Configure Redis

The Token Server engine uses Redis as a cache server to store short-lived values in memory. This speeds up the application and reduces the number of database queries significantly.

Sentinel is an application that provides high-availability for Redis. The rest of this chapter describes how Redis including Sentinel can be setup and how to configure Redis in the Token Server engine.

Example Redis Compose configuration

In order to have a high-available Redis setup you must deploy at least 3 Sentinels and 2 Redis nodes (one slave and one master). You need 3 Sentinels because in case of a failure of the Redis master the Sentinels need to elect a new master. If there are only 2 Sentinels available they cannot get a majority to elect a new master and the cluster is in a masterless state which means that it will not function anymore.

The code snippet below shows an example Compose configuration that deploys 1 Redis master, 1 Redis slave and 3 Sentinel nodes.

version: "2"
services:
  redis-master:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_PORT=6379
      - REDIS_ANNOUNCE_IP=192.168.100.8
      - REDIS_ANNOUNCE_PORT=6379
    networks:
      overlay:
        ipv4_address: 192.168.100.8

  redis-slave:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_PORT=6379
      - REDIS_ANNOUNCE_IP=192.168.100.9
      - REDIS_ANNOUNCE_PORT=6379
      - REDIS_SLAVE=True
      - REDIS_SLAVEOF_IP=192.168.100.8
      - REDIS_SLAVEOF_PORT=6379
    depends_on:
      - redis-master
    networks:
      overlay:
        ipv4_address: 192.168.100.9

  redis-master-sentinel:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_SENTINEL=True
      - REDIS_SENTINEL_PORT=26379
      - REDIS_SENTINEL_ANNOUNCE_IP=192.168.100.10
      - REDIS_SENTINEL_ANNOUNCE_PORT=26379
      - REDIS_SENTINEL_MASTER_IP=192.168.100.8
      - REDIS_SENTINEL_MASTER_PORT=6379
    depends_on:
      - redis-master
    networks:
      overlay:
        ipv4_address: 192.168.100.10

  redis-slave-sentinel:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_SENTINEL=True
      - REDIS_SENTINEL_PORT=26379
      - REDIS_SENTINEL_ANNOUNCE_IP=192.168.0.11
      - REDIS_SENTINEL_ANNOUNCE_PORT=26379
      - REDIS_SENTINEL_MASTER_IP=192.168.0.8
      - REDIS_SENTINEL_MASTER_PORT=6379
    depends_on:
      - redis-master-sentinel
    networks:
      overlay:
        ipv4_address: 192.168.100.11

  redis-slave-sentinel-failover:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_SENTINEL=True
      - REDIS_SENTINEL_PORT=26379
      - REDIS_SENTINEL_ANNOUNCE_IP=192.168.100.12
      - REDIS_SENTINEL_ANNOUNCE_PORT=26379
      - REDIS_SENTINEL_MASTER_IP=192.168.100.8
      - REDIS_SENTINEL_MASTER_PORT=6379
    depends_on:
      - redis-master-sentinel
    networks:
      overlay:
        ipv4_address: 192.168.100.12

networks:
 overlay:
   driver: bridge
   ipam:
     config:
       - subnet: 192.168.100.0/24

Token Server Engine configuration

The Token Server engine connects to Redis through Sentinel. This means that the Sentinel nodes must be configured in the Token Server engine. Add the following properties to the engine container environment configuration. The values are inspired on the Redis configuration shown above.

  engine:
    image: release.onegini.com/onegini/token-server-engine:<TOKEN_SERVER_VERSION>
    restart: always
    user: onegini
    environment:
      ...
      # Redis
      - TOKEN_SERVER_REDIS_SENTINEL_NODES=192.168.100.10:26379,192.168.100.11:26379,192.168.100.12:26379
      - TOKEN_SERVER_REDIS_SENTINEL_MASTER_ID=mymaster
      ...

The TOKEN_SERVER_REDIS_SENTINEL_NODES are a comma separated list of host:port pairs that define all sentinel nodes. The TOKEN_SERVER_REDIS_SENTINEL_MASTER_ID defines the name of the Redis master. The Onegini Redis container creates a Redis master that is called mymaster so we need to tell the Token Server that our master is called mymaster.

A full example of a Token Server engine configuration can be found in the Installation instructions chapter.