Skip to content

Commit

Permalink
Jira DOC-806: RS 6.2.8 docs (#1632)
Browse files Browse the repository at this point in the history
* Added more detail to rladmin verify commands (#1550)

* Jira DOC-703: Update Database backup to reflect start time and updated directions. (#1548)

* First steps; not yet ready for review.

* Initial draft

* Adding default start time discussion.

* Minor tweaks and edits.

* Moar fixes

* Jira DOC-769: Update TLS support statement for TLS. (#1554)

* Initial draft

* Adding statement to Supported OS article.

* Tweaks and fixes

* Jira DOC-929: Add additional details about the upgrade policy to the upgrade doc. (#1599)

* Initial draft

* Promoting section.

* Incoporating editorial feedback.

* Jira DOC-939: RS - Align Export data article to Back up data article (#1598)

* Initial draft

* Editorial feedback.

* Jira DOC-857: RS - v6.2.8 Release notes (#1628)

* Added public read parameter to automated deployment of robots.txt (#1622)

* Initial draft

* Editorial fixes/tweaks

* More fixes/tweaks

* Jira DOC-564: RS - Clarify how to enable public/private IP support (#1611)

* Initial draft.

* Editorial feedback/tweaks.

* Fixing typo.

* More updates/tweaks.

* Allow HTML encoding in table-children column names (#1629)

* Jira DOC-196: Modules: document enterprise capability support (#1504)

* Initial draft

* Tweaks and fixes

* Editorial feedback.

* More editorial feedback.

* More editorial changes.

* More fixes/updates

* Updating limitations.

Co-authored-by: Rachel Elledge <86307637+rrelledge@users.noreply.github.com>

Co-authored-by: Rachel Elledge <86307637+rrelledge@users.noreply.github.com>
  • Loading branch information
lanceleonard and rrelledge authored Oct 31, 2021
1 parent 50ada0a commit 3666dba
Show file tree
Hide file tree
Showing 22 changed files with 663 additions and 86 deletions.
13 changes: 10 additions & 3 deletions content/embeds/supported-platforms-embed.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,33 @@

Redis Enterprise Software (RS) is supported on several operating systems, cloud environments, and virtual environments.
Redis Enterprise Software is supported on several operating systems, cloud environments, and virtual environments.

{{< note >}}
Make sure your system meets these requirements:

- Only 64-bit operating systems are supported.
- You must install Redis Enterprise Software directly on the host, not through system cloning.
- You must install on a clean host with no other applications running so that all RAM is allocated to the OS and RS only.
- You must install on a clean host with no other applications running so that all RAM is allocated to the OS and Redis Enterprise Software only.
- Linux distributions must be installed with at least "Minimal Install" configuration.
{{< /note >}}

| **Platform** | **Versions/Information** |
|------------|-----------------|
| Ubuntu | 14.04 (Support ends on November 30, 2020)<br>16.04, 18.04<br>Server version is recommended for production installations. Desktop version is only recommended for development deployments. |
| RHEL/CentOS 6 | 6.7, 6.8, 6.9 (Support ends on November 30, 2020) |
| RHEL/CentOS 7 | 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9<br>Requires OpenSSL 1.0.2 and [firewall configuration]({{< relref "/rs/installing-upgrading/configuring/centos-rhel-7-firewall.md" >}}) |
| RHEL/CentOS 7 | 8.0, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9<br>Requires OpenSSL 1.0.2 and [firewall configuration]({{< relref "/rs/installing-upgrading/configuring/centos-rhel-7-firewall.md" >}}) |
| Oracle Linux 6 | Based on the corresponding RHEL version |
| Oracle Linux 7 | Based on the corresponding RHEL version |
| Amazon Linux | Version 1 |
| Docker | [Docker images]({{< relref "/rs/getting-started/getting-started-docker.md" >}}) of Redis Enterprise Software are certified for Development and Testing only. |
| Kubernetes | See the [Platform documentation]({{< relref "/kubernetes/_index.md" >}}) |

Be aware that Redis Enterprise Software relies on certain components that require support from the operating system. You cannot enable support for components, services, protocols, or versions that aren't supported by the operating system running Redis Enterprise Software. In addition, updates to the operating system or to Redis Enterprise Software can impact component support.

To illustrate, version 6.2.8 of Redis Enterprise Software removed support for TLS 1.0 and TLS 1.1 on Red Hat Enterprise Linux 8 (RHEL 8) because that operating system [does not enable support](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening) for these versions by default.

