandon-demand)

Accesstoalldedicatednodesandon-demandnodesfromtheDiegoCellandDiegoBrainnetwork(s)

32768-61000

TCPOutboundfromCloudFoundrytothecf-redis-brokerservicebrokernetwork

FromtheDiegoCellandDiegoBrainnetwork(s)totheservicebrokerVM.Thisisonlyrequiredforthesharedserviceplan.

80or443(Typically)

httporhttpsrespectively

Outboundfromanyserviceinstancenetworks Accesstothebackupblobstore

844325555

TCPOutboundfromanyon-demandservicebrokernetworktotheBOSHDirectornetwork

Fortheon-demandservice,theon-demandservicebrokerneedstotalktotheBOSHDirector

*Typicallytheservicebrokernetworkandserviceinstancenetwork(s)arethesame.

ConfigureRedisforPCFServicePlansClicktheRedisforPCFtileintheOpsManagerInstallationDashboardtodisplaytheconfigurationpageandallocateresourcestoRedisserviceplans.

Note:InOpsManagerv2.0andearlier,aspecificnetworkwasdesignatedastheServiceNetworktoreserveIPsfortheon-demandservice.InOpsManagerv2.1andlater,IPsarenolongermanagedinthisway.AllnetworksarenowavailabletouseasaServiceNetwork.


https://discuss.pivotal.io/hc/en-us/articles/115010154387

On-DemandServiceSettings1. ClickOn-DemandServiceSettings,andthenentertheMaximumserviceinstancesacrossallon-demandplans.Themaximumnumberof

instancesyousetforallyouron-demandplanscombinedcannotexceedthisnumber.

Formoreinformation,seeSettingLimitsforOn-DemandServiceInstances.

2. SelecttheAllowoutboundinternetaccessfromserviceinstancescheckbox.Youmustselectthischeckboxtoallowexternallogforwarding,sendbackupartifactstoexternaldestinations,andcommunicatewithanexternalBOSHblobstore.

3. (Optional)SelectthecheckboxtoenableServiceInstanceSharing.ThisisaBetafeature.Turningonsharingenablesthisexperimentalfeatureforallon-demandinstances.

4. Toconfigureanon-demandplan,clickOn-DemandPlan1,2,or3.

Youcanconfigureuptothreeon-demandplanswithappropriatememoryanddisksizesforyourusecase(s).ResourceconfigurationoptionsmayvaryondifferentIaaSes.

Thedefaultnamesofthethreeon-demandplansprovidedreflectthatinstancesoftheseplansareintendedtobeusedfordifferentcachesizes:

cache-small:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwith~1GBofmemoryand>2.5GBofpersistentdiskcache-medium:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwith~2GBofmemoryand>5GBofpersistentdiskcache-large:ARedisinstancedeployedtoadedicatedVM,suggestedtobeconfiguredwith~4GBofmemoryand>10GBofpersistentdisk

Note:OutboundnetworktrafficrulesalsodependonyourIaaSsettings.ConsultyournetworkorIaaSadministratortoensurethatyourIaaSallowsoutboundtraffictotheexternalnetworksyouneed.

Note:Toenablethisfeatureauserwithadminprivilegesmustrun cfenable-feature-flagservice_instance_sharing .Forinformationaboutthisfeature,seeSharingaRedisInstancewithAnotherSpace(Beta).


5. Configurethefollowingsettingsforyouron-demandplan(s).Anypre-populateddefaultsettingsarepre-configuredaccordingtothememoryanddisksizeofeachplan.

Field Description

Plan SelectPlanActiveorPlanInactive.Aninactiveplandoesnotneedanyfurtherconfiguration.

PlanName EnteranamethatwillappearintheMarketplace.

PlanDescription EnteradescriptionthatwillappearintheMarketplace.Specifydetailsthatwillberelevanttoappdevelopers.

PlanQuotaEnterthemaximumnumberofinstancesofthisplanthatappdeveloperscancreate.Formoreinformation,seeSettingLimitsforOn-DemandServiceInstances.

CFServiceAccessSelectaserviceaccesslevel.Thissettingdoesnotmodifythepermissionsthathavebeenpreviouslyset,andallowsformanualaccesstobeconfiguredfromtheCLI.

AZtodeployRedis ThisistheAZinwhichtodeploytheRedisinstancesfromtheplan.ThismustbeoneoftheAZsoftheservicenetwork


instancesofthisplan (configuredintheBOSHDirectortile).

ServerVMtypeSelecttheVMtype.Pivotalrecommendsthatthepersistentdiskshouldbeatleast2.5xtheVMmemoryfortheon-demandbrokerand3.5xtheVMmemoryforcf-redis-broker.

ServerDisktypeSelectthedisktype.Pivotalrecommendsthatthepersistentdiskshouldbeatleast2.5xtheVMmemoryfortheon-demandbrokerand3.5xtheVMmemoryforcf-redis-broker.

RedisClientTimeout Thisfieldreferstotheservertimeoutforanidleclientspecifiedinseconds.Thedefaultsettingis3600.Adjustthissettingasneeded.

RedisTCPKeepaliveRedisTCPKeepalivereferstotheinterval(inseconds)atwhichTCPACKSaresenttoclients.Thedefaultsettingis60.Adjustthissettingasneeded.

MaxClientsMaxClientsreferstothemaximumnumberofclientsthatcanbeconnectedatanyonetime.Perplan,thedefaultsettingis1000forsmall,5000formediumand10000forlarge.Adjustthissettingasneeded.

