bedel is a utility designed to synchronize ACLs across multiple nodes in Redis and Redis-compatible databases like Valkey. It specifically addresses the challenge of managing users created outside the traditional configuration file, such as those generated through the Vault database backend. By keeping ACLs consistent across all nodes, Bedel ensures seamless user management and enhanced security in distributed environments. For more information on the underlying issue with Redis, see Redis Issue #7988.
- Automated User Synchronization: Automatically synchronizes Redis users and ACLs across all nodes to maintain consistency.
- Vault Integration: Seamlessly integrates with HashiCorp Vault's database backend for dynamic user management.
- Configurable Sync Intervals: Allows customization of synchronization intervals to suit your deployment needs.
- Lightweight and Efficient: Designed to have minimal impact on performance, even with thousands of users.
- Easy Deployment: Simple to deploy with Docker Compose or as a standalone binary.
- Robust Logging: Provides detailed logs for monitoring and troubleshooting.
These instructions will guide you through getting a copy of bedel up and running on your system for development and testing purposes.
For users:
- Redis server setup
- Access to Vault database backend (if using Vault for user generation).
For developers:
- Go 1.21 or higher
- Docker and Docker Compose (for development and testing).
- Git (for cloning the repository).
Follow these steps to get a development environment running:
- Clone the repository:
$ git clone https://github.com/ncode/bedel.git
$ cd bedel
$ go build- Go install:
4 go install github.com/ncode/bedel/cmd/bedel@latestTo run the automated tests for this system, use the following command:
$ go test ./...Bedel comes with a development environment setup using Docker Compose. This setup includes:
- Three Redis instances (redis0001, redis0002, redis0003)
- Three Bedel instances (bedel_redis0001, bedel_redis0002, bedel_redis0003)
- A Vault instance for managing secrets
To start the development environment:
- Ensure you have Docker and Docker Compose installed.
- Navigate to the project root directory.
- Run the following command:
$ cd config/development
$ makeThis will start all the services defined in the docker-compose.yaml file.
The docker-compose.yaml file contains the configuration for all services. Here are some key points:
- Redis instances are configured with custom configuration files located in the
./redisdirectory. - Bedel instances are configured to connect to their respective Redis instances.
- The Vault instance is set up with a root token "root" and listens on port 8200.
Bedel can be run in two modes:
Performs a single synchronization of ACLs from the primary Redis node to the replica.
$ bedel runOnce -a <redis-address> -p <password> -u <username>Continuously synchronizes ACLs at a defined interval.
$ bedel run -a <redis-address> -p <password> -u <username> --sync-interval <duration>For more options and commands, run:
$ bedel --helpBedel can also read configurations from a YAML file (default: $HOME/.bedel.yaml). Command-line options override configurations in the file.
Example Configuration File (~/.bedel.yaml):
address: localhost:6379
password: mypassword
username: default
syncInterval: 10s
logLevel: INFO
aclfile: falseContributions are welcome!
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.