For the correct operation of the system, Redis version 5 or 6.2 is required. The article describes the installation of Redis 6.2.12 for Ubuntu Linux 20.04 and 22.04. You can also refer to the guide in the official Redis documentation.
Installation consists of five steps:
- Prepare nodes (servers).
- Install Redis and Sentinel.
- Configure Redis.
- Configure Sentinel.
- Connect to Redis.
Step 1: Prepare nodes (servers)
начало внимание
The minimum number of servers to organize a cluster is three.
конец внимание
- Create three nodes (servers) with sequentially numbered host names:
- redis-server1.your_domain.
- redis-server2.your_domain.
- redis-server3.your_domain.
- Create the necessary host name mappings in DNS. If this is not possible, add the required entries to
/etc/hosts.
Step 2: Install Redis and Sentinel
- Install the necessary packages:
sudo apt install lsb-release curl gpg
- Import the necessary keys and add the Redis repository:
curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
- Update the package cache:
sudo apt-get update
- Install Redis:
sudo apt-get -y install redis=6:6.2.12-1rl1~$(lsb_release -cs)1 redis-server=6:6.2.12-1rl1~$(lsb_release -cs)1 redis-tools=6:6.2.12-1rl1~$(lsb_release -cs)1 redis-sentinel=6:6.2.12-1rl1~$(lsb_release -cs)1
Step 3: Configure Redis
Начало примечание
Note
For the password, the following characters are allowed:
- Uppercase Latin letters: A to Z
- Lowercase Latin letters: a to z
- Digits: 0 to 9
- Symbols: -_
Reserved (invalid) symbols:
! * ' ( ) ; : @ & = + $ , / ? % # [ ]
конец примечание
To configure, edit the /etc/redis/redis.conf file on each server:
sudo nano /etc/redis/redis.conf
- Make the servers accessible from all IP addresses of this server. This makes the Redis service accessible from all external addresses:
bind 0.0.0.0
- Increase the maximum number of clients by changing the value of the parameter
maxclientsto20000. Uncomment the line by removing the hash sign #:
maxclients 20000
- Set the key eviction policy by changing the value of the
maxmemory-policyparameter toallkeys-lfu. Uncomment the line by removing the hash sign #:
maxmemory-policy allkeys-lfu
- Disable snapshot creation by changing the value of the
saveparameter to"". Uncomment the line by removing the hash sign #:
save ""
- Disable AOF (Redis database saving to file). To do this, replace the value of the
appendonlyparameter withno. Uncomment the line by removing the hash sign #:
appendonly no
- Specify the password to the Master:
masterauth SecretPassword
- Specify the domain (FQDN) to represent the node in the cluster:
- on the node
redis-server1.your_domain:
replica-announce-ip redis-server1.your_domain
- on the node
redis-server2.your_domain:
replica-announce-ip redis-server2.your_domain
- on the node
redis-server3.your_domain:
replica-announce-ip redis-server3.your_domain
- Specify the password for access:
requirepass SecretPassword
- On nodes
redis-server2.your_domainandredis-server3.your_domain, specify the domain (FQDN) and port to connect to the Master node (redis-server1.your_domain):
replicaof redis-server1.your_domain 6379
- Restart all servers (primary first, then subordinates):
sudo systemctl restart redis-server
sudo systemctl enable redis-server
- Check the replication status on the node
redis-server1.your_domain:
sudo redis-cli -a SecretPassword info replication
port 0
sudo systemctl restart redis-server
sudo redis-cli -p 6379 -h redis-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/redis.crt --key /path/to/redis.key -a SecretPassword info replication |
Step 4: Configure Sentinel
To configure Sentinel, edit the file /etc/redis/sentinel.conf on each server.
Начало внимание
To work correctly, observe the specified order of entries in the file /etc/redis/sentinel.conf.
Конец внимание
- Make the servers accessible from all IP addresses of this server. In this case, it makes the Sentinel service accessible from all external addresses:
bind 0.0.0.0
- Specify the domain (FQDN) to represent Sentinel nodes:
- on the node
redis-server1.your_domain:
sentinel announce-ip redis-server1.your_domain
- on the node
redis-server2.your_domain:
sentinel announce-ip redis-server2.your_domain
- on the node
redis-server3.your_domain:
sentinel announce-ip redis-server3.your_domain
- Specify the domain (FQDN) and port of the Master, as well as the value to achieve the quorum:
sentinel monitor mymaster redis-server1.your_domain 6379 2
- Specify the password for access to the Master:
sentinel auth-pass mymaster SecretPassword
- Specify the time after which the Master will be considered down:
sentinel down-after-milliseconds mymaster 3000
- Specify the waiting time after the Subordinate switches roles to Master in case the Master goes down:
sentinel failover-timeout mymaster 6000
- Enable support for resolving hostnames:
sentinel resolve-hostnames yes
sentinel announce-hostnames yes
- To increase security, configure the default user to access Sentinel by password only:
user default on >SecretPassword sanitize-payload ~* &* +@all
- After that, restart all servers:
sudo systemctl restart redis-sentinel
sudo systemctl enable redis-sentinel
- Check the Sentinel status and the quorum state on the node redis-server1.your_domain using different commands depending on the TLS/SSL usage and Sentinel configuration:
- Without TLS/SSL if password access to Sentinel is not enabled:
sudo redis-cli -p 26379 info sentinel
sudo redis-cli -p 26379 sentinel ckquorum mymaster
- Without TLS/SSL if password-only access to Sentinel is set up:
sudo redis-cli -p 26379 -a SecretPassword info sentinel
sudo redis-cli -p 26379 -a SecretPassword sentinel ckquorum mymaster
- With TLS/SSL if password access to Sentinel is not enabled:
sudo redis-cli -p 26379 -h redis-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/redis.crt --key /path/to/redis.key info sentinel
sudo redis-cli -p 26379 -h redis-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/redis.crt --key /path/to/redis.key sentinel ckquorum mymaster
- With TLS/SSL if password-only access to Sentinel is set up:
sudo redis-cli -p 26379 -a SecretPassword -h redis-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/redis.crt --key /path/to/redis.key info sentinel
sudo redis-cli -p 26379 -a SecretPassword -h redis-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/redis.crt --key /path/to/redis.key sentinel ckquorum mymaster
port 0
sudo systemctl restart redis-sentinel
sudo redis-cli -p 26379 -h redis-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/redis.crt --key /path/to/redis.key info sentinel |
Step 5: Connect to Redis
Connect to Redis. The connection string depends on the use of TLS/SSL and Sentinel configuration:
- Without TLS/SSL if password access to Sentinel is not enabled:
redis://:SecretPassword@redis-server1.your_domain:26379,redis-server2.your_domain:26379,redis-server3.your_domain:26379/0?masterName=mymaster
- Without TLS/SSL if password-only access to Sentinel is set up:
redis://:SecretPassword@redis-server1.your_domain:26379,redis-server2.your_domain:26379,redis-server3.your_domain:26379/0?masterName=mymaster&sentinelUsername=default&sentinelPassword=SecretPassword
- With TLS/SSL if password access to Sentinel is not enabled:
redis://:SecretPassword@redis-server1.your_domain:26379,redis-server2.your_domain:26379,redis-server3.your_domain:26379/0?masterName=mymaster
- With TLS/SSL if password-only access to Sentinel is set up:
rediss://:SecretPassword@redis-server1.your_domain:26379,redis-server2.your_domain:26379,redis-server3.your_domain:26379/0?masterName=mymaster&sentinelUsername=default&sentinelPassword=SecretPassword