LATEST VERSION: 1.12 - CHANGELOG

Installing Redis for PCF

Page last updated:

This topic describes the process of installing Redis for PCF. It covers tasks from downloading the file from the Pivotal Network through verifying the installation after configuration.

Role-Based Access in Ops Manager

Ops Manager administrators can use Role-Based Access Control (RBAC) to manage which operators can make deployment changes, view credentials, and manage user roles in Ops Manager. Therefore, your role permissions might not allow you to perform every procedure in this operator guide.

For more information about roles in Ops Manager, see Understand Roles in Ops Manager.

Download and Install the Tile

To add Redis for Pivotal Cloud Foundry (PCF) to Ops Manager, follow the procedure for adding PCF Ops Manager tiles:

  1. Download the Redis for PCF file from Pivotal Network. Select the latest release from the Releases drop-down menu.
  2. In the PCF Ops Manager Installation Dashboard, click Import a Product to upload the Redis for PCF file.
  3. Click the + sign next to the uploaded product description to add the tile to your staging area.
  4. To configure Redis for PCF, click the newly added tile.
  5. After completing the required configuration, click Apply Changes to install the service.

For guidance on ports and ranges used in the Redis service, see Select Networks below.

Assign AZs and Networks

To assign AZs and networks, click the Assign AZs and Networks settings tab.

AZ Assignment Diagram

Assign AZs

As of Redis for PCF v1.9, you can assign multiple AZs to Redis jobs, however this does not guarantee high availability. For more information, see Support for Multiple AZs.

To assign AZs, do the following:

  1. In the Assign AZs and Networks tab, make your selections under Place singleton jobs in and Balance other jobs in.
  2. Click Save.

Select Networks

You can use Redis for PCF with or without using the on-demand service.

  • To use the Redis for PCF on-demand service

    You must use a service network with the on-demand service. From an IaaS perspective, creating a service network is identical to creating any other network created for tiles on Ops Manager. The only difference is that the operator must mark the network as a “Service Network” in Ops Manager to prevent Ops Manager from performing IP management in that network.

  • To use Redis for PCF without the on-demand service

    If you want to use Redis for PCF without the on-demand service, you must still create an empty service network to install the tile.

For more information, see Networking for On-Demand Services.

To select networks, do the following:

  1. In the Assign AZs and Networks tab, select a Network.

    Pivotal recommends that each type of PCF service run in its own network. For example, run Redis for PCF on a separate network from RabbitMQ for PCF.

  2. If using the on-demand service, select a Service Network. Otherwise, select an empty service network.

Port Ranges Used in Redis for PCF

The following ports and ranges are used in Redis for PCF:

Port Protocol Direction and Network Reason
8300
8301
TCP
TCP and UDP
Inbound to Cloud Foundry network, outbound from service broker and service instance networks* Communication between the CF consul_server and consul_agents on Redis deployment; used for metrics
8202 TCP Inbound to Cloud Foundry network, outbound from service broker and service instance networks* Used by the Redis metron_agent to forward metrics to the Cloud Foundry Loggregator
12350 TCP Outbound from Cloud Foundry to the cf-redis-broker service broker network (Only if using a cf-redis-broker) Access to the cf-redis-broker from the cloud controllers.
12345 TCP Outbound from Cloud Foundry to the on-demand service broker network (Only if using an On-Demand service) For access to the on-demand service broker from the cloud controllers
6379 TCP Outbound from Cloud Foundry to any service instance networks (dedicated-node and on-demand) Access to all dedicated nodes and on-demand nodes from the Diego Cell and Diego Brain network(s)
32768-61000 TCP Outbound from Cloud Foundry to the cf-redis-broker service broker network From the Diego Cell and Diego Brain network(s) to the service broker VM. This is only required for the shared service plan.
80 or 443
(Typically)
http or https
respectively
Outbound from any service instance networks Access to the backup blobstore
8443
25555
TCP Outbound from any on-demand service broker network to the BOSH Director network For the on-demand service, the on-demand service broker needs to talk to the BOSH Director

* Typically the service broker network and service instance network(s) are the same.

Configure Redis for PCF Service Plans

Click the Redis for PCF tile in the Ops Manager Installation Dashboard to display the configuration page and allocate resources to Redis service plans.

On-Demand Service Settings

  1. Click On-Demand Service Settings, and then enter the Maximum service instances across all on-demand plans. The maximum number of instances you set for all your on-demand plans combined cannot exceed this number.

    settings

    For more information, see Setting Limits for On-Demand Service Instances.

