search string side menu

BRIX On-Premises > Prepare BRIX On-Premises infrastructure > Databases > High availability infrastructure / Valkey cluster

Valkey cluster

Valkey is a high-performance NoSQL database management system designed based on Redis for modern cloud and distributed systems.

начало внимание

Valkey version 7.2.8 or higher is required for proper system operation.

конец внимание

This article describes how to install Valkey 8.1.1 on Ubuntu Linux 22.04 and 24.04. You can obtain Valkey installation files for your OS from:

For detailed instructions, refer to the official Valkey documentation.

To replace a Redis cluster with a Valkey cluster, see the Migrate from a Redis to Valkey cluster article.

Valkey cluster deployment steps:

  1. Node (server) preparation.
  2. Valkey installation.
  3. Valkey configuration.
  4. Sentinel configuration.
  5. Connection to Valkey.

Step 1: Node (server) preparation

начало внимание

The minimum number of servers required to set up a cluster is three.

конец внимание

  1. Create three nodes (servers) with sequentially numbered host names:
    • valkey-server1.your_domain
    • valkey-server2.your_domain
    • valkey-server3.your_domain
  2. Configure hostname mappings in DNS. If DNS configuration is not available, add the corresponding entries to the /etc/hosts directory.

Step 2: Valkey installation

  1. Install the packages:

sudo apt install -y apt-transport-https ca-certificates curl

  1. Import the keys:

sudo curl -fsSL https://repo.elma365.tech/deb/elma365-keyring.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/elma365-keyring.gpg

  1. Add the repository:

echo "deb [arch=amd64] https://repo.elma365.tech/deb $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/elma365.list
sudo apt update

  1. Install Valkey:

sudo apt install elma365-valkey-server

Step 3: Valkey configuration

начало примечание

Note

The password can contain the following characters:

  • Uppercase Latin letters: A to Z
  • Lowercase Latin letters: a to z
  • Digits: 0 to 9
  • Symbols: -_

Reserved (invalid) characters:

! * ' ( ) ; : @ & = + $ , / ? % # [ ]

конец примечание

Configure the database management system installed:

  1. Edit the /etc/valkey/valkey.conf file on each server:

sudo nano /etc/valkey/valkey.conf

  1. To allow Valkey connections from all server network interfaces, specify:

bind 0.0.0.0 

  1. Increase the maximum number of clients by setting the maxclients parameter to 20000. Uncomment the line by removing the # sign:

maxclients 20000

  1. Set the key eviction policy by setting the maxmemory-policy parameter to allkeys-lfu. Uncomment the line by removing the # sign:

maxmemory-policy allkeys-lfu

  1. Disable creation of snapshots by setting the save parameter to null. Uncomment the line by removing the # sign:

save ""

  1. Disable the AOF (Append Only File) to prevent saving of Valkey data in a file. To do it, set the appendonly parameter to no. Uncomment the line by removing the # sign:

appendonly no

  1. Enter the password to the primary node:

masterauth SecretPassword

  1. Set the domain (FQDN) for nodes in the cluster:
  • On the valkey-server1.your_domain node:

replica-announce-ip valkey-server1.your_domain

  • On the valkey-server2.your_domain node:

replica-announce-ip valkey-server2.your_domain

  • On the valkey-server3.your_domain node:

replica-announce-ip valkey-server3.your_domain

  1. Specify the access password:

requirepass SecretPassword

  1. Disable the protected mode if the bind 0.0.0.0 parameter is used or the requirepass option is not set:

protected-mode no

  1. On the valkey-server2.your_domain and valkey-server3.your_domain nodes, specify the domain (FQDN) and connection port for the valkey-server1.your_domain primary node:

replicaof valkey-server1.your_domain 6379

  1. Restart all servers. Begin with the primary node, and then proceed to the subordinate nodes:

sudo systemctl restart valkey-server
sudo systemctl enable valkey-server

  1. Check the replication status on the valkey-server1.your_domain node:

sudo valkey-cli -a SecretPassword info replication

Enable TLS/SSL in Valkey

 
To enable the TLS/SSL in Valkey, in the valkey.conf configuration file:

  1. Disable unprotected connections by setting the port parameter to 0.
  2. Set the port for TLS connections and uncomment the tls-port parameter.
  3. In the tls-cert-file parameter, specify the path to the server certificate file.
  4. In the tls-key-file parameter, specify the path to the private key file.
  5. In the tls-ca-cert-file parameter, specify the path to the root CA file.

port 0
tls-port 6379
tls-cert-file /path/to/valkey.crt
tls-key-file /path/to/valkey.key
tls-ca-cert-file /path/to/ca.crt

  1. Restart all servers. Begin with the primary node, and then proceed to the subordinate nodes:

sudo systemctl restart valkey-server
sudo systemctl enable valkey-server

  1. Check the replication status on the  valkey-server1.your_domain node:

sudo valkey-cli -p 6379 -h valkey-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/valkey.crt --key /path/to/valkey.key -a SecretPassword info replication

 
Learn more about TLS/SSL inValkey in the official Valkey documentation.

