I have the issue reported on NewRelic forum but not sure if here is the more appropriate place to connect:
https://discuss.newrelic.com/t/external-redis-connection-reset/127110

I’m trying to configure the NR Redis agent to monitor a remote Redis instance.

The agent is failing with:

time=“2021-01-14T14:45:46Z” level=error msg=“Integration command failed” error=“exit status 2” instance=redis-test integration=com.newrelic.redis prefix=integration/com.newrelic.redis stderr="[FATAL] can’t continue: read tcp 123.123.123.123:53658->234.234.234.234:123: read: connection reset by peer\npanic: read tcp 123.123.123.123:53658->234.234.234.234:123: read: connection reset by peer\n\ngoroutine 1 [running]:\ngithub.com/newrelic/nri-redis/vendor/github.com/newrelic/infra-integrations-sdk/log.Fatal 1(0x741cc0, 0xc420068870)\n\t/go/src/github.com/newrelic/nri-redis/vendor/github.com/newrelic/infra-integrations-sdk/log/log.go:107 +0xd5\nmain.fatalIfErr(0x741cc0, 0xc420068870)\n\t/go/src/github.com/newrelic/nri-redis/src/redis.go:175 +0x44\nmain.main()\n\t/go/src/github.com/newrelic/nri-redis/src/redis.go:68 +0x15c\n" working-dir=/var/db/newrelic-infra/newrelic-integrations
time=“2021-01-14T14:45:46Z” level=info msg=“Integration health check finished with some errors” instance=redis-test integration=com.newrelic.redis prefix=integration/com.newrelic.redis working-dir=/var/db/newrelic-infra/newrelic-integrations

I don’t see how to specify the username, this could be the issue as I can get a connection from the same machine through a cli tool but by passing in the username and password.

Here is my config with some data replaced:

integration_name: com.newrelic.redis

instances:

    name: redis-test
    command: metrics
    arguments:
    hostname: redis-host.example.com
    port: 1234
    password:
    config_inventory: false
    #keys: ‘{“0”:["<KEY_1>"],“1”:["<KEY_2>"]}’

    remote_monitoring: true

    use_unix_socket: true
    labels:
    environment: test

• GPG private key
• GPG private key passphrase
• PFX certificate
• PFX certificate passphrase

Repolinter Report

🤖This issue was automatically generated by repolinter-action, developed by the Open Source and Developer Advocacy team at New Relic. This issue will be automatically updated or closed when changes are pushed. If you have any problems with this tool, please feel free to open a GitHub issue or give us a ping in #help-opensource.

This Repolinter run generated the following results:

• Fail
  • ❌ readme-starts-with-community-plus-header
• Passed
  • ✅ license-file-exists
  • ✅ readme-file-exists
  • ✅ readme-contains-link-to-security-policy
  • ✅ readme-contains-discuss-topic
  • ✅ code-of-conduct-should-not-exist-here
  • ✅ third-party-notices-file-exists

Fail #

❌ readme-starts-with-community-plus-header #

The README of a community plus project should have a community plus header at the start of the README. If you already have a community plus header and this rule is failing, your header may be out of date, and you should update your header with the suggested one below. For more information please visit https://opensource.newrelic.com/oss-category/. Below is a list of files or patterns that failed:

• README.md: The first 5 lines do not contain the pattern(s): Open source Community Plus header (see https://opensource.newrelic.com/oss-category).
  • 🔨 Suggested Fix: prepend the latest code snippet found at https://github.com/newrelic/opensource-website/wiki/Open-Source-Category-Snippets#code-snippet-2 to file

Passed #

Here is the reference: https://github.com/newrelic/nri-flex/blob/master/.goreleaser.yml#L7

Is your feature request related to a problem? Please describe.

It's unclear how to configure the newrelic redis integration for multiple redis ports/instances on a single host.

Feature Description

An example of how to configure the integration for multiple redis ports.

Describe Alternatives

I've looked through all the relevant documentation, examples, etc and have also tried several guesses at how to configure this, but so far no luck at getting it to work with multiple redis ports.

Priority

Blocker - I'm only able to use newrelic to monitor one redis instance per host, but I have 10+ redis instances per host.

