Настройка High Availability Redis-кластер

Июнь 19th, 2018

Evgeniy Kamenev

Есть 2 сервера приложений(app01 и app02), на которых установлен Redis и Sentinel для мониторинга активного мастера и перевода одного из существующих слейв серверов в режим мастера в случае выхода со строя текущего мастера, а также перевода старого мастера в режим slave к вновь избранному мастеру.
Также есть третий сервер(advisor), на котором запущен только Sentinel. Этот сервер нужен для участия в голосовании и поддержки кворума при выборе нового мастера. Базы Redis он на себе содержать не будет.
Всего в наличие 3 сервера(не включая HAproxy)
Перед Redis-кластером будет настроен Haproxy, который будет мониторить состояние обоих Redis-серверов и направлять запросы клиентов ТОЛЬКО на текущий мастер
В коде приложения для Redis-запросов происходит подключение к HAproxy-серверу
Т.е. схема прохождения запроса будет выглядить так

Client->Haproxy->Redis-master

1	Client->Haproxy->Redis-master

app01-192.168.100.1
app02-192.168.100.2
advisor-192.168.100.3

app01-192.168.100.1

app02-192.168.100.2

advisor-192.168.100.3

Порядок настройки:
1.Установка Redis на серверах приложений (app01 и app02)
2.Настройка Master/Slave репликации из двух Redis-серверов(app01 и app02)
3.Настройка Sentinel на всех трех серверах(app01,app02,advisor)
4.Тестирование переключения мастера
5.Настройка HAproxy

1.Установка Redis на серверах приложений (app01 и app02)

# apt-get update && apt-get dist-upgrade

1	# apt-get update && apt-get dist-upgrade

Установка будет выполнена из исходного кода

#  apt-get install build-essential tcl

1	# apt-get install build-essential tcl

#  cd /tmp

# cd /tmp

#  curl -O http://download.redis.io/redis-stable.tar.gz

1	# curl -O http://download.redis.io/redis-stable.tar.gz

#  tar xzvf redis-stable.tar.gz

1	# tar xzvf redis-stable.tar.gz

#  cd redis-stable

1	# cd redis-stable

#  make

# make

#  make test

1	# make test

#  make install

1	# make install

#  mkdir /etc/redis

1	# mkdir /etc/redis

#  cp /tmp/redis-stable/redis.conf /etc/redis

1	# cp /tmp/redis-stable/redis.conf /etc/redis

# adduser --system --group --no-create-home redis

1	# adduser --system --group --no-create-home redis

#  mkdir /var/lib/redis /var/run/redis /var/log/redis

1	# mkdir /var/lib/redis /var/run/redis /var/log/redis

#  chown redis:redis /var/lib/redis /var/run/redis /var/log/redis

1	# chown redis:redis /var/lib/redis /var/run/redis /var/log/redis

#  chmod 770 /var/lib/redis

1	# chmod 770 /var/lib/redis

2.Настройка Master/Slave репликации из двух Redis-серверов(app01 и app02)
Настройка конфигурационных файлов Redis
Master (app01)

# nano /etc/redis/redis.conf

1	# nano /etc/redis/redis.conf

bind 192.168.100.1 127.0.0.1
requirepass mypassword
masterauth mypassword
protected-mode yes
port 6379

bind 192.168.100.1 127.0.0.1

requirepass mypassword

masterauth mypassword

protected-mode yes

port 6379

Slave(app02)

# nano /etc/redis/redis.conf

1	# nano /etc/redis/redis.conf

bind 192.168.100.2 127.0.0.1
requirepass mypassword
masterauth mypassword
protected-mode yes
port 6379
slaveof 192.168.100.1 6379

bind 192.168.100.2 127.0.0.1

requirepass mypassword

masterauth mypassword

protected-mode yes

port 6379

slaveof 192.168.100.1 6379

protected-mode по умолчанию yes, который не разрешит подключение по сети, если
а) не указан точно интерфейс в опции bind
б) не установлен мастер-пароль в секции requirepass, который требует авторизоваться прежде чем получить доступ к редис(соответственно необходимо на slave добавить опцию masterauth mypassword)

В данном случае Redis был установлен с исходников, поэтому создадим Unit-файл
Создание Unit-файла для Redis для системы инициализации systemd

# nano /etc/systemd/system/redis.service

1	# nano /etc/systemd/system/redis.service

Unit]
Description=Advanced key-value store
After=network.target
Documentation=http://redis.io/documentation, man:redis-server(1)

[Service]
Type=forking
ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf
PIDFile=/var/run/redis/redis.pid
TimeoutStopSec=0
Restart=always
User=redis
Group=redis

ExecStartPre=-/bin/run-parts --verbose /etc/redis/redis-server.pre-up.d
ExecStartPost=-/bin/run-parts --verbose /etc/redis/redis-server.post-up.d
ExecStop=-/bin/run-parts --verbose /etc/redis/redis-server.pre-down.d
ExecStop=/bin/kill -s TERM $MAINPID
ExecStopPost=-/bin/run-parts --verbose /etc/redis/redis-server.post-down.d

PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/redis
ReadWriteDirectories=-/var/log/redis
ReadWriteDirectories=-/var/run/redis
CapabilityBoundingSet=~CAP_SYS_PTRACE

# redis-server writes its own config file when in cluster mode so we allow
# writing there (NB. ProtectSystem=true over ProtectSystem=full)
ProtectSystem=true
ReadWriteDirectories=-/etc/redis

[Install]
WantedBy=multi-user.target
Alias=redis.service

Unit]

Description=Advanced key-value store

After=network.target

Documentation=http://redis.io/documentation, man:redis-server(1)

[Service]

Type=forking

ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf

PIDFile=/var/run/redis/redis.pid

TimeoutStopSec=0

Restart=always

User=redis

Group=redis

ExecStartPre=-/bin/run-parts --verbose /etc/redis/redis-server.pre-up.d

ExecStartPost=-/bin/run-parts --verbose /etc/redis/redis-server.post-up.d

ExecStop=-/bin/run-parts --verbose /etc/redis/redis-server.pre-down.d

ExecStop=/bin/kill -s TERM $MAINPID

ExecStopPost=-/bin/run-parts --verbose /etc/redis/redis-server.post-down.d

PrivateTmp=yes

PrivateDevices=yes

ProtectHome=yes

ReadOnlyDirectories=/

ReadWriteDirectories=-/var/lib/redis

ReadWriteDirectories=-/var/log/redis

ReadWriteDirectories=-/var/run/redis

CapabilityBoundingSet=~CAP_SYS_PTRACE

# redis-server writes its own config file when in cluster mode so we allow

# writing there (NB. ProtectSystem=true over ProtectSystem=full)

ProtectSystem=true

ReadWriteDirectories=-/etc/redis

[Install]

WantedBy=multi-user.target

Alias=redis.service

Для того,чтобы Redis, который запускается под пользователем redis, смог перезписать свой конфигурационный файл, изменим его владельца/группу на redis на обоих Redis-серверах, а также ограничим доcтуп к файлу /etc/redis/redis.conf только для redis пользователя/группы в целях безопаности(доступ к дамп-файлу /var/lib/redis/dump.rdb был ограничен на этапе установки Redis)

# chown redis:redis /etc/redis/redis.conf

1	# chown redis:redis /etc/redis/redis.conf

# chmod 660 /etc/redis/redis.conf

1	# chmod 660 /etc/redis/redis.conf

С точки зрения безопасности не обходимо ограничить доступ к Redis на уровне файрволла т.е. разрешить подключение к Redis,Sentinel-серверам только с app01,app02,advisor,HAProxy-серверов
В дополнение к ограничению на сетевом доступе можно использовать простую аутентифкиацию в Redis по паролю
(параметр requirepass в конфигурационном файле Redis)

Запускаем redis на мастере и слейве

# systemct start redis

1	# systemct start redis

Лог Redis на Slave-сервере

# tail -f /var/log/redis/redis.log

1	# tail -f /var/log/redis/redis.log

19 May 16:38:35.754 * Ready to accept connections
19 May 16:38:35.754 * Connecting to MASTER 192.168.100.1:6379
19 May 16:38:35.754 * MASTER <-> SLAVE sync started
19 May 16:38:35.754 * Non blocking connect for SYNC fired the event.
19 May 16:38:35.755 * Master replied to PING, replication can continue...
19 May 16:38:35.756 * Trying a partial resynchronization (request dc6870279c00ebc02029bbf19e95a5262db33566:1).
19 May 16:38:35.757 * Full resync from master: cf5c9ae2f1700e734fe04a916f5d96b534c28d2d:0
19 May 16:38:35.757 * Discarding previously cached master state.
19 May 16:38:35.889 * MASTER <-> SLAVE sync: receiving 175 bytes from master
19 May 16:38:35.889 * MASTER <-> SLAVE sync: Flushing old data
19 May 16:38:35.889 * MASTER <-> SLAVE sync: Loading DB in memory
19 May 16:38:35.889 * MASTER <-> SLAVE sync: Finished with success

