Keeping your Redis in shape in 3 simple steps
Redis is a great NoSQL database, not only for cache, but also as a primary data source (and we’re doing both!). Because it is so popular, there are many hosting solutions for Redis — and most of them offer plans with different memory sizes. If you use a hosting solution like we do, then you’re probably encountering a similar problem: how do you keep your Redis instance in the plan’s limit? Here I explain how to do this easily by using open source tools — Icinga (or Nagios) and Webdis.
Overview
To monitor the memory used by the Redis instance, we can use the INFO command. This command returns various interesting information on the server, including the used memory. Ideally, we could use Icinga/Nagios plugin to directly invoke this command (and there are existing Icinga plugins for that). This is a security risk, as our Redis instance contains highly sensitive data. So I preferred to find a different approach that is also more secure. The main issue here, in my opinion, is the fact that Redis has no ACL. Meaning, anyone with access to Icinga effectively has full access to this Redis instance. I choose to solve this by using Webdis — a tool that exposes Redis TCP API over HTTP, with ACL support. But this can also be solved by using dedicated Icinga client, with limited access. I think that both solutions are pretty similar, but the first one was easier to setup. Let’s dive into the details of how to set this up.
Step 1 — Setting up webdis
The first step is to install Webdis on a server that is able to access the Redis instance. There are many guides out there (and even Debian packages!) that explain how to do this, so it shouldn’t be hard. The only thing left is to configure the ACL: We want to block all commands except for INFO, and also add HTTP basic authentication (as Webdis already supports this). This is pretty straightforward — see the configuration here. Don’t forget to change some of the settings (username/password, log file etc).
Now apply the configuration and restart Webdis. You can check to see if it’s working using:curl -u username:password http://webdishost:port/info
And you should see nice JSON with the output of the INFO command.
Step 2 — Writing the check plugin
After having Webdis up and running, the check plugin is pretty simple. Here’s how:
- Execute an Http Get request to retrieve the current info
- Compare the returned usage data to the limits
- Set the exit code according to the result
You can find the code at Github. We are using puppet module to install it — see here how.
Step 3 — Configure Icinga
Lastly, we need to create a new check command. The check command should run the script from the previous step. Then, all that’s needed is to create a new service (that uses the new command) and add this service to the relevant host. And you’re done. Now Icinga will alert you whenever your Redis instance gets close to its limit. Don’t you feel more relaxed already?
Found this interesting? Share!
By Omer Levi Hevroni
Originally published at https://blog.solutotlv.com on March 26, 2017.