Description

I recently installed the extension to monitor a Redis instance, the agent reports data correctly to the website however the labels in the yml are not included

Expected Behavior

Data reported to NR with tags.Environment = staging

Your Environment

Redis 3.2.1
Windows Server 2012 R2

Additional context

I've done a search of the source code and the word 'labels' doesn't seem to occur outside of the sample configs

When merging #126 allowing username/password to access redis we need to document the minimum permissions required to create a user for monitoring purposes

This applies to redis v6+

ACL SETUSER newrelic on >'YOUR_SELECTED_PASSWORD' ~* +INFO +CONFIG|GET +SELECT +TYPE +LLEN +SCARD +ZCOUNT +HLEN

Description of the problem

When attempting to use keyspaceHitsPerSecond from the RedisSample, we noticed that the reported value is not the rate (per second) but it is the raw count of hits against the instance since the instance was started. (It matches the keyspace_hits key from the INFO command)

Also, for some reason this metric is not always reported yet other metrics in the RedisSample (Fragmentation Ratio for example) are always reported.

Am I missing something about these keys?

The first screen shot is the timeseries of hits we are seeing in NewRelic. The Second screen shot is the application's perspective where we are seeing they are processing about 20-30 "items" per X time. Yet you can see that the first screen shot shows the hits as 0. For an item to be processed by the app, it has to retrieve a key from Redis. The third screen shot shows that while the rate is not being populated, other metrics from the sample are.

OS

• All of them
• Amazon Linux, all versions
• CentOS, version 6 or higher
• Debian, version 7 ("Wheezy") or higher
• Red Hat Enterprise Linux (RHEL), version 6 or higher
• Ubuntu, versions 12.04, 14.04, and 16.04 (LTS versions)
• Windows Server, 2008 and 2012 and their service packs

The infra agent now supports:

• Amazon Linux 2022 (Public Preview, GA expected by ~July)
• RHEL 9 (GA)
• Ubuntu 22.04 (GA)

Is your feature request related to a problem? Please describe.

A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Hi, we are starting to use NRI Redis in Tokopedia and our Redis are configured with:

rename-command CONFIG "ZmtlbmZ3ZWZl-CONFIG"

We are renaming redis-cli "CONFIG" command to avoid people/clients doing destructive CONFIG change on-the-fly. E.g. enabling AOF on the fly could pressure disk iops, etc.

Does it makes sense to make this CONFIG key configurable?

Feature Description

A clear and concise description of the feature you want or need.

Configurable Redis "CONFIG" sub-command used by nri-redis to get Redis configurations when we enable config_inventory: True.

Documentation

Describe Alternatives

A clear and concise description of any alternative solutions or features you've considered. Are there examples you could link us to?

Additional context

Tokopedia is moving Redis metrics and logging (everything!) to NR.

Priority

Please help us better understand this feature request by choosing a priority from the following options:
[Nice to Have, Really Want, Must Have, Blocker]

Umm.. Really Want

We want to avoid maintaining a separate fork of nri-redis.

Repolinter Report

🤖This issue was automatically generated by repolinter-action, developed by the Open Source and Developer Advocacy team at New Relic. This issue will be automatically updated or closed when changes are pushed. If you have any problems with this tool, please feel free to open a GitHub issue or give us a ping in #help-opensource.

This Repolinter run generated the following results:

• Passed
  • ✅ license-file-exists
  • ✅ readme-file-exists
  • ✅ readme-starts-with-community-plus-header
  • ✅ readme-contains-link-to-security-policy
  • ✅ readme-contains-forum-topic
  • ✅ code-of-conduct-should-not-exist-here
  • ✅ third-party-notices-file-exists

Passed #

Issue

Some parameters accepted by the integration:

• UnixSocketPath Unix socket path on which Redis server is listening.
• KeysLimit Max number of the keys to retrieve their lengths
• ConfigInventory Provides CONFIG inventory information. Set it to 'false' in environments where the Redis CONFIG command is prohibited (e.g. AWS ElastiCache)

Priority

Please help us better understand this feature request by choosing a priority from the following options:
Really Want

Repolinter Report

🤖This issue was automatically generated by repolinter-action, developed by the Open Source and Developer Advocacy team at New Relic. This issue will be automatically updated or closed when changes are pushed. If you have any problems with this tool, please feel free to open a GitHub issue or give us a ping in #help-opensource.