LuaScripting EnableordisableLuaScriptingasneeded.PivotalrecommendsthatLuaScriptingbedisabled.

6. ClickSave.

UpdatingOn-DemandServicePlans

Operatorscanupdatecertainsettingsaftertheplanshavebeencreated.IftheoperatorupdatestheVMsize,disksize,ortheRedisconfigurationsettings(enablingLuaScripting,max-clients,timeoutandTCPkeep-alive),thesesettingsareimplementedinallinstancesthatarealreadycreated.

OperatorsshouldnotdownsizetheVMsordisksizebecausethiscancausedatalossinpre-existinginstances.Additionally,operatorscannotmakeaplanthatwaspreviouslyactive,inactive,untilallinstancesofthatplanhavebeendeleted.

RemovingOn-DemandServicePlans

IfyouwanttoremovetheOn-DemandServicefromyourtile,dothefollowing:

1. GototheResourceConfigpageontheRedisforPCFtile,andsettheRedisOn-DemandBrokerjobinstancesto0.

2. NavigatetotheErrandspageontheRedisforPCFtile,andsetthefollowingerrandstooff:

RegisterOn-demandRedisBrokerOn-demandBrokerSmokeTestsUpgradeallOn-demandRedisServiceInstancesDeregisterOn-demandRedisBroker

3. Createanemptyservicenetwork.Forinstructions,seethisKnowledgeBasearticle .

4. GotoeachofthethreeOn-DemandPlanpagesontheRedisforPCFtile,andseteachplantoPlanInactive.Forexample:


https://discuss.pivotal.io/hc/en-us/articles/115010154387

Shared-VMPlan

1. SelecttheShared-VMPlantab.

2. Configurethesefields:

RedisInstanceMemoryLimit—Maximummemoryusedbyashared-VMinstanceRedisServiceInstanceLimit—Maximumnumberofshared-VMinstances

MemoryandinstancelimitsdependonthetotalsystemmemoryofyourRedisbrokerVMandrequiresomeadditionalcalculation.Formoreinformation,seeMemoryLimitsforShared-VMPlansbelow.

3. ClickSave.

4. Ifyoudonotwanttousetheon-demandservice,youmustmakealloftheon-demandserviceplansinactive.Clickthetabforeachon-demandplan,andselectPlanInactive.SeetheexampleinStep4ofRemovingOn-DemandServicePlansabove.

5. TochangetheallocationofresourcesfortheRedisbroker,clicktheResourceConfigtab.

TheRedisbrokerserverrunsalloftheRedisinstancesforyourShared-VMplan.FromtheResourceConfigpage,youcanchangetheCPU,RAM,EphemeralDisk,andPersistentDiskmadeavailable,asneeded.

MemoryLimitsforShared-VMPlans

Additionalcalculationisrequiredtoconfigurememorylimitsforshared-VMplans.Withtheseplans,severalserviceinstancessharetheVM,andtheRedisbrokeralsorunsonthissameVM.Therefore,thememoryusedbyalltheshared-vminstancescombinedshouldbeatmost45%ofthememoryoftheRedisbrokerVM.

Toconfigurethelimitsinthesefields,estimatethemaximummemorythatcouldbeusedbyallyourRedisshared-VMinstancescombined.Ifthatfigureishigherthan45%oftheRedisbrokerVM’stotalsystemmemory,youcandooneofthefollowing:

DecreasetheRedisInstanceMemoryLimit.

DecreasethenumberofinstancesinRedisServiceInstanceLimit.

IncreasetheRAMfortheRedisBrokerintheResourceConfigtabasshownbelow.


Herearesomeexamplesforsettingtheselimits:

RedisBrokerVMTotalMemory RedisInstanceMemoryLimit RedisServiceInstanceLimit

16GB 512MB 14

16GB 256MB 28

64GB 512MB 56

Dedicated-VMPlan

1. ToconfiguretheDedicated-VMplan,clicktheResourceConfigtabtochangetheallocationofresourcesfortheDedicatedNode.

Thedefaultconfigurationcreatesfivededicatednodes(VMs).EachnodecanrunoneRedisdedicated-VMinstance.Youcanchangethenumberofdedicatednodes,andconfigurethesizeofthepersistentandephemeraldisks,andtheCPUandRAMforeachnode.ThedefaultVMsizeissmall.ItisimportantthatyousetthecorrectVMsizetohandleanticipatedloads.

Note:ItispossibletoconfigurealargerRedisServiceInstanceLimit,ifyouareconfidentthatthemajorityofthedeployedinstanceswillnotusealargeamountoftheirallocatedmemory,forexampleindevelopmentortestenvironments.

However,thispracticeisnotsupportedandcancauseyourservertorunoutofmemory,preventingusersfromwritinganymoredatatoanyRedisshared-VMinstance.

Note:InRedisforPCFv1.11andlater,theon-demandserviceisatfeatureparitywiththededicated-VMservice.Thededicated-VMserviceplanwillbedeprecated.Pivotalrecommendsusingtheon-demandserviceplan.Todisablededicated-VMplans,seeDisableSharedandDedicatedVMPlansbelow.


