Difference between revisions of "Redis"
Line 140: | Line 140: | ||
<source lang=bash> | <source lang=bash> | ||
# auth | # auth | ||
redis.acme.com:6379> AUTH p | redis.acme.com:6379> AUTH p!ssw0rd1 | ||
# list keys 'KEYS pattern' | # list keys 'KEYS pattern' |
Revision as of 00:47, 6 October 2020
This is most about AWS ElastiCache service, Redis cache that is fast key/value store.
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs, geospatial indexes with radius queries and streams. Read more...
Install
Install the cli client only, Ubuntu 20.04
# Local laptop apt install redis-tools # A pod kubectl -n default run --image=ubuntu:20.04 ubuntu-1 --rm -it -- bash export DEBIAN_FRONTEND=noninteractive apt update; apt install -yqq dnsutils netcat redis-tools stunnel vim net-tools # select 8, 27
Test connectivity
REDIS_PRIMARY=master.re111111111111.aaaaaa.ng.0001.aaa.cache.amazonaws.com REDIS_REPLICA=replica.re111111111111.aaaaaa.ng.0001.aaa.cache.amazonaws.com REDIS_AUTH_TOKEN='p#ssw0rd1' redis-cli -h $REDIS_PRIMARY -p 6379 ping PONG
Connect to the server and run commands from cli
No auth
# connect to the server cli $ redis-cli -h redis.acme.com -p 6379 # Using docker $ docker run -it redis redis-cli -h redis.acme.com -p 6379 # Using telnet `apt install telnet` telnet redis.acme.com 6379 Trying 10.10.10.111... # <-- server IP Connected to redis.acme.com. Escape character is '^]'. monitor # command 1, streams back every command processed by Redis +OK # stop monitoring by Ctl^C or issue command `QUIT` if using Telnet session QUIT +OK Connection closed by foreign host. telnet redis.acme.com 6379 Trying 10.10.10.111... # <-- server IP KEYS AuthenticationService # command 2, show keys +1600340814.733253 [0 10.10.10.222:59730] "keys" "AuthenticationService" # <-- .222 client IP *0 ^] telnet> Connection closed.
Auth
Authenticating Users with the Redis AUTH Command, with encryption in transport and at rest. This requires to use some sort of proxy that will enable SSL transport in beetween the redis-client and the AWS hosted redis-cache.
apt update; apt install -yqq dnsutils netcat redis-tools stunnel vim net-tools # Config vars STUNNEL_UID=root STUNNEL_GUID=root PORT_PRIMARY=6379 PORT_REPLICA=6380 # Config 'stunnel' - local laptop sudo bash -c "cat > /etc/stunnel/redis-cli.conf << EOF fips = no setuid = $STUNNEL_UID setgid = $STUNNEL_GUID pid = /var/run/stunnel.pid debug = 7 delay = yes options = NO_SSLv2 options = NO_SSLv3 [redis-cli] client = yes accept = 127.0.0.1:${PORT_PRIMARY} connect = $REDIS_PRIMARY:6379 [redis-cli-replica] client = yes accept = 127.0.0.1:${PORT_REPLICA} connect = $REDIS_REPLICA:6379 EOF" cat /etc/stunnel/redis-cli.conf # Config 'stunnel' - container (works with Istio sidecar, no-privilege mode needed) cat > /etc/stunnel/redis-cli.conf << EOF fips = no setuid = $STUNNEL_UID setgid = $STUNNEL_GUID pid = /var/run/stunnel.pid debug = 7 delay = yes options = NO_SSLv2 options = NO_SSLv3 [redis-cli] client = yes accept = 127.0.0.1:${PORT_PRIMARY} connect = $REDIS_PRIMARY:6379 [redis-cli-replica] client = yes accept = 127.0.0.1:${PORT_REPLICA} connect = $REDIS_REPLICA:6379 EOF cat /etc/stunnel/redis-cli.conf
Create proxy-tunnel
stunnel /etc/stunnel/redis-cli.conf netstat -tulnp | grep -i stunnel root@ubuntu-1-57789d9bf7-pmg2j:/# netstat -tulnp | grep -i stunnel tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1049/stunnel tcp 0 0 127.0.0.1:6380 0.0.0.0:* LISTEN 1049/stunnel pkill stunnel # kill stunnel # Connect redis-cli -h localhost -p $PORT_PRIMARY redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" ping redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" info server redis-cli -h $REDIS_PRIMARY -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" --stat redis-cli -u redis://"${REDIS_AUTH_TOKEN}"@${REDIS_PRIMARY}:${PORT_PRIMARY}/0 ping # never worked, could password contain unallowed chars
Note: Auth redis-cli -h localhost -p 8000 -a password
, alternatively, you can authenticate by running the auth command followed by your password after establishing the connection: auth password1
Note: Continuous stats mode redis-cli --stat -i 5
, in this mode a new line is printed every second with useful information and the difference between the old data point, -i 5
emits lines every 5 seconds, default is 1s
Commands
# auth redis.acme.com:6379> AUTH p!ssw0rd1 # list keys 'KEYS pattern' redis.acme.com:6379> KEYS *Auth* # set value redis.acme.com:6379> SET mykey 10 "OK" # read value redis.acme.com:6379> DUMP mykey "\u0000\xC0\n\t\u0000\xBEm\u0006\x89Z(\u0000\n"