• Redis哨兵模式


    哨兵简介

    主机"宕机"

    image.png

    • 将宕机的 master 下线
    • 找一个 slave 作为 master
    • 通知所有的 slave 连接新的 master
    • 启动新的 master 和 slave
    • 全量复制 *N+ 部分复制*N

    存在的问题:

    • 谁来确认 master 宕机了
    • 重新找一个新的 master ,怎么找法?
    • 修改配置后,原来的 master 恢复了怎么办?

    哨兵

    哨兵(sentinal)是一个分布式系统,用于对主从结构中的每台服务器进行监控,当出现故障时通过投票机制选择新的 master 并将所有的 slave 连接到新的 master。

    image.png

    1.gif

    哨兵的作用

    • 监控
      • 不断的检查 master 和 slave 是否正常运行
      • master 存活检测、master 与 slave 运行情况检测
    • 通知(提醒)
    • 自动故障转移
      • 断开 master 与 slave 连接,选取一个 slave 作为 master,将其他的 slave 连接到新的 master,并告知客户端新的服务器地址

    注意:

    • 哨兵也是一台 redis 服务器,只是不提供数据服务
    • 通常哨兵配置的数量为单数

    启用哨兵模式

    配置哨兵

    • 配置一拖二的主从结构

    • 配置三个哨兵(配置相同,端口不同)

      • 参看 sentinel.conf
    • 启动哨兵

      redis-sentinel sentinel-端口号.conf
      

    哨兵配置项说明:

    # 哨兵服务端口
    port 26379
    
    # 哨兵工作信息存储目录
    dir /tmp
    
    # 监控 主 连接字符串 哨兵判挂标准(几个哨兵认定他挂了,就判定为主挂了,通常为哨兵数量的一半加一)
    sentinel monitor mymaster 127.0.0.1 6379 2
    
    # 主 连接多长时间无响应,就认定它挂了(默认 30s)
    sentinel down-after-milliseconds mymaster 30000
    
    # 主挂了之后,新的主上任同步数据的路线数量,数值越小,对服务器压力越小
    sentinel parallel-syncs mymaster 1
    
    # 新主同步数据时,多长时间同步完算有效 (默认 180s)
    sentinel failover-timeout mymaster 180000
    

    redis-6379.conf

    port 6379
    daemonize no
    #logfile "6379.log"
    dir /redis-4.0.0/data
    dbfilename dump-6379.rdb
    rdbcompression yes
    rdbchecksum yes
    save 10 2
    appendonly yes
    appendfsync always
    appendfilename appendonly-6379.aof
    bind 127.0.0.1
    databases 16
    

    从1 redis-6380.conf

    port 6380
    daemonize no
    #logfile "6380.log"
    dir /redis-4.0.0/data
    slaveof 127.0.0.1 6379
    

    从2 redis-6381.conf

    port 6381
    daemonize no
    #logfile "6381.log"
    dir /redis-4.0.0/data
    slaveof 127.0.0.1 6379
    

    哨兵1 sentinel-26379.conf

    port 26379
    dir /redis-4.0.0/data
    sentinel monitor mymaster 127.0.0.1 6379 2
    sentinel down-after-milliseconds mymaster 30000
    sentinel parallel-syncs mymaster 1
    sentinel failover-timeout mymaster 180000
    

    哨兵2 sentinel-26380.conf

    port 26380
    dir /redis-4.0.0/data
    sentinel monitor mymaster 127.0.0.1 6379 2
    sentinel down-after-milliseconds mymaster 30000
    sentinel parallel-syncs mymaster 1
    sentinel failover-timeout mymaster 180000
    

    哨兵3 sentinel-26381.conf

    port 26381
    dir /redis-4.0.0/data
    sentinel monitor mymaster 127.0.0.1 6379 2
    sentinel down-after-milliseconds mymaster 30000
    sentinel parallel-syncs mymaster 1
    sentinel failover-timeout mymaster 180000
    

    启动哨兵

    redis-server /redis-4.0.0/conf/redis-6379.conf
    
    redis-server /redis-4.0.0/conf/redis-6380.conf
    
    redis-server /redis-4.0.0/conf/redis-6381.conf
    
    redis-sentinel /redis-4.0.0/conf/sentinel-26379.conf
    
    redis-sentinel /redis-4.0.0/conf/sentinel-26380.conf
    
    redis-sentinel /redis-4.0.0/conf/sentinel-26381.conf
    
    
    # 停止 主  Ctrl+C
    

    官方原版配置文件:sentinel.conf

    # Example sentinel.conf
    
    # *** IMPORTANT ***
    #
    # By default Sentinel will not be reachable from interfaces different than
    # localhost, either use the 'bind' directive to bind to a list of network
    # interfaces, or disable protected mode with "protected-mode no" by
    # adding it to this configuration file.
    #
    # Before doing that MAKE SURE the instance is protected from the outside
    # world via firewalling or other means.
    #
    # For example you may use one of the following:
    #
    # bind 127.0.0.1 192.168.1.1
    #
    # protected-mode no
    
