# Example sentinel.conf
# By default protected mode is disabled in sentinel mode. Sentinel is reachable
# from interfaces different than localhost. Make sure the sentinel instance is
# protected from the outside world via firewalling or other means.
protected-mode no
# port <sentinel-port>
# The port that this sentinel instance will run on
# Redis Sentinel 启动端口
port 26379
# By default Redis Sentinel does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis-sentinel.pid when
# daemonized.
daemonize yes
# When running daemonized, Redis Sentinel writes a pid file in
# /var/run/redis-sentinel.pid by default. You can specify a custom pid file
# location here.
pidfile /var/run/redis-sentinel.pid
# Specify the log file name. Also the empty string can be used to force
# Sentinel to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile "/www/wwwlogs/redis-sentinel.log"
# sentinel announce-ip <ip>
# sentinel announce-port <port>
#手动注册sentinel的端口
sentinel announce-port 26379
#
# The above two configuration directives are useful in environments where,
# because of NAT, Sentinel is reachable from outside via a non-local address.
#
# When announce-ip is provided, the Sentinel will claim the specified IP address
# in HELLO messages used to gossip its presence, instead of auto-detecting the
# local address as it usually does.
#
# Similarly when announce-port is provided and is valid and non-zero, Sentinel
# will announce the specified TCP port.
#
# The two options don't need to be used together, if only announce-ip is
# provided, the Sentinel will announce the specified IP and the server port
# as specified by the "port" option. If only announce-port is provided, the
# Sentinel will announce the auto-detected local IP and the specified port.
#
# Example:
#
# sentinel announce-ip 1.2.3.4
# 此处必须设置为本机IP(外网IP),否则会使用自动发现IP,会出现访问内网IP情况,从而导致无法连通。
sentinel announce-ip 192.168.3.89
# dir <working-directory>
# Every long running process should have a well-defined working directory.
# For Redis Sentinel to chdir to /tmp at startup is the simplest thing
# for the process to don't interfere with administrative tasks such as
# unmounting filesystems.
# Sentinel 的工作目录
dir /tmp
# sentinel monitor <master-name> <ip> <redis-port> <quorum>
#
# Tells Sentinel to monitor this master, and to consider it in O_DOWN
# (Objectively Down) state only if at least <quorum> sentinels agree.
#
# Note that whatever is the ODOWN quorum, a Sentinel will require to
# be elected by the majority of the known Sentinels in order to
# start a failover, so no failover can be performed in minority.
#
# Replicas are auto-discovered, so you don't need to specify replicas in
# any way. Sentinel itself will rewrite this configuration file adding
# the replicas using additional configuration options.
# Also note that the configuration file is rewritten when a
# replica is promoted to master.
#
# Note: master name should not include special characters or spaces.
# The valid charset is A-z 0-9 and the three characters ".-_".
# Sentine监听的maste地址,第一个参数是给master起的名字,第二个参数为master IP,第三个为master端口,第四个为当该master挂了的时候,若想将该master判为失效,在Sentine集群中必须至少2个Sentine同意才行,只要该数量不达标,则就不会发生故障迁移。