Withdedicated-VMplans,thereisoneRedisserviceinstanceoneachVM.Themaximummemoryaninstancecanuseshouldbeatmost45%ofthetotalsystemRAMontheVM.Youcansetthiswiththe maxmemory configuration.Theappcanuse100%of maxmemory –thatis,upto45%ofthesystemRAM.Pivotalrecommendsthepersistentdiskbesetto2.5xtheamountofsystemRAM.

2. ClickSave.

3. Ifyoudonotwanttousetheon-demandservice,youmustmakealloftheon-demandserviceplansinactive.Clickthetabforeachon-demandplan,andselectPlanInactive.SeetheexampleinStep4ofRemovingOn-DemandServicePlansabove.

ConfigureResourcesforDedicated-VMandShared-VMPlansToconfigureresourcesfortheShared-VMandDedicated-VMplans,clicktheResourceConfigsettingstabontheRedisforPCFtile.

TheShared-VMplanisontheRedisBrokerresource.

TheDedicated-VMplanisontheDedicatedNoderesource.

ThefollowingarethedefaultresourceandIPrequirementsforRedisforPCFwhenusingtheShared-VMorDedicated-VMplans:

Product Resource Instances CPU Ram Ephemeral Persistent StaticIP DynamicIP

Redis RedisBroker 1 2 3072 4096 9216 1 0

Redis DedicatedNode 5 2 1024 4096 4096 1 0

Redis BrokerRegistrar 1 1 1024 2048 0 0 1

Redis BrokerDe-Registrar 1 1 1024 2048 0 0 1

Redis Compliation 2 2 1024 4096 0 0 1

DisableSharedandDedicatedVMPlansYoucandisableSharedandDedicatedVMPlansbydoingthefollowingwhileconfiguringRedistile:

1. EnsureatleastoneOn-Demandplanisactive.

2. Configurethefollowingtabs:

Shared-VMPlan:a.SetRedisServiceInstanceLimitto0.b.ClickSave.

Errands:a.SetBrokerRegistrartoOff.b.SetSmokeTeststoOff.c.SetBrokerDeregistrartoOff.d.LeaveallfourOn-DemanderrandsOn.e.ClickSave.

ResourceConfig:a.DecreaseRedisBrokerPersistentdisktypetothesmallestsizeavailable.b.DecreaseRedisBrokerVMtypetothesmallestsizeavailable.c.SetDedicatedNodeInstancesto0.d.ClickSave.

AdditionalRedisConfigurationsYoucanupdatecertainplansettingsaftertheplanshavebeencreated.Updatestothesettingsforthecomponentsbelowareimplementedinallexistinginstances:

VMsize

Disksize


Redisconfigurationsettings:

LuaScriptingMax-clientsTimeoutTCPkeep-alive

Thefollowingtabledescribespropertiesyoucanupdateintheplanconfigurationpage,shownabove.

Property Default Description

RedisClientTimeout

3600 Servertimeoutforanidleclientspecifiedinseconds(e.g.,3600)

RedisTCPKeepalive

60 Themaxnumberofconnectedclientsatthesametime

MaxClients1000/5000/10000(small/medium/large)

Themaxnumberofconnectedclientsatthesametime

LuaScripting

Enabled Enable/DisableLuascripting

PlanQuota 20MaximumnumberofRedisserviceinstancesforthisplan,acrossallorgsandspaces.Formoreinformation,seeSettingLimitsforOn-DemandServiceInstances.

Forsettingsthatappdeveloperscanconfigure,seeCustomizeanOn-DemandServiceInstance.

ConfigureSyslogForwardingPivotalrecommendsthatoperatorsconfiguresyslogforwardingtoaremotedestination.Forwardingyoursystemlogstoaremotedestinationletsyou:

ViewlogsfromeveryVMintheRedisforPCFdeploymentinoneplace.

EffectivelytroubleshootingwhenlogsarelostonthesourceVM.

Setupalertsforimportanterrorlogstomonitorthedeployment.

AlllogsfollowRFC5424format.

Toconfiguresyslogforwarding,dothefollowing:

1. ClicktheRedisforPCFtiletodisplaytheconfigurationpage,andthenclicktheSyslogtab.

warning:YoumustnotdownsizetheVMsordisksize.Thiscancausedatalossinpre-existinginstances.


2. SelecteitherYeswithoutencryptionorYeswithTLSencryption.

3. EntertheSyslogAddressandPort,andselecttheTransportprotocolofyourremotedestination.YoucanonlyuseTCPifyouareusingTLSencryption.

Theinformationrequiredforthesefieldsisprovidedbyyourremotedestination.Addressshouldbesomethingsuchas logs.papertrailapp.com ,andPortwillbeanumbersuchas 41635 .

4. Selecttheformatforyourlogs.RFC5424 isthesuggestedformat.

ForinstancesoftheRedison-demandplan,alllogsfollowRFC5424format.InstancesoftheDedicated-VMandShared-VMplansallowfortheoperatortoselecttheirlogformattobeeithertheirlegacyformatorRFC5424.PCFismovingtowardallsyslogsconsistentlyusingRFC5424format.

5. IfyouselectedYeswithTLSencryption,completethesefields:

PermittedPeerreferstotheremotesyslogdestination.ItallowseachVMtoestablishanencryptedtunnelwiththeremotesyslogdestination.ThePermittedPeeriseithertheacceptedfingerprint(SHA1)ornameoftheremotepeer,forexample *.example.com .TLSCAcertificatereferstothetrustedcertificateauthoritiesfortheremotesyslogdestination.Largecertificatechains(>8kb)arenotsupported.

