Skip to main content
Version: Develop

Service Instance Access

This page describes usage specific to a9s Redis®*. It builds upon the information provided in Getting Started - Accessing a Service Instance.

Accessing an a9s Redis® Service Instance

In order to access an a9s Redis® Service Instance, the Service Instance's credentials stored in the environment variables of the application bound to it. This is further explanined in Lifecycle of a Service Instance - Obtain Credentials for Accessing a Service Instance.

The resulting environment variables for an a9s Redis® application can be seen below:

cf env a9s-redis-app
Output 
Getting env variables for app a9s-redis-app in org test / space test as admin...

System-Provided:
{
  "VCAP_SERVICES": {
    "a9s-redis": [
      {
        (...)
        "credentials": {
          "host": "EXAMPLE-master.service.dc1.a9ssvc",
          "hosts": [
            "EXAMPLE-redis-0.node.dc1.a9ssvc",
            "EXAMPLE-redis-1.node.dc1.a9ssvc",
            "EXAMPLE-redis-2.node.dc1.a9ssvc"
          ],
          "load_balanced_host": "EXAMPLE.service.dc1.a9ssvc",
          "redis": {
            "password": "EXAMPLE-REDIS-PASSWORD",
            "port": 6379,
            "username": "EXAMPLE-REDIS-USERNAME"
          },
          "sentinel": {
            "master_name": "EXAMPLE-master",
            "password": "EXAMPLE-SENTINEL-PASSWORD",
            "port": 26379,
            "username": "EXAMPLE-SENTINEL-PASSWORD"
          }
        }
        (...)
      }
    ]
  }
}

...
Output for a9s Redis® 7 RC and below 
Getting env variables for app a9s-redis-app in org test / space test as admin...

System-Provided:
{
  "VCAP_SERVICES": {
    "a9s-redis": [
      {
        (...)
        "credentials": {
          "host": "EXAMPLE-master.service.dc1.consul",
          "hosts": [
            "EXAMPLE-redis-0.node.dc1.consul",
            "EXAMPLE-redis-1.node.dc1.consul",
            "EXAMPLE-redis-2.node.dc1.consul"
          ],
          "load_balanced_host": "EXAMPLE.service.dc1.consul",
          "password": "EXAMPLE-PWD",
          "port": 6379,
          "sentinel_master_name": "EXAMPLE-master",
          "sentinel_port": 26379
        }
        (...)
      }
    ]
  }
}
...

The host and password values can be used to connect to the database with a Redis® client, by using only the host variable, the application does not need to know anything about Redis® Sentinel. However if the hosts or the load_balanced_host variable is used, the application needs to know about Redis® Sentinel and being able to work with Redis® Sentinel. This means, by using the host variable, the failover is handled by the logic within the Service Instance, but if one of the other variables is used, the failover needs to be handled by the application.

note

The sentinel information and its subfields are only present for Service Instances with cluster plans.

Access Credentials

caution

Versions below a9s Redis® 7 GA do not have support for multiple unique access credentials. These versions share the same credentials for different service bindings/keys with administrator permissions.

The user access control is based on Redis® Access Control List (ACL). Each credential has some pre-configured permissions and does not have admin privileges.

note

a9s Redis® 7 RC and below have a different structure for the credentials field. Please see Obtain Service Instance Access Credentials for more information.

Create a Tunnel to The Service

With the cf ssh command a ssh forward tunnel to the management dashboard can be created. Use port 6379 to connect to the a9s Redis® Instance.

$ cf ssh a9s-redis-app -L 6379:EXAMPLE.service.dc1.a9svs:6379
vcap@956aaf4e-6da9-4f69-4b1d-8e631a403312:~$

When the ssh tunnel is open you can access the instance over the address localhost:6379.

If the instance you have created is based on an SSL-plan, then you would need to provide a CA certificate when connecting to it using the tunnel approach. To do so you can rely on the certificate shown when executing cf env, as shown above.

You should save the certificate from the credentials.cacrt value of the VCAP_SERVICES object into some local file.

Then, while the tunnel is open you can use the redis-cli to interact with your Redis® instance from your local machine:

redis-cli -h 127.0.0.1 -p 6379 --user <user> --pass <password> --tls --cacert "$LOCAL_CA_CERT_FILE"
note

Don't forget to close the session with exit.

*Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by anynines GmbH is for referential purposes only and does not indicate any sponsorship, endorsement or affiliation between Redis and anynines GmbH.