I'm wondering if there is a way to rotate TLS certs/keys on the fly (without stopping an instance) for redis servers and redis sentinels.
For redis servers (not sentinels) it is possible to use
CONFIG SET tls-cert-file xxx
CONFIG SET tls-cert-key yyy
...
And those commands work as expected - once they are executed server now works with newly provided certs.
However for sentinels any of:
CONFIG SET
SENTINEL CONFIG SET
SENTINEL SET
Do not seem to support changing tls-cert-file or tls-cert-key options.
Question:
So is there an alternative way to do the same trick for sentinels? Or the only possible option for sentinels is to restart them?
127.0.0.1:26379> sentinel config get *
1) "resolve-hostnames"
2) "no"
3) "announce-hostnames"
4) "no"
5) "announce-ip"
6) ""
7) "announce-port"
8) "0"
9) "sentinel-user"
10) ""
11) "sentinel-pass"
12) ""
I think that's all you can do with config set in Sentinels
Related
Setup: I have three machines with co-located Sentinel/Redis, exactly as in example-2, configured with sentinel auth-pass, masterauth, requirepass. -- failover, read/write -- all works.
Requirement: I want to add in a Redis slave (4th instance of Redis) that does not require auth, but replicates from the main cluster.
Issue: I setup exactly as in the uncommon case where you need a slave that is accessible without authentication, ie, Master >> Slave,replica-priority 0.
When using redis-py client, I ask Sentinel for a slave to read from and this no-auth-slave is chosen, i receive error: Client sent AUTH, but no password is set and connection is aborted. I believe the client is just passing back the error from server.
I've Tried:
Master >> Slave,replica-priority 0 >> Slave,replica-priority 0. All clients, servers, sync work (because Sentinel doesn't know about this readonly slave) except I get +fix-slave-config entries every 10s in Sentinel log. Not sure if this is concerning??
Setup as defined in "the uncommon case..." with Master >> (Slave,replica-priority 0) but client error, and unable to proceed with connection/request.
Questions:
Is Master >> Slave >> Slave with Sentinel +fix-slave-config entries ok?
Is Client sent AUTH, but no password is set a bug/feature?
I would definitely prefer to have all Redis slaves known by Sentinel for HA though, but doesn't work mixing auth/no-auth.
Redis 5.0.3, redis-py 3.2.0
We have Redis Server cluster. Can we use multiple Redis clusters on the same hosts?
Sure you should be able to do this following the steps found here in Pivotal's knowledge base:
https://discuss.pivotal.io/hc/en-us/articles/206087627-How-to-setup-and-run-multiple-Redis-server-instances-on-a-Linux-host
Note that these instructions assume that you have Redis already installed on the machine (default port 6379), and walks you through installing another.
Assuming that you want the port for your second instance to be 6380:
1) Copy your configs:
cp /etc/redis/redis_6379.conf /etc/redis/redis_6380.conf
2) Edit /etc/redis/redis_6380.conf and put the new port in the following lines:
pidfile /var/run/redis_6380.pid
port 6380
logfile /var/log/redis/redis_6380.log
dir /var/lib/redis/6380
3) Make sure it has a new working directory (matching the dir line above):
mkdir /var/lib/redis/6380
4) Edit /etc/init.d/redis_6379 and change these lines:
NAME=`basename ${0}`
PIDFILE=/var/run/${NAME}.pid
CONF="/etc/redis/${NAME}.conf"
REDISPORT="${NAME#*_}"
5) Create a symlink for the second instance:
ln -s /etc/init.d/redis_6379 /etc/init.d/redis_6380
6) Start the new instance:
/etc/init.d/redis_6380 start
7) Make sure it is running:
/usr/local/redis/src/redis-cli -p 6380 -a redisPassword info server
You should get similar results by running that command for port 6379.
Can I change tcp port to unix socket in redis.conf without restarting the redis server? If so, can you please outline the steps.
The traditional way to do it is as follows:
1) Comment port 6379 in redis.conf
2) Uncomment /var/run/redis/redis.sock and unixsocketperm 770 in redis.conf
3) Change unixsocketperm 770 to unixsocketperm 777 (or preferably 755)
4) Restart the redis server
5) Inside the app, set connectionpool to redis.ConnectionPool(connection_class=redis.UnixDomainSocketConnection, path='/var/run/redis/redis.sock', db=0)
I have a redis sentinel configuration with one master, two slaves and 3 sentinels running. I noticed that at some point the sentinels may switch the master electing one of the slaves as master. This is causing problems to an application which is connecting to the master node as a standalone client(I'm working on changing the code to use sentinels). I wanted to know if it is possible to switch the master by connecting to the sentinel client i.e. through 'redis-cli'
Can somebody let me know if there is a command that I can use to switch the master IP?
The client applications should use a client library that supports sentinel in the case where a redis master goes down and the sentinels select a new master. Not sure how beneficial it is to have sentinel setup if your client applications are not taking advantage of it. A client application that supports sentinel will query sentinel for the master ip and should be somewhat tolerant to faults occurring with the master connection. You can trigger a manual failover like the other answer states:
redis-cli -h {sentinel-ip} -p {26379 or sentinel port} sentinel failover {mastername}
But you will not be able to pick which node it fails over to. You can control a configuration value slave_priority in the redis.conf file so that it prefers a node over the rest. A description of the slave priority can be found here: https://redis.io/topics/sentinel
You can manually trigger a failover by running:
redis-cli -a {password} -p {sentinel_port} SENTINEL failover {cluster_name}
If you are using Lettuce Client you can use masterSlaveStatefulConnection and pass the sentinel URI it will perform auto discovery in the background and will refresh the master node internally.
https://github.com/lettuce-io/lettuce-core/wiki/Master-Replica
I am working with a master slave redis replication setup with redis version 2.4.15-1. I am testing to manually update the setting of one of the slaves to upgrade it to a master once the original master goes down. But from the client, I keep getting the following:
redis server:6381> CONFIG SET SLAVEOF "NO ONE"
(error) ERR Unsupported CONFIG parameter: SLAVEOF
Would I necessarily need to restart redis-server to do this? I assumed otherwise based on http://redis.io/topics/admin.
SLAVEOF is a command itself, not a config variable. You can make your server a slave of another server by running this on your slave:
SLAVEOF my.host.com 1234
(Where my.host.com is the server host and 1234 is your server port.)
If your master instance has a password, you'll need to set the MASTERAUTH config variable:
CONFIG SET MASTERAUTH foobar