Note:Tousesyslogforwardingforon-demandinstances,youmustselecttheAllowoutboundinternetaccessfromserviceinstancescheckboxintheOn-DemandServiceSettingstab.


https://tools.ietf.org/html/rfc5424

6. ClickSave.

ApplyChangesfromYourConfigurationYourinstallationisnotcompleteuntilyouapplyyourconfigurationchanges.Followthestepsbelow:

1. ReturntotheOpsManagerInstallationDashboard.

2. ClickApplyChanges.

CreateApplicationSecurityGroupsToallowthisservicetohavenetworkaccess,youmustcreateApplicationSecurityGroups(ASGs) .EnsureyoursecuritygroupallowsaccesstotheRedisServiceBrokerVMandDedicatedVMsconfiguredinyourdeployment.YoucanobtaintheIPaddressesfortheseVMsinOpsManagerundertheResourceConfigsectionfortheRedisforPCFtile.

ApplicationContainerNetworkConnectionsApplicationcontainersthatuseinstancesoftheRedisforPCFservicerequirethefollowingoutboundnetworkconnections:

Destination Ports Protocol Reason

ASSIGNED_NETWORK 32768-61000 tcp Enableapplicationtoaccesssharedvmserviceinstance

ASSIGNED_NETWORK 6379 tcp Enableapplicationtoaccessdedicatedvmserviceinstance

CreateanASGcalled redis-app-containers withtheaboveconfigurationandbindittotheappropriatespaceor,togiveallstartedappsaccess,bindtothedefault-running ASGsetandrestartyourapps.Example:

[{"protocol":"tcp","destination":"ASSIGNED_NETWORK","ports":"6379"}]

ValidatingInstallationSmoketestsrunaspartofRedisforPCFinstallationtovalidatethattheinstallsucceeded.Formoreinformation,seeRedisforPCFSmokeTests.

UninstallingRedisforPCFTouninstallRedisforPCF,dothefollowing:

1. InthePCFOpsManagerInstallationdashboard,clickthetrashcaniconinthelowerrighthandcorneroftheRedisforPCFtile.

2. Confirmdeletionoftheproduct,andthenclickApplyChanges.

Note:WithoutASGs,thisserviceisunusable.


http://docs.pivotal.io/pivotalcf/1-10/adminguide/app-sec-groups.html

UpgradingRedisforPCFPagelastupdated:

ThissectioncontainstheupgradeprocedureandupgradepathsforRedisforPCF.

CompatibleUpgradePathsBeforeupgradingRedisforPCF,forcompatibilityinformation,seetheProductVersionMatrix .

UpgradeRedisforPCFThisproductenablesareliableupgradeexperiencebetweenversionsoftheproductthatisdeployedthroughOpsManager.

Forinformationontheupgradepathsforeachreleasedversion,seetheabovetable.

ToupgradeRedisforPCF,dothefollowing:

1. DownloadthelatestversionoftheproductfromPivotalNetwork .

2. Uploadthenew .pivotal filetoOpsManager.

3. Ifrequired,uploadthestemcellassociatedwiththeupdate.

4. Ifrequired,updateanynewmandatoryconfigurationparameters.

5. Pivotalrecommendsthatyourunthe upgrade-all-service-instances errand.Forhowtoruntheerrand,seeUpgradeAllServiceInstances.

6. ClickApplychanges.Therestoftheprocessisautomated.

DuringtheupgradedeploymenteachRedisinstanceexperiencesasmallperiodofdowntimeaseachRedisinstanceisupdatedwiththenewsoftwarecomponents.ThisdowntimeisbecausetheRedisinstancesaresingleVMsoperatinginanonHAsetup.

Thelengthofthedowntimedependsonwhetherthereisastemcellupdatetoreplacetheoperatingsystemimage,orwhethertheexistingVMcansimplyhavetheredissoftwareupdated.StemcellupdatesincuradditionaldowntimewhiletheIaaScreatesthenewVM,whereasupdateswithoutastemcellupdatearefaster.

OpsManagerensurestheinstancesareupdatedwiththenewpackagesandanyconfigurationchangesareappliedautomatically.

Upgradingtoanewerversionoftheproductdoesnotcauseanylossofdataorconfiguration.

DowntimeDuringUpgradesandRedeploysAredeploycausesdowntimeoftheRedisforPCFtile.Thissectionclarifieswhateventstriggeraredeploy.

OpsManagerChangesInOpsManager,anyfieldthatchangesthemanifestcausesaredeployoftheRedisforPCFtile.

PASChangesInPivotalApplicationService(PAS),changestoanyofthefollowingpropertiescantriggerdowntime:

..cf.consul_server.ips —ConsulServerResourceConfig

Note:Existingserviceinstancesarenotupgradedifyoudonotrunthiserrand.Theseinstancesdonotbenefitfromanysecurityfixesornewfeaturesincludedintheupgrade.


http://docs.pivotal.io/compatibility-matrix.pdfhttps://network.pivotal.io/products/p-redis

$runtime.system_domain —RuntimeSystemDomain

..cf.ha_proxy.skip_cert_verify.value —DisableSSLcertificateverificationforthisenvironmentinPAS

$runtime.apps_domain —RuntimeAppsDomain

..cf.nats.ips —NATSResourceConfig

$self.service_network —ServiceNetworksinOpsManager

WhentheoperatorappliesanyoftheabovechangestoPAS,downtimeistriggeredforthefollowing:

RedisOn-DemandBrokerinRedisforPCFv1.8andlater

Dedicated-VMandShared-VMServicesinRedisforPCFv1.9andearlier

UpgradingallServiceInstancesForRedisforPCFv1.8andlater,downtimeforserviceinstancesoccursonlyaftertheoperatorrunsthe upgrade-all-service-instances BOSHerrand,afteralltileupgradesarecompletedsuccessfully.

