VMware Tanzu GemFire for VMs supports use of the VMware Tanzu GemFire for Redis Apps add-on. The GemFire for Redis add-on allows applications that currently use a Redis client to connect to and send Redis commands to GemFire. This allows those applications to use GemFire as a datastore for Redis clients, with little to no code changes.

For more information about the add-on, see the VMware Tanzu GemFire for Redis Apps documentation.

Usage Notes

  • VMware Tanzu GemFire for Redis Apps currently implements a subset of the full set of Redis commands. For more information, see Compatible Redis Commands in the VMware Tanzu GemFire for Redis Apps documentation.

  • If your application uses Spring Session Data Redis, you must add the following code to deactivate Spring Session from calling the CONFIG command. Calling the CONFIG command is not supported.

    @Bean
    public static ConfigureRedisAction configureRedisAction() {
          return ConfigureRedisAction.NO_OP;
    }
    

    This is a known solution for many Managed Redis products (ElastiCache, Azure Cache for Redis, etc.) that deactivate the CONFIG command for security reasons. For more information, see ERR unknown command 'CONFIG' when using Secured Redis #124 in GitHub.

  • If your application uses redis-py-cluster, you must specify the option skip_full_coverage_check=True when creating the connection to the cluster. This is a known solution for many Managed Redis products (ElastiCache, Azure Cache for Redis, etc) that deactivate the CONFIG command for security reasons. For more information, see AWS Elasticache Restrictions #189 in GitHub.

Start a Service Instance with GemFire for Redis Apps

To use the APIs for Redis, you must start a VMware Tanzu GemFire for VMs service instance with GemFire for Redis Apps enabled and redundant copies created as follows:

  1. To access the API, open port 6379 in VMware Tanzu GemFire for VMs. For more information, see Networking for On-Demand Services.

  2. Enable APIs for Redis and add the "redis" tag to your VMware Tanzu GemFire for VMs service.

    • When creating a new service, add -c '{"gemfire_for_redis_enabled":true}', "gemfire_for_redis_redundant_copies":N, and -t "redis" to the cf create-service command. N must be 1, 2, or 3, and sets the number of redundant copies created. VMware Tanzu GemFire for VMs supports a maximum of three redundant copies.

      For example:

      $ cf create-service p-cloudcache PLAN-NAME YOUR-SERVICE-NAME -c '{"gemfire_for_redis_enabled":true,"gemfire_for_redis_redundant_copies":2}' -t redis
      
    • When updating an existing service, add -c '{"gemfire_for_redis_enabled":true}', "gemfire_for_redis_redundant_copies":N, and -t "redis" to the cf update-service command. N must be 1, 2, or 3, and sets the number of redundant copies created. VMware Tanzu GemFire for VMs supports a maximum of three redundant copies.

      For example:

      $ cf update-service YOUR-SERVICE-NAME -c '{"gemfire_for_redis_enabled":true,"gemfire_for_redis_redundant_copies":2}' -t "redis"
      

      Note: Updating the service causes all members of the cluster to restart.

If you migrate from an existing application that uses the Redis tile, you typically must unbind and rebind the app to the Redis service.

  1. If your app is still bound to the Redis service, unbind it:

    cf unbind-service APP-NAME SERVICE-INSTANCE-NAME
    
  2. Bind your app to the new VMware Tanzu GemFire for VMs service:

    cf bind-service APP-NAME SERVICE-INSTANCE-NAME
    

(Optional) Transport Layer Security (TLS)

VMware Tanzu GemFire for VMs allows service instances to be created with Transport Layer Security (TLS) enabled. This differs from the Redis tile which allows TLS and non-TLS ports to be active at the same time on a single service instance. TLS can only be enabled during service instance creation.

If you enable TLS, all connections must be made using a TLS-capable client. The non-TLS port will be unavailable

To enable APIs for Redis and TLS on a VMware Tanzu GemFire for VMs service instance, add "tls":true to the parameters passed to the cf create-service command:

For example:

$ cf create-service p-cloudcache PLAN-NAME YOUR-SERVICE-NAME -c '{"gemfire_for_redis_enabled":true,"tls":true}' -t redis

Note: This enables TLS for the entire cluster.

App Development

To connect a Redis application to the VMware Tanzu GemFire for VMs service, you must create a service key. For a Redis-enabled service, the following properties are added to the service key as well as to the binding environment for the bound app:

  • "uri": "redis://REDIS-USER:REDIS-PASSWORD@REDIS-HOST-NAME:6379"
  • "hostname": "REDIS-HOST-NAME"
  • "port": 6379
  • "username": "REDIS-USER"
  • "password": "REDIS-PASSWORD"

Before you begin, note that:

  • Applications must be using a Redis client that supports Redis Cluster mode.
  • VMware Tanzu GemFire for Redis Apps currently implements a subset of the full set of Redis commands. For more information, see Compatible Redis Commands in the VMware Tanzu GemFire for Redis Apps documentation.

Follow the steps below to connect a Redis application to the VMware Tanzu GemFire for VMs service.

  1. Create a service key by running the following command:

    cf create-service-key MY-INSTANCE MY-KEY
    
  2. Inspect the service key:

    cf service-key MY-INSTANCE MY-KEY
    

    This return a JSON response (VCAP_SERVICES) containing the fields shown in this example:

    {
     "uri": "redis://developer_GUID:EXAMPLE-PASSWORD@redis-endpoint.service-instance-INSTANCE-GUID.bosh:6379",
     "hostname": "redis-endpoint.service-instance-INSTANCE-GUID.bosh",
     "username": "developer_GUID",
     "password": "EXAMPLE-PASSWORD",
     "port": 6379,
     "users": [
      {
       "password": "EXAMPLE-PASSWORD",
       "roles": [
        "developer"
       ],
       "username": "developer_GUID"
      }
     ]
    }
    

    Note: The username field is the same as the username configured for the developer role. This role has the necessary permissions to access all GemFire for Redis Apps functionality.

    If TLS is enabled for the service, the uri scheme will be rediss:, and the port field will be replaced by a tls_port field which must be used for TLS enabled connections. Only one of port or tls_port will be present. Redis clients cannot establish both TLS and non-TLS connections to the same GemFire for Redis Apps service.

  3. Configure the application.

    You can use the values from the service key to configure the application, as appropriate, to connect to the service. For example, a Spring Boot application would need the following set in its application.properties file:

    spring.redis.cluster.nodes=redis-endpoint.service-instance-INSTANCE-GUID.bosh:6379
    spring.redis.username=developer_GUID
    spring.redis.password=PASSWORD
    

Security

If the VMware Tanzu GemFire for VMs service is configured to use external authentication (UAA), Redis applications must be configured with a user and associated password that has the PCC_DATA-ACCESS role as described in Configuring User Account and Authentication (UAA) Roles.

When UAA is configured, the VCAP_SERVICES data will not include a username or password field.

Back Up and Restore

The APIs for Redis do not persist any data to disk, so it is not possible to back up and restore.

Additional Information

For additional information, including supported commands, see the VMware Tanzu GemFire for Redis Apps documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon