{"id":13644627,"url":"https://github.com/letsencrypt/attache","last_synced_at":"2025-04-21T10:33:49.662Z","repository":{"id":38361002,"uuid":"424687293","full_name":"letsencrypt/attache","owner":"letsencrypt","description":"A sidecar that allows for effortless scaling of a Redis Cluster","archived":true,"fork":false,"pushed_at":"2022-12-05T10:03:12.000Z","size":3211,"stargazers_count":9,"open_issues_count":9,"forks_count":4,"subscribers_count":10,"default_branch":"main","last_synced_at":"2024-11-09T17:41:59.712Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/letsencrypt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-11-04T17:46:35.000Z","updated_at":"2024-04-04T19:46:55.000Z","dependencies_parsed_at":"2022-08-25T04:50:42.099Z","dependency_job_id":null,"html_url":"https://github.com/letsencrypt/attache","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/letsencrypt%2Fattache","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/letsencrypt%2Fattache/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/letsencrypt%2Fattache/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/letsencrypt%2Fattache/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/letsencrypt","download_url":"https://codeload.github.com/letsencrypt/attache/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250040538,"owners_count":21365128,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:02:09.711Z","updated_at":"2025-04-21T10:33:44.642Z","avatar_url":"https://github.com/letsencrypt.png","language":"Go","readme":"# Attaché\nA sidecar that allows for effortless scaling of Redis Clusters using Hashicorp\nNomad and Consul.\n\n#### Features\n- Create a new cluster when no cluster is present\n- Add new primary node and perform a shard slot rebalance\n- Add new replica node to the primary node with the least replicas\n- Full support for Redis mTLS and ACL Auth\n- Full support for Consul mTLS and ACL Tokens\n\n#### To Do\n- [x] Redis ACL\n- [x] Redis Password\n- [x] Redis mTLS\n- [ ] Drain, failover, and FORGET an existing primary node\n- [ ] Remove and FORGET an existing replica node\n\n### `attache-check`\nA sidecar that servers an HTTP API that allows Consul to track the health of\nRedis Cluster Nodes, route new nodes to the Await (introduction) Consul Service\nfor their Redis Cluster, then migrate them to the Destination Consul Service\nonce they've joined a cluster.\n\n#### Usage\n```shell\n$ attache-check -help\nUsage of attache-check:\n  -check-serv-addr string\n    \taddress this utility should listen on (e.g. 127.0.0.1:8080)\n  -redis-auth-password-file string\n    \tredis-server password file path, (required)\n  -redis-auth-username string\n    \tredis-server username, (required)\n  -redis-node-addr string\n    \tredis-server listening address, (required)\n  -redis-tls-ca-cert string\n    \tRedis client CA certificate file, (required)\n  -redis-tls-cert-file string\n    \tRedis client certificate file, (required)\n  -redis-tls-key-file string\n    \tRedis client key file, (required)\n  -shutdown-grace duration\n    \tduration to wait before shutting down (e.g. '1s') (default 5s)\n```\n\n### `attache-control`\nAn ephemeral sidecar that acts as an agent for each Redis node when it's\nstarted. If a node's `node info` reflects that of a new node, this agent will\nattempt to introduce it to an existing Redis Cluster, if it exists, else it will\nattempt to orchestrate the create a new Redis Cluster if there are enough new\nRedis nodes (in the Await Consul Service) to do so.\n\n#### Usage\n```shell\n$ ./attache-control -help\nUsage of ./attache-control:\n  -attempt-interval duration\n    \tDuration to wait between attempts to join or create a cluster (e.g. '1s') (default 3s)\n  -await-service-name string\n    \tConsul Service for newly created Redis Cluster Nodes, (required)\n  -consul-acl-token string\n    \tConsul client ACL token\n  -consul-addr string\n    \tConsul client address (default \"127.0.0.1:8501\")\n  -consul-dc string\n    \tConsul client datacenter (default \"dev-general\")\n  -consul-tls-ca-cert string, (required)\n    \tConsul client CA certificate file\n  -consul-tls-cert string, (required)\n    \tConsul client certificate file\n  -consul-tls-key string, (required)\n    \tConsul client key file\n  -dest-service-name string\n    \tConsul Service for healthy Redis Cluster Nodes, (required)\n  -lock-kv-path string\n    \tConsul KV path to use as a leader lock for Redis Cluster operations (default \"service/attache/leader\")\n  -log-level string\n    \tSet the log level (default \"info\")\n  -redis-auth-password-file string\n    \tRedis password file path, (required)\n  -redis-auth-username string\n    \tRedis username, (required)\n  -redis-node-addr string\n    \tredis-server listening address, (required)\n  -redis-tls-ca-cert string\n    \tRedis client CA certificate file, (required)\n  -redis-tls-cert-file string\n    \tRedis client certificate file, (required)\n  -redis-tls-key-file string\n    \tRedis client key file, (required)\n```\n\n### Running the Example Nomad Job\nNote: these steps assume that you have the `nomad`, `consul`, and `terraform`\nbinaries installed on your machine and that they exist in your `PATH`.\n\nBuild the attache-control and attache-check binaries:\n```shell\n$ go build -o attache-check ./cmd/attache-check/main.go \u0026\u0026 go build -o attache-control ./cmd/attache-control/main.go ./cmd/attache-control/config.go\n```\n\nIn another shell, start the Consul server in `dev` mode:\n```shell\n$ consul agent -dev -config-format=hcl -config-file consul.conf.hcl\n```\n\nIn another shell, start the Nomad server in `dev` mode:\n```shell\n$ sudo nomad agent -dev -config nomad.conf.hcl\n```\n\nStart a Nomad job deployment using Terraform:\n```shell\ncd example\nterraform init\nterraform plan\nterraform apply\n```\n\nOpen the Nomad UI: http://localhost:4646/ui to view information about the Redis\nCluster deployment\n\nOpen the Consul UI: http://localhost:8501/ui to view health check information\nfor the Redis Cluster\n\n### Useful Commands\n\n#### Purge Nomad Job\nThis is useful for stopping and garbage collecting a job in Nomad immediately.\n```shell\nnomad job stop -purge \"\u003cjobname\u003e\"\n```\n\n#### Count Primary Redis Nodes\n```shell\nredis-cli -p \u003ctls-port\u003e --tls --cert ./example/tls/redis/cert.pem --key ./example/tls/redis/key.pem --cacert ./example/tls/ca-cert.pem --user replication-user --pass \u003credis-password\u003e cluster nodes | grep master | wc -l\n```\n\n#### Count Replica Redis Nodes\n```shell\nredis-cli -p \u003ctls-port\u003e --tls --cert ./example/tls/redis/cert.pem --key ./example/tls/redis/key.pem --cacert ./example/tls/ca-cert.pem --user replication-user --pass \u003credis-password\u003e cluster nodes | grep slave | wc -l\n```\n\n#### Create New Consul CA-Cert and Key\n```shell\nconsul tls ca create\n```\n\n#### Create and Sign New Consul Server Cert and Key\nIn the same directory as the CA Cert:\n```shell\nconsul tls cert create -client -dc \"dev-general\"\n```\n\n#### Create and Sign New Consul Client Cert and Key\nIn the same directory as the CA Cert:\n```shell\nconsul tls cert create -server -dc \"dev-general\"\n```","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fletsencrypt%2Fattache","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fletsencrypt%2Fattache","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fletsencrypt%2Fattache/lists"}