Difference between revisions of "Redis"
Jump to navigation
Jump to search
(→Auth) |
(→Auth) |
||
| Line 127: | Line 127: | ||
redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" ping | redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" ping | ||
redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" info server | redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" info server | ||
redis-cli -h $REDIS_PRIMARY -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" | redis-cli -h $REDIS_PRIMARY -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" --stat | ||
redis-cli -u redis://"${REDIS_AUTH_TOKEN}"@${REDIS_PRIMARY}:${PORT_PRIMARY}/0 ping # never worked, could password contain unallowed chars | redis-cli -u redis://"${REDIS_AUTH_TOKEN}"@${REDIS_PRIMARY}:${PORT_PRIMARY}/0 ping # never worked, could password contain unallowed chars | ||
</source> | </source> | ||
Revision as of 00:39, 6 October 2020
This is most about AWS ElastiCache service, Redis cache that is fast key/value store.
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs, geospatial indexes with radius queries and streams. Read more...
Install
Install the cli client only, Ubuntu 20.04
# Local laptop apt install redis-tools # A pod kubectl -n default run --image=ubuntu:20.04 ubuntu-1 --rm -it -- bash export DEBIAN_FRONTEND=noninteractive apt update; apt install -yqq dnsutils netcat redis-tools stunnel vim net-tools # select 8, 27
Test connectivity
REDIS_PRIMARY=master.re111111111111.aaaaaa.ng.0001.aaa.cache.amazonaws.com REDIS_REPLICA=replica.re111111111111.aaaaaa.ng.0001.aaa.cache.amazonaws.com REDIS_AUTH_TOKEN='p#ssw0rd1' redis-cli -h $REDIS_PRIMARY -p 6379 ping PONG
Connect to the server and run commands from cli
No auth
# connect to the server cli $ redis-cli -h redis.acme.com -p 6379 # Using docker $ docker run -it redis redis-cli -h redis.acme.com -p 6379 # Using telnet `apt install telnet` telnet redis.acme.com 6379 Trying 10.10.10.111... # <-- server IP Connected to redis.acme.com. Escape character is '^]'. monitor # command 1, streams back every command processed by Redis +OK # stop monitoring by Ctl^C or issue command `QUIT` if using Telnet session QUIT +OK Connection closed by foreign host. telnet redis.acme.com 6379 Trying 10.10.10.111... # <-- server IP KEYS AuthenticationService # command 2, show keys +1600340814.733253 [0 10.10.10.222:59730] "keys" "AuthenticationService" # <-- .222 client IP *0 ^] telnet> Connection closed.
Auth
Authenticating Users with the Redis AUTH Command, with encryption in transport and at rest. This requires to use some sort of proxy that will enable SSL transport in beetween the redis-client and the AWS hosted redis-cache.
apt update; apt install -yqq dnsutils netcat redis-tools stunnel vim net-tools
# Config vars
STUNNEL_UID=root
STUNNEL_GUID=root
PORT_PRIMARY=6379
PORT_REPLICA=6380
# Config 'stunnel' - local laptop
sudo bash -c "cat > /etc/stunnel/redis-cli.conf << EOF
fips = no
setuid = $STUNNEL_UID
setgid = $STUNNEL_GUID
pid = /var/run/stunnel.pid
debug = 7
delay = yes
options = NO_SSLv2
options = NO_SSLv3
[redis-cli]
client = yes
accept = 127.0.0.1:${PORT_PRIMARY}
connect = $REDIS_PRIMARY:6379
[redis-cli-replica]
client = yes
accept = 127.0.0.1:${PORT_REPLICA}
connect = $REDIS_REPLICA:6379
EOF"
cat /etc/stunnel/redis-cli.conf
# Config 'stunnel' - container (works with Istio sidecar, no-privilege mode needed)
cat > /etc/stunnel/redis-cli.conf << EOF
fips = no
setuid = $STUNNEL_UID
setgid = $STUNNEL_GUID
pid = /var/run/stunnel.pid
debug = 7
delay = yes
options = NO_SSLv2
options = NO_SSLv3
[redis-cli]
client = yes
accept = 127.0.0.1:${PORT_PRIMARY}
connect = $REDIS_PRIMARY:6379
[redis-cli-replica]
client = yes
accept = 127.0.0.1:${PORT_REPLICA}
connect = $REDIS_REPLICA:6379
EOF
cat /etc/stunnel/redis-cli.conf
Create proxy-tunnel
stunnel /etc/stunnel/redis-cli.conf
netstat -tulnp | grep -i stunnel
root@ubuntu-1-57789d9bf7-pmg2j:/# netstat -tulnp | grep -i stunnel
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1049/stunnel
tcp 0 0 127.0.0.1:6380 0.0.0.0:* LISTEN 1049/stunnel
pkill stunnel # kill stunnel
# Connect
redis-cli -h localhost -p $PORT_PRIMARY
redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN"
redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" ping
redis-cli -h localhost -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" info server
redis-cli -h $REDIS_PRIMARY -p $PORT_PRIMARY -a "$REDIS_AUTH_TOKEN" --stat
redis-cli -u redis://"${REDIS_AUTH_TOKEN}"@${REDIS_PRIMARY}:${PORT_PRIMARY}/0 ping # never worked, could password contain unallowed chars
Note: Auth redis-cli -h localhost -p 8000 -a password, alternatively, you can authenticate by running the auth command followed by your password after establishing the connection: auth password1
Commands
# list keys 'KEYS pattern' redis.acme.com:6379> KEYS *Auth* # set value redis.acme.com:6379> SET mykey 10 "OK" # read value redis.acme.com:6379> DUMP mykey "\u0000\xC0\n\t\u0000\xBEm\u0006\x89Z(\u0000\n"