sentinel monitor mymaster 192.168.3.89 16379 2
# sentinel auth-pass <master-name> <password>
#
# Set the password to use to authenticate with the master and replicas.
# Useful if there is a password set in the Redis instances to monitor.
#
# Note that the master password is also used for replicas, so it is not
# possible to set a different password in masters and replicas instances
# if you want to be able to monitor these instances with Sentinel.
#
# However you can have Redis instances without the authentication enabled
# mixed with Redis instances requiring the authentication (as long as the
# password set is the same for all the instances requiring the password) as
# the AUTH command will have no effect in Redis instances with authentication
# switched off.
#
# Example:
#
# sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
sentinel auth-pass mymaster MXkepzK5ptxhdHR4
# sentinel auth-user <master-name> <username>
#
# This is useful in order to authenticate to instances having ACL capabilities,
# that is, running Redis 6.0 or greater. When just auth-pass is provided the
# Sentinel instance will authenticate to Redis using the old "AUTH <pass>"
# method. When also an username is provided, it will use "AUTH <user> <pass>".
# In the Redis servers side, the ACL to provide just minimal access to
# Sentinel instances, should be configured along the following lines:
#
# user sentinel-user >somepassword +client +subscribe +publish \
# +ping +info +multi +slaveof +config +client +exec on
# sentinel down-after-milliseconds <master-name> <milliseconds>
#
# Number of milliseconds the master (or any attached replica or sentinel) should
# be unreachable (as in, not acceptable reply to PING, continuously, for the
# specified period) in order to consider it in S_DOWN state (Subjectively
# Down).
#
# Default is 30 seconds.
# master在多长时间(默认30秒)内一直没有给Sentine返回有效信息,则认定该master主观下线,不能使用后标记为s_down状态
sentinel down-after-milliseconds mymaster 150000
# IMPORTANT NOTE: starting with Redis 6.2 ACL capability is supported for
# Sentinel mode, please refer to the Redis website https://redis.io/topics/acl
# for more details.
# Sentinel's ACL users are defined in the following format:
#
# user <username> ... acl rules ...
#
# For example:
#
# user worker +@admin +@connection ~* on >ffa9203c493aa99
#
# For more information about ACL configuration please refer to the Redis
# website at https://redis.io/topics/acl and redis server configuration
# template redis.conf.
# ACL LOG
#
# The ACL Log tracks failed commands and authentication events associated
# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
acllog-max-len 128
# Using an external ACL file
#
# Instead of configuring users here in this file, it is possible to use
# a stand-alone file just listing users. The two methods cannot be mixed:
# if you configure users here and at the same time you activate the external
# ACL file, the server will refuse to start.
#
# The format of the external ACL user file is exactly the same as the
# format that is used inside redis.conf to describe users.
#
# aclfile /etc/redis/sentinel-users.acl
# requirepass <password>
#
# You can configure Sentinel itself to require a password, however when doing
# so Sentinel will try to authenticate with the same password to all the
# other Sentinels. So you need to configure all your Sentinels in a given
# group with the same "requirepass" password. Check the following documentation
# for more info: https://redis.io/topics/sentinel
#
# IMPORTANT NOTE: starting with Redis 6.2 "requirepass" is a compatibility
# layer on top of the ACL system. The option effect will be just setting
# the password for the default user. Clients will still authenticate using
# AUTH <password> as usually, or more explicitly with AUTH default <password>
# if they follow the new protocol: both will work.
#
# New config files are advised to use separate authentication control for
# incoming connections (via ACL), and for outgoing connections (via
# sentinel-user and sentinel-pass)
#
# The requirepass is not compatible with aclfile option and the ACL LOAD
# command, these will cause requirepass to be ignored.
# sentinel sentinel-user <username>
#
# You can configure Sentinel to authenticate with other Sentinels with specific
# user name.
# sentinel sentinel-pass <password>
#
# The password for Sentinel to authenticate with other Sentinels. If sentinel-user
# is not configured, Sentinel will use 'default' user with sentinel-pass to authenticate.
# sentinel parallel-syncs <master-name> <numreplicas>
#
# How many replicas we can reconfigure to point to the new replica simultaneously
# during the failover. Use a low number if you use the replicas to serve query
# to avoid that all the replicas will be unreachable at about the same
# time while performing the synchronization with the master.
# 当在执行故障转移时,设置几个slave同时进行切换master,该值越大,则可能就有越多的slave在切换master时不可用,可以将该值设置为1,即一个一个来,这样在某个slave进行切换master同步数据时,其余的slave还能正常工作
sentinel parallel-syncs mymaster 1
# sentinel failover-timeout <master-name> <milliseconds>
#
# Specifies the failover timeout in milliseconds. It is used in many ways:
#
# - The time needed to re-start a failover after a previous failover was
# already tried against the same master by a given Sentinel, is two
# times the failover timeout.
#
# - The time needed for a replica replicating to a wrong master according
# to a Sentinel current configuration, to be forced to replicate
# with the right master, is exactly the failover timeout (counting since
# the moment a Sentinel detected the misconfiguration).
#
# - The time needed to cancel a failover that is already in progress but
# did not produced any configuration change (SLAVEOF NO ONE yet not
# acknowledged by the promoted replica).
#
# - The maximum time a failover in progress waits for all the replicas to be
# reconfigured as replicas of the new master. However even after this time
# the replicas will be reconfigured by the Sentinels anyway, but not with
# the exact parallel-syncs progression as specified.
#
# Default is 3 minutes.
# 执行故障迁移超时时间,即在指定时间内没有大多数的sentinel 反馈master下线,该故障迁移计划则失效
sentinel failover-timeout mymaster 180000
# SCRIPTS EXECUTION
#
# sentinel notification-script and sentinel reconfig-script are used in order
# to configure scripts that are called to notify the system administrator
# or to reconfigure clients after a failover. The scripts are executed
# with the following rules for error handling:
#
# If script exits with "1" the execution is retried later (up to a maximum
# number of times currently set to 10).
#
# If script exits with "2" (or an higher value) the script execution is
# not retried.
#
# If script terminates because it receives a signal the behavior is the same
# as exit code 1.
#
# A script has a maximum running time of 60 seconds. After this limit is
# reached the script is terminated with a SIGKILL and the execution retried.
# NOTIFICATION SCRIPT
#
# sentinel notification-script <master-name> <script-path>
#
# Call the specified notification script for any sentinel event that is
# generated in the WARNING level (for instance -sdown, -odown, and so forth).
# This script should notify the system administrator via email, SMS, or any
# other messaging system, that there is something wrong with the monitored
# Redis systems.
#
# The script is called with just two arguments: the first is the event type
# and the second the event description.
#
# The script must exist and be executable in order for sentinel to start if
# this option is provided.
#
# Example:
#
# sentinel notification-script mymaster /var/redis/notify.sh
# CLIENTS RECONFIGURATION SCRIPT
#
# sentinel client-reconfig-script <master-name> <script-path>
#
# When the master changed because of a failover a script can be called in
# order to perform application-specific tasks to notify the clients that the
# configuration has changed and the master is at a different address.
#
# The following arguments are passed to the script:
#
# <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port>
#
# <state> is currently always "start"
# <role> is either "leader" or "observer"
#
# The arguments from-ip, from-port, to-ip, to-port are used to communicate
# the old address of the master and the new address of the elected replica
# (now a master).