Step 4: Sentinel settings

To configure Sentinel, edit the /etc/valkey/sentinel.conf file on each server.

начало внимание

To work correctly, observe the specified order of entries in the /etc/valkey/sentinel.conf file.

конец внимание

  1. Specify the domain (FQDN) to represent the Sentinel nodes:
  • On the valkey-server1.your_domain node:

sentinel announce-ip valkey-server1.your_domain

  • On the valkey-server2.your_domain node:

sentinel announce-ip valkey-server2.your_domain

  • On the valkey-server3.your_domain node:

sentinel announce-ip valkey-server3.your_domain

  1. Set the domain (FQDN) and the port of the primary node, as well as the value to achieve the quorum:

sentinel monitor mymaster valkey-server1.your_domain 6379 2

  1. Enter the password to access the primary node:

sentinel auth-pass mymaster SecretPassword

  1. Set the time after which the primary node will be considered down:

sentinel down-after-milliseconds mymaster 3000

  1. Specify the timeout after the subordinate node switches to the primary node if the primary node goes down:

sentinel failover-timeout mymaster 6000

  1. Enable use of the host names:

sentinel resolve-hostnames yes
sentinel announce-hostnames yes

  1. Optional: enable access only by password for the default user:

user default on >SecretPassword sanitize-payload ~* &* +@all

  1. Then restart all servers:

sudo systemctl restart valkey-sentinel
sudo systemctl enable valkey-sentinel

  1. Check the Sentinel status and the quorum status on the valkey-server1.your_domain node:
  • Connection without TLS/SSL:

sudo valkey-cli -p 26379 info sentinel
sudo valkey-cli -p 26379 sentinel ckquorum mymaster

  • Connection without TLS/SSL in case of access by password only:

sudo valkey-cli -p 26379 -a SecretPassword info sentinel
sudo valkey-cli -p 26379 -a SecretPassword sentinel ckquorum mymaster

  • Connection with TLS/SSL:

sudo valkey-cli -p 26379 -h valkey-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/valkey.crt --key /path/to/valkey.key info sentinel
sudo valkey-cli -p 26379 -h valkey-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/valkey.crt --key /path/to/valkey.key sentinel ckquorum mymaster

  • Connection with TLS/SSL in case of access by password only:

sudo valkey-cli -p 26379 -a SecretPassword -h valkey-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/valkey.crt --key /path/to/valkey.key info sentinel
sudo valkey-cli -p 26379 -a SecretPassword -h valkey-server1.your_domain --tls --cacert /path/to/ca.crt --cert /path/to/valkey.crt --key /path/to/valkey.key sentinel ckquorum mymaster

Enable TLS/SSL in Sentinel

 
To enable TLS/SSL in Sentinel, in the sentinel.conf configuration file:

  1. Disable unprotected connections by setting the port parameter to 0.
  2. Set the port for TLS connections by adding the tls-port parameter.
  3. Add the tls-cert-file parameter to specify the path to the server certificate file.
  4. Add the tls-key-file parameter to specify the path to the private key file.
  5. Add the tls-ca-cert-file parameter to specify the path to the root CA file.
  6. Add the tls-replication parameter and set it to the yes value to enable TLS.

port 0
tls-port 26379
tls-cert-file /path/to/valkey.crt
tls-key-file /path/to/valkey.key
tls-ca-cert-file /path/to/ca.crt
tls-replication yes

 
Learn more about TLS/SSL in the official Valkey documentation.

Step 5: Connection to Valkey

Connection string for Valkey:

redis://:SecretPassword@valkey-server1.your_domain:26379,valkey-server2.your_domain:26379,valkey-server3.your_domain:26379/0?masterName=mymaster

Connection string for Valkey in case of access by password only:

redis://:SecretPassword@valkey-server1.your_domain:26379,valkey-server2.your_domain:26379,valkey-server3.your_domain:26379/0?masterName=mymaster&sentinelUsername=default&sentinelPassword=SecretPassword

Connection string for Valkey with TLS/SSL:

rediss://:SecretPassword@valkey-server1.your_domain:26379,valkey-server2.your_domain:26379,valkey-server3.your_domain:26379/0?&masterName=mymaster

Connection string for Valkey with TLS/SSL in case of access by password only:

rediss://:SecretPassword@valkey-server1.your_domain:26379,valkey-server2.your_domain:26379,valkey-server3.your_domain:26379/0?masterName=mymaster&sentinelUsername=default&sentinelPassword=SecretPassword

configure-mongodb.html cluster-redis-to-valkey.html