19 May 16:38:35.754 * Ready to accept connections

19 May 16:38:35.754 * Connecting to MASTER 192.168.100.1:6379

19 May 16:38:35.754 * MASTER <-> SLAVE sync started

19 May 16:38:35.754 * Non blocking connect for SYNC fired the event.

19 May 16:38:35.755 * Master replied to PING, replication can continue...

19 May 16:38:35.756 * Trying a partial resynchronization (request dc6870279c00ebc02029bbf19e95a5262db33566:1).

19 May 16:38:35.757 * Full resync from master: cf5c9ae2f1700e734fe04a916f5d96b534c28d2d:0

19 May 16:38:35.757 * Discarding previously cached master state.

19 May 16:38:35.889 * MASTER <-> SLAVE sync: receiving 175 bytes from master

19 May 16:38:35.889 * MASTER <-> SLAVE sync: Flushing old data

19 May 16:38:35.889 * MASTER <-> SLAVE sync: Loading DB in memory

19 May 16:38:35.889 * MASTER <-> SLAVE sync: Finished with success

В этот момент на мастере Redis в логах

# tail -f /var/log/redis/redis.log

1	# tail -f /var/log/redis/redis.log

19 May 16:38:35.752 * Slave 192.168.100.2:6379 asks for synchronization
19 May 16:38:35.752 * Unable to partial resync with slave 192.168.100.2:6379 for lack of backlog (Slave request was: 1).
19 May 16:38:35.752 # Warning: slave 192.168.100.2:6379 tried to PSYNC with an offset that is greater than the master replication offset.
19 May 16:38:35.753 * Starting BGSAVE for SYNC with target: disk
19 May 16:38:35.753 * Background saving started by pid 14554
19 May 16:38:35.883 * DB saved on disk
19 May 16:38:35.884 * RDB: 0 MB of memory used by copy-on-write
19 May 16:38:35.885 * Background saving terminated with success
19 May 16:38:35.885 * Synchronization with slave 192.168.100.2:6379 succeeded

19 May 16:38:35.752 * Slave 192.168.100.2:6379 asks for synchronization

19 May 16:38:35.752 * Unable to partial resync with slave 192.168.100.2:6379 for lack of backlog (Slave request was: 1).

19 May 16:38:35.752 # Warning: slave 192.168.100.2:6379 tried to PSYNC with an offset that is greater than the master replication offset.

19 May 16:38:35.753 * Starting BGSAVE for SYNC with target: disk

19 May 16:38:35.753 * Background saving started by pid 14554

19 May 16:38:35.883 * DB saved on disk

19 May 16:38:35.884 * RDB: 0 MB of memory used by copy-on-write

19 May 16:38:35.885 * Background saving terminated with success

19 May 16:38:35.885 * Synchronization with slave 192.168.100.2:6379 succeeded

Проверка состояния репликации

На мастере выполняем

# redis-cli -p 6379 -a mypassword  info replication

1	# redis-cli -p 6379 -a mypassword info replication

# Replication
role:master
connected_slaves:1
slave0:ip=192.168.100.2,port=6379,state=online,offset=686,lag=0
master_replid:cf5c9ae2f1700e734fe04a916f5d96b534c28d2d
master_replid2:0000000000000000000000000000000000000000
master_repl_offset:686
second_repl_offset:-1
repl_backlog_active:1
repl_backlog_size:1048576
repl_backlog_first_byte_offset:1
repl_backlog_histlen:686

# Replication

role:master

connected_slaves:1

slave0:ip=192.168.100.2,port=6379,state=online,offset=686,lag=0

master_replid:cf5c9ae2f1700e734fe04a916f5d96b534c28d2d

master_replid2:0000000000000000000000000000000000000000

master_repl_offset:686

second_repl_offset:-1

repl_backlog_active:1

repl_backlog_size:1048576

repl_backlog_first_byte_offset:1

repl_backlog_histlen:686

На Slave выполняем

# redis-cli -p 6379 -a mypassword  info replication

1	# redis-cli -p 6379 -a mypassword info replication

# Replication
role:slave
master_host:192.168.100.1
master_port:6379
master_link_status:up
master_last_io_seconds_ago:0
master_sync_in_progress:0
slave_repl_offset:812
slave_priority:100
slave_read_only:1
connected_slaves:0
master_replid:cf5c9ae2f1700e734fe04a916f5d96b534c28d2d
master_replid2:0000000000000000000000000000000000000000
master_repl_offset:812
second_repl_offset:-1
repl_backlog_active:1
repl_backlog_size:1048576
repl_backlog_first_byte_offset:1
repl_backlog_histlen:812

# Replication

role:slave

master_host:192.168.100.1

master_port:6379

master_link_status:up

master_last_io_seconds_ago:0

master_sync_in_progress:0

slave_repl_offset:812

slave_priority:100

slave_read_only:1

connected_slaves:0

master_replid:cf5c9ae2f1700e734fe04a916f5d96b534c28d2d

master_replid2:0000000000000000000000000000000000000000

master_repl_offset:812

second_repl_offset:-1

repl_backlog_active:1

repl_backlog_size:1048576

repl_backlog_first_byte_offset:1

repl_backlog_histlen:812

Если необходимо вручную перевести роль мастера на новый сервер
Для того,чтобы из slave сделать мастер достаточно выполнить
На slave

