sentinel.conf 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
  1. # Example sentinel.conf
  2. # *** IMPORTANT ***
  3. #
  4. # By default Sentinel will not be reachable from interfaces different than
  5. # localhost, either use the 'bind' directive to bind to a list of network
  6. # interfaces, or disable protected mode with "protected-mode no" by
  7. # adding it to this configuration file.
  8. #
  9. # Before doing that MAKE SURE the instance is protected from the outside
  10. # world via firewalling or other means.
  11. #
  12. # For example you may use one of the following:
  13. #
  14. # bind 127.0.0.1 192.168.1.1
  15. #
  16. # protected-mode no
  17. # port <sentinel-port>
  18. # The port that this sentinel instance will run on
  19. port 26379
  20. # sentinel announce-ip <ip>
  21. # sentinel announce-port <port>
  22. #
  23. # The above two configuration directives are useful in environments where,
  24. # because of NAT, Sentinel is reachable from outside via a non-local address.
  25. #
  26. # When announce-ip is provided, the Sentinel will claim the specified IP address
  27. # in HELLO messages used to gossip its presence, instead of auto-detecting the
  28. # local address as it usually does.
  29. #
  30. # Similarly when announce-port is provided and is valid and non-zero, Sentinel
  31. # will announce the specified TCP port.
  32. #
  33. # The two options don't need to be used together, if only announce-ip is
  34. # provided, the Sentinel will announce the specified IP and the server port
  35. # as specified by the "port" option. If only announce-port is provided, the
  36. # Sentinel will announce the auto-detected local IP and the specified port.
  37. #
  38. # Example:
  39. #
  40. # sentinel announce-ip 1.2.3.4
  41. # dir <working-directory>
  42. # Every long running process should have a well-defined working directory.
  43. # For Redis Sentinel to chdir to /tmp at startup is the simplest thing
  44. # for the process to don't interfere with administrative tasks such as
  45. # unmounting filesystems.
  46. dir /tmp
  47. # sentinel monitor <master-name> <ip> <redis-port> <quorum>
  48. #
  49. # Tells Sentinel to monitor this master, and to consider it in O_DOWN
  50. # (Objectively Down) state only if at least <quorum> sentinels agree.
  51. #
  52. # Note that whatever is the ODOWN quorum, a Sentinel will require to
  53. # be elected by the majority of the known Sentinels in order to
  54. # start a failover, so no failover can be performed in minority.
  55. #
  56. # Slaves are auto-discovered, so you don't need to specify slaves in
  57. # any way. Sentinel itself will rewrite this configuration file adding
  58. # the slaves using additional configuration options.
  59. # Also note that the configuration file is rewritten when a
  60. # slave is promoted to master.
  61. #
  62. # Note: master name should not include special characters or spaces.
  63. # The valid charset is A-z 0-9 and the three characters ".-_".
  64. sentinel monitor mymaster 127.0.0.1 6379 2
  65. # sentinel auth-pass <master-name> <password>
  66. #
  67. # Set the password to use to authenticate with the master and slaves.
  68. # Useful if there is a password set in the Redis instances to monitor.
  69. #
  70. # Note that the master password is also used for slaves, so it is not
  71. # possible to set a different password in masters and slaves instances
  72. # if you want to be able to monitor these instances with Sentinel.
  73. #
  74. # However you can have Redis instances without the authentication enabled
  75. # mixed with Redis instances requiring the authentication (as long as the
  76. # password set is the same for all the instances requiring the password) as
  77. # the AUTH command will have no effect in Redis instances with authentication
  78. # switched off.
  79. #
  80. # Example:
  81. #
  82. # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
  83. # sentinel down-after-milliseconds <master-name> <milliseconds>
  84. #
  85. # Number of milliseconds the master (or any attached slave or sentinel) should
  86. # be unreachable (as in, not acceptable reply to PING, continuously, for the
  87. # specified period) in order to consider it in S_DOWN state (Subjectively
  88. # Down).
  89. #
  90. # Default is 30 seconds.
  91. sentinel down-after-milliseconds mymaster 30000
  92. # sentinel parallel-syncs <master-name> <numslaves>
  93. #
  94. # How many slaves we can reconfigure to point to the new slave simultaneously
  95. # during the failover. Use a low number if you use the slaves to serve query
  96. # to avoid that all the slaves will be unreachable at about the same
  97. # time while performing the synchronization with the master.
  98. sentinel parallel-syncs mymaster 1
  99. # sentinel failover-timeout <master-name> <milliseconds>
  100. #
  101. # Specifies the failover timeout in milliseconds. It is used in many ways:
  102. #
  103. # - The time needed to re-start a failover after a previous failover was
  104. # already tried against the same master by a given Sentinel, is two
  105. # times the failover timeout.
  106. #
  107. # - The time needed for a slave replicating to a wrong master according
  108. # to a Sentinel current configuration, to be forced to replicate
  109. # with the right master, is exactly the failover timeout (counting since
  110. # the moment a Sentinel detected the misconfiguration).
  111. #
  112. # - The time needed to cancel a failover that is already in progress but
  113. # did not produced any configuration change (SLAVEOF NO ONE yet not
  114. # acknowledged by the promoted slave).
  115. #
  116. # - The maximum time a failover in progress waits for all the slaves to be
  117. # reconfigured as slaves of the new master. However even after this time
  118. # the slaves will be reconfigured by the Sentinels anyway, but not with
  119. # the exact parallel-syncs progression as specified.
  120. #
  121. # Default is 3 minutes.
  122. sentinel failover-timeout mymaster 180000
  123. # SCRIPTS EXECUTION
  124. #
  125. # sentinel notification-script and sentinel reconfig-script are used in order
  126. # to configure scripts that are called to notify the system administrator
  127. # or to reconfigure clients after a failover. The scripts are executed
  128. # with the following rules for error handling:
  129. #
  130. # If script exits with "1" the execution is retried later (up to a maximum
  131. # number of times currently set to 10).
  132. #
  133. # If script exits with "2" (or an higher value) the script execution is
  134. # not retried.
  135. #
  136. # If script terminates because it receives a signal the behavior is the same
  137. # as exit code 1.
  138. #
  139. # A script has a maximum running time of 60 seconds. After this limit is
  140. # reached the script is terminated with a SIGKILL and the execution retried.
  141. # NOTIFICATION SCRIPT
  142. #
  143. # sentinel notification-script <master-name> <script-path>
  144. #
  145. # Call the specified notification script for any sentinel event that is
  146. # generated in the WARNING level (for instance -sdown, -odown, and so forth).
  147. # This script should notify the system administrator via email, SMS, or any
  148. # other messaging system, that there is something wrong with the monitored
  149. # Redis systems.
  150. #
  151. # The script is called with just two arguments: the first is the event type
  152. # and the second the event description.
  153. #
  154. # The script must exist and be executable in order for sentinel to start if
  155. # this option is provided.
  156. #
  157. # Example:
  158. #
  159. # sentinel notification-script mymaster /var/redis/notify.sh
  160. # CLIENTS RECONFIGURATION SCRIPT
  161. #
  162. # sentinel client-reconfig-script <master-name> <script-path>
  163. #
  164. # When the master changed because of a failover a script can be called in
  165. # order to perform application-specific tasks to notify the clients that the
  166. # configuration has changed and the master is at a different address.
  167. #
  168. # The following arguments are passed to the script:
  169. #
  170. # <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port>
  171. #
  172. # <state> is currently always "failover"
  173. # <role> is either "leader" or "observer"
  174. #
  175. # The arguments from-ip, from-port, to-ip, to-port are used to communicate
  176. # the old address of the master and the new address of the elected slave
  177. # (now a master).
  178. #
  179. # This script should be resistant to multiple invocations.
  180. #
  181. # Example:
  182. #
  183. # sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
  184. # SECURITY
  185. #
  186. # By default SENTINEL SET will not be able to change the notification-script
  187. # and client-reconfig-script at runtime. This avoids a trivial security issue
  188. # where clients can set the script to anything and trigger a failover in order
  189. # to get the program executed.
  190. sentinel deny-scripts-reconfig yes