This Repolinter run generated the following results:

• Fail
  • ❌ readme-starts-with-community-header
• Passed
  • ✅ license-file-exists
  • ✅ readme-file-exists
  • ✅ readme-contains-link-to-security-policy
  • ✅ readme-contains-forum-topic
  • ✅ code-of-conduct-should-not-exist-here
  • ✅ third-party-notices-file-exists

Fail #

❌ readme-starts-with-community-header #

The README of a community project should have a community project header at the start of the README. If you already have a community project header and this rule is failing, your header may be out of date, and you should update your header with the suggested one below. For more information please visit https://opensource.newrelic.com/oss-category/. Below is a list of files or patterns that failed:

• README.md: The first 5 lines do not contain the pattern(s): Open source Community header (see https://opensource.newrelic.com/oss-category).
  • 🔨 Suggested Fix: prepend the latest code snippet found at https://github.com/newrelic/opensource-website/wiki/Open-Source-Category-Snippets#code-snippet-1 to file

Passed #

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Goal: have new version released and published via new workflow

Description

I am installing the debian packages for infrastructure-agent and nri-redis in a docker image, but our scans are flagging some high severity Go vulnerabilities.

govulncheck indicates the following problems with the latest version of nri-redis.
Scanning the binary in nri-redis_linux_1.10.0_amd64.tar.gz:

bin % govulncheck --mode binary ./nri-redis                                                                    
Using [email protected] with vulnerability data from https://vuln.go.dev (last modified 2023-07-11 19:19:08 +0000 UTC).

Scanning your binary for known vulnerabilities...

Vulnerability #1: GO-2023-1878
    Insufficient sanitization of Host header in net/http
  More info: https://pkg.go.dev/vuln/GO-2023-1878
  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]
    Example traces found:
      #1: http.Client.CloseIdleConnections
      #2: http.Client.Do
      #3: http.Client.Get
      #4: http.Client.Head
      #5: http.Client.Post
      #6: http.Client.PostForm
      #7: http.Get
      #8: http.Head
      #9: http.Post
      #10: http.PostForm
      #11: http.Request.Write
      #12: http.Request.WriteProxy
      #13: http.Transport.CancelRequest
      #14: http.Transport.CloseIdleConnections
      #15: http.Transport.RoundTrip

Vulnerability #2: GO-2023-1840
    Unsafe behavior in setuid/setgid binaries in runtime
  More info: https://pkg.go.dev/vuln/GO-2023-1840
  Standard library
    Found in: [email protected]
    Fixed in: [email protected]
    Example traces found:
      #1: runtime.runtime/*

Your code is affected by 2 vulnerabilities from the Go standard library.

• https://pkg.go.dev/vuln/GO-2023-1840
• https://pkg.go.dev/vuln/GO-2023-1878

Twistlock scans also indicate three additional potential build-time vulnerabilities related to the Go compiler version:

• https://pkg.go.dev/vuln/GO-2023-1839
• https://pkg.go.dev/vuln/GO-2023-1841
• https://pkg.go.dev/vuln/GO-2023-1842

Additional context

The resolution seems to be to rebuild the binaries with Go 1.20.6 or newer

For Maintainers Only or Hero Triaging this bug

Suggested Priority (P1,P2,P3,P4,P5):
Suggested T-Shirt size (S, M, L, XL, Unknown):

Feature Description

We'd like TLS connection support

Describe Alternatives

There are none.

Additional context

This is already supported by the upstream lib (https://github.com/gomodule/redigo) though, note that the code is currently using https://github.com/garyburd/redigo, which is the archived old version of the same lib.

Priority

Blocker (our redis instances require encryption in flight)

Description of the problem

Add support for monitoring multiple instances:

Relates to

#9 and #10 by @TylerLubeck

OS

• All of them
• Amazon Linux, all versions
• CentOS, version 6 or higher
• Debian, version 7 ("Wheezy") or higher
• Red Hat Enterprise Linux (RHEL), version 6 or higher
• Ubuntu, versions 12.04, 14.04, and 16.04 (LTS versions)
• Windows Server, 2008 and 2012 and their service packs

Is your feature request related to a problem? Please describe.

ACL based authorization for Redis
Link: https://redis.io/commands/auth

Feature Description

ACL based authorization is introduced with redis 6. This requires username along with password.

Describe Alternatives

No Alternative, as we are using ACL authorization

Additional context

N/A

Priority

Blocker

Repolinter Report

🤖This issue was automatically generated by repolinter-action, developed by the Open Source and Developer Advocacy team at New Relic. This issue will be automatically updated or closed when changes are pushed. If you have any problems with this tool, please feel free to open a GitHub issue or give us a ping in #help-opensource.

This Repolinter run generated the following results:

• Passed
  • ✅ license-file-exists
  • ✅ readme-file-exists
  • ✅ readme-starts-with-community-plus-header
  • ✅ readme-contains-link-to-security-policy
  • ✅ readme-contains-discuss-topic
  • ✅ code-of-conduct-should-not-exist-here
  • ✅ third-party-notices-file-exists

Passed #

Improve static analysis with Semgrep adding the newrelic-infra-checkers actions to get the semgrep and golangci-lint configurations.

