哨兵简介
主机”宕机”
- 将宕机的 master 下线
- 找一个 slave 作为 master
- 通知所有的 slave 连接新的 master
- 启动新的 master 和 slave
- 全量复制
*n+
部分复制*n
存在的问题:
- 谁来确认 master 宕机了
- 重新找一个新的 master ,怎么找法?
- 修改配置后,原来的 master 恢复了怎么办?
哨兵
哨兵(sentinal
)是一个分布式系统,用于对主从结构中的每台服务器进行监控
,当出现故障时通过投票机制选择
新的 master 并将所有的 slave 连接到新的 master。
哨兵的作用
- 监控
- 不断的检查 master 和 slave 是否正常运行
- master 存活检测、master 与 slave 运行情况检测
- 通知(提醒)
- 自动故障转移
- 断开 master 与 slave 连接,选取一个 slave 作为 master,将其他的 slave 连接到新的 master,并告知客户端新的服务器地址
注意:
- 哨兵也是一台
redis
服务器,只是不提供数据服务 - 通常哨兵配置的数量为
单数
启用哨兵模式
配置哨兵
-
配置一拖二的主从结构
-
配置三个哨兵(配置相同,端口不同)
- 参看
sentinel.conf
- 参看
-
启动哨兵
redis-sentinel sentinel-端口号.conf
哨兵配置项说明:
# 哨兵服务端口 port 26379 # 哨兵工作信息存储目录 dir /tmp # 监控 主 连接字符串 哨兵判挂标准(几个哨兵认定他挂了,就判定为主挂了,通常为哨兵数量的一半加一) sentinel monitor mymaster 127.0.0.1 6379 2 # 主 连接多长时间无响应,就认定它挂了(默认 30s) sentinel down-after-milliseconds mymaster 30000 # 主挂了之后,新的主上任同步数据的路线数量,数值越小,对服务器压力越小 sentinel parallel-syncs mymaster 1 # 新主同步数据时,多长时间同步完算有效 (默认 180s) sentinel failover-timeout mymaster 180000
主 redis-6379.conf
port 6379 daemonize no #logfile "6379.log" dir /redis-4.0.0/data dbfilename dump-6379.rdb rdbcompression yes rdbchecksum yes save 10 2 appendonly yes appendfsync always appendfilename appendonly-6379.aof bind 127.0.0.1 databases 16
从1 redis-6380.conf
port 6380 daemonize no #logfile "6380.log" dir /redis-4.0.0/data slaveof 127.0.0.1 6379
从2 redis-6381.conf
port 6381 daemonize no #logfile "6381.log" dir /redis-4.0.0/data slaveof 127.0.0.1 6379
哨兵1 sentinel-26379.conf
port 26379 dir /redis-4.0.0/data sentinel monitor mymaster 127.0.0.1 6379 2 sentinel down-after-milliseconds mymaster 30000 sentinel parallel-syncs mymaster 1 sentinel failover-timeout mymaster 180000
哨兵2 sentinel-26380.conf
port 26380 dir /redis-4.0.0/data sentinel monitor mymaster 127.0.0.1 6379 2 sentinel down-after-milliseconds mymaster 30000 sentinel parallel-syncs mymaster 1 sentinel failover-timeout mymaster 180000
哨兵3 sentinel-26381.conf
port 26381 dir /redis-4.0.0/data sentinel monitor mymaster 127.0.0.1 6379 2 sentinel down-after-milliseconds mymaster 30000 sentinel parallel-syncs mymaster 1 sentinel failover-timeout mymaster 180000
启动哨兵
redis-server /redis-4.0.0/conf/redis-6379.conf redis-server /redis-4.0.0/conf/redis-6380.conf redis-server /redis-4.0.0/conf/redis-6381.conf redis-sentinel /redis-4.0.0/conf/sentinel-26379.conf redis-sentinel /redis-4.0.0/conf/sentinel-26380.conf redis-sentinel /redis-4.0.0/conf/sentinel-26381.conf # 停止 主 ctrl+c
官方原版配置文件:sentinel.conf
# example sentinel.conf # *** important *** # # by default sentinel will not be reachable from interfaces different than # localhost, either use the 'bind' directive to bind to a list of network # interfaces, or disable protected mode with "protected-mode no" by # adding it to this configuration file. # # before doing that make sure the instance is protected from the outside # world via firewalling or other means. # # for example you may use one of the following: # # bind 127.0.0.1 192.168.1.1 # # protected-mode no # port <sentinel-port> # the port that this sentinel instance will run on port 26379 # by default redis sentinel does not run as a daemon. use 'yes' if you need it. # note that redis will write a pid file in /var/run/redis-sentinel.pid when # daemonized. daemonize no # when running daemonized, redis sentinel writes a pid file in # /var/run/redis-sentinel.pid by default. you can specify a custom pid file # location here. pidfile /var/run/redis-sentinel.pid # specify the log file name. also the empty string can be used to force # sentinel to log on the standard output. note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null logfile "" # sentinel announce-ip <ip> # sentinel announce-port <port> # # the above two configuration directives are useful in environments where, # because of nat, sentinel is reachable from outside via a non-local address. # # when announce-ip is provided, the sentinel will claim the specified ip address # in hello messages used to gossip its presence, instead of auto-detecting the # local address as it usually does. # # similarly when announce-port is provided and is valid and non-zero, sentinel # will announce the specified tcp port. # # the two options don't need to be used together, if only announce-ip is # provided, the sentinel will announce the specified ip and the server port # as specified by the "port" option. if only announce-port is provided, the # sentinel will announce the auto-detected local ip and the specified port. # # example: # # sentinel announce-ip 1.2.3.4 # dir <working-directory> # every long running process should have a well-defined working directory. # for redis sentinel to chdir to /tmp at startup is the simplest thing # for the process to don't interfere with administrative tasks such as # unmounting filesystems. dir /tmp # sentinel monitor <master-name> <ip> <redis-port> <quorum> # # tells sentinel to monitor this master, and to consider it in o_down # (objectively down) state only if at least <quorum> sentinels agree. # # note that whatever is the odown quorum, a sentinel will require to # be elected by the majority of the known sentinels in order to # start a failover, so no failover can be performed in minority. # # replicas are auto-discovered, so you don't need to specify replicas in # any way. sentinel itself will rewrite this configuration file adding # the replicas using additional configuration options. # also note that the configuration file is rewritten when a # replica is promoted to master. # # note: master name should not include special characters or spaces. # the valid charset is a-z 0-9 and the three characters ".-_". sentinel monitor mymaster 127.0.0.1 6379 2 # sentinel auth-pass <master-name> <password> # # set the password to use to authenticate with the master and replicas. # useful if there is a password set in the redis instances to monitor. # # note that the master password is also used for replicas, so it is not # possible to set a different password in masters and replicas instances # if you want to be able to monitor these instances with sentinel. # # however you can have redis instances without the authentication enabled # mixed with redis instances requiring the authentication (as long as the # password set is the same for all the instances requiring the password) as # the auth command will have no effect in redis instances with authentication # switched off. # # example: # # sentinel auth-pass mymaster mysuper--secret-0123passw0rd # sentinel auth-user <master-name> <username> # # this is useful in order to authenticate to instances having acl capabilities, # that is, running redis 6.0 or greater. when just auth-pass is provided the # sentinel instance will authenticate to redis using the old "auth <pass>" # method. when also an username is provided, it will use "auth <user> <pass>". # in the redis servers side, the acl to provide just minimal access to # sentinel instances, should be configured along the following lines: # # user sentinel-user >somepassword +client +subscribe +publish \ # +ping +info +multi +slaveof +config +client +exec on # sentinel down-after-milliseconds <master-name> <milliseconds> # # number of milliseconds the master (or any attached replica or sentinel) should # be unreachable (as in, not acceptable reply to ping, continuously, for the # specified period) in order to consider it in s_down state (subjectively # down). # # default is 30 seconds. sentinel down-after-milliseconds mymaster 30000 # requirepass <password> # # you can configure sentinel itself to require a password, however when doing # so sentinel will try to authenticate with the same password to all the # other sentinels. so you need to configure all your sentinels in a given # group with the same "requirepass" password. check the following documentation # for more info: https://redis.io/topics/sentinel # sentinel parallel-syncs <master-name> <numreplicas> # # how many replicas we can reconfigure to point to the new replica simultaneously # during the failover. use a low number if you use the replicas to serve query # to avoid that all the replicas will be unreachable at about the same # time while performing the synchronization with the master. sentinel parallel-syncs mymaster 1 # sentinel failover-timeout <master-name> <milliseconds> # # specifies the failover timeout in milliseconds. it is used in many ways: # # - the time needed to re-start a failover after a previous failover was # already tried against the same master by a given sentinel, is two # times the failover timeout. # # - the time needed for a replica replicating to a wrong master according # to a sentinel current configuration, to be forced to replicate # with the right master, is exactly the failover timeout (counting since # the moment