AnychangetoafieldontheRedisforPCFtilecausesBOSHtoredeployboththelegacyandtheOn-DemandRedisBrokersaftertheoperatorrunstheupgrade-all-service-instances errand.

NetworkChangesafterDeploymentThissectionexplainshowchangingthenetworkafterdeployingRedisforPCFaffectsinstancesandapps.

DedicatedandSharedVMsTochangethenetworkfordedicated-VMandshared-VMservices,clickAssignAZsandNetworksintheRedisforPCFtileconfigurationandusetheNetworkdropdown.Thenetworkappliestobothshared-VManddedicated-VMservices.

YoucanalsochangethenetworkbyalteringtheCIDRintheBOSHDirectortile.

Pivotaldiscourageschangingthenetworkthatapre-existingdedicated-VMdeploymentorshared-VMdeploymentworkswith.

Ifthenetworkischanged,appbindingsforexistingdedicated-VMandshared-VMinstancesmightstopworking.Dedicated-VMsmightalsobereallocatedasnewserviceinstanceswithouttheirdatabeingcleaned,resultinginadataleakbetweenapps.

On-DemandServiceInstancesTochangetheservicenetworkforon-demandserviceinstances,clickAssignAZsandNetworksintheRedistileconfigurationandusetheServiceNetworkdropdown.Theservicenetworkappliestoon-demandserviceinstances.

YoucanalsochangetheservicenetworkbyalteringtheCIDRintheBOSHDirectortile.

Ifyouchangetheservicenetwork,youmustunbindandrebindexistingappstotheon-demandRedisinstance.

Newon-demandserviceinstancesareplacedintothenewservicenetwork,butexistingon-demandserviceinstancesarenotmoved.Ifyouneedtomovethedatainon-demandRedisinstancestoanewservicenetwork,youmustcreateanewinstance,migratethedatamanually,anddeletetheoldinstance.

Similarly,changingtheavailabilityzoneforanon-demandplanonlyappliestonewon-demandinstancesanddoesnotalterexistinginstances.

ReleasePolicyWhenanewversionofRedisisreleased,anewversionofRedisforPCFisreleasedsoonafter.

FormoreinformationaboutthePCFreleasepolicy,seeReleasePolicy .


https://docs.pivotal.io/pivotalcf/security/process/pcf-security.html#release-policy

SettingLimitsforOn-DemandServiceInstancesPagelastupdated:

On-demandprovisioningisintendedtoaccelerateappdevelopmentbyeliminatingtheneedfordevelopmentteamstorequestandwaitforoperatorstocreateaserviceinstance.However,tocontrolcosts,operationsteamsandadministratorsmustensureresponsibleuseofresources.

Thereareseveralwaystocontroltheprovisioningofon-demandserviceinstancesbysettingvariousquotasattheselevels:

Global

Plan

Org

Space

Afteryousetquotas,youcan:

ViewCurrentOrgandSpace-levelQuotas

MonitorQuotaUseandServiceInstanceCount

CalculateResourceCostsforOn-DemandPlans

CreateGlobal-levelQuotasEachPivotalCloudFoundry(PCF)servicehasaseparateservicebroker.Aglobalquotaattheservicelevelsetsthemaximumnumberofserviceinstancesthatcanbecreatedbyagivenservicebroker.Ifaservicehasmorethanoneplan,thenthenumberofserviceinstancesforallplanscombinedcannotexceedtheglobalquotafortheservice.

TheoperatorsetsaglobalquotaforeachPCFserviceindependently.Forexample,ifyouhaveRedisforPCFandRabbitMQforPCF,youmustsetaseparateglobalservicequotaforeachofthem.

Whentheglobalquotaisreachedforaservice,nomoreinstancesofthatservicecanbecreatedunlessthequotaisincreased,orsomeinstancesofthatservicearedeleted.

CreatePlan-levelQuotasAservicemayofferoneormoreplans.Youcansetaseparatequotaperplansothatinstancesofthatplancannotexceedtheplanquota.Foraservicewithmultipleplans,thetotalnumberofinstancescreatedforallplanscombinedcannotexceedtheglobalquotafortheservice.

Whentheplanquotaisreached,nomoreinstancesofthatplancanbecreatedunlesstheplanquotaisincreasedorsomeinstancesofthatplanaredeleted.

CreateandSetOrg-levelQuotasAnorg-levelquotaappliestoallPCFservicesandsetsthemaximumnumberofserviceinstancesanorganizationcancreatewithinPCF.Forexample,ifyousetyourorg-levelquotato100,developerscancreateupto100serviceinstancesinthatorgusinganycombinationofPCFservices.

Whenthisquotaismet,nomoreserviceinstancesofanykindcanbecreatedintheorgunlessthequotaisincreasedorsomeserviceinstancesaredeleted.

