Cluster object

An object that represents a cluster

An API object that represents the cluster.

Name Type/Value Description
alert_settings alert_settings object Cluster and node alert settings
bigstore_driver 'speedb'
'rocksdb'
Storage engine for Auto Tiering
cluster_ssh_public_key string Cluster's autogenerated SSH public key
cm_port integer, (range: 1024-65535) UI HTTPS listening port
cm_session_timeout_minutes integer (default: 15) The timeout (in minutes) for the session to the CM
cnm_http_max_threads_per_worker integer (default: 10) Maximum number of threads per worker in the cnm_http service (deprecated)
cnm_http_port integer, (range: 1024-65535) API HTTP listening port
cnm_http_workers integer (default: 1) Number of workers in the cnm_http service
cnm_https_port integer, (range: 1024-65535) API HTTPS listening port
control_cipher_suites string Specifies the enabled ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library.
control_cipher_suites_tls_1_3 string Specifies the enabled TLS 1.3 ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. (read-only)
crdb_coordinator_port integer, (range: 1024-65535) (default: 9081) CRDB coordinator port
crdt_rest_client_retries integer Maximum number of retries for the REST client used by the Active-Active management API
crdt_rest_client_timeout integer Timeout for REST client used by the Active-Active management API
created_time string Cluster creation date (read-only)
data_cipher_list string Specifies the enabled ciphers for the data plane. The ciphers are specified in the format understood by the OpenSSL library.
data_cipher_suites_tls_1_3 string Specifies the enabled TLS 1.3 ciphers for the data plane.
debuginfo_path string Path to a local directory used when generating support packages
default_non_sharded_proxy_policy string (default: single) Default proxy_policy for newly created non-sharded databases' endpoints (read-only)
default_sharded_proxy_policy string (default: all-master-shards) Default proxy_policy for newly created sharded databases' endpoints (read-only)
email_alerts boolean (default: false) Send node/cluster email alerts (requires valid SMTP and email_from settings)
email_from string Sender email for automated emails
encrypt_pkeys boolean (default: false) Enable or turn off encryption of private keys
envoy_admin_port integer, (range: 1024-65535) Envoy admin port. Changing this port during runtime might result in an empty response because envoy serves as the cluster gateway.
envoy_max_downstream_connections integer, (range: 100-2048) The max downstream connections envoy is allowed to open
envoy_mgmt_server_port integer, (range: 1024-65535) Envoy management server port
gossip_envoy_admin_port integer, (range: 1024-65535) Gossip envoy admin port
handle_redirects boolean (default: false) Handle API HTTPS requests and redirect to the master node internally
http_support boolean (default: false) Enable or turn off HTTP support
min_control_TLS_version '1.2'
'1.3'
The minimum version of TLS protocol which is supported at the control path
min_data_TLS_version '1.2'
'1.3'
The minimum version of TLS protocol which is supported at the data path
min_sentinel_TLS_version '1.2'
'1.3'
The minimum version of TLS protocol which is supported at the data path
mtls_authorized_subjects array
[{
"CN": string,
"O": string,
"OU": [array of strings],
"L": string,
"ST": string,
"C": string
}, ...]
A list of valid subjects used for additional certificate validations during TLS client authentication. All subject attributes are case-sensitive.
Required subject fields:
"CN" for Common Name
Optional subject fields:
"O" for Organization
"OU" for Organizational Unit (array of strings)
"L" for Locality (city)
"ST" for State/Province
"C" for 2-letter country code
mtls_certificate_authentication boolean Require authentication of client certificates for mTLS connections to the cluster. The API_CA certificate should be configured as a prerequisite.
mtls_client_cert_subject_validation_type disabled
san_cn
full_subject
Enables additional certificate validations that further limit connections to clients with valid certificates during TLS client authentication.
Values:
disabled: Authenticates clients with valid certificates. No additional validations are enforced.
san_cn: A client certificate is valid only if its Common Name (CN) matches an entry in the list of valid subjects. Ignores other Subject attributes.
full_subject: A client certificate is valid only if its Subject attributes match an entry in the list of valid subjects.
name string Cluster's fully qualified domain name (read-only)
password_complexity boolean (default: false) Enforce password complexity policy
password_expiration_duration integer (default: 0) The number of days a password is valid until the user is required to replace it
password_min_length integer, (range: 8-256) (default: 8) The minimum length required for a password.
proxy_certificate string Cluster's proxy certificate
proxy_max_ccs_disconnection_time integer Cluster-wide proxy timeout policy between proxy and CCS
rack_aware boolean Cluster operates in a rack-aware mode (read-only)
reserved_ports array of strings List of reserved ports and/or port ranges to avoid using for database endpoints (for example "reserved_ports": ["11000", "13000-13010"])
s3_url string Specifies the URL for S3 export and import
saslauthd_ldap_conf string saslauthd LDAP configuration
sentinel_cipher_suites array Specifies the list of enabled ciphers for the sentinel service. The supported ciphers are those implemented by the cipher_suites.go package.
sentinel_cipher_suites_tls_1_3 string Specifies the list of enabled TLS 1.3 ciphers for the discovery (sentinel) service. The supported ciphers are those implemented by the cipher_suites.go package.(read-only)
sentinel_tls_mode 'allowed'
'disabled'
'required'
Determines whether the discovery service allows, blocks, or requires TLS connections (previously named sentinel_ssl_policy)
allowed: Allows both TLS and non-TLS connections
disabled: Allows only non-TLS connections
required: Allows only TLS connections
slave_ha boolean (default: false) Enable the replica high-availability mechanism (read-only)
slave_ha_bdb_cooldown_period integer (default: 86400) Time in seconds between runs of the replica high-availability mechanism on different nodes on the same database (read-only)
slave_ha_cooldown_period integer (default: 3600) Time in seconds between runs of the replica high-availability mechanism on different nodes (read-only)
slave_ha_grace_period integer (default: 900) Time in seconds between a node failure and when the replica high-availability mechanism starts relocating shards (read-only)
slowlog_in_sanitized_support boolean Whether to include slowlogs in the sanitized support package
smtp_host string SMTP server for automated emails
smtp_password string SMTP server password
smtp_port integer SMTP server port for automated emails
smtp_tls_mode 'none'
'starttls'
'tls'
Specifies which TLS mode to use for SMTP access
smtp_use_tls boolean (default: false) Use TLS for SMTP access (deprecated as of Redis Enterprise v4.3.3, use smtp_tls_mode field instead)
smtp_username string SMTP server username (pattern does not allow special characters &,<,>,")
syncer_certificate string Cluster's syncer certificate
upgrade_mode boolean (default: false) Is cluster currently in upgrade mode
use_external_ipv6 boolean (default: true) Should redislabs services listen on ipv6
use_ipv6 boolean (default: true) Should redislabs services listen on ipv6 (deprecated as of Redis Enterprise v6.4.2, replaced with use_external_ipv6)
wait_command boolean (default: true) Supports Redis wait command (read-only)
RATE THIS PAGE
Back to top ↑