000037378 - How to install and configure Redis with RSA Archer

Document created by RSA Customer Support Employee on May 1, 2019Last modified by RSA Customer Support Employee on May 1, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000037378
Applies ToRSA Product Set: Archer
RSA Product/Service Type: Caching, Platform, Archer Control Panel
RSA Version/Condition: 6.6.x, 6.5.0.5
Platform:  Redis
 
IssueRSA Archer 6.6 and 6.5.0.5 introduce support for Redis Caching.  The intent of this guide is to provide some instructions for setting up Redis with Archer. 
Tasks

This article assumes that you have a suitable OS to install Redis.  In this example CentOS 7 was used.



Installation Steps



  1. Ensure the availability of GCC on the server. Otherwise, install GCC with the following command:


yum install gcc


  1. If you don't have yum installed, check Google.
  2. Download the Redis installer for Linux and copy it to the directory in which you want to install it.
  3. Extract and install Redis:


tar xyzf <Redis_Installer_Filename>
cd <Redis_Directory>
make



  1. Open /etc/redis/redis.conf with a text editor such as vi.
  2. Find the line with the word bind and add the text bind 0.0.0.0 below the string bind 127.0.0.1, as shown below:


# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bind 127.0.0.1
bind 0.0.0.0


  1. Change protected-mode to no, as shown:


# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode no


  1. Archer requires a password be set.  Uncomment the line #requirepass foobared and replace foobared with a strong password: 


# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
requirepass VeryStrongPassword


  1. Save and quit the file:


:wq!


  1. Start the Redis server (use the & in the command to have the process run in the background).


[root@redis src]# ./redis-server /etc/redis/redis.conf &

(lots of messages)

4205:M 25 Apr 2019 15:00:28.508 * Ready to accept connections


  1. Note if you have added Redis as a service then you can just use:


[root@redis src]# service redis start
Redirecting to /bin/systemctl start  redis.service


  1. Redis, by default, runs on port 6379 so you need to make sure the firewall allows it.


$ iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT


  1. Check your Linux distribution to see how to make this rule permanent, otherwise on reboot the rule will be lost.  In CentOS use:  


[root@redis src]# firewall-cmd --permanent --add-port=6370/tcp
success
systemctl stop firewalld.service
systemctl start firewalld.service


  1. To confirm the Redis server is running, open another terminal and run redis-cli. If no port is provided as arguments, redis-cli tries to connect to 127.0.0.1:6379. If the server is configured with a different port and bound to a different IP other than the loopback the usage for redis-cli is redis-cli -h IPADDRESS -p PORT. On the Redis port run a ping command. If the server responds with PONG, the configuration is successful.  


[root@redis src]# ./redis-cli -h redis.archer.local -p 6379
redis.archer.local:6379>
redis.archer.local:6379> ping
PONG


  1. Now configure in the Archer Control Panel. 
    1. Go to Installation Settings, then click on the General tab. 
    2. Under Caching Solution change Caching Option to Redis and populate the Server and Password fields. 
    3. The port will get filled in automatically, but can be changed if you are not using the default port.

User-added image

 

You will not see the success message if your window is not wide enough.  Maximize your ACP screen.  If you get anything besides success:


  • Double check all of the settings you made to the redis.conf file. 
  • Make sure you edited the right redis.conf file.  It is the one located in /etc, not in your install folder.
  • Make sure that redis is running:


[root@redis redis-5.0.3]# netstat -an | grep 6379
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN


  • Make sure the firewall is configured to allow your configured port:


[root@redis redis-5.0.3]# iptables --list | grep 6379
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6379 ctstate NEW


  • If it still doesn't work, consider using a packet sniffer such as Wireshark (from the Windows side) or tcpdump from Linux to analyze the traffic.  Perhaps its getting blocked by a device in between.

If you want to configure Redis with SSL, check out Redis Lab's article on Securing Redis Client and Server with Stunnel for detailed instructions.

Attachments

    Outcomes