Using AWS Elasticache Redis to manage sessions in Sails.js - redis

I'm currently using connect-redis in my Sails.js project to leverage a locally-installed redis instance. In the future, I'd like to use a common redis instance for multiple server instances (behind a load balancer), so I've been looking at AWS Elasticache. I'm having trouble with the configuration, though.
sails-project\config\session.js:
adapter: 'connect-redis',
host: 'primary-endpoint.xxxxxx.ng.0001.apse1.cache.amazonaws.com',
port: 6379,
ttl: <redis session TTL in seconds>,
db: 0,
pass: <redis auth password>,
prefix: 'sess:',
What should the TTL value be? Should the pass attribute point to IAM somehow?
I tried creating a user in IAM with AmazonElastiCacheFullAccess permissions and putting its access key ID in the pass attribute, but I got this error in my server console (testing on my Windows box):
C:\repos\sails-project\node_modules\connect-redis\lib\connect-redis.js:83
throw err;
^
AbortError: Redis connection lost and command aborted. It might have been processed.
at RedisClient.flush_and_error (C:\repos\sails-project\node_modules\redis\index.js:362:23)
...
Any ideas on what to change?

I'm going to assume your "windows box" is outside of AWS.
For Elasticache you can't access it from outside AWS. See the Security Section here : https://aws.amazon.com/elasticache/faqs/#Can_I_access_Amazon_ElastiCache_from_outside_AWS
The most common use case is to have EC2 instances within a VPC access and consume the Elasticache service. Along with this the Elasticache Redis service doesn't employ authentication and only allows lock down via security groups.
If you need something that differentiates from this configuration then you should look at putting Redis on EC2 so that you have full control.

Related

Using AWS Elasticache Config Endpoint returns 'READONLY You can't write against a read-only replica'

Disclaimer, I'm new to redis and elasticache.
Referencing an answer in this stackoverflow here.
I have a basic AWS ElastiCache Redis cluster setup:
3 shards, 9 nodes
encryption at rest
However, when I try to connect to the Configuration endpoint I get READONLY You can't write against a read-only replica'.
If I change my connection string to a node endpoint, I connect successfully.
What am I missing here? Why isn't the configuration endpoint navigating me to a non READONLY node?
make sure you are copying the primary end point, replica is only read, Since Redis 2.6, replicas support a read-only mode that is enabled by default. This behavior is controlled by the replica-read-only option in the redis.conf file, and can be enabled and disabled at runtime using CONFIG SET.

Connecting an off-the-shelf application (Liveswitch) to Redis in an automatic failover configuration

Part of the installation of Liveswitch (a WebRTC application) is to connect the gateway and media server to a Redis cache (see the docs). We want to implement a high-availability architecture, in which two (load balanced) gateway servers and two media servers connect to Redis instances in an autofailover configuration.
I know that normally Redis Sentinel is the tool of choice for such an undertaking, but from my understanding for this to be working with the aforementioned gateway/media servers , the servers (which are the clients to Redis in this case) have to be able to communicate with Sentinel additional to their connection to the (Redis) cache to "find" the new master in the case of failover. I do not find any hint in Liveswitche's configuration that would allow for that.
The connection of Liveswitch to the Redis instance is configured in a json file using a connection string like the following (from the product documentation):
"ConnectionStrings": {
"Default": "postgresql://user:password#10.37.129.2:25061/postgres_server?sslmode=require&Server_Compatibility_Mode=Redshift",
"Cache": "redis://lxjis.redis.cache.windows.net:6380,password=2KfYkEQOCYH8sdfdsfdsfdsEdMV18nSvtE4FrMqnncAFZNsRc=,ssl=True,abortConnect=False",
}
Is there a way to install Redis instances with autofailover in a transparent way, i.e., so that the client application's connection to the cache is retained in the case of failover without relying on Sentinel to "report" the new master to the application?

How to check the if config command name is changed in AWS Elasticache(REDIS)

I am trying to access AWS elasticache(REDIS). I followed this instruction:
https://redsmin.uservoice.com/knowledgebase/articles/734646-amazon-elasticache-and-redsmin
Redis is connected now but when I click on configuration. I got this error:
"Redsmin can't load the configuration. Check with your provider that you have access to the configuration command."
edit 1:
config Redis command is sadly not available on AWS Elasticache, see their documentation:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/RestrictedCommands.html
To deliver a managed service experience, ElastiCache restricts access to certain cache engine-specific commands that require advanced privileges. For cache clusters running Redis, the following commands are unavailable:
[...]
config
That's why Redsmin configuration module (it's the only module impacted) cannot display current your Redis AWS Elasticache configuration.

What is the redis URI, when redis is used in kubernetes?

Objective
I want to access the redis database in kubernetes, from a function inside ibm functions using javascript.
Question
How do I get the right URI, when redis is running on a Pod in Kubernetes?
Situation
I used this sample to setup the redis database in kubernetes This is the link to the sample in Kubernetes
I run Kuberentes inside IBM Cloud.
Findings
I was not able to find a answer to my question on the redis documentation
As far as I understand by default no password configured.
Is this assumption right?
redis://[USER]:[PASSWORD]#[CLUSTER-PUBLIC-IP]:[PORT]
Thanks for help ... I know this is maybe a to simple question, but currently I do not see the tree in the woods ;-)
As far as I understand by default no password configured.
Yes, there is no default password in that image with Redis, you are right.
If you following the instruction you mentioned, you will use a kubectl proxy, which will forward port of your Redis in cluster to your local machine by call kubectl port-forward redis-master 6379:6379.
So in that case, Redis will be available on redis://localhost:6379 on your PC.
If you want to make it available directly from ouside of the cluster, you need to create Service with NodePort, Service with LoadBalancer (if you in Cloud) or simply Service with Ingress.
Inside a cluster, you can create Service with Cluster IP (which is actually simply Service, because it always has Cluster IP) for your Redis pod and will be available on:
redis://[USER]:[PASSWORD]#[SERVICE-IP]:[PORT]
Here is a good official documentation about connecting applications with service.

Connect to Redis (AWS) from Elastic Beanstalk instance

What is the method to connect to Redis node in an Elasticache from an Elastic BeanStalk instance?
Would just the host-name (redis node endpoint) and port enough?
Or is there any other authentication I have to complete? I get this error when I try to connect to the node.
org.springframework.data.redis.RedisConnectionFailureException: Cannot get Jedis connection; nested exception is redis.clients.jedis.exceptions.JedisConnectionException: Could not get a resource from the pool
For our rails application we have in our configuration environment variables:
REDIS_URL=redis://ourname.use1.cache.amazonaws.com:6379
REDIS_PROVIDER=REDIS_URL
and it works fine. Not sure specifically for your application, but this should resolve that.
Also, make sure that your redis node has the appropriate security group permissions. For example, if it is in sg-a and your Beanstalk nodes are in sg-b, make sure that sg-a has a tcp rule for 6379 for sg-b