  2. Select the Allow outbound internet access from service instances checkbox. You must select this checkbox to allow external log forwarding, send backup artifacts to external destinations, and communicate with an external BOSH blob store.

    Note: Outbound network traffic rules also depend on your IaaS settings. Consult your network or IaaS administrator to ensure that your IaaS allows outbound traffic to the external networks you need.

  3. To configure an on-demand plan, click On-Demand Plan 1, 2, or 3.

    You can configure up to three on-demand plans with appropriate memory and disk sizes for your use case(s). Resource configuration options may vary on different IaaSs.

    The default names of the three on-demand plans provided reflect that instances of these plans are intended to be used for different cache sizes:

    • cache-small: A Redis instance deployed to a dedicated VM, suggested to be configured with ~1 GB of memory and >3.5 GB of persistent disk
    • cache-medium: A Redis instance deployed to a dedicated VM, suggested to be configured with ~2 GB of memory and >10 GB of persistent disk
    • cache-large: A Redis instance deployed to a dedicated VM, suggested to be configured with ~4 GB of memory and >14 GB of persistent disk

    on demand config

  4. Configure the following settings for your on-demand plan(s). Any pre-populated default settings are pre-configured according to the memory and disk size of each plan.

    Field Description
    Plan Select Plan Active or Plan Inactive. An inactive plan does not need any further configuration.
    Plan Name Enter a name that will appear in the Marketplace.
    Plan Description Enter a description that will appear in the Marketplace. Specify details that will be relevant to app developers.
    Plan Quota Enter the maximum number of instances of this plan that app developers can create. For more information, see Setting Limits for On-Demand Service Instances.
    CF Service Access Select a service access level. This setting does not modify the permissions that have been previously set, and allows for manual access to be configured from the CLI.
    AZ to deploy Redis instances of this plan This is the AZ in which to deploy the Redis instances from the plan. This must be one of the AZs of the service network (configured in the Ops Manager Director tile).
    Server VM type Select the VM type. Pivotal recommends that the persistent disk should be at least 3.5x the VM memory.
    Server Disk type Select the disk type. Pivotal recommends that the persistent disk should be at least 3.5x the VM memory.
    Redis Client Timeout This field refers to the server timeout for an idle client specified in seconds. The default setting is 3600. Adjust this setting as needed.
    Redis TCP Keepalive Redis TCP Keepalive refers to the interval (in seconds) at which TCP ACKS are sent to clients. The default setting is 60. Adjust this setting as needed.
    Max Clients Max Clients refers to the maximum number of clients that can be connected at any one time. Per plan, the default setting is 1000 for small, 5000 for medium and 10000 for large. Adjust this setting as needed.
    Lua Scripting Enable or disable Lua Scripting as needed. Pivotal recommends that Lua Scripting be disabled.

  5. Click Save.

Note: As of Redis for PCF v1.11, the On-Demand service is at feature parity with the Dedicated-VM service. The Dedicated-VM service plan will be deprecated. Pivotal recommends disabling the Shared-VM and Dedicated-VM service plans. See Disable Shared and Dedicated VM Plans below.

Updating On-Demand Service Plans

Operators can update certain settings after the plans have been created. If the operator updates the VM size, disk size, or the Redis configuration settings (enabling Lua Scripting, max-clients, timeout and TCP keep-alive), these settings are implemented in all instances that are already created.

Operators should not downsize the VMs or disk size because this can cause data loss in pre-existing instances. Additionally, operators cannot make a plan that was previously active, inactive, until all instances of that plan have been deleted.

Removing On-Demand Service Plans

If you want to remove the On-Demand Service from your tile, do the following:

  1. Go to the Resource Config page on the Redis for PCF tile, and set the Redis On-Demand Broker job instances to 0.

  2. Navigate to the Errands page on the Redis for PCF tile, and set the following errands to off:

    • Register On-demand Redis Broker
    • On-demand Broker Smoke Tests
    • Upgrade all On-demand Redis Service Instances
    • Deregister On-demand Redis Broker
  3. Create an empty service network. For instructions, see this Knowledge Base article.

  4. Go to each of the three On-Demand Plan pages on the Redis for PCF tile, and set each plan to Plan Inactive. For example: cache plan inactive

Shared-VM Plan

  1. Select the Shared-VM Plan tab. shared vm config

  2. Configure these fields:

    • Redis Instance Memory Limit—Maximum memory used by a shared-VM instance
    • Redis Service Instance Limit—Maximum number of shared-VM instances

    Memory and instance limits depend on the total system memory of your Redis broker VM and require some additional calculation. For more information, see Memory Limits for Shared-VM Plans below.

