Today, we're pleased to release, as open source, Redli - a humane alternative to the redis-cli and TLS connections. It makes connecting to a TLS/SSL-protected server as simple as connecting to one with no encryption protection.
TL;DR: There's a new Redis CLI client from Compose which lets you connect with TLS/SSL
rediss: URLs too. You can get the source code and executables now.
Why write a new client?
Why Redli? Well, we love the redis-cli. It's a solid, no-nonsense command line client with some great command line handling. It is just right for when you want to connect into a Redis server and fire off some commands to change some keys or do some monitoring or try out your latest idea.
But when you work with Redis servers behind TLS/SSL portals, then things get a bit less easy. You need to configure up stunnel, get that to connect to the Redis server and map to a local port, then ask redis-cli to connect to that local port. With one server, that's not a huge issue but if you are talking to four or five Redis servers regularly, now you have to remember which local ports map to which servers. Add in the extra wrinkle of managing certificates for verifying the servers and it's all just a bit tedious.
We looked to address that with stunredis. It is an automated script which does the stunnel configuration on-demand. It works but it's far from as elegant a solution as we had hoped. There's also the time to setup issue; a new user with no Redis will need to download Redis itself (to get redis-cli) and install stunnel before the script starts working.
There had to be an easier way and we think it is Redli. Redli is a Go application which leverages two useful facts. One, most Redis drivers already support TLS/SSL. Two, the Redis command protocol is super simple as protocols go.
We took the Redigo driver, a command line flag handler, an interactive command line library and the JSON help from the Redis documentation and put it together so what you get is this...
$ redli -u rediss://admin:PASSWORD@portal1444-7.newdb.3268603687.composedb.com:16533 Connected to 4.0.10 >
You can use
rediss: schemes in URIs to completely specify a connection to a Redis database. If you want to break it down into a more traditional host/port arrangement, you can do that too.
$ redli --tls -h portal1444-7.newdb.3268603687.composedb.com -p 16533 -a PASSWORD Connected to 4.0.10 >
--tls flag lets you activate TLS/SSL while the
-a flags map to the equivalent
redis-cli flags. If you are the kind of person who likes to see the server name and port in your prompt, add
$ redli --tls -h portal1444-7.newdb.3268603687.composedb.com -p 16533 -a PASSWORD --long Connected to 4.0.10 portal1444-7.newdb.3268603687.composedb.com:16533> info server # Server redis_version:4.0.10 redis_git_sha1:00000000 redis_git_dirty:0 redis_build_id:7d1b2beda36a4b06 redis_mode:standalone os:Linux 3.19.0-59-generic x86_64 arch_bits:64 multiplexing_api:epoll atomicvar_api:atomic-builtin gcc_version:4.8.4 process_id:53 run_id:99dc9cc28bc549e5a52d48d02325b49be90e4124 tcp_port:6379 uptime_in_seconds:4254317 uptime_in_days:49 hz:10 lru_clock:8145696 executable:/redis-server config_file:/app/redis.conf portal1444-7.newdb.3268603687.composedb.com:16533>
The command line itself has a help command, tab completion for commands, per session history accessed with cursor up and whatever commands your version of Redis supports.
> help Enter help <command> to show information about a command > help lset Command: LSET Summary: Set the value of an element in a list by its index Complexity: O(N) where N is the length of the list. Setting either the first or the last element of the list is O(1). Args: key (key) index (integer) value (string) > info keyspace # Keyspace db0:keys=4,expires=0,avg_ttl=0 > set x 1000 OK > get x "1000" > lpush fred "Hello" (integer) 1 > lset fred 0 "Goodbye" OK > lindex fred 0 "Goodbye" > lpush fred "Hello" (integer) 2 > lpop fred "Hello" > lpop fred "Goodbye" > exit $
Like the redis-cli, we don't check most entered commands at the client, preferring to send them to the server and echo back the result. This means that future, new commands should be implicitly supported too.
Finally, you can add Redis commands after the redli command and have them executed immediately. Redli will then exit. This is especially useful for scripted monitoring.
What's currently missing?
Redli is about getting commands to the server and seeing results. That means that it doesn't support special case command-line debugging commands like
MONITOR which echoes back commands being issued to the server by dropping into loop reading output.
Redli also currently misses the other special reporting flags such as
--bigkeys and the
-i/-r flags for repeating commands. Where there's a demand for a feature, we hope that either we or the community can help fill that demand. File an issue if there's something you really need, and if you can, we invite you to file a pull request to make Redli better.
We have latest binary releases of Redli available at github.com/IBM-Cloud/redli/releases/latest for macOs, Linux and Windows. Download, unarchive and run. Redli is a single standalone binary for any platform. Checksums are available for validating the archives too. We hope to be updating fairly regularly. Redli is published under the Apache 2 license for easy consumption too.
If you are so inclined, and we hope some of you are, you can build Redli by checking out the source. The package dependencies are managed with dep and "vendored" with copies of the needed packages it was built with. Any problems with building, drop us a note in the issues as we want to make that as simple as possible too.
We have to say thanks to Gary Burd for Redigo, Peter Harris for liner, Mattn for go-isatty and go-shellwords and Alec Thomas for KingPin. All of these packages made making Redli possible.
Your Redli feedback is wanted
This is the first release of Redli and we want to hear what you think. We hope it makes life easier for anyone using TLS/SSL and Redis, but if we can make that better, let us and the community know by filing an issue on the Redli repository or adding your comments to existing issues.
attribution Jessica Weiller via Unsplash