# redis-cli -p 6379 -a mypassword slaveof no one

1	# redis-cli -p 6379 -a mypassword slaveof no one

И проверяем

# redis-cli -p 6379 -a mypassword info replication

1	# redis-cli -p 6379 -a mypassword info replication

Для автоматического перевода роли master на один из существующих slave-серверов используем Sentinel. Также Sentinel автоматически перенастраивает все остальные slave-сервера на новый мастер

3. Настройка Sentinel на всех трех серверах(app01,app02,advisor)

Настройка Sentinel на app01

# cat /etc/redis/sentinel.conf

1	# cat /etc/redis/sentinel.conf

port 26379
daemonize yes
pidfile "/var/run/redis/sentinel.pid"
logfile "/var/log/redis/sentinel.log"
dir /var/lib/redis/sentinel
sentinel monitor master01 192.168.100.1  6379 2
sentinel auth-pass master01 mypassword
sentinel down-after-milliseconds master01 3000
sentinel failover-timeout master01 6000
sentinel parallel-syncs master01 1
protected-mode no

port 26379

daemonize yes

pidfile "/var/run/redis/sentinel.pid"

logfile "/var/log/redis/sentinel.log"

dir /var/lib/redis/sentinel

sentinel monitor master01 192.168.100.1 6379 2

sentinel auth-pass master01 mypassword

sentinel down-after-milliseconds master01 3000

sentinel failover-timeout master01 6000

sentinel parallel-syncs master01 1

protected-mode no

Имя монитора master01(может быть произвольным). Это имя должно быть одинаковое на всех экземплярах Sentinel
Текущий Redis-мастер app01-сервер с адресом 192.168.100.1, кворум для голосования составляет 2 ноды Sentinel

sentinel monitor master01 192.168.100.1  6379 2

1	sentinel monitor master01 192.168.100.1 6379 2

Аутентифицируемся на Redis Master/Slave нодах по паролю

sentinel auth-pass master01 mypassword

1	sentinel auth-pass master01 mypassword

Кол-во миллисекунд, через которое мастер считается недоступным и начинается процедура голосования для выбора нового мастера

sentinel down-after-milliseconds master01 3000

1	sentinel down-after-milliseconds master01 3000

Создание Unit-файла для Sentinel на всех трех серверах

# nano  /etc/systemd/system/sentinel.service

1	# nano /etc/systemd/system/sentinel.service

[Unit]
Description=Sentinel for Redis
Wants=redis.service
After=network.target redis.service
Documentation=https://redis.io/topics/sentinel

[Service]
Type=forking
PIDFile=/var/run/redis/sentinel.pid
ExecStart=/usr/local/bin/redis-server /etc/redis/sentinel.conf --sentinel
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
TimeoutStopSec=0
Restart=on-failure
User=redis
Group=redis

[Install]
WantedBy=multi-user.target
Alias=sentinel.service

[Unit]

Description=Sentinel for Redis

Wants=redis.service

After=network.target redis.service

Documentation=https://redis.io/topics/sentinel

[Service]

Type=forking

PIDFile=/var/run/redis/sentinel.pid

ExecStart=/usr/local/bin/redis-server /etc/redis/sentinel.conf --sentinel

ExecReload=/bin/kill -HUP $MAINPID

ExecStop=/bin/kill -s TERM $MAINPID

TimeoutStopSec=0

Restart=on-failure

User=redis

Group=redis

[Install]

WantedBy=multi-user.target

Alias=sentinel.service

Создание необходимых каталогов/файлов, выставление на них корректных прав/владельца/группу на всех трех серверах

# mkdir /var/lib/redis/sentinel &&  chown -R redis:redis /var/lib/redis/sentinel

1	# mkdir /var/lib/redis/sentinel && chown -R redis:redis /var/lib/redis/sentinel

# chown -R  redis:redis /etc/redis/

1	# chown -R redis:redis /etc/redis/

# touch /var/log/redis/sentinel.log && chown redis:redis /var/log/redis/sentinel.log

1	# touch /var/log/redis/sentinel.log && chown redis:redis /var/log/redis/sentinel.log

# chmod 660 /etc/redis/sentinel.conf

1	# chmod 660 /etc/redis/sentinel.conf

Запускаем Sentinel на app01

# systemctl start sentinel

1	# systemctl start sentinel

Логи Sentinel на app01

# cat /var/log/redis/sentinel.log

1	# cat /var/log/redis/sentinel.log

19 May 17:14:18.208 * Running mode=sentinel, port=26379.
19 May 17:14:18.338 # Sentinel ID is 1105f58322cd7943b67f31b8f9b45db5e7876e33
19 May 17:14:18.338 # +monitor master master01 192.168.100.1 6379 quorum 2
19 May 17:14:18.339 * +slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379

19 May 17:14:18.208 * Running mode=sentinel, port=26379.

19 May 17:14:18.338 # Sentinel ID is 1105f58322cd7943b67f31b8f9b45db5e7876e33

19 May 17:14:18.338 # +monitor master master01 192.168.100.1 6379 quorum 2

19 May 17:14:18.339 * +slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379

Проверяем состояние мастера через Sentinel(значение ключа role-reported)