  3. Click Save.

  4. If you do not want to use the on-demand service, you must make all of the on-demand service plans inactive. Click the tab for each on-demand plan, and select Plan Inactive. See the example in Step 4 of Removing On-Demand Service Plans above.

  5. To change the allocation of resources for the Redis broker, click the Resource Config tab.

    The Redis broker server runs all of the Redis instances for your Shared-VM plan. From the Resource Config page, you can change the CPU, RAM, Ephemeral Disk, and Persistent Disk made available, as needed.

Memory Limits for Shared-VM Plans

Additional calculation is required to configure memory limits for shared-VM plans. With these plans, several service instances share the VM, and the Redis broker also runs on this same VM. Therefore, the memory used by all the shared-vm instances combined should be at most 45% of the memory of the Redis broker VM.

To configure the limits in these fields, estimate the maximum memory that could be used by all your Redis shared-VM instances combined. If that figure is higher than 45% of the Redis broker VM’s total system memory, you can do one of the following:

  • Decrease the Redis Instance Memory Limit.
  • Decrease the number of instances in Redis Service Instance Limit.
  • Increase the RAM for the Redis Broker in the Resource Config tab as shown below.

Here are some examples for setting these limits:

Redis Broker VM Total Memory Redis Instance Memory Limit Redis Service Instance Limit
16 GB 512 MB 14
16 GB 256 MB 28
64 GB 512 MB 56

Note: It is possible to configure a larger Redis Service Instance Limit, if you are confident that the majority of the deployed instances will not use a large amount of their allocated memory, for example in development or test environments.

However, this practice is not supported and can cause your server to run out of memory, preventing users from writing any more data to any Redis shared-VM instance.

Dedicated-VM Plan

Note: As of Redis for PCF v1.11, the On-Demand service is at feature parity with the Dedicated-VM service. The Dedicated-VM service plan will be deprecated. Pivotal recommends using the On-Demand service plan. See Disable Shared and Dedicated VM Plans below.

  1. To configure the Dedicated-VM plan, click the Resource Config tab to change the allocation of resources for the Dedicated Node. dedicated vm config

    • The default configuration creates five dedicated nodes (VMs). Each node can run one Redis dedicated-VM instance.
    • You can change the number of dedicated nodes, and configure the size of the persistent and ephemeral disks, and the CPU and RAM for each node.
    • The default VM size is small. It is important that you set the correct VM size to handle anticipated loads.
    • With dedicated-VM plans, there is one Redis service instance on each VM. The maximum memory an instance can use should be at most 45% of the total system RAM on the VM. You can set this with the maxmemory configuration. The app can use 100% of maxmemory–that is, up to 45% of the system RAM.
    • Pivotal recommends the persistent disk be set to 3.5x the amount of system RAM.
  2. Click Save.

  3. If you do not want to use the on-demand service, you must make all of the on-demand service plans inactive. Click the tab for each on-demand plan, and select Plan Inactive. See the example in Step 4 of Removing On-Demand Service Plans above.

For more information on configuring resources, see below.

Configure Resources for Dedicated-VM and Shared-VM Plans

To configure resources for the Shared-VM and Dedicated-VM plans, click the Resource Config settings tab on the Redis for PCF tile.

  • The Shared-VM plan is on the Redis Broker resource.
  • The Dedicated-VM plan is on the Dedicated Node resource.

The following are the default resource and IP requirements for Redis for PCF when using the Shared-VM or Dedicated-VM plans:

Product Resource Instances CPU Ram Ephemeral Persistent Static IP Dynamic IP
Redis Redis Broker 1 2 3072 4096 9216 1 0
Redis Dedicated Node 5 2 1024 4096 4096 1 0
Redis Broker Registrar 1 1 1024 2048 0 0 1
Redis Broker De-Registrar 1 1 1024 2048 0 0 1
Redis Compliation 2 2 1024 4096 0 0 1

Disable Shared and Dedicated VM Plans

If you want to disable Shared and Dedicated VM Plans for Redis for PCF, do the following:

  1. Ensure at least one On-Demand plan is active.

  2. Configure the following tabs:

    • Shared-VM Plan:
      a. Set Redis Service Instance Limit to 0.
      b. Click Save.

    • Errands:
      a. Set Broker Registrar to Off.
      b. Set Smoke Tests to Off.
      c. Set Broker Deregistrar to Off.
      d. Leave all four On-Demand errands On.
      e. Click Save.

