Pivotal Knowledge Base

Follow

How to Configure Redis and Rabbit Metrics Communications in Cloud Foundry

Environment

 Product  Version
 Pivotal Cloud Foundry (PCF)  1.8, 1.9, 1.10 
 Redis for PCF  1.7.2
 RabbitMQ for PCF  1.7.13 

Introduction

In order for Redis and RabbitMQ to work on PCF 1.10, secure metrics communications will need to be enabled. Redis for PCF 1.7.2 and RabbitMQ for PCF 1.7.13 have been released that allow the operator to enable secure metrics communications. The operator can choose whether secure metrics communications is enabled or disabled.

Secure metrics communications must be disabled on PCF1.8.

Description

Key concepts

  • To help ensure that PCF is secure by default, ETCD, the key-value store used by CF, has been configured to have secure communications (via TLS) in PCF 1.9 and later. In PCF 1.9, there is a proxy to allow non-TLS communications. This proxy is removed in PCF 1.10.
  • The metron agent component of the loggregator communicates with ETCD.
  • Redis for PCF 1.6+ and Rabbit for PCF 1.6+ emit metrics to the firehose via the loggregator. 

Configuring metrics communications

To configure metrics communications, use the non-secure communication for metrics checkbox on the metrics configuration page for the tile in Ops Manager. The operator should configure this checkbox for different versions of PCF as follows:

  • PCF v1.8: This checkbox must be checked for metrics to be emitted to the Firehose.
  • PCF v1.9: Metrics communications are secure by default but will work in a non-secure mode.
  • PCF v1.10 and later: Metrics communications are secure by default so this checkbox must be unchecked for metrics to be emitted to the Firehose. 

Here is the checkbox in the Redis for PCF tile:



If the operator has configured it incorrectly for the version of PCF the tile is installed on, this error will be displayed:

Upgrades

When upgrading to PCF 1.10, the operator should upgrade to Redis 1.7.2+ and RabbitMQ 1.7.13+ first.

Next, untick the ‘Use non-secure communications for TLS’ tickbox, then upgrade to Ops Manager 1.10+. 

Port requirements

The ETCD server instances are now discovered via DNS service discovery via consul. Inbound traffic to the consul agent on Redis/RabbitMQ instances must be enabled on port 8301. 

Troubleshooting

If you see the following error when clicking “Apply Changes” after you upgraded to 1.10, ensure to uncheck the ‘Use non-secure communications for TLS’ tickbox in either the RabbitMQ or the Redis tile. Go into the tile configuration and uncheck the box. Click ‘Apply Changes’ again.

Comments

Powered by Zendesk