If you have trouble enabling specific components, features, or versions, verify that they're supported by your operating system and that they're configured correctly.


## VMware

Redis Enterprise is compatible with VMware, but make sure that you:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ categories: ["RS"]
aliases: ["/rs/administering/cluster-operations/updating-certificates"]
---

Redis Enterprise Software (RS) uses self-signed certificates out-of-the-box to make sure that the product is secure by default.
Redis Enterprise Software uses self-signed certificates out-of-the-box to make sure that the product is secure by default.
The self-signed certificates are used to establish encryption-in-transit for the following traffic:

- Management admin console (CM) - The certificate for connections to the management admin console
Expand All @@ -16,7 +16,7 @@ The self-signed certificates are used to establish encryption-in-transit for the
- Syncer - The certificate for Active-Active and Replica Of synchronization between clusters
- Metrics exporter - The certificate to export metrics to Prometheus

These self-signed certificates are generated on the first node of each RS installation and are copied to all other nodes added to the cluster.
These self-signed certificates are generated on the first node of each Redis Enterprise Software installation and are copied to all other nodes added to the cluster.

When you use the default self-signed certificates and you connect to the admin console over a web browser, you'll seen an untrusted connection notification.

Expand All @@ -28,7 +28,7 @@ When you update the certificates, the new certificate replaces the same certific

## How to update TLS certificates

You can use either the rladmin CLI or the REST API to update the certificates.
You can use either the rladmin command-line interface (CLI) or the REST API to update the certificates.

### Using the CLI

Expand Down Expand Up @@ -66,7 +66,7 @@ curl -k -X PUT -u "<username>:<password>" -H "Content-Type: application/json" -d
Where:

- cert_name - The name of the certificate to replace:
- For management UI: `cm`
- For management admin console: `cm`
- For REST API: `api`
- For database endpoint: `proxy`
- For syncer: `syncer`
Expand All @@ -83,7 +83,7 @@ Where:

The new certificates are used the next time the clients connect to the database.

When you upgrade RS, the upgrade process copies the certificates that are on the first upgraded node to all of the nodes in the cluster.
When you upgrade Redis Enterprise Software, the upgrade process copies the certificates that are on the first upgraded node to all of the nodes in the cluster.

### Update syncer certificates for Active-Active databases

Expand All @@ -105,7 +105,7 @@ crdb-cli crdb update --crdb-guid <CRDB-GUID> --force

## TLS protocol and ciphers

TLS protocols and ciphers define the overall suite of algorithms that clients are able to connect to the servers with. You can change the TLS protocols and ciphers to improve the security posture of your RS cluster and databases. The default settings are in line with industry best practices, but you can customize them to match the security policy of your organization.
TLS protocols and ciphers define the overall suite of algorithms that clients are able to connect to the servers with. You can change the TLS protocols and ciphers to improve the security posture of your Redis Enterprise cluster and databases. The default settings are in line with industry best practices, but you can customize them to match the security policy of your organization.

The communications for which you can modify TLS protocols and ciphers are:

Expand All @@ -115,6 +115,12 @@ The communications for which you can modify TLS protocols and ciphers are:

You can configure the TLS protocols and ciphers with the `rladmin` commands shown here, or with the REST API.

Be aware that TLS support depends on the operating system. You cannot enable support for protocols or versions that aren't supported by the operating system running Redis Enterprise Software. In addition, updates to the operating system or to Redis Enterprise Software can impact protocol and version support.

To illustrate, version 6.2.8 of Redis Enterprise Software removed support for TLS 1.0 and TLS 1.1 on Red Hat Enterprise Linux 8 (RHEL 8) because that operating system [does not enable support](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening) for these versions by default.

If you have trouble enabling specific versions of TLS, verify that they're supported by your operating system and that they're configured correctly.

### TLS protocol for the control plane

To set the minimum TLS protocol for the control plane:
Expand Down Expand Up @@ -178,7 +184,7 @@ For your changes to take effect on the discovery service, restart the service wi
supervisorctl restart sentinel_service
```

After you set the minimum TLS version, RS does not accept communications with
After you set the minimum TLS version, Redis Enterprise Software does not accept communications with
TLS versions older than the specified version.

### Cipher configuration
Expand Down
Loading

0 comments on commit 3666dba

Please sign in to comment.