Tocreateandsetanorg-levelquota,dothefollowing:

1. Runthiscommandtocreateaquotaforserviceinstancesattheorglevel:

cf create-quota QUOTA-NAME -m TOTAL-MEMORY -i INSTANCE-MEMORY -r ROUTES -s SERVICE-INSTANCES --allow-paid-service-plans

Where:

QUOTA-NAME —AnameforthisquotaTOTAL-MEMORY —MaximummemoryusedbyallserviceinstancescombinedINSTANCE-MEMORY —Maximummemoryusedbyanysingleserviceinstance


ROUTES —MaximumnumberofroutesallowedforallserviceinstancescombinedSERVICE-INSTANCES —Maximumnumberofserviceinstancesallowedfortheorg

Forexample:

cfcreate-quotamyquota-m1024mb-i16gb-r30-s50--allow-paid-service-plans

2. Associatethequotayoucreatedabovewithaspecificorgbyrunningthefollowingcommand:

cf set-quota ORG-NAME QUOTA-NAME

Forexample:

cfset-quotadev_orgmyquota

Formoreinformationonmanagingorg-levelquotas,seeCreatingandModifyingQuotaPlans .

CreateandSetSpace-levelQuotasAspace-levelservicequotaappliestoallPCFservicesandsetsthemaximumnumberofserviceinstancesthatcanbecreatedwithinagivenspaceinPCF.Forexample,ifyousetyourspace-levelquotato100,developerscancreateupto100serviceinstancesinthatspaceusinganycombinationofPCFservices.

Whenthisquotaismet,nomoreserviceinstancesofanykindcanbecreatedinthespaceunlessthequotaisupdatedorsomeserviceinstancesaredeleted.

Tocreateandsetaspace-levelquota,dothefollowing:

1. Runthefollowingcommandtocreatethequota:

cf create-space-quota QUOTA-NAME -m TOTAL-MEMORY -i INSTANCE-MEMORY -r ROUTES -s SERVICE-INSTANCES --allow-paid-service-plans

Where:

QUOTA-NAME —AnameforthisquotaTOTAL-MEMORY —MaximummemoryusedbyallserviceinstancescombinedINSTANCE-MEMORY —MaximummemoryusedbyanysingleserviceinstanceROUTES —MaximumnumberofroutesallowedforallserviceinstancescombinedSERVICE-INSTANCES —Maximumnumberofserviceinstancesallowedfortheorg

Forexample:

cfcreate-space-quotamyspacequota-m1024mb-i16gb-r30-s50--allow-paid-service-plans

2. Associatethequotayoucreatedabovewithaspecificspacebyrunningthefollowingcommand:

cf set-space-quota SPACE-NAME QUOTA-NAME

Forexample:

cfset-space-quotamyspacemyspacequota

Formoreinformationonmanagingspace-levelquotas,seeCreatingandModifyingQuotaPlans .

ViewCurrentOrgandSpace-levelQuotasTovieworgquotas,runthefollowingcommand.

cforgORG-NAME

Toviewspacequotas,runthefollowingcommand:


https://docs.pivotal.io/pivotalcf/1-12/adminguide/quota-plans.htmlhttps://docs.pivotal.io/pivotalcf/1-12/adminguide/quota-plans.html

cfspaceSPACE-NAME

Formoreinformationonmanagingorgandspace-levelquotas,seetheCreatingandModifyingQuotaPlans .

MonitorQuotaUseandServiceInstanceCountService-levelandplan-levelquotause,andtotalnumberofserviceinstances,areavailablethroughtheon-demandbrokermetricsemittedtoLoggregator.Thesemetricsarelistedbelow:

MetricName Description

on-demand-broker/SERVICE-NAME/quota_remaining Quotaremainingforallinstancesacrossallplans

on-demand-broker/SERVICE-NAME/PLAN-NAME/quota_remaining

Quotaremainingforaspecificplan

on-demand-broker/SERVICE-NAME/total_instances Totalinstancescreatedacrossallplans

on-demand-broker/SERVICE-NAME/PLAN-NAME/total_instances

Totalinstancescreatedforaspecificplan

YoucanalsoviewserviceinstanceusageinformationinAppsManager.Formoreinformation,seeReportingInstanceUsagewithAppsManager .

CalculateResourceCostsforOn-DemandPlansOn-demandplansusededicatedVMs,disks,andvariousotherresourcesfromanIaaS,suchasAWS.Tocalculatemaximumresourcecostforplansindividuallyorcombined,youmultiplythequotabythecostoftheresourcesselectedintheplanconfiguration(s).ThespecificcostsdependonyourIaaS.

ToviewconfigurationsforyourRedisforPCFon-demandplan,dothefollowing:

1. NavigatetoOpsManagerInstallationDashboard>Redis>Settings.

2. Clickthesectionfortheplanyouwanttoview.Forexample,On-DemandPlan1.

TheimagebelowshowsanexamplethatincludestheVMtypeandpersistentdiskselectedfortheserverVMs,aswellasthequotaforthisplan.

Note:Quotametricsarenotemittedifnoquotahasbeenset.