    • Resource Config:
      a. Decrease Redis Broker Persistent disk type to the smallest size available.
      b. Decrease Redis Broker VM type to the smallest size available.
      c. Set Dedicated Node Instances to 0.
      d. Click Save.

Additional Redis Configurations

You can update certain plan settings after the plans have been created. Updates to the settings for the components below are implemented in all existing instances:

  • VM size
  • Disk size
  • Redis configuration settings:
    • Lua Scripting
    • Max-clients
    • Timeout
    • TCP keep-alive

WARNING: You must not downsize the VMs or disk size. This can cause data loss in pre-existing instances.

The following table describes properties you can update in the plan configuration page, shown above.

Property Default Description
Redis Client Timeout 3600 Server timeout for an idle client specified in seconds (e.g., 3600)
Redis TCP Keepalive 60 The max number of connected clients at the same time
Max Clients 1000/5000/10000 (small/medium/large) The max number of connected clients at the same time
Lua Scripting Enabled Enable/Disable Lua scripting
Plan Quota 20 Maximum number of Redis service instances for this plan, across all orgs and spaces. For more information, see Setting Limits for On-Demand Service Instances.

For settings that app developers can configure, see Customize an On-Demand Service Instance.

Configure Syslog Forwarding

Pivotal recommends that operators configure syslog forwarding to a remote destination. Forwarding your system logs to a remote destination lets you:

  • View logs from every VM in the Redis for PCF deployment in one place.
  • Effectively troubleshooting when logs are lost on the source VM.
  • Set up alerts for important error logs to monitor the deployment.

All logs follow RFC5424 format.

To configure syslog forwarding, do the following:

  1. Click the Redis for PCF tile to display the configuration page, and then click the Syslog tab.


    syslog configuration

  2. Select either Yes without encryption or Yes with TLS encryption.

    Note: To use syslog forwarding for on-demand instances, you must select the Allow outbound internet access from service instances checkbox in the On-Demand Service Settings tab.

  3. Enter the Syslog Address and Port, and select the Transport protocol of your remote destination. You can only use TCP if you are using TLS encryption.

    The information required for these fields is provided by your remote destination. Address should be something such as logs.papertrailapp.com, and Port will be a number such as 41635.

  4. Select the format for your logs. RFC5424 is the suggested format.

    For instances of the Redis on-demand plan, all logs follow RFC5424 format. Instances of the Dedicated-VM and Shared-VM plans allow for the operator to select their log format to be either their legacy format or RFC5424. PCF is moving toward all syslogs consistently using RFC5424 format.

  5. If you selected Yes with TLS encryption, complete these fields:

    • Permitted Peer refers to the remote syslog destination. It allows each VM to establish an encrypted tunnel with the remote syslog destination. The Permitted Peer is either the accepted fingerprint (SHA1) or name of the remote peer, for example *.example.com.
    • TLS CA certificate refers to the trusted certificate authorities for the remote syslog destination. Large certificate chains (> 8 kb) are not supported.
  6. Click Save.

Apply Changes from Your Configuration

Your installation is not complete until you apply your configuration changes. Follow the steps below:

  1. Return to the Ops Manager Installation Dashboard.

  2. Click Apply Changes.

Create Application Security Groups

To allow this service to have network access, you must create Application Security Groups (ASGs). Ensure your security group allows access to the Redis Service Broker VM and Dedicated VMs configured in your deployment. You can obtain the IP addresses for these VMs in Ops Manager under the Resource Config section for the Redis for PCF tile.

Note: Without ASGs, this service is unusable.

Application Container Network Connections

Application containers that use instances of the Redis for PCF service require the following outbound network connections:

Destination Ports Protocol Reason
ASSIGNED_NETWORK 32768-61000 tcp Enable app to access shared vm service instance
ASSIGNED_NETWORK 6379 tcp Enable app to access dedicated vm service instance

Create an ASG called redis-app-containers with the above configuration and bind it to the appropriate space or, to give all started apps access, bind to the default-running ASG set and restart your apps. Example:

[
  {
    "protocol": "tcp",
    "destination": "ASSIGNED_NETWORK",
    "ports": "6379"
  }
]

Validating Installation

Smoke tests run as part of Redis for PCF installation to validate that the install succeeded. For more information, see Redis for PCF Smoke Tests.

Uninstalling Redis for PCF

To uninstall Redis for PCF, do the following:

  1. In the PCF Ops Manager Installation dashboard, click the trash can icon in the lower right hand corner of the Redis for PCF tile.
  2. Confirm deletion of the product, and then click Apply Changes.
Create a pull request or raise an issue on the source for this page in GitHub