[redis] update redis-tls

redis-tls/cert/CA-cert.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIJAMK7kxaaiuH3MA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV
+BAYTAktSMQ4wDAYDVQQIDAVTZW91bDEOMAwGA1UEBwwFU2VvdWwxCjAIBgNVBAoM
+AUIxCjAIBgNVBAsMAUIxCjAIBgNVBAMMAUIxEDAOBgkqhkiG9w0BCQEWAUIwHhcN
+MjMxMDAyMTUxMzAwWhcNMjYwNjI4MTUxMzAwWjBjMQswCQYDVQQGEwJLUjEOMAwG
+A1UECAwFU2VvdWwxDjAMBgNVBAcMBVNlb3VsMQowCAYDVQQKDAFCMQowCAYDVQQL
+DAFCMQowCAYDVQQDDAFCMRAwDgYJKoZIhvcNAQkBFgFCMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA3yjjv250E1t7+1W43T9gb6dQ0EZP+9Sd5nxXLUzU
+bEzJfTFOdBaN/i1x+R1bLeLN6/aJE+9zCl4N3qSLFNn/O0+w/U42WZyNxvo/5VHT
+G1MNYT19InJ8SBR8V0r1FLdQsFfuK0f9HxLuYS6uNVCAgTUkDCXf4hDr4EKSY6hW
+BV96X8psBOjeeXQmUh3gt/OvpmaQpALDxif+b7RPOotmfMDyfmDjBjjTLmNwgxXU
+p7LdYcX/6VXHNy3HF2PAQbJ1MmaGiTK3hIAQKsJDtTYBmR2q5Ql2JEV+EUuwHBBh
+K+w3Wa6tQf22ceKjITGDFfixXHhlSs9lM6iHhunFktDmhQIDAQABo1AwTjAdBgNV
+HQ4EFgQU+TRnwFhV1Zl1ks+KWV7jD0t1p00wHwYDVR0jBBgwFoAU+TRnwFhV1Zl1
+ks+KWV7jD0t1p00wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEARsuf
+KBxKJf4VLq2eWj/ArjAnsYuLKWF0Ho9cmR9CAwSUan71ubyY7/Zy71VGfWWCAQB5
+ybR/46xMK2Zpj1w0mXnzeCnxsIwzJ8vZHWUFM65ZLScj41SFMr9scJH9Xg7DpKjZ
+sjMdjm0ZLBRxQ5Ft/eSsY2YtrtjiwVHNSqfl3UntxraZ9UMTrwIEP6tJ91SNppBL
+tSvr0wP/nWoFT3qCZ1k9dVavTkQRKWj5ei9QeiB31PZejoCk5FLf0gpJateAmOSL
+L+EaI7gZ2yc2AHTlLOFm4MTpEeVmm2WADlEXDcds4l4lwtiIMkBQzHIfRAKHaIYe
+FMeafN8juINoQRou3Q==
+-----END CERTIFICATE-----

redis-tls/cert/private.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCfEzAw8hPOh9B
+6odtwMvr3yVamQqCWboZpQaSug7nTl3S5bK5WeJNbmbVHpDhAak90RBhHOz9WwxV
+H7SRb/UsTe/6APPD1vsOTlOLKa/1hyZb8sW2SYZQ68SUZipLRMbJuCvcYcLNJHMY
+/kfGIVJ8gqBZBbJWA70+DYxnh/hNxZFekETeL8+kja8dd+ghkvRPPQqoBjcbq/M6
+In90LSDk+O6gwo3jCJ9VnvT0GXbmLLNzpOftcdDHTqtpBHQXB0X3vnWkq65itUhZ
+B0Cs3iKu8u4Y2JQLkfn8FQEad72JJOM4HSXNjJwwyn9CQF0q3tLyspe2LYGEbccW
+V9xfElC7AgMBAAECggEAJqrb/79tRgNCT7K3dmTMpnrZTGf9JOl+DLc41VdUuzxj
+fxjYLe3nBooau+i12WahJX85iHVd0QmXLB1/oyLlVgew3L3vuVI23CNKjPKe32wd
+fk6IbLO1lsUpcm/VnN1xwI1zev+c4XiLwb5cutHJOqQmCU0OpfdcWsgK0FLCVYPH
+b1817a6v6mfwlupfBHJ5mju7SKNiKVQ/01ZfV5dhHuVQE+CVlECj41Bqod74MJz/
+3N1DbDX/BFKYu3A5jFhsN6QwTZJ8VBx0vNx1i0HNr/pemoDxisinitGbF5pfedKt
+FgUkPRoofxZRZj18e/GeRza6jmLw5wSXEMLzOEoucQKBgQDvUIGnVd6uNWBDa+5n
+cSkl2d4mCBtFoG67oBAz7EhX6GTrZP4jUTVDzZz7rA/LYsv+Q8NTTnbXR7UiM4Or
+cbB4KTxlR0RnNvQ1f1NwjEpScNC49N31qQbTqtF35M0mm/vF/XYkO38IobsOwp5d
+OfVoILPTbvr0R37peXNS0jeFtwKBgQDQC6XA6zUpRYdYTganuzCX8aGVmOkKnZLv
+EsdPEWiGEEuTJM58eKJG0wOL67Rwssg86TVjjZ+1v9pZqaMbd12hSQ7Q3tyIdzjx
+WJkp62LfupOPJVLpSNdprXbQ+dULjAXjkjvs0YtTK7+fuAqgEzagIDWqNE6VDu4J
+8vxFbfEtHQKBgEKQnQ+jZeYE+LqoKc7h/fUGTbE8bgGG52YO1pLqtRCmlnOXSs0e
+CHfMmE60hEwpNd6KkKj6WTn2Ox7BP22PmOtDZQYytYcUFQdQXDAhBYc61AOuMJLl
+Kf30NIFpxdpoZraikprvZZ1MBxDK92us9GK7Pemgo/MQc++TFY3C5SivAoGAUwmz
+GPNIfraftOE/ysbuOFdbdUhZC8GlGgNWxfpey9PJNmvkds33h2lF6x0jIjBZt+Yl
+Rx0J+BMhZdRNo/LazjtIzJmHUHi1o68HQzIOftoLd4EgPLi0MhvoZrSxEjDLUO/X
+N0jT4Vh+3ZMpuoawsOzqPosuKlSRMitoAZZGQwkCgYEAg+FAdMK58juQoCEU5XFH
+qA/usEpmkKi37TyS+gILMD3dGcXOPzzxvUENvIDyPkUnIS3RsPAy9sbDAejG3pl5
+gIX3Jfu85LkC4/jl7OV4gq6KS9LksuoZ9X4LeJ6f00UCv4E0lDxf29PgDNxZ4poM
+hixDO0f832TAYISYTtLXflc=
+-----END PRIVATE KEY-----

