Upgrading Redis for VMware Tanzu Application Service
Note: Pivotal Platform is now part of VMware Tanzu. In v2.4 and later, Redis for Pivotal Platform is named Redis for VMware Tanzu Application Service.
Page last updated:
This section contains the upgrade procedure and upgrade paths for Redis for VMware Tanzu Application Service.
For product versions and upgrade paths, see Upgrade Planner.
After TLS has been enabled for the on-demand Redis service, disabling TLS causes downtime and service outage for all apps that connect to Redis through TLS.
If you disable TLS, you must unbind all apps bound to on-demand instances from the TLS port, rebind to the non-TLS port and then re-stage to resume service access.
This product enables a reliable upgrade experience between versions of the product deployed through Ops Manager.
For information about the upgrade paths for each released version, see Compatible Upgrade Paths above.
To upgrade to the latest version of Redis for Tanzu Application Service:
Download the latest version of the product from VMware Tanzu Network.
Upload the new
.pivotalfile to Ops Manager.
If required, upload the stemcell associated with the update.
If required, update any new mandatory configuration parameters.
(Optional) To enable TLS:
- Follow the procedures in Preparing for TLS.
Note: In most cases, enabling TLS does not noticeably reduce performance. Performance impact depends on the health of resources, such as network infrastructure and application architecture.
- In the Redis for Tanzu Application Service tile, select On-Demand Service Settings.
- Under Enable TLS, select Optional.
- Enable the checkbox next to each TLS version you want to support.
VMware recommends supporting TLS v1.1 and onwards. VMware does not recommend supporting TLS v1.0
because it is less secure than later versions, but it is an option for apps that only support this
Note: After selecting a TLS version, VMware recommends generating a new service key and then rebinding the service instance with the new service key. This makes the service key’s
tls_versionsfield reflect the new TLS version, which can help developers who use the service key to see the supported TLS version. To create a new service key, follow the steps in Check Availability. To rebind the instance, follow the steps in Bind Existing Apps with TLS.
- Click Save.
- Follow the procedures in Preparing for TLS.
(Optional) Enable developers to upgrade service instances individually. For instructions, see Enable Individual Service Instance Upgrades below.
When this is feature is not enabled, the
upgrade-all-service-instanceserrand runs by default after each upgrade. For more information, see Upgrading All Service Instances below.
Go to the Ops Manager Installation Dashboard. Click Review Pending Changes and Apply Changes.
Until you upgrade service instances, they do not benefit from any security fixes or new features included in the tile upgrade. The default upgrade path automatically upgrades all on-demand service instances when you upgrade the tile. This operation can take a long time.
To expedite upgrades, in Redis for Tanzu Application Service v2.3 and later you can enable on-demand service instances to be upgraded individually. This allows developers to upgrade their own service instances after you have upgraded the tile.
Note: This feature is only available for upgrades from Redis for Tanzu Application Service v2.3.0 to later versions. You cannot upgrade individual service instances from v2.2 to v2.3.
To enable upgrading individual service instances:
Ensure that all service instances have been upgraded to Redis for Tanzu Application Service v2.3.0 or later. If not, click Apply changes to run the
In Redis for Tanzu Application Service tile, navigate to the Errands page.
Select Off for the Upgrade All On-Demand Service Instances errand:
Click Apply changes.
After you enable individual service instance upgrades, developers can upgrade individual service instances following the instructions in Upgrading an Individual Redis Service Instance.
During the upgrade each Redis instance experiences a small period of downtime as each instance is updated with the new software components. This downtime is because Redis instances are single VMs operating in a non-high availability (HA) setup. To reduce downtime, you can enable the BOSH HotSwaps feature. Compared to traditional BOSH upgrades, this feature has been shown to reduce downtime by 75%. For instructions on how to enable this feature, see Enable BOSH HotSwaps to Reduce Downtime below.
The length of downtime depends on whether there is a stemcell update to replace the operating system image, or whether the Redis software is updated on the existing VM. Stemcell updates incur additional downtime while the IaaS creates the new VM, whereas updates without a stemcell update are faster.
Ops Manager ensures the instances are updated with the new packages and any configuration changes are applied automatically.
Upgrading to a newer version of the product does not cause any loss of data or configuration.
A redeploy causes downtime for the Redis for Tanzu Application Service tile. This section clarifies what events trigger a redeploy.
In Ops Manager, any field that changes the manifest causes a redeploy of the Redis for Tanzu Application Service tile.
In the VMware Tanzu Application Service for VMs tile, changes to any of the following properties can trigger downtime:
$runtime.system_domain—Runtime System Domain
..cf.ha_proxy.skip_cert_verify.value—Disable SSL certificate verification for this environment in TAS for VMs
$runtime.apps_domain—Runtime Apps Domain
..cf.nats.ips—NATS Resource Config
$self.service_network—Service Networks in Ops Manager
When the operator applies any of the above changes to TAS for VMs, downtime is triggered for:
The Redis on-demand broker
Downtime for service instances occurs only after the operator runs the
upgrade-all-service-instances BOSH errand, after all tile upgrades are completed successfully.
Any change to a field on the Redis for Tanzu Application Service tile causes BOSH to redeploy the
on-demand Redis broker and can cause service instance downtime when the operator runs the
Enabling BOSH HotSwaps reduces the downtime for on-demand service instances when upgrading. Benchmarking shows that enabling BOSH HotSwaps can reduce service instance downtime by 75% when upgrading. For how it works, see Changing VM Update Strategy in the BOSH documentation. To use this feature, all service bindings must use BOSH DNS instead of IP addresses.
To enable BOSH HotSwaps:
Ensure all service bindings use BOSH DNS. To do so, tell developers to unbind, bind, and restage any apps created while Redis for Pivotal Cloud Foundry v1.14 or earlier was installed. For instructions, see the solution in Apps Fail to Connect to the Service Instance.
Note: You must do this before enabling BOSH HotSwaps. Any apps with service bindings that do not use BOSH DNS fail to connect to the Redis service instance.
Select the BOSH HotSwaps checkbox in the On-Demand Service Settings tab.
Click Save and Apply Changes.
This section explains how changing the network after deploying Redis for Tanzu Application Service affects instances and apps.
To change the network for shared-VM services, click Assign AZs and Networks in the Redis for Tanzu Application Service tile configuration and use the Network dropdown.
You can also change the network by altering the CIDR in the BOSH Director tile.
VMware discourages changing the network that a pre-existing shared-VM deployment works with.
If the network is changed, app bindings for existing shared-VM instances might stop working.
To change the service network for on-demand service instances, click Assign AZs and Networks in the Redis tile configuration and use the Service Network dropdown. The service network applies to on-demand service instances.
You can also change the service network by altering the CIDR in the BOSH Director tile.
If you change the service network, you must unbind and rebind existing apps to the on-demand Redis instance.
New on-demand service instances are placed into the new service network, but existing on-demand service instances are not moved. To move the data in on-demand Redis instances to a new service network, you must create a new instance, migrate the data manually, and delete the old instance.
Similarly, changing the availability zone (AZ) for an on-demand plan only applies to new on-demand instances and does not alter existing instances.
When a new version of Redis is released, a new version of Redis for Tanzu Application Service is released soon after. For more information, see the Release Policy.