Using current Kafka/Redis GHA template migrate current Travis-CI pipeline into GHA

• remove Travis-CI

1. === redis === [ validate ]: running gofmt... failed. Incorrect syntax in the following files:
   src/inventory_test.go src/metrics_test.go
   make: *** [Makefile:31: validate-only] Error 1

This is the first problem.

2. when I remove the validate-only task in the makefile, the following error is :

=== redis === [ validate-deps ]: installing validation dependencies...
go: github.com/Sirupsen/[email protected]: parsing go.mod:
module declares its path as: github.com/sirupsen/logrus
but was required as: github.com/Sirupsen/logrus
make: *** [Makefile:24: validate-deps] Error 1

I think you should update helplers.go module import to the latest version sirupsen, while not Sirupsen.

3. When I update like above, I also happen to many vendor dependency update warnings. At this time, I remove the directory vendor and make it passed. So, My question is could we remove the vendor dependency and use go mod style? I could use this way to build when I remove validate-only in the makefile and remove vendor directory.

p.s. If the demo could not build smoothly from the scratch, I could not figure out how do we ensure and convince our customers to use it?

#115 was recently merged, we need to add this new parameter and some examples to the docs.

Repolinter Report

🤖This issue was automatically generated by repolinter-action, developed by the Open Source and Developer Advocacy team at New Relic. This issue will be automatically updated or closed when changes are pushed. If you have any problems with this tool, please feel free to open a GitHub issue or give us a ping in #help-opensource.

This Repolinter run generated the following results:

• Fail
  • ❌ code-of-conduct-file-does-not-exist
• Passed
  • ✅ license-file-exists
  • ✅ readme-file-exists
  • ✅ readme-starts-with-community-plus-header
  • ✅ readme-contains-link-to-security-policy
  • ✅ readme-contains-discuss-topic
  • ✅ third-party-notices-file-exists

Fail #

❌ code-of-conduct-file-does-not-exist #

New Relic has moved the CODE_OF_CONDUCT file to a centralized location where it is referenced automatically by every repository in the New Relic organization. Because of this change, any other CODE_OF_CONDUCT file in a repository is now redundant and should be removed. Note that you will need to adjust any links to the local CODE_OF_CONDUCT file in your documentation to point to the central file (README and CONTRIBUTING will probably have links that need updating). For more information please visit https://docs.google.com/document/d/1y644Pwi82kasNP5VPVjDV8rsmkBKclQVHFkz8pwRUtE/view. Found files. Below is a list of files or patterns that failed:

• CODE_OF_CONDUCT.md
  • 🔨 Suggested Fix: Remove file

Passed #

Repolinter Report

🤖This issue was automatically generated by repolinter-action, developed by the Open Source and Developer Advocacy team at New Relic. This issue will be automatically updated or closed when changes are pushed. If you have any problems with this tool, please feel free to open a GitHub issue or give us a ping in #help-opensource.

This Repolinter run generated the following results:

• Fail
  • ❌ readme-starts-with-community-plus-header
  • ❌ readme-contains-link-to-security-policy
• Passed
  • ✅ license-file-exists
  • ✅ readme-file-exists
  • ✅ readme-contains-discuss-topic
  • ✅ third-party-notices-file-exists

Fail #

❌ readme-starts-with-community-plus-header #

The README of a community plus project should have a community plus header at the start of the README. If you already have a community plus header and this rule is failing, your header may be out of date. For more information please visit https://opensource.newrelic.com/oss-category/. Below is a list of files or patterns that failed:

• README.md: The first 1 lines do not contain the pattern(s): Open source Community Plus header (see https://opensource.newrelic.com/oss-category).
  • 🔨 Suggested Fix: prepend [![Community Plus header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Community_Plus.png)](https://opensource.newrelic.com/oss-category/#community-plus) to file

❌ readme-contains-link-to-security-policy #

Doesn't contain a link to the security policy for this repository (README.md). New Relic recommends putting a link to the open source security policy for your project (https://github.com/newrelic/<repo-name>/security/policy) in the README. For an example of this, please see the "a note about vulnerabilities" section of the Open By Default repository. For more information please visit https://nerdlife.datanerd.us/new-relic/security-guidelines-for-publishing-source-code.

