The Itential Automation Platform (IAP) uses Redis for two main functions:
- Shared authentication token storage and expiration.
- Store audit trail data.
The authentication token function can be performed by the same local Redis for the standalone topology. To achieve an HA topology, Redis sentinels are used to provide master-slave replication for the shared authentication token storage function.
This document will provide sample configurations for the core Redis properties and Redis adapter properties supporting both standalone and HA topology. The default settings for both the core Redis properties and Redis adapter are sufficient for most IAP installations. You should only need to modify the default settings if you are configuring an IAP HA topology or need to configure password authentication in either topology.
Health Monitoring
The Redis driver used by IAP inherits most of its configuration parameters from the ioredis library at Github-luin/ioredis. There are some additional customized parameters to help fit the driver into an IAP solution.
These settings are used in Redis health monitoring.
| Property | Type | Default | Description |
|---|---|---|---|
maxRetriesPerRequest |
Number | 20 |
The maximum number of connection retries on a lost Redis link. IAP will shutdown when the maxRetriesPerRequest limit is reached. |
maxHeartbeatWriteRetries |
Number | 20 |
The maximum number of write retries on the lost ability to write data in Redis. IAP will be shutdown when maxHeartbeatWriteRetries limit is reached. |
When the driver discovers Redis connection problems, it immediately starts reconnection attempts via predefined retryStrategy. Parameter maxRetriesPerRequest is a counter for those reconnection attempts. As soon as it reaches the defined value, IAP is shutdown. If the driver is able to get the connection back, the connectionRetries is reset.
The driver also checks the ability of Redis to write data. Heartbeat is fired every predefined heartbeatInterval time which is 2000 ms. When the heartbeat discovers a problem during writing, it triggers a predefined retryHeartbeatWriteStrategy. Parameter maxHeartbeatWriteRetries is a counter for the next write attempts during retryHeartbeatWriteStrategy execution. As soon as it reaches the defined value, IAP is shutdown. If the heartbeat is again able to write data, writeRetries is reset.
Configuring Redis Properties
The core Redis properties are configured by default to connect to a Redis process running on the same server as IAP. A password may be configured if the Redis server requires authentication.
| Property | Description |
|---|---|
host |
The host name or IP address of the Redis server. |
port |
The port number for the Redis server. The default port is 6379. |
password |
The password for the Redis server to secure access to the data. It can be provided in clear-text or in encrypted fashion, e.g., $ENCABC1234. |
maxRetriesPerRequest |
The maximum number of connection retries on a lost Redis link. The default is 20. |
maxHeartbeatWriteRetries |
The maximum number of write retries on the lost ability to write data in Redis. The default is 20. |
Standalone Configuration
{
...
"redisProps": {
"host": "127.0.0.1",
"port": 6379,
"password": "$ENC87eb897b507afc1796db49409dd02e1d848a208ca9d74593",
"maxRetriesPerRequest": 20,
"maxHeartbeatWriteRetries": 20
},
...
}HA Configuration
{
"id": "redis",
"type": "Redis",
"properties": {
"name": "mymaster",
"password": "$ENC87eb897b507afc1796db49409dd02e1d848a208ca9d74593",
"sentinels": [
{
"host": "redis1",
"port": 26379
},
{
"host": "redis2",
"port": 26379
},
{
"host": "redis3",
"port": 26379
}
],
"maxRetriesPerRequest": 20,
"maxHeartbeatWriteRetries": 20
}
}Configuring Redis Adapter (Standalone Topology)
The default configuration of the Redis adapter supports a standalone topology. The commonly applied properties and default behavior is the same as the core Redis properties. Like the core Redis properties, a password may also be configured if the Redis server requires authentication.
The following properties are commonly applied to the Redis adapter. The Redis adapter does not support custom properties available for core Redis.
| Property | Description |
|---|---|
host |
The host name or IP address of the Redis server. |
port |
The port number for the Redis server. The default port is 6379. |
password |
The password for the Redis server to secure access to the data. It can be provided in clear-text or in encrypted fashion, e.g., $ENCABC1234. |
Standalone Configuration
{ "id": "redis", "type": "Redis", "properties": { "host": "127.0.0.1", "port": 6379, "password": "$ENC87eb897b507afc1796db49409dd02e1d848a208ca9d74593" } }Configuring Redis Adapter (HA Topology)
When configuring the Redis adapter in an HA topology, the list of sentinels must be provided in addition to the Redis group name and password.
| Property | Description |
|---|---|
name |
Identifies a group of Redis instances composed of a master and one or more slaves (see mymaster in the example below). |
password |
The password for the Redis server to secure access to the data. It can be provided in clear-text or in encrypted fashion, e.g., $ENCABC1234. |
sentinels |
A list of sentinels to connect to. Although the list does not need to enumerate all sentinel instances, it is best practice to list all of them so that in the event of failure IAP will know all the alternative sentinels available. Each sentinel is configured with a host and port number.host - The host name or IP address of the sentinel.port - The unique port number for each sentinel. The default port is 26379. |
HA Configuration
{
"id": "redis",
"type": "Redis",
"properties": {
"name": "mymaster",
"password": "$ENC87eb897b507afc1796db49409dd02e1d848a208ca9d74593",
"sentinels": [
{
"host": "redis1",
"port": 26379
},
{
"host": "redis2",
"port": 26379
},
{
"host": "redis3",
"port": 26379
}
]
}
}