    # port <sentinel-port>
    # The port that this sentinel instance will run on
    port 26379
    
    # By default Redis Sentinel does not run as a daemon. Use 'yes' if you need it.
    # Note that Redis will write a pid file in /var/run/redis-sentinel.pid when
    # daemonized.
    daemonize no
    
    # When running daemonized, Redis Sentinel writes a pid file in
    # /var/run/redis-sentinel.pid by default. You can specify a custom pid file
    # location here.
    pidfile /var/run/redis-sentinel.pid
    
    # Specify the log file name. Also the empty string can be used to force
    # Sentinel to log on the standard output. Note that if you use standard
    # output for logging but daemonize, logs will be sent to /dev/null
    logfile ""
    
    # sentinel announce-ip <ip>
    # sentinel announce-port <port>
    #
    # The above two configuration directives are useful in environments where,
    # because of NAT, Sentinel is reachable from outside via a non-local address.
    #
    # When announce-ip is provided, the Sentinel will claim the specified IP address
    # in HELLO messages used to gossip its presence, instead of auto-detecting the
    # local address as it usually does.
    #
    # Similarly when announce-port is provided and is valid and non-zero, Sentinel
    # will announce the specified TCP port.
    #
    # The two options don't need to be used together, if only announce-ip is
    # provided, the Sentinel will announce the specified IP and the server port
    # as specified by the "port" option. If only announce-port is provided, the
    # Sentinel will announce the auto-detected local IP and the specified port.
    #
    # Example:
    #
    # sentinel announce-ip 1.2.3.4
    
    # dir <working-directory>
    # Every long running process should have a well-defined working directory.
    # For Redis Sentinel to chdir to /tmp at startup is the simplest thing
    # for the process to don't interfere with administrative tasks such as
    # unmounting filesystems.
    dir /tmp
    
    # sentinel monitor <master-name> <ip> <redis-port> <quorum>
    #
    # Tells Sentinel to monitor this master, and to consider it in O_DOWN
    # (Objectively Down) state only if at least <quorum> sentinels agree.
    #
    # Note that whatever is the ODOWN quorum, a Sentinel will require to
    # be elected by the majority of the known Sentinels in order to
    # start a failover, so no failover can be performed in minority.
    #
    # Replicas are auto-discovered, so you don't need to specify replicas in
    # any way. Sentinel itself will rewrite this configuration file adding
    # the replicas using additional configuration options.
    # Also note that the configuration file is rewritten when a
    # replica is promoted to master.
    #
    # Note: master name should not include special characters or spaces.
    # The valid charset is A-z 0-9 and the three characters ".-_".
    sentinel monitor mymaster 127.0.0.1 6379 2
    
    # sentinel auth-pass <master-name> <password>
    #
    # Set the password to use to authenticate with the master and replicas.
    # Useful if there is a password set in the Redis instances to monitor.
    #
    # Note that the master password is also used for replicas, so it is not
    # possible to set a different password in masters and replicas instances
    # if you want to be able to monitor these instances with Sentinel.
    #
    # However you can have Redis instances without the authentication enabled
    # mixed with Redis instances requiring the authentication (as long as the
    # password set is the same for all the instances requiring the password) as
    # the AUTH command will have no effect in Redis instances with authentication
    # switched off.
    #
    # Example:
    #
    # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
    
    # sentinel auth-user <master-name> <username>
    #
    # This is useful in order to authenticate to instances having ACL capabilities,
    # that is, running Redis 6.0 or greater. When just auth-pass is provided the
    # Sentinel instance will authenticate to Redis using the old "AUTH <pass>"
    # method. When also an username is provided, it will use "AUTH <user> <pass>".
    # In the Redis servers side, the ACL to provide just minimal access to
    # Sentinel instances, should be configured along the following lines:
    #
    #     user sentinel-user >somepassword +client +subscribe +publish 
    #                        +ping +info +multi +slaveof +config +client +exec on
    
    # sentinel down-after-milliseconds <master-name> <milliseconds>
    #
    # Number of milliseconds the master (or any attached replica or sentinel) should
    # be unreachable (as in, not acceptable reply to PING, continuously, for the
    # specified period) in order to consider it in S_DOWN state (Subjectively
    # Down).
    #
    # Default is 30 seconds.
    sentinel down-after-milliseconds mymaster 30000
    
    # requirepass <password>
    #
    # You can configure Sentinel itself to require a password, however when doing
    # so Sentinel will try to authenticate with the same password to all the
    # other Sentinels. So you need to configure all your Sentinels in a given
    # group with the same "requirepass" password. Check the following documentation
    # for more info: https://redis.io/topics/sentinel
    
    # sentinel parallel-syncs <master-name> <numreplicas>
    #
    # How many replicas we can reconfigure to point to the new replica simultaneously
    # during the failover. Use a low number if you use the replicas to serve query
    # to avoid that all the replicas will be unreachable at about the same
    # time while performing the synchronization with the master.
    sentinel parallel-syncs mymaster 1
    