redis-tls/cert/san.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAiYCCQC/ZryjNyHjOzANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJL
+UjEOMAwGA1UECAwFU2VvdWwxDjAMBgNVBAcMBVNlb3VsMQowCAYDVQQKDAFCMQow
+CAYDVQQLDAFCMQowCAYDVQQDDAFCMRAwDgYJKoZIhvcNAQkBFgFCMB4XDTIzMTAw
+MjE1MTczNloXDTI0MTAwMTE1MTczNlowXzELMAkGA1UEBhMCS1IxDjAMBgNVBAgM
+BVNlb3VsMQ4wDAYDVQQHDAVTZW91bDEKMAgGA1UECgwBQjEKMAgGA1UECwwBQjEY
+MBYGA1UEAwwPMTg1LjIwMy4xMTQuMTg3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwnxMwMPITzofQeqHbcDL698lWpkKglm6GaUGkroO505d0uWyuVni
+TW5m1R6Q4QGpPdEQYRzs/VsMVR+0kW/1LE3v+gDzw9b7Dk5Tiymv9YcmW/LFtkmG
+UOvElGYqS0TGybgr3GHCzSRzGP5HxiFSfIKgWQWyVgO9Pg2MZ4f4TcWRXpBE3i/P
+pI2vHXfoIZL0Tz0KqAY3G6vzOiJ/dC0g5PjuoMKN4wifVZ709Bl25iyzc6Tn7XHQ
+x06raQR0FwdF9751pKuuYrVIWQdArN4irvLuGNiUC5H5/BUBGne9iSTjOB0lzYyc
+MMp/QkBdKt7S8rKXti2BhG3HFlfcXxJQuwIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQBanVVYjLXASSJkbb3Jha9cVxU3WPh2NqdBj5dTfGJWl7NdNf8qtothDs+R/mBz
+STGWlWKpLLFKMepo2rCjBMSRjc0+ctbdOgv9dfLmND72T8jp2tpJuqxCxoSLCIvN
+WLSUl5KyS4Bj1fET4rISbce4bYfV3V8R+v+VjkesZjTpud6iVH0vP/Cr3tNlUiZa
+0gYED3/ohwwA95a3sqWcHNR4QrpNdCZgl2opAa+CuoLlRJ2YKoKLuWNglLDyDWwk
+E5C4HInIIRn9Y4QvXs/5czAWjRdtfN7Gq9IO5Lk52OUh6Sx6smhT/oUfaO8D7TD9
+bkcnERdnJtC+cZpCDekR0R18
+-----END CERTIFICATE-----

redis-tls/docker-compose.yaml

@@ -0,0 +1,34 @@
+version: '3'
+services:
+  predixy:
+    image: haandol/predixy:latest
+    container_name: predixy
+    network_mode: "host"
+    volumes:
+      - ./predixy/conf:/etc/predixy/conf
+  redis-master:
+    container_name: "redis-master"
+    image: redis:7.2-alpine
+    network_mode: "host"
+    command: redis-server /etc/redis.conf
+    volumes:
+      - ./redis-master.conf:/etc/redis.conf
+      - ./masterdata:/data
+      - ./cert/san.crt:/etc/certificate.crt
+      - ./cert/private.key:/etc/certificate.key
+      - ./cert/CA-cert.pem:/etc/chain.crt
+    restart: always
+  redis-slave:
+    container_name: "redis-slave"
+    image: redis:7.2-alpine
+    network_mode: "host"
+    command: redis-server /etc/redis.conf
+    volumes:
+      - ./redis-slave.conf:/etc/redis.conf
+      - ./slavedata:/data
+      - ./cert/san.crt:/etc/certificate.crt
+      - ./cert/private.key:/etc/certificate.key
+      - ./cert/CA-cert.pem:/etc/chain.crt
+    restart: always
+    depends_on:
+      - redis-master