# redis-cli -p 26379 sentinel master master01

1	# redis-cli -p 26379 sentinel master master01

 1) "name"
 2) "master01"
 3) "ip"
 4) "192.168.100.1"
 5) "port"
 6) "6379"
 7) "runid"
 8) "5c69276467b3de1a9dec539665f21fb3264113f6"
 9) "flags"
10) "master"
11) "link-pending-commands"
12) "0"
13) "link-refcount"
14) "1"
15) "last-ping-sent"
16) "0"
17) "last-ok-ping-reply"
18) "108"
19) "last-ping-reply"
20) "108"
21) "down-after-milliseconds"
22) "3000"
23) "info-refresh"
24) "5928"
25) "role-reported"
26) "master"
27) "role-reported-time"
28) "76344"
29) "config-epoch"
30) "0"
31) "num-slaves"
32) "1"
33) "num-other-sentinels"
34) "0"
35) "quorum"
36) "2"
37) "failover-timeout"
38) "6000"
39) "parallel-syncs"
40) "1"

1) "name"

2) "master01"

3) "ip"

4) "192.168.100.1"

5) "port"

6) "6379"

7) "runid"

8) "5c69276467b3de1a9dec539665f21fb3264113f6"

9) "flags"

10) "master"

11) "link-pending-commands"

12) "0"

13) "link-refcount"

14) "1"

15) "last-ping-sent"

16) "0"

17) "last-ok-ping-reply"

18) "108"

19) "last-ping-reply"

20) "108"

21) "down-after-milliseconds"

22) "3000"

23) "info-refresh"

24) "5928"

25) "role-reported"

26) "master"

27) "role-reported-time"

28) "76344"

29) "config-epoch"

30) "0"

31) "num-slaves"

32) "1"

33) "num-other-sentinels"

34) "0"

35) "quorum"

36) "2"

37) "failover-timeout"

38) "6000"

39) "parallel-syncs"

40) "1"

Настройка Sentinel на app02

# cat /etc/redis/sentinel.conf

1	# cat /etc/redis/sentinel.conf

port 26379
daemonize yes
pidfile "/var/run/redis/sentinel.pid"
logfile "/var/log/redis/sentinel.log"
dir /var/lib/redis/sentinel
sentinel monitor master01 192.168.100.1  6379 2
sentinel auth-pass master01 mypassword
sentinel down-after-milliseconds master01 3000
sentinel failover-timeout master01 6000
sentinel parallel-syncs master01  1
protected-mode no

port 26379

daemonize yes

pidfile "/var/run/redis/sentinel.pid"

logfile "/var/log/redis/sentinel.log"

dir /var/lib/redis/sentinel

sentinel monitor master01 192.168.100.1 6379 2

sentinel auth-pass master01 mypassword

sentinel down-after-milliseconds master01 3000

sentinel failover-timeout master01 6000

sentinel parallel-syncs master01 1

protected-mode no

# mkdir /var/lib/redis/sentinel &&  chown -R redis:redis /var/lib/redis/sentinel

1	# mkdir /var/lib/redis/sentinel && chown -R redis:redis /var/lib/redis/sentinel

# chown -R  redis:redis /etc/redis/

1	# chown -R redis:redis /etc/redis/

# touch /var/log/redis/sentinel.log && chown redis:redis /var/log/redis/sentinel.log

1	# touch /var/log/redis/sentinel.log && chown redis:redis /var/log/redis/sentinel.log

# chmod 660 /etc/redis/sentinel.conf

1	# chmod 660 /etc/redis/sentinel.conf

Запускаем Sentinel на app02

# systemctl start sentinel

1	# systemctl start sentinel

# cat /var/log/redis/sentinel.log

1	# cat /var/log/redis/sentinel.log

19 May 17:23:47.467 # Sentinel ID is a375bc1f86f214068794ec45711a0b666da55ce0
19 May 17:23:47.467 # +monitor master master01 192.168.100.1 6379 quorum 2
19 May 17:23:47.468 * +slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 May 17:23:49.318 * +sentinel sentinel 1105f58322cd7943b67f31b8f9b45db5e7876e33 192.168.100.1 26379 @ master01 192.168.100.1 6379

19 May 17:23:47.467 # Sentinel ID is a375bc1f86f214068794ec45711a0b666da55ce0

19 May 17:23:47.467 # +monitor master master01 192.168.100.1 6379 quorum 2

19 May 17:23:47.468 * +slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379

19 May 17:23:49.318 * +sentinel sentinel 1105f58322cd7943b67f31b8f9b45db5e7876e33 192.168.100.1 26379 @ master01 192.168.100.1 6379