    # sentinel failover-timeout <master-name> <milliseconds>
    #
    # Specifies the failover timeout in milliseconds. It is used in many ways:
    #
    # - The time needed to re-start a failover after a previous failover was
    #   already tried against the same master by a given Sentinel, is two
    #   times the failover timeout.
    #
    # - The time needed for a replica replicating to a wrong master according
    #   to a Sentinel current configuration, to be forced to replicate
    #   with the right master, is exactly the failover timeout (counting since
    #   the moment a Sentinel detected the misconfiguration).
    #
    # - The time needed to cancel a failover that is already in progress but
    #   did not produced any configuration change (SLAVEOF NO ONE yet not
    #   acknowledged by the promoted replica).
    #
    # - The maximum time a failover in progress waits for all the replicas to be
    #   reconfigured as replicas of the new master. However even after this time
    #   the replicas will be reconfigured by the Sentinels anyway, but not with
    #   the exact parallel-syncs progression as specified.
    #
    # Default is 3 minutes.
    sentinel failover-timeout mymaster 180000
    
    # SCRIPTS EXECUTION
    #
    # sentinel notification-script and sentinel reconfig-script are used in order
    # to configure scripts that are called to notify the system administrator
    # or to reconfigure clients after a failover. The scripts are executed
    # with the following rules for error handling:
    #
    # If script exits with "1" the execution is retried later (up to a maximum
    # number of times currently set to 10).
    #
    # If script exits with "2" (or an higher value) the script execution is
    # not retried.
    #
    # If script terminates because it receives a signal the behavior is the same
    # as exit code 1.
    #
    # A script has a maximum running time of 60 seconds. After this limit is
    # reached the script is terminated with a SIGKILL and the execution retried.
    
    # NOTIFICATION SCRIPT
    #
    # sentinel notification-script <master-name> <script-path>
    # 
    # Call the specified notification script for any sentinel event that is
    # generated in the WARNING level (for instance -sdown, -odown, and so forth).
    # This script should notify the system administrator via email, SMS, or any
    # other messaging system, that there is something wrong with the monitored
    # Redis systems.
    #
    # The script is called with just two arguments: the first is the event type
    # and the second the event description.
    #
    # The script must exist and be executable in order for sentinel to start if
    # this option is provided.
    #
    # Example:
    #
    # sentinel notification-script mymaster /var/redis/notify.sh
    
    # CLIENTS RECONFIGURATION SCRIPT
    #
    # sentinel client-reconfig-script <master-name> <script-path>
    #
    # When the master changed because of a failover a script can be called in
    # order to perform application-specific tasks to notify the clients that the
    # configuration has changed and the master is at a different address.
    # 
    # The following arguments are passed to the script:
    #
    # <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port>
    #
    # <state> is currently always "failover"
    # <role> is either "leader" or "observer"
    # 
    # The arguments from-ip, from-port, to-ip, to-port are used to communicate
    # the old address of the master and the new address of the elected replica
    # (now a master).
    #
    # This script should be resistant to multiple invocations.
    #
    # Example:
    #
    # sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
    
    # SECURITY
    #
    # By default SENTINEL SET will not be able to change the notification-script
    # and client-reconfig-script at runtime. This avoids a trivial security issue
    # where clients can set the script to anything and trigger a failover in order
    # to get the program executed.
    
    sentinel deny-scripts-reconfig yes
    
    # REDIS COMMANDS RENAMING
    #
    # Sometimes the Redis server has certain commands, that are needed for Sentinel
    # to work correctly, renamed to unguessable strings. This is often the case
    # of CONFIG and SLAVEOF in the context of providers that provide Redis as
    # a service, and don't want the customers to reconfigure the instances outside
    # of the administration console.
    #
    # In such case it is possible to tell Sentinel to use different command names
    # instead of the normal ones. For example if the master "mymaster", and the
    # associated replicas, have "CONFIG" all renamed to "GUESSME", I could use:
    #
    # SENTINEL rename-command mymaster CONFIG GUESSME
    #
    # After such configuration is set, every time Sentinel would use CONFIG it will
    # use GUESSME instead. Note that there is no actual need to respect the command
    # case, so writing "config guessme" is the same in the example above.
    #
    # SENTINEL SET can also be used in order to perform this configuration at runtime.
    #
    # In order to set a command back to its original name (undo the renaming), it
    # is possible to just rename a command to itself:
    #
    # SENTINEL rename-command mymaster CONFIG CONFIG
    
    
  • 相关阅读:
    第19 章 : 调度器的调度流程和算法介绍
    第18 章 : Kubernetes 调度和资源管理
    关于一次配合开发工作而产生的服务器内核参数问题(Android 网络问题)
    第17 章 : 深入理解 etcd:etcd 性能优化实践
    第16 章 : 深入理解 etcd:基于原理解析
    第15 章 : 深入解析 Linux 容器
    第14 章 : Kubernetes Service讲解
    第13 章 : Kubernetes 网络概念及策略控制
    第12 章 : 可观测性-监控与日志
    第11 章 : 可观测性:你的应用健康吗?(liveness和readiness)
  • 原文地址:https://www.cnblogs.com/Run2948/p/Redis_Sentinal.html
Copyright © 2020-2023  润新知