#
# This script should be resistant to multiple invocations.
#
# Example:
#
# sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
# SECURITY
#
# By default SENTINEL SET will not be able to change the notification-script
# and client-reconfig-script at runtime. This avoids a trivial security issue
# where clients can set the script to anything and trigger a failover in order
# to get the program executed.
sentinel deny-scripts-reconfig yes
# REDIS COMMANDS RENAMING (DEPRECATED)
#
# WARNING: avoid using this option if possible, instead use ACLs.
#
# Sometimes the Redis server has certain commands, that are needed for Sentinel
# to work correctly, renamed to unguessable strings. This is often the case
# of CONFIG and SLAVEOF in the context of providers that provide Redis as
# a service, and don't want the customers to reconfigure the instances outside
# of the administration console.
#
# In such case it is possible to tell Sentinel to use different command names
# instead of the normal ones. For example if the master "mymaster", and the
# associated replicas, have "CONFIG" all renamed to "GUESSME", I could use:
#
# SENTINEL rename-command mymaster CONFIG GUESSME
#
# After such configuration is set, every time Sentinel would use CONFIG it will
# use GUESSME instead. Note that there is no actual need to respect the command
# case, so writing "config guessme" is the same in the example above.
#
# SENTINEL SET can also be used in order to perform this configuration at runtime.
#
# In order to set a command back to its original name (undo the renaming), it
# is possible to just rename a command to itself:
#
# SENTINEL rename-command mymaster CONFIG CONFIG
# HOSTNAMES SUPPORT
#
# Normally Sentinel uses only IP addresses and requires SENTINEL MONITOR
# to specify an IP address. Also, it requires the Redis replica-announce-ip
# keyword to specify only IP addresses.
#
# You may enable hostnames support by enabling resolve-hostnames. Note
# that you must make sure your DNS is configured properly and that DNS
# resolution does not introduce very long delays.
#
SENTINEL resolve-hostnames no
# When resolve-hostnames is enabled, Sentinel still uses IP addresses
# when exposing instances to users, configuration files, etc. If you want
# to retain the hostnames when announced, enable announce-hostnames below.
#
SENTINEL announce-hostnames no
# When master_reboot_down_after_period is set to 0, Sentinel does not fail over
# when receiving a -LOADING response from a master. This was the only supported
# behavior before version 7.0.
#
# Otherwise, Sentinel will use this value as the time (in ms) it is willing to
# accept a -LOADING response after a master has been rebooted, before failing
# over.
SENTINEL master-reboot-down-after-period mymaster 0
bind 127.0.0.1 192.168.1.1
protected-mode no默认哨兵只能由localhost访问,也可以通过bind手动绑定地址或者使用protected-mode no关闭保护模式(确保防火墙等保护措施到位的情况下);
port <sentinel-port>哨兵使用的端口;
daemonize no默认哨兵不作为守护程序运行,如果设置yes,就会写入一个pidfile指定的pid文件;
pidfile /var/run/redis-sentinel.pid指定pid文件(daemonize设置yes时);
logfile ""指定日志文件名,空字符串时强制哨兵使用标准输出(当使用标准输出并使用守护模式时日志会重定向到/dev/null);
sentinel announce-ip <ip>