После чего как на app01 так и на app02 проверяем состояние мастера и убеждаемся в наличие уже двух sentinel-серверов(один из них, на котором выполняем саму команду)

# redis-cli -p 26379 sentinel master master01

1	# redis-cli -p 26379 sentinel master master01

…
33) "num-other-sentinels"
34) "1"
…

…

33) "num-other-sentinels"

34) "1"

…

Проверка/просмотр текущего мастера Redis

# redis-cli -p 26379 sentinel get-master-addr-by-name master01

1	# redis-cli -p 26379 sentinel get-master-addr-by-name master01

1) "192.168.100.1"
2) "6379"

1 2	1) "192.168.100.1" 2) "6379"

Настройка Sentinel на advisor

# cat /etc/redis/sentinel.conf

1	# cat /etc/redis/sentinel.conf

port 26379
daemonize yes
pidfile "/var/run/redis/sentinel.pid"
logfile "/var/log/redis/sentinel.log"
dir /var/lib/redis/sentinel
sentinel monitor master01 192.168.100.1  6379 2
sentinel auth-pass master01 mypassword
sentinel down-after-milliseconds master01 3000
sentinel failover-timeout master01 6000
sentinel parallel-syncs master01  1
protected-mode no

port 26379

daemonize yes

pidfile "/var/run/redis/sentinel.pid"

logfile "/var/log/redis/sentinel.log"

dir /var/lib/redis/sentinel

sentinel monitor master01 192.168.100.1 6379 2

sentinel auth-pass master01 mypassword

sentinel down-after-milliseconds master01 3000

sentinel failover-timeout master01 6000

sentinel parallel-syncs master01 1

protected-mode no

# mkdir /var/lib/redis/sentinel &&  chown -R redis:redis /var/lib/redis/sentinel

1	# mkdir /var/lib/redis/sentinel && chown -R redis:redis /var/lib/redis/sentinel

# chown -R  redis:redis /etc/redis/

1	# chown -R redis:redis /etc/redis/

# touch /var/log/redis/sentinel.log && chown redis:redis /var/log/redis/sentinel.log

1	# touch /var/log/redis/sentinel.log && chown redis:redis /var/log/redis/sentinel.log

# chmod 660 /etc/redis/sentinel.conf

1	# chmod 660 /etc/redis/sentinel.conf

Запускаем Sentinel на advisor

# systemctl start sentinel

1	# systemctl start sentinel

Проверка состояния кворума кластера master01

# redis-cli -p 26379 sentinel ckquorum master01

1	# redis-cli -p 26379 sentinel ckquorum master01

OK 3 usable Sentinels. Quorum and failover authorization can be reached

1	OK 3 usable Sentinels. Quorum and failover authorization can be reached

Просмотр списка slave-серверов кластера master01

# redis-cli -p 26379 sentinel slaves master01

1	# redis-cli -p 26379 sentinel slaves master01

    1) "name"
    2) "192.168.100.2:6379"
    3) "ip"
    4) "192.168.100.2"
    5) "port"
    6) "6379"
     …

1) "name"

2) "192.168.100.2:6379"

3) "ip"

4) "192.168.100.2"

5) "port"

6) "6379"

…

Просмотр списка master-серверов кластера master01

# redis-cli -p 26379 sentinel master master01

1	# redis-cli -p 26379 sentinel master master01

 1) "name"
 2) "master01"
 3) "ip"
 4) "192.168.100.1"
 5) "port"
 6) "6379"
  …

1) "name"

2) "master01"

3) "ip"

4) "192.168.100.1"

5) "port"

6) "6379"

…

4. Тестирование переключения мастера

Выключаем redis на первом сервере(app01) и проверяем, что мастером стал второй сервер(app02)

Логи Redis на app02

19 Jun 09:45:28.426 # Connection with master lost.
19 Jun 09:45:28.426 * Caching the disconnected master state.
19 Jun 09:45:28.605 * Connecting to MASTER 192.168.100.1:6379
19 Jun 09:45:28.605 * MASTER <-> SLAVE sync started
19 Jun 09:45:28.605 # Error condition on socket for SYNC: Connection refused
19 Jun 09:45:29.607 * Connecting to MASTER 192.168.100.1:6379
19 Jun 09:45:29.607 * MASTER <-> SLAVE sync started
19 Jun 09:45:29.607 # Error condition on socket for SYNC: Connection refused
19 Jun 09:45:30.607 * Connecting to MASTER 192.168.100.1:6379
19 Jun 09:45:30.607 * MASTER <-> SLAVE sync started
19 Jun 09:45:30.608 # Error condition on socket for SYNC: Connection refused
19 Jun 09:45:31.607 * Connecting to MASTER 192.168.100.1:6379
19 Jun 09:45:31.607 * MASTER <-> SLAVE sync started
19 Jun 09:45:31.607 # Error condition on socket for SYNC: Connection refused
19 Jun 09:45:31.799 # Setting secondary replication ID to e8e135efb9677e5a0fced11be7151d4a9cbd940b, valid up to offset: 1760909720. New replication ID is 5c1d6e4bf72b637682aeb620d19f0c5bb559d7ca
19 Jun 09:45:31.799 * Discarding previously cached master state.
19 Jun 09:45:31.799 * MASTER MODE enabled (user request from 'id=14 addr=192.168.100.2:59966 fd=10 name=sentinel-a375bc1f-cmd age=187 idle=0 flags=x db=0 sub=0 psub=0 multi=3 qbuf=0 qbuf-free=32768 obl=36 oll=0 omem=0 events=r cmd=exec')
19 Jun 09:45:31.800 # CONFIG REWRITE executed with success.