Passed #

Description

When an IPv6 address is input to the NRI, it does not format as expected by the connector handler (redis.Dial). Instead, it needs to be formatted as defined in RFC 2732.

time="2021-07-23T19:53:24Z" level=warning msg="integration exited with error state" component=integrations.runner.Runner env=production error="exit status 2" integration_name=nri-redis stderr="[FATAL] can't continue: Redis connection through TCP failed, got error: dial tcp: address fd30:0:0:30::230:6379: too many colons in address\npanic: Redis connection through TCP failed, got error: dial tcp: address fd30:0:0:30::230:6379: too many colons in address\n\ngoroutine 1 [running]:\ngithub.com/newrelic/nri-redis/vendor/github.com/newrelic/infra-integrations-sdk/log.Fatal(0x741b00, 0xc42007c820)\n\t/go/src/github.com/newrelic/nri-redis/vendor/github.com/newrelic/infra-integrations-sdk/log/log.go:107 +0xd5\nmain.main()\n\t/go/src/github.com/newrelic/nri-redis/src/redis.go:63 +0x84d"

Expected Behavior

Connect to a remote entity (host) using IPv6 to retrieve metrics.

Steps to Reproduce

Execute command to a Redis over IPv6 as shown below.

$ nri-redis -hostname ::1

masterauth password included in inventory

Currently only requirepass is stripped from the inventory, but masterauth remains. This should be stripped as well. Expect a PR shortly.

OS

• All of them
• Amazon Linux, all versions
• CentOS, version 6 or higher
• Debian, version 7 ("Wheezy") or higher
• Red Hat Enterprise Linux (RHEL), version 6 or higher
• Ubuntu, versions 12.04, 14.04, and 16.04 (LTS versions)
• Windows Server, 2008 and 2012 and their service packs

Using current Kafka/Redis GHA template migrate current build pipeline into GHA

• update private release pipeline to use artifacts from GH releases

Is your feature request related to a problem? Please describe.

Maintaining and debugging Redis (and Redis Cluster) on production environment will be pleasant if we can see statistics of how much each Redis commands called. The Redis Server has an internal command statistics. We can get it by using INFO commandstats command.

Example:

127.0.0.1:6379> INFO commandstats
# Commandstats
cmdstat_config:calls=1,usec=23,usec_per_call=23.00,rejected_calls=0,failed_calls=0
cmdstat_client:calls=177,usec=431,usec_per_call=2.44,rejected_calls=2,failed_calls=0
cmdstat_cluster:calls=184,usec=8919,usec_per_call=48.47,rejected_calls=0,failed_calls=0
cmdstat_latency:calls=177,usec=461,usec_per_call=2.60,rejected_calls=0,failed_calls=0
cmdstat_auth:calls=407,usec=6638,usec_per_call=16.31,rejected_calls=0,failed_calls=224
cmdstat_ping:calls=3,usec=2,usec_per_call=0.67,rejected_calls=0,failed_calls=0
cmdstat_command:calls=2,usec=1867,usec_per_call=933.50,rejected_calls=1,failed_calls=0
cmdstat_info:calls=183,usec=20578,usec_per_call=112.45,rejected_calls=6,failed_calls=0
cmdstat_slowlog:calls=354,usec=979,usec_per_call=2.77,rejected_calls=0,failed_calls=0
cmdstat_readonly:calls=3,usec=1,usec_per_call=0.33,rejected_calls=0,failed_calls=0

Feature Description

The nri-redis will be much better if it is able to capture the commandstats metrics. So my company will be able to display the detailed command-calls on New Relic dashboard.

Describe Alternatives

FYI, the redis_exporter for Prometheus already exported the metrics, reference:
https://github.com/oliver006/redis_exporter/blob/3e7d7546638b66e1ecba7ddf8c35ca99934c7a6e/exporter/info.go#L88

Additional context

Redis Cluster production. By checking and comparing the commandstats on each redis-node, our administrator can check any is any redis-cluster balanced or not.

Priority

Nice to Have.

Goal: be able to upload .tar.gz, .zip, .msi into test download.newrelic.com repo

Steps:

• Create docker GHA inside of nri-redis repo documentation
• Mount s3 inside docker container
• Grab msi, zip, tag.gz from GH
• Upload artifacts to right locations based on platform and OS
• Add locking mechanism via s3 consistent read/write s3 feature
• Request dedicated repo for github action in newrelic org (to be able to publish action and use in other projects)

Notes / ideas:

• Create base image that contains all scripts and have different tags to run specific upload step (via entrypoint). ex: gha-upload:msi? for uploading msi only. If called with :latest run all upload steps. It will give us some flexibility. gha-upload is just example of name, name of action can be different
• Make GHA in a way that it know what is our integration artifacts naming format and be able to overwrite it with a parameter if needed.
• Pass integration name as a parameter.
• Pass tag as a parameter.
• List of file masks to upload
• Grab release assets from corresponding to TAG release page.