Pivotal Knowledge Base


How to Configure Redis and Rabbit Metrics Communications in Cloud Foundry


  • Pivotal Cloud Foundry (PCF) 1.8, 1.9, and 1.10
  • Redis for PCF 1.7.2
  • RabbitMQ for PCF 1.7.13 


In order for Redis and RabbitMQ to work on PCF 1.10, secure metrics communications will need to be enabled. Redis for PCF 1.7.2 and RabbitMQ for PCF 1.7.13 have been released that allow the operator to enable secure metrics communications. The operator can choose whether secure metrics communications is enabled or disabled.

Secure metrics communications must be disabled on PCF1.8.


Key concepts

  • To help ensure that PCF is secure by default, ETCD, the key-value store used by CF, has been configured to have secure communications (via TLS) in PCF 1.9 and later. In PCF 1.9, there is a proxy to allow non-TLS communications. This proxy is removed in PCF 1.10.
  • The metron agent component of the loggregator communicates with ETCD.
  • Redis for PCF 1.6+ and Rabbit for PCF 1.6+ emit metrics to the firehose via the loggregator. 

Configuring metrics communications

To configure metrics communications, use the non-secure communication for metrics checkbox on the metrics configuration page for the tile in Ops Manager. The operator should configure this checkbox for different versions of PCF as follows:

  • PCF v1.8: This checkbox must be checked for metrics to be emitted to the Firehose.
  • PCF v1.9: Metrics communications are secure by default but will work in a non-secure mode.
  • PCF v1.10 and later: Metrics communications are secure by default so this checkbox must be unchecked for metrics to be emitted to the Firehose. 

Here is the checkbox in the Redis for PCF tile:

If the operator has configured it incorrectly for the version of PCF the tile is installed on, this error will be displayed:


When upgrading to PCF 1.10, the operator should upgrade to Redis 1.7.2+ and RabbitMQ 1.7.13+ first.

Next, untick the ‘Use non-secure communications for TLS’ tickbox, then upgrade to Ops Manager 1.10+. 

Port requirements

The ETCD server instances are now discovered via DNS service discovery via consul. Inbound traffic to the consul agent on Redis/RabbitMQ instances must be enabled on port 8301. 


If you see the following error when clicking “Apply Changes” after you upgraded to 1.10, ensure to uncheck the ‘Use non-secure communications for TLS’ tick box in either the RabbitMQ or the Redis tile. Go into the tile configuration and uncheck the box. Click ‘Apply Changes’ again.


Powered by Zendesk