19 Jun 09:45:28.426 # Connection with master lost.

19 Jun 09:45:28.426 * Caching the disconnected master state.

19 Jun 09:45:28.605 * Connecting to MASTER 192.168.100.1:6379

19 Jun 09:45:28.605 * MASTER <-> SLAVE sync started

19 Jun 09:45:28.605 # Error condition on socket for SYNC: Connection refused

19 Jun 09:45:29.607 * Connecting to MASTER 192.168.100.1:6379

19 Jun 09:45:29.607 * MASTER <-> SLAVE sync started

19 Jun 09:45:29.607 # Error condition on socket for SYNC: Connection refused

19 Jun 09:45:30.607 * Connecting to MASTER 192.168.100.1:6379

19 Jun 09:45:30.607 * MASTER <-> SLAVE sync started

19 Jun 09:45:30.608 # Error condition on socket for SYNC: Connection refused

19 Jun 09:45:31.607 * Connecting to MASTER 192.168.100.1:6379

19 Jun 09:45:31.607 * MASTER <-> SLAVE sync started

19 Jun 09:45:31.607 # Error condition on socket for SYNC: Connection refused

19 Jun 09:45:31.799 # Setting secondary replication ID to e8e135efb9677e5a0fced11be7151d4a9cbd940b, valid up to offset: 1760909720. New replication ID is 5c1d6e4bf72b637682aeb620d19f0c5bb559d7ca

19 Jun 09:45:31.799 * Discarding previously cached master state.

19 Jun 09:45:31.799 * MASTER MODE enabled (user request from 'id=14 addr=192.168.100.2:59966 fd=10 name=sentinel-a375bc1f-cmd age=187 idle=0 flags=x db=0 sub=0 psub=0 multi=3 qbuf=0 qbuf-free=32768 obl=36 oll=0 omem=0 events=r cmd=exec')

19 Jun 09:45:31.800 # CONFIG REWRITE executed with success.

Логи Sentinel на app02 сервере, который становится в этом момент текущим мастером

19 Jun 09:45:31.476 # +sdown master master01 192.168.100.1 6379
19 Jun 09:45:31.534 # +odown master master01 192.168.100.1 6379 #quorum 2/2
19 Jun 09:45:31.534 # +new-epoch 2460
19 Jun 09:45:31.534 # +try-failover master master01 192.168.100.1 6379
19 Jun 09:45:31.537 # +vote-for-leader a375bc1f86f214068794ec45711a0b666da55ce0 2460
19 Jun 09:45:31.602 # 3d46f7c09b45edbb1fc7d17181150e802dc17bce voted for a375bc1f86f214068794ec45711a0b666da55ce0 2460
19 Jun 09:45:31.657 # +elected-leader master master01 192.168.100.1 6379
19 Jun 09:45:31.657 # +failover-state-select-slave master master01 192.168.100.1 6379
19 Jun 09:45:31.706 # 1105f58322cd7943b67f31b8f9b45db5e7876e33 voted for a375bc1f86f214068794ec45711a0b666da55ce0 2460
19 Jun 09:45:31.728 # +selected-slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 Jun 09:45:31.728 * +failover-state-send-slaveof-noone slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 Jun 09:45:31.799 * +failover-state-wait-promotion slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 Jun 09:45:32.551 # +promoted-slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 Jun 09:45:32.551 # +failover-state-reconf-slaves master master01 192.168.100.1 6379
19 Jun 09:45:32.616 # +failover-end master master01 192.168.100.1 6379
19 Jun 09:45:32.616 # +switch-master master01 192.168.100.1 6379 192.168.100.2 6379
19 Jun 09:45:32.616 * +slave slave 192.168.100.1:6379 192.168.100.1 6379 @ master01 192.168.100.2 6379
19 Jun 09:45:35.689 # +sdown slave 192.168.100.1:6379 192.168.100.1 6379 @ master01 192.168.100.2 6379

