====== Redis ======

**General Information**

Redis is "an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker." 

Official Site: https://redis.io/

**Checklist**
  * Enterprise Linux 7

----

====== Server: Install ======

[[linux_wiki:repos#epel|Install/enable the EPEL repo.]]

\\
Install redis
<code bash>
yum install redis
</code>

\\
Start and Enable
<code bash>
systemctl enable redis
systemctl start redis
</code>

\\
Verify service is available locally
<code bash>
[root@server01 ~]# redis-cli
127.0.0.1:6379> exit
</code>
  * By default, redis will listen on localhost (127.0.0.1) only

----

====== Server: Configure ======

Different Redis server options to configure that are not defaults.

\\
**The config file is located at**: /etc/redis.conf

----

===== Bind Interface =====

The default bind/listen interface is localhost (127.0.0.1).

If you would like clients to be able to connect over the network, you will need to change this.
  * **Caution**: There is no security/encryption by default, but a number of protection measures to take if changing the bind interface. See the security section.

\\
Change the bind interface
<code bash>
bind 192.168.1.100
</code>

----

===== Security =====

Redis was designed to be deployed on trusted networks. It is recommended to NOT expose Redis to the internet.

That being said, there are some protection measures that can be taken.

\\
**Firewall**
  * Use firewalld to only allow certain networks access to the Redis port<code bash># Allow only the 192.168.1.0/24 network
firewall-cmd --zone=internal --add-source=192.168.1.0/24 --permanent

# To the Redis port
firewall-cmd --zone=internal --add-port=6379/tcp --permanent

# Reload rules
firewall-cmd --reload</code>

\\
**Authentication (password) for clients**
  * Clients must authenticate before sending commands<code bash>requirepass c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2</code>
    * Recommended to use the hash of something to set a complicated password that can't be memorized if seen. Example<code bash>echo "this is the coolest password ever" | sha256sum 
c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2</code>

\\
**Disable Certain Commands**
  * Certain commands can be disabled for clients by renaming them
    * Renamed command for hard to guess CONFIG<code bash>rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52</code>
    * Disabling the CONFIG command completely<code bash>rename-command CONFIG ""</code>

\\
**Encryption Tunneling**
  * Redis traffic can be piped through an encrypted tunnel using spiped
  * FIXME - to do

----

===== General =====

**Daemonize**
  * Enable redis to run as a daemon<code bash>daemonize yes</code>

**Supervisor Interaction**
  * Enable redis to send signals to systemd<code bash>supervised systemd</code>

**Append Log**
  * Enable append only file<code bash>appendonly yes</code>

**File Sync**
  * Configure how often memory flushes to disk<code bash>appendfsync everysec</code>

----

====== Client: Install ======

Install the Python Redis client<code bash>pip install redis</code>

----

====== Client: Configure ======

Import the Redis module and connect to the Redis server<code bash>import redis

redis_db.keys()

redis_db = redis.StrictRedis(host="192.168.1.151", port=6379, db=0, password="c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2")</code>

\\
**Example Client Use**
  * String
  * List
  * Hash

----