官網:
Redis的主從只能實現資料熱備份的功能,主當機後從無法自動接管服務,因此Redis推出了Sentinel的主從監控模式。
Sentinel實質上是類似於MHA的一個監控主從並自動切換的monitor,實現的功能類似MongoDB自動切換的replica set,其命令列自帶於redis的安裝包中,
即:redis-sentinel。
而針對超大的資料量redis 3.0後還推出了Redis Cluster,實質上是分片,類似於MongoDB的auto sharding。
一、Sentinel.conf配置檔案
Sentinel.conf例項:
daemonize yes logfile "/redis/sentinel1/sentinel.log" port 26379 dir "/redis/sentinel1" protected-mode no --必須設定為no,否則無法自動故障轉移。 sentinel monitor mymaster 127.0.0.1 6379 2 sentinel auth-pass mymaster leo --必須寫在"sentinel monitor mymaster 127.0.0.1 6379 2"之後,否則會報找不到master name的錯誤。 sentinel down-after-milliseconds mymaster 60000 sentinel config-epoch mymaster 0
Sentinel配置檔案官網網址:http://download.redis.io/redis-stable/sentinel.conf
很多配置項都可以在這裡找到詳細的解釋,以下只翻譯了最重要的幾個配置項。
############################################################################## # 需要注意的是雖然本說明只列出了以下幾種引數,但其實一些redis.conf的引數也是可以在sentinel.conf中設定的,例如 # daemonize、logfile等引數。 # 此外如果主從設定了auth驗證,那麼這裡還需要配置:sentinel auth-pass <master-name> <password> ############################################################################## # Example sentinel.conf # *** IMPORTANT *** # # By default Sentinel will not be reachable from interfaces different than # localhost, either use the `bind` directive to bind to a list of network # interfaces, or disable protected mode with "protected-mode no" by # adding it to this configuration file. # 預設Sentinel是不允許除localhost以外的伺服器連線的,因此要麼在bind中指明網段,要麼設定protected-mode no # Before doing that MAKE SURE the instance is protected from the outside # world via firewalling or other means. # # For example you may use one of the following: # # bind 127.0.0.1 192.168.1.1 # protected-mode no --必須設定為no,或者bind 127.0.0.1以及本地IP,否則sentinel之間無法通訊不能進行自動failover # port <sentinel-port> # The port that this sentinel instance will run on port 26379 # sentinel announce-ip <ip> # sentinel announce-port <port> # # The above two configuration directives are useful in environments where, # because of NAT, Sentinel is reachable from outside via a non-local address. # # When announce-ip is provided, the Sentinel will claim the specified IP address # in HELLO messages used to gossip its presence, instead of auto-detecting the # local address as it usually does. # # Similarly when announce-port is provided and is valid and non-zero, Sentinel # will announce the specified TCP port. # # The two options don`t need to be used together, if only announce-ip is # provided, the Sentinel will announce the specified IP and the server port # as specified by the "port" option. If only announce-port is provided, the # Sentinel will announce the auto-detected local IP and the specified port. # # Example: # # sentinel announce-ip 1.2.3.4 # dir <working-directory> # Every long running process should have a well-defined working directory. # For Redis Sentinel to chdir to /tmp at startup is the simplest thing # for the process to don`t interfere with administrative tasks such as # unmounting filesystems. dir /tmp # sentinel monitor <master-name> <ip> <redis-port> <quorum> # # Tells Sentinel to monitor this master, and to consider it in O_DOWN # (Objectively Down) state only if at least <quorum> sentinels agree. # 此命令告訴哨兵去監控主節點,如果至少有<quorum>個setinel檢測到主S_DOWN,那麼就將主設定為O_DOWN狀態,然後就可以failover。 # O_DOWN S_DOWN Objectively/Subjectively:意思分別是客觀下線和主觀下線,前者表示多個sentinel例項共同作出了master已下線的判斷, # 後者表示單個sentinel例項做出了master已下線的判斷。只有至少<quorum>個sentinel程式檢測到主S_DOWN,才會做出主O_DOWN的判斷,然後其中一個sentinel就會開始進行failover。 # Note that whatever is the ODOWN quorum, a Sentinel will require to # be elected by the majority of the known Sentinels in order to # start a failover, so no failover can be performed in minority. # 這段說明setinel也是需要多數存活才能實現故障轉移投票,因此為防止腦裂建議配置奇數個sentinel。 # Slaves are auto-discovered, so you don`t need to specify slaves in # any way. Sentinel itself will rewrite this configuration file adding # the slaves using additional configuration options. # Also note that the configuration file is rewritten when a # slave is promoted to master. # # Note: master name should not include special characters or spaces. # The valid charset is A-z 0-9 and the three characters ".-_". sentinel monitor mymaster 127.0.0.1 6379 2 # sentinel auth-pass <master-name> <password> # # Set the password to use to authenticate with the master and slaves. # Useful if there is a password set in the Redis instances to monitor. # # Note that the master password is also used for slaves, so it is not # possible to set a different password in masters and slaves instances # if you want to be able to monitor these instances with Sentinel. # # However you can have Redis instances without the authentication enabled # mixed with Redis instances requiring the authentication (as long as the # password set is the same for all the instances requiring the password) as # the AUTH command will have no effect in Redis instances with authentication # switched off. # # Example: # # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd # sentinel down-after-milliseconds <master-name> <milliseconds> # # Number of milliseconds the master (or any attached slave or sentinel) should # be unreachable (as in, not acceptable reply to PING, continuously, for the # specified period) in order to consider it in S_DOWN state (Subjectively # Down). # 這段的意思是sentinel在和主失聯多少毫秒後,可以做出主節點S_DOWN的判斷。 # Default is 30 seconds. sentinel down-after-milliseconds mymaster 30000 # sentinel parallel-syncs <master-name> <numslaves> # # How many slaves we can reconfigure to point to the new slave simultaneously # during the failover. Use a low number if you use the slaves to serve query # to avoid that all the slaves will be unreachable at about the same # time while performing the synchronization with the master. sentinel parallel-syncs mymaster 1 # sentinel failover-timeout <master-name> <milliseconds> # # Specifies the failover timeout in milliseconds. It is used in many ways: # # - The time needed to re-start a failover after a previous failover was # already tried against the same master by a given Sentinel, is two # times the failover timeout. # # - The time needed for a slave replicating to a wrong master according # to a Sentinel current configuration, to be forced to replicate # with the right master, is exactly the failover timeout (counting since # the moment a Sentinel detected the misconfiguration). # # - The time needed to cancel a failover that is already in progress but # did not produced any configuration change (SLAVEOF NO ONE yet not # acknowledged by the promoted slave). # # - The maximum time a failover in progress waits for all the slaves to be # reconfigured as slaves of the new master. However even after this time # the slaves will be reconfigured by the Sentinels anyway, but not with # the exact parallel-syncs progression as specified. # # Default is 3 minutes. sentinel failover-timeout mymaster 180000 # SCRIPTS EXECUTION # # sentinel notification-script and sentinel reconfig-script are used in order # to configure scripts that are called to notify the system administrator # or to reconfigure clients after a failover. The scripts are executed # with the following rules for error handling: # # If script exits with "1" the execution is retried later (up to a maximum # number of times currently set to 10). # # If script exits with "2" (or an higher value) the script execution is # not retried. # # If script terminates because it receives a signal the behavior is the same # as exit code 1. # # A script has a maximum running time of 60 seconds. After this limit is # reached the script is terminated with a SIGKILL and the execution retried. # NOTIFICATION SCRIPT # # sentinel notification-script <master-name> <script-path> # 這裡可以配置發生failover時的可執行指令碼,可以配置郵件傳送指令碼。 # Call the specified notification script for any sentinel event that is # generated in the WARNING level (for instance -sdown, -odown, and so forth). # This script should notify the system administrator via email, SMS, or any # other messaging system, that there is something wrong with the monitored # Redis systems. # # The script is called with just two arguments: the first is the event type # and the second the event description. # # The script must exist and be executable in order for sentinel to start if # this option is provided. # # Example: # # sentinel notification-script mymaster /var/redis/notify.sh # CLIENTS RECONFIGURATION SCRIPT # # sentinel client-reconfig-script <master-name> <script-path> # # When the master changed because of a failover a script can be called in # order to perform application-specific tasks to notify the clients that the # configuration has changed and the master is at a different address. # # The following arguments are passed to the script: # # <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port> # # <state> is currently always "failover" # <role> is either "leader" or "observer" # # The arguments from-ip, from-port, to-ip, to-port are used to communicate # the old address of the master and the new address of the elected slave # (now a master). # # This script should be resistant to multiple invocations. # # Example: # # sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
二、Sentinel的啟動
redis-sentinel /redis/sentinel_1/sentinel.conf
或
redis-server /redis/sentinel_1/sentinel.conf
以上兩種方式都可以,一般我們需要啟動至少3個以上的奇數個這樣的sentinel程式。
三、Sentinel API(即Sentinel shell內可以使用的命令)
參考:https://redis.io/topics/sentinel 的Sentinel API部分。
例如我們可以使用sentinel failover來實現手動failover,還可以通過sentinel remove/monitor來實現主節點的重新配置。
四、其他注意事項
Redis Sentinel在和docker使用時需要特別注意,由於docker存在埠對映可能會導致sentinel的自動failover失效。
同樣的NAT和埠對映等機制也會導致Sentinel失效,需要進行特別的配置。
總結下來就是:凡是涉及到IP轉換或者埠對映時,部署Sentinel都需要注意。