From a8065239efce4f7dcdc430eb86fb5fb44dcda70b Mon Sep 17 00:00:00 2001 From: Chad Ferman Date: Wed, 20 May 2026 15:52:32 -0500 Subject: [PATCH] docs: switch Redis configuration from standalone to cluster mode Update containerized AAP inventories and validation report to use redis_mode='cluster' with firewall rules for ports 6379 and 16379. Co-authored-by: Cursor --- ...ontainerized-enterprise-dr-architecture.md | 4 ++-- ...ap-containerized-growth-dr-architecture.md | 11 ++++++---- docs/aap-containerized-quickstart.md | 2 +- reports/aap-architecture-validation-report.md | 20 +++++++++---------- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/docs/aap-containerized-enterprise-dr-architecture.md b/docs/aap-containerized-enterprise-dr-architecture.md index 8e7cb2f..c9e26ec 100644 --- a/docs/aap-containerized-enterprise-dr-architecture.md +++ b/docs/aap-containerized-enterprise-dr-architecture.md @@ -354,7 +354,7 @@ Protocol: TCP # AAP Components → Redis (colocated - localhost) # No firewall rule needed (localhost communication) -# Redis Cluster Communication (if Redis HA enabled) +# Redis cluster communication (cluster mode) Source: 10.1.1.11-12,15-18, 10.2.1.11-12,15-18 Dest: 10.1.1.11-12,15-18, 10.2.1.11-12,15-18 Port: 6379/tcp, 16379/tcp @@ -567,7 +567,7 @@ registry_username='' registry_password='' # Redis Configuration -redis_mode='standalone' # Use 'cluster' for Redis HA (optional) +redis_mode='cluster' # Redis HA across colocated nodes (requires 6+ Redis hosts per DC) # Platform Gateway Configuration gateway_admin_password='' diff --git a/docs/aap-containerized-growth-dr-architecture.md b/docs/aap-containerized-growth-dr-architecture.md index 64f1acd..6cc1217 100644 --- a/docs/aap-containerized-growth-dr-architecture.md +++ b/docs/aap-containerized-growth-dr-architecture.md @@ -288,8 +288,11 @@ Source: 10.1.1.0/24, 10.2.1.0/24 Dest: 10.1.2.100, 10.2.2.100 Port: 5432/tcp -# Redis (colocated - localhost communication) -# No external firewall rule needed +# Redis cluster communication (between colocated Redis nodes) +Source: 10.1.1.11-13, 10.2.1.11-13 +Dest: 10.1.1.11-13, 10.2.1.11-13 +Port: 6379/tcp, 16379/tcp +Protocol: TCP # PostgreSQL Replication (DC1 → DC2) Source: 10.1.2.21-23 @@ -357,7 +360,7 @@ registry_username='' registry_password='' # Redis Configuration -redis_mode='standalone' +redis_mode='cluster' # Platform Gateway Configuration gateway_admin_password='' @@ -431,7 +434,7 @@ postgresql_admin_username=postgres postgresql_admin_password='' registry_username='' registry_password='' -redis_mode='standalone' +redis_mode='cluster' # Admin passwords MUST match DC1 gateway_admin_password='' diff --git a/docs/aap-containerized-quickstart.md b/docs/aap-containerized-quickstart.md index d6e8f97..734ebec 100644 --- a/docs/aap-containerized-quickstart.md +++ b/docs/aap-containerized-quickstart.md @@ -223,7 +223,7 @@ postgresql_admin_username=postgres postgresql_admin_password='YourSecurePassword' registry_username='your-rhn-username' registry_password='your-rhn-password' -redis_mode='standalone' +redis_mode='cluster' gateway_admin_password='AdminPassword123' gateway_pg_host='10.1.2.100' diff --git a/reports/aap-architecture-validation-report.md b/reports/aap-architecture-validation-report.md index 9361398..87347ec 100644 --- a/reports/aap-architecture-validation-report.md +++ b/reports/aap-architecture-validation-report.md @@ -63,8 +63,8 @@ This report validates the [AAP Containerized DR Architecture](aap-containerized- |------|---------|-------------|------------|--------| | **80/443** | HAProxy → Gateway | Required | Included | ✅ **CORRECT** | | **5432** | All components → Database | Required | Included (to EFM VIP) | ✅ **CORRECT** | -| **6379** | Components → Redis | Required | Missing (Redis standalone) | ❌ **MISSING** | -| **16379** | Redis → Redis cluster bus | Required (HA) | Not applicable | ⚠️ **N/A** | +| **6379** | Components → Redis | Required | Documented (Redis cluster) | ✅ **CORRECT** | +| **16379** | Redis → Redis cluster bus | Required (HA) | Documented (Redis cluster) | ✅ **CORRECT** | | **27199** | Receptor mesh | Required | Included | ✅ **CORRECT** | | **8080/8443** | Gateway → Controller | Required | Included | ✅ **CORRECT** | @@ -95,7 +95,7 @@ aap-node2 # Colocated with hub aap-node3 # Colocated with EDA [all:vars] -redis_mode='standalone' # Each node runs own Redis instance +redis_mode='cluster' # Redis HA across colocated nodes ``` **Impact:** Medium - Redis connectivity issues may occur if not colocated properly. @@ -192,11 +192,11 @@ redis_mode='cluster' # Enables Redis Sentinel for HA ``` **Consideration:** -- Standalone Redis is simpler and sufficient for most deployments -- Cluster mode provides Redis HA but adds complexity -- If database has HA (via EFM), standalone Redis may be acceptable +- Cluster mode provides Redis HA across colocated nodes (Redis Sentinel) +- Requires 6+ hosts in the `[redis]` group per datacenter for HA compatibility +- Firewall must allow ports 6379 and 16379 between Redis nodes -**Decision:** Keep `redis_mode='standalone'` unless Redis HA is explicitly required. +**Decision:** Use `redis_mode='cluster'` for Redis HA across colocated nodes. --- @@ -400,7 +400,7 @@ registry_username='' registry_password='' # Redis -redis_mode='standalone' +redis_mode='cluster' # Gateway gateway_admin_password='ChangeMeGW!' @@ -445,10 +445,10 @@ eda_pg_password='ChangeMeDB!' 2. **Add Redis configuration to inventory** - `[redis]` group with gateway, hub, and EDA nodes - - Keep `redis_mode='standalone'` + - Use `redis_mode='cluster'` 3. **Add firewall rules for Redis** - - Port 6379 for Redis access + - Ports 6379 and 16379 for Redis cluster access 4. **Update architecture diagram** to show 8 AAP VMs per DC (not 3)