Note:Althoughoperatorscanlimiton-demandinstanceswithplanquotasandaglobalquota,asdescribedintheabovetopics,IaaSresourceusagestillvariesbasedonthenumberofon-demandinstancesprovisioned.


https://docs.pivotal.io/pivotalcf/adminguide/quota-plans.htmlhttps://docs.pivotal.io/pivotalcf/opsguide/accounting-report-apps-man.html

CalculateMaximumResourceCostPerOn-DemandPlanTocalculatethemaximumcostofVMsandpersistentdiskforeachplan,dothefollowingcalculation:

planquotaxcostofselectedresources

Forexample,ifyouselectedtheoptionsintheaboveimage,youhaveselectedaVMtypemicroandapersistentdisktype20GB,andtheplanquotais15.TheVMandpersistentdisktypeshaveanassociatedcostfortheIaaSyouareusing.Therefore,tocalculatethemaximumcostofresourcesforthisplan,multiplythecostoftheresourcesselectedbytheplanquota:

(15xcostofmicroVMtype)+(15xcostof20GBpersistentdisk)=maxcostperplan

CalculateMaximumResourceCostforAllOn-DemandPlansTocalculatethemaximumcostforallplanscombined,addtogetherthemaximumcostsforeachplan.Thisassumesthatthesumofyourindividualplanquotasislessthantheglobalquota.

Hereisanexample:

(plan1quotaxplan1resourcecost)+(plan2quotaxplan2resourcecost)=maxcostforallplans

CalculateActualResourceCostofallOn-DemandPlansTocalculatethecurrentactualresourcecostacrossallyouron-demandplans:

1. Findthenumberofinstancescurrentlyprovisionedforeachactiveplanbylookingatthe total_instance metricforthatplan.

2. Multiplythe total_instance countforeachplanbythatplan’sresourcecosts.Recordthecostsforeachplan.

3. AddupthecostsnotedinStep2togetyourtotalcurrentresourcecosts.

Forexample:

(plan1total_instancesxplan1resourcecost)+(plan2total_instancesxplan2resourcecost)=currentcostforallplans


ConfiguringAutomatedServiceBackupsPagelastupdated:

ThistopicdescribeshowtoconfigureautomatedbackupsinRedisforPivotalCloudFoundry(PCF).

AboutAutomatedBackupsYoucanconfigureautomaticbackupsforallserviceplantypes:on-demand,dedicated-VM,andshared-VM.

Automatedbackupshavethefollowingfeatures:

Backupsrunonaconfigurableschedule.

Everyinstanceisbackedup.

TheRedisbrokerstatefileisbackedup.

DatafromRedisisflushedtodiskbeforethebackupisstartedbyrunninga BGSAVE oneachinstance.

YoucanconfigureAmazonWebServices(AWS)S3,SCP,Azure,orGoogleCloudStorage(GCS)asyourdestination.

BackupFilesWhenRedisforPCFrunsanautomatedbackup,itlabelsthebackupsinthefollowingways:

Fordedicated-VMandshared-VMplans,backupsarelabeledwithtimestamp,instanceGUID,andplanname.Filesarestoredbydate.

Foron-demandplans,backupsarelabeledwithtimestampandplanname.Filesarestoredbydeployment,thendate.

Backupsarestoredas .rdb files.

Foreachbackupartifact,RedisforPCFalsocreatesafilethatcontainstheMD5checksumforthatartifact.Thiscanbeusedtovalidatethattheartifactisnotcorrupted.

AboutConfiguringBackupsRedisforPCFautomaticallybacksupdatabasestoexternalstorage.

Howandwhere:Therearefouroptionsforhowautomatedbackupstransferbackupdataandwherethedatasavesto:

Option1:BackUpwithAWS:RedisforPCFrunsanAWSS3clientthatsavesbackupstoanS3bucket.Option2:BackUpwithSCP:RedisforPCFrunsanSCPcommandthatsecure-copiesbackupstoaVMorphysicalmachineoperatingoutsideofPCF.SCPstandsforsecurecopyprotocol,andoffersawaytosecurelytransferfilesbetweentwohosts.TheoperatorprovisionsthebackupmachineseparatelyfromtheirPCFinstallation.Thisisthefastestoption.Option3:BackUptoGCS:RedisforPCFrunsanGCSSDKthatsavesbackupstoanGoogleCloudStoragebucket.Option4:BackUptoAzure:RedisforPCFrunsanAzureSDKthatsavesbackupstoanAzurestorageaccount.

When:Backupsfollowaschedulethatyouspecifywithacronexpression.Forgeneralinformationaboutcron,seepackagecron .

Toconfigureautomatedbackups,followtheproceduresbelowaccordingtotheoptionyouchooseforexternalstorage.

Option1:BackUpwithAWSTobackupyourdatabasetoanAmazonS3bucket,completethefollowingprocedures:

CreateaPolicyandAccessKey

ConfigureBackupsinOpsManager


http://godoc.org/github.com/robfig/cron

CreateaPolicyandAccessKeyRedisforPCFaccessesyourS3storethroughauseraccount.PivotalrecommendsthatthisaccountbesolelyforRedisforPCF.YoumustapplyaminimalpolicythatletstheuseraccountuploadbackupstoyourS3store.

Dothefollowingtocreateapolicyandaccesskey:

1. NavigatetotheAWSConsoleandlogin.

2. Tocreateanewcustompolicy,gotoIAM>Policies>CreatePolicy>CreateYourOwnPolicyandpasteinthefollowingpermissions:

{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:ListBucket","s3:ListBucketMultipartUploads","s3:ListMultipartUploadParts","s3:PutObject"],"Resource":["arn:aws:s3:::MY-BUCKET-NAME","arn:aws:s3:::MY-BUCKET-NAME/*"]}]}

Where MY-BUCKET-NAME isthenameofyourS3bucket.