redis-tls/predixy/conf/auth.conf

@@ -0,0 +1,8 @@
+Authority {
+    Auth {
+        Mode write
+    }
+    Auth "#bccomplexpassword#" {
+        Mode admin
+    }
+}

redis-tls/predixy/conf/cluster.conf

@@ -0,0 +1,20 @@
+## redis cluster server pool define
+
+ClusterServerPool {
+    MasterReadPriority 60
+    StaticSlaveReadPriority 50
+    DynamicSlaveReadPriority 50
+    RefreshInterval 1
+    ServerTimeout 1
+    ServerFailureLimit 10
+    ServerRetryTimeout 1
+    KeepAlive 120
+    Servers {
+        + redis-node1.ungleich.cloud:7001
+        + redis-node2.ungleich.cloud:7001
+        + redis-node3.ungleich.cloud:7001
+        + redis-node1.ungleich.cloud:7101
+        + redis-node2.ungleich.cloud:7101
+        + redis-node3.ungleich.cloud:7101
+    }
+}

redis-tls/predixy/conf/latency.conf

@@ -0,0 +1,104 @@
+LatencyMonitor all {
+    Commands {
+        + all
+        - blpop
+        - brpop
+        - brpoplpush
+    }
+    TimeSpan {
+        + 100
+        + 200
+        + 300
+        + 400
+        + 500
+        + 600
+        + 700
+        + 800
+        + 900
+        + 1000
+        + 1200
+        + 1400
+        + 1600
+        + 1700
+        + 1800
+        + 2000
+        + 2500
+        + 3000
+        + 3500
+        + 4000
+        + 4500
+        + 5000
+        + 6000
+        + 7000
+        + 8000
+        + 9000
+        + 10000
+    }
+}
+
+LatencyMonitor get {
+    Commands {
+        + get
+    }
+    TimeSpan {
+        + 100
+        + 200
+        + 300
+        + 400
+        + 500
+        + 600
+        + 700
+        + 800
+        + 900
+        + 1000
+    }
+}
+
+LatencyMonitor set {
+    Commands {
+        + set
+        + setnx
+        + setex
+    }
+    TimeSpan {
+        + 100
+        + 200
+        + 300
+        + 400
+        + 500
+        + 600
+        + 700
+        + 800
+        + 900
+        + 1000
+    }
+}
+
+LatencyMonitor blist {
+    Commands {
+        + blpop
+        + brpop
+        + brpoplpush
+    }
+    TimeSpan {
+        + 1000
+        + 2000
+        + 3000
+        + 4000
+        + 5000
+        + 6000
+        + 7000
+        + 8000
+        + 9000
+        + 10000
+        + 20000
+        + 30000
+        + 40000
+        + 50000
+        + 60000
+        + 70000
+        + 80000
+        + 90000
+        + 100000
+    }
+}

redis-tls/predixy/conf/predixy.conf

@@ -0,0 +1,38 @@
+################################### GENERAL ####################################
+## Predixy configuration file example
+
+## Specify a name for this predixy service
+## redis command INFO can get this
+Name PredixyExample
+
+## Default is 0.0.0.0:7617
+Bind 0.0.0.0:7300
+
+## Worker threads
+WorkerThreads 4
+
+MaxMemory 0
+
+ClientTimeout 300
+
+Log /etc/predixy/conf/predixy.log
+
+LogVerbSample 0
+LogDebugSample 0
+LogInfoSample 10000
+LogNoticeSample 1
+LogWarnSample 1
+LogErrorSample 1
+
+
+################################### AUTHORITY ##################################
+Include auth.conf
+
+################################### SERVERS ####################################
+Include cluster.conf
+# Include sentinel.conf
+# Include try.conf
+
+################################### LATENCY ####################################
+## Latency monitor define, see latency.conf
+Include latency.conf

redis-tls/redis-master.conf

@@ -0,0 +1,13 @@
+cluster-enabled yes
+cluster-node-timeout 5000
+cluster-require-full-coverage yes
+appendonly yes
+#port 7001
+tls-cluster yes
+tls-auth-clients no
+#tls-replication yes
+port 0
+tls-port 6379
+tls-cert-file /etc/certificate.crt
+tls-key-file /etc/certificate.key
+tls-ca-cert-file /etc/chain.crt

redis-tls/redis-slave.conf

@@ -0,0 +1,13 @@
+cluster-enabled yes
+cluster-node-timeout 5000
+cluster-require-full-coverage yes
+appendonly yes
+#port 7101
+tls-cluster yes
+tls-auth-clients no
+tls-replication yes
+port 0
+tls-port 6479
+tls-cert-file /etc/certificate.crt
+tls-key-file /etc/certificate.key
+tls-ca-cert-file /etc/chain.crt