sentinel announce-port <port>以上两项通常用在NAT环境中明确指定哨兵的ip和端口,当提供明确的announce-ip时,sentinel会在HELLO消息里发布出来,而不是像通常那样自动检测本地ip,当提供明确的非零announce-port时,sentinel也会发布出来(以上两项不需要同时指定,如果只指定ip,则会发布指定的ip和由port项配置的端口,如果只指定port,则会发布指定的port和自动检测的ip);
dir <working-directory>定义工作目录;
sentinel monitor <master-name> <ip> <redis-port> <quorum>告诉哨兵监控这个master(一个哨兵可以监控多个master),并且只有
sentinel auth-pass <master-name> <password>设置master和slave的密码(所以master和slave要使用一样的密码),也可以使用需要认证和不需要认证的master、slave混用(AUTH命令在无认证的redis中无效);
sentinel auth-user <master-name> <username>设置使用指定用户名连接服务;(对redis6或更高版本设置ACL时有效)(服务端最小ACL设置应为:user sentinel-user >somepassword +client +subscribe +publish +ping +info +multi +slaveof +config +client +exec on)
sentinel down-after-milliseconds <master-name> <milliseconds>设置master(或任何连接着的slave、sentinel)主观下线超时(毫秒值,默认30s,即30000);
user <username> ... acl rules ...设置哨兵用户ACL规则;(从redis6.2开始哨兵支持ACL功能)
acllog-max-len 128设置ACL日志最大条目数;(ACL日志用于记录ACL相关命令失败和认证事件,日志存在内存中,可用ACL LOG RESET命令回收内存)
aclfile /etc/redis/sentinel-users.acl指定外部ACL规则文件;使用acl配置和指定外部acl文件不能同时使用,否则无法启动,外部文件格式跟redis.conf里配置acl一样;
requirepass <password>指定哨兵密码;(哨兵将使用该密码验证其他所有哨兵,所以所有哨兵需要相同的密码)(从redis6.2开始,该项只是ACL一个兼容设置,相当于给默认用户设置了密码,使用AUTH
sentinel sentinel-user <username>设置特定用户名进行身份验证;
sentinel sentinel-pass <password>设置哨兵与其他哨兵的认证密码;(如果没有配置sentinel-user,将使用“default”用户和sentinel-pass命令进行验证)
sentinel parallel-syncs <master-name> <numreplicas>在故障转移时,重新配置多少个副本指向新的master;如果slave提供查询服务需要将该值设置低一些,避免所有的副本同时与master同步导致无法访问;
sentinel failover-timeout <master-name> <milliseconds>指定故障转移超时时间(毫秒,默认3分钟,即180000);该设置会用于多个地方:当给定的哨兵重新进行故障转移时并且之前的故障转移是同一个master,需要的时间是failover-timeout的两倍。当让一个依据哨兵当前配置的从错误master同步的副本去强制同步正确的master的时间,正好就是这个failover-timeout的时间。当一个故障转移正在进行但未产生任何配置改变时,取消该故障转移所需的时间。当故障转移正在进行时,等待所有的副本被重新分配给新的master所用的最大时间,即使超过该时间副本最终也会被哨兵重新分配,只不过不是按照之前确定的并行同步进行的。
sentinel notification-script <master-name> <script-path>用于配置故障转移后,通知管理员的script脚本;对于在WARNING级别中生成的任何哨兵事件(例如-sdown、-odown等)调用通知脚本;脚本应该通过邮件、SMS或者其他消息系统将所监控的redis服务错误通知给管理员;(脚本需要两个参数,第一个是事件类型,第二个是事件描述;如果提供了该项,脚本必须存在并可执行,以便哨兵能够正常启动)
脚本错误处理:如果脚本返回“1”,稍后重试执行(当前最多执行10次);如果脚本返回“2”(或更高值),则不会重试执行;如果脚本因收到信号终止,则跟返回1一样;脚本最大执行时间为60秒,如果超时,脚本会以SIGKILL终止并重试执行;
sentinel client-reconfig-script <master-name> <script-path>用于配置故障转移后,重新配置客户端的script脚本;当故障转移导致master变动时,可以调用一个执行特殊任务的脚本通知客户端配置变动和master地址改变;(传递给脚本的参数是:
脚本错误处理同上;
sentinel deny-scripts-reconfig yes默认情况下SENTINEL SET将不能在运行时改变通知管理员的脚本和配置客户端的脚本;(这避免了一个安全问题:客户端可以设置任意脚本并在故障转移时执行它)
SENTINEL rename-command mymaster CONFIG GUESSME有时候为了防止客户端在外部使用管理员控制台使用某些敏感命令(如“CONFIG”、“SLAVEOF”),redis服务器会给这些命令重命名,但是哨兵又必须要用这些命令。由于这个原因提供该命令用来告诉哨兵某个master的命令被重命名了;(注意命令不区分大小写,CONFIG GUESSME和config guessme是相同的)
运行时也可以使用SENTINEL SET来执行此设置;
为了还原命令名字(撤销重命名),设置为原本的命令名字即可;(就像:SENTINEL rename-command mymaster CONFIG CONFIG)
SENTINEL resolve-hostnames no设置解析主机名;(通常哨兵只需要一个ip地址,使用SENTINEL MONITOR命令和replica-announce-ip参数指定ip,启用解析主机名时必须DNS配置正确并且延时不高)
SENTINEL announce-hostnames no启用解析主机名时,设置哨兵发布消息时也保留主机名;
SENTINEL master-reboot-down-after-period mymaster 0————————————————
版权声明:本文为CSDN博主「FlyLikeButterfly」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/FlyLikeButterfly/article/details/120780277
作者:Jeebiz 创建时间:2023-01-12 16:11
最后编辑:Jeebiz 更新时间:2024-08-16 11:14
最后编辑:Jeebiz 更新时间:2024-08-16 11:14