IftheS3bucketdoesnotalreadyexist,add s3:CreateBucket tothe Action listtocreateit.

3. (Recommended)CreateanewuserforRedisforPCFandrecorditsAccessKeyIDandSecretAccessKey,theusercredentials.

4. (Recommended)AttachthepolicyyoucreatedtotheAWSuseraccountthatRedisforPCFwillusetoaccessS3.GotoIAM>Policies>PolicyActions>Attach.

ConfigureBackupsinOpsManagerDothefollowingtoconnectRedisforPCFtoyourS3account:

1. NavigatetotheOpsManagerInstallationDashboardandclicktheRedisforPCFtile.

2. ClickBackups.

3. UnderBackupconfiguration,selectAWSS3.


4. Fillinthefieldsasfollows:

Field Description Mandatory/Optional

AccessKeyID

TheaccesskeyforyourS3account Mandatory

SecretAccessKey

TheSecretKeyassociatedwithyourAccessKey Mandatory

EndpointURL

TheendpointofyourS3account,suchas http://s3.amazonaws.com

Optional,defaultstohttp://s3.amazonaws.com

ifnotspecified

BucketName

Nameofthebucketwheretostorethebackup Mandatory

BucketPath

Pathinsidethebuckettosavebackupsto Mandatory

CronSchedule

Backupsscheduleincrontabformat.Forexample,oncedailyat2amis * 2 * * * .Thisfieldalsoacceptsapre-definedschedule,suchas @yearly , @monthly , @weekly , @daily , @hourly ,or @every TIME ,where TIME isanysupportedtimestring,suchas 1h30m .Formoreinformation,seethecronpackagedocumentation .

Mandatory

BackupTheamountoftime,inseconds,thatthebackupprocesswaitsforthe BGSAVE commandtocompleteonyourinstancebeforetransferringtheRDBfiletoyourconfigureddestination.Ifthetimeoutisreached, Mandatory


https://godoc.org/github.com/robfig/cron#hdr-Predefined_schedules

timeout BGSAVE continuesbutbackupsfailandarenotuploaded.Field Description Mandatory/Optional

5. ClickSave.

Option2:BackUpwithSCPTobackupyourdatabaseusingSCP,completethefollowingprocedures:

(Recommended)CreateaPublicandPrivateKeyPair


(Recommended)CreateaPublicandPrivateKeyPairRedisforPCFaccessesaremotehostasauserwithaprivatekeyforauthentication.PivotalrecommendsthatthisuserandkeypairbesolelyforRedisforPCF.

Dothefollowingtocreateanewpublicandprivatekeypairforauthenticating:

1. DeterminetheremotehostthatyouwillbeusingtostorebackupsforRedisforPCF.EnsurethattheRedisserviceinstancescanaccesstheremotehost.

2. CreateanewuserforRedisforPCFonthedestinationVM.

3. CreateanewpublicandprivatekeypairforauthenticatingastheaboveuseronthedestinationVM.

ConfigureBackupsinOpsManagerDothefollowingtoconnectRedisforPCFtoyourdestinationVM:

1. NavigatetotheOpsManagerInstallationDashboardandclicktheRedisforPCFtile.

2. ClickBackups.

Note:PivotalrecommendsusingaVMoutsidethePCFdeploymentforthedestinationofSCPbackups.AsaresultyoumightneedtoenablepublicIPsfortheRedisVMs.


3. UnderBackupconfiguration,selectSCP.

4. Fillinthefieldsasfollows:


Username TheusernametousefortransferringbackupstotheSCPserver Mandatory

PrivateKey TheprivateSSHkeyoftheuserconfiguredin Username Mandatory

Hostname ThehostnameorIPaddressoftheSCPserver Mandatory

DestinationDirectory ThepathintheSCPserver,wherethebackupswillbetransferred Mandatory

SCPPort TheSCPportoftheSCPserver Mandatory

CronSchedule

Backupsscheduleincrontabformat.Forexample,oncedailyat2amis * 2 * * * .Thisfieldalsoacceptsapre-definedschedule,suchas @yearly , @monthly , @weekly , @daily , @hourly ,or @every TIME ,where TIME isanysupportedtimestring,suchas 1h30m .Formoreinformation,seethecronpackagedocumentation .

Mandatory


https://godoc.org/github.com/robfig/cron#hdr-Predefined_schedules

Backuptimeout

Theamountoftime,inseconds,thatthebackupprocesswaitsforthe BGSAVE commandtocompleteonyourinstancebeforetransferringtheRDBfiletotheSCPserver.Ifthetimeoutisreached, BGSAVEcontinuesbutbackupsfailandarenotuploaded.

Mandatory

FingerprintThefingerprintofthepublickeyoftheSCPserver.Toretrievetheserver’sfingerprint,runssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub .

Optional


5. ClickSave.

Option3:BackUpwithGCSTobackupyourdatabaseusingGCS,completethefollowingprocedures:

CreateaServiceAccount


CreateaServiceAccountRedisforPCFaccessesyourGCSstorethroughaserviceaccount.PivotalrecommendsthatthisaccountbesolelyforRedisforPCF.YoumustapplyaminimalpolicythatletstheuseraccountuploadbackupstoyourGCSstore.

Dothefollowingtocreateaserviceaccountwiththecorrectp

redis for pcf documentation v1 - pivotal software · 2019-07-01 · redis is an easy to use, high...

Documents