a sentinel detected the misconfiguration). # # - the time needed to cancel a failover that is already in progress but # did not produced any configuration change (slaveof no one yet not # acknowledged by the promoted replica). # # - the maximum time a failover in progress waits for all the replicas to be # reconfigured as replicas of the new master. however even after this time # the replicas will be reconfigured by the sentinels anyway, but not with # the exact parallel-syncs progression as specified. # # default is 3 minutes. sentinel failover-timeout mymaster 180000 # scripts execution # # sentinel notification-script and sentinel reconfig-script are used in order # to configure scripts that are called to notify the system administrator # or to reconfigure clients after a failover. the scripts are executed # with the following rules for error handling: # # if script exits with "1" the execution is retried later (up to a maximum # number of times currently set to 10). # # if script exits with "2" (or an higher value) the script execution is # not retried. # # if script terminates because it receives a signal the behavior is the same # as exit code 1. # # a script has a maximum running time of 60 seconds. after this limit is # reached the script is terminated with a sigkill and the execution retried. # notification script # # sentinel notification-script <master-name> <script-path> # # call the specified notification script for any sentinel event that is # generated in the warning level (for instance -sdown, -odown, and so forth). # this script should notify the system administrator via email, sms, or any # other messaging system, that there is something wrong with the monitored # redis systems. # # the script is called with just two arguments: the first is the event type # and the second the event description. # # the script must exist and be executable in order for sentinel to start if # this option is provided. # # example: # # sentinel notification-script mymaster /var/redis/notify.sh # clients reconfiguration script # # sentinel client-reconfig-script <master-name> <script-path> # # when the master changed because of a failover a script can be called in # order to perform application-specific tasks to notify the clients that the # configuration has changed and the master is at a different address. # # the following arguments are passed to the script: # # <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port> # # <state> is currently always "failover" # <role> is either "leader" or "observer" # # the arguments from-ip, from-port, to-ip, to-port are used to communicate # the old address of the master and the new address of the elected replica # (now a master). # # this script should be resistant to multiple invocations. # # example: # # sentinel client-reconfig-script mymaster /var/redis/reconfig.sh # security # # by default sentinel set will not be able to change the notification-script # and client-reconfig-script at runtime. this avoids a trivial security issue # where clients can set the script to anything and trigger a failover in order # to get the program executed. sentinel deny-scripts-reconfig yes # redis commands renaming # # sometimes the redis server has certain commands, that are needed for sentinel # to work correctly, renamed to unguessable strings. this is often the case # of config and slaveof in the context of providers that provide redis as # a service, and don't want the customers to reconfigure the instances outside # of the administration console. # # in such case it is possible to tell sentinel to use different command names # instead of the normal ones. for example if the master "mymaster", and the # associated replicas, have "config" all renamed to "guessme", i could use: # # sentinel rename-command mymaster config guessme # # after such configuration is set, every time sentinel would use config it will # use guessme instead. note that there is no actual need to respect the command # case, so writing "config guessme" is the same in the example above. # # sentinel set can also be used in order to perform this configuration at runtime. # # in order to set a command back to its original name (undo the renaming), it # is possible to just rename a command to itself: # # sentinel rename-command mymaster config config
到此这篇关于redis哨兵模式介绍的文章就介绍到这了。希望对大家的学习有所帮助,也希望大家多多支持www.887551.com。