19 Jun 09:45:31.476 # +sdown master master01 192.168.100.1 6379

19 Jun 09:45:31.534 # +odown master master01 192.168.100.1 6379 #quorum 2/2

19 Jun 09:45:31.534 # +new-epoch 2460

19 Jun 09:45:31.534 # +try-failover master master01 192.168.100.1 6379

19 Jun 09:45:31.537 # +vote-for-leader a375bc1f86f214068794ec45711a0b666da55ce0 2460

19 Jun 09:45:31.602 # 3d46f7c09b45edbb1fc7d17181150e802dc17bce voted for a375bc1f86f214068794ec45711a0b666da55ce0 2460

19 Jun 09:45:31.657 # +elected-leader master master01 192.168.100.1 6379

19 Jun 09:45:31.657 # +failover-state-select-slave master master01 192.168.100.1 6379

19 Jun 09:45:31.706 # 1105f58322cd7943b67f31b8f9b45db5e7876e33 voted for a375bc1f86f214068794ec45711a0b666da55ce0 2460

19 Jun 09:45:31.728 # +selected-slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379

19 Jun 09:45:31.728 * +failover-state-send-slaveof-noone slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379

19 Jun 09:45:31.799 * +failover-state-wait-promotion slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379

19 Jun 09:45:32.551 # +promoted-slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379

19 Jun 09:45:32.551 # +failover-state-reconf-slaves master master01 192.168.100.1 6379

19 Jun 09:45:32.616 # +failover-end master master01 192.168.100.1 6379

19 Jun 09:45:32.616 # +switch-master master01 192.168.100.1 6379 192.168.100.2 6379

19 Jun 09:45:32.616 * +slave slave 192.168.100.1:6379 192.168.100.1 6379 @ master01 192.168.100.2 6379

19 Jun 09:45:35.689 # +sdown slave 192.168.100.1:6379 192.168.100.1 6379 @ master01 192.168.100.2 6379

Из логов видно, что текущий мастер стал недоступен

19 Jun 09:45:31.476 # +sdown master master01 192.168.100.1 6379

1	19 Jun 09:45:31.476 # +sdown master master01 192.168.100.1 6379

Проверка наличия кол-ва нод,которые должны принять участие в выборе нового мастера – т.е кворум должен быть удовлетворен – минимум 2 ноды(из имеющихся 3-х нод с Sentinel)

19 Jun 09:45:31.534 # +odown master master01 192.168.100.1 6379 #quorum 2/2

1	19 Jun 09:45:31.534 # +odown master master01 192.168.100.1 6379 #quorum 2/2

Выбор нового мастера

app02 Sentinel(a375bc1f86f214068794ec45711a0b666da55ce0) и advisor(3d46f7c09b45edbb1fc7d17181150e802dc17bce) голосуют за нового мастера app02(a375bc1f86f214068794ec45711a0b666da55ce0)

1	app02 Sentinel(a375bc1f86f214068794ec45711a0b666da55ce0) и advisor(3d46f7c09b45edbb1fc7d17181150e802dc17bce) голосуют за нового мастера app02(a375bc1f86f214068794ec45711a0b666da55ce0)

19 Jun 09:45:31.534 # +try-failover master master01 192.168.100.1 6379
19 Jun 09:45:31.537 # +vote-for-leader a375bc1f86f214068794ec45711a0b666da55ce0 2460
19 Jun 09:45:31.602 # 3d46f7c09b45edbb1fc7d17181150e802dc17bce voted for a375bc1f86f214068794ec45711a0b666da55ce0 2460

19 Jun 09:45:31.534 # +try-failover master master01 192.168.100.1 6379

19 Jun 09:45:31.537 # +vote-for-leader a375bc1f86f214068794ec45711a0b666da55ce0 2460

19 Jun 09:45:31.602 # 3d46f7c09b45edbb1fc7d17181150e802dc17bce voted for a375bc1f86f214068794ec45711a0b666da55ce0 2460

В качестве нового мастера выбирается app02(192.168.100.2)(на нем выполняется команда slaveof-noone)
А сервер app01 переводится в режим slave(failover-state-reconf-slaves)

19 Jun 09:45:31.657 # +elected-leader master master01 192.168.100.1 6379
19 Jun 09:45:31.657 # +failover-state-select-slave master master01 192.168.100.1 6379
19 Jun 09:45:31.706 # 1105f58322cd7943b67f31b8f9b45db5e7876e33 voted for a375bc1f86f214068794ec45711a0b666da55ce0 2460
19 Jun 09:45:31.728 # +selected-slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 Jun 09:45:31.728 * +failover-state-send-slaveof-noone slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 Jun 09:45:31.799 * +failover-state-wait-promotion slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 Jun 09:45:32.551 # +promoted-slave slave 192.168.100.2:6379 192.168.100.2 6379 @ master01 192.168.100.1 6379
19 Jun 09:45:32.551 # +failover-state-reconf-slaves master master01 192.168.100.1 6379
19 Jun 09:45:32.616 # +failover-end master master01 192.168.100.1 6379