2
0

sentinel.conf 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244
  1. # Example sentinel.conf
  2. # *** IMPORTANT ***
  3. #
  4. # By default Sentinel will not be reachable from interfaces different than
  5. # localhost, either use the 'bind' directive to bind to a list of network
  6. # interfaces, or disable protected mode with "protected-mode no" by
  7. # adding it to this configuration file.
  8. #
  9. # Before doing that MAKE SURE the instance is protected from the outside
  10. # world via firewalling or other means.
  11. #
  12. # For example you may use one of the following:
  13. #
  14. # bind 127.0.0.1 192.168.1.1
  15. #
  16. # protected-mode no
  17. # port <sentinel-port>
  18. # The port that this sentinel instance will run on
  19. port 26379
  20. # By default Redis Sentinel does not run as a daemon. Use 'yes' if you need it.
  21. # Note that Redis will write a pid file in /var/run/redis-sentinel.pid when
  22. # daemonized.
  23. daemonize no
  24. # When running daemonized, Redis Sentinel writes a pid file in
  25. # /var/run/redis-sentinel.pid by default. You can specify a custom pid file
  26. # location here.
  27. pidfile /var/run/redis-sentinel.pid
  28. # Specify the log file name. Also the empty string can be used to force
  29. # Sentinel to log on the standard output. Note that if you use standard
  30. # output for logging but daemonize, logs will be sent to /dev/null
  31. logfile ""
  32. # sentinel announce-ip <ip>
  33. # sentinel announce-port <port>
  34. #
  35. # The above two configuration directives are useful in environments where,
  36. # because of NAT, Sentinel is reachable from outside via a non-local address.
  37. #
  38. # When announce-ip is provided, the Sentinel will claim the specified IP address
  39. # in HELLO messages used to gossip its presence, instead of auto-detecting the
  40. # local address as it usually does.
  41. #
  42. # Similarly when announce-port is provided and is valid and non-zero, Sentinel
  43. # will announce the specified TCP port.
  44. #
  45. # The two options don't need to be used together, if only announce-ip is
  46. # provided, the Sentinel will announce the specified IP and the server port
  47. # as specified by the "port" option. If only announce-port is provided, the
  48. # Sentinel will announce the auto-detected local IP and the specified port.
  49. #
  50. # Example:
  51. #
  52. # sentinel announce-ip 1.2.3.4
  53. # dir <working-directory>
  54. # Every long running process should have a well-defined working directory.
  55. # For Redis Sentinel to chdir to /tmp at startup is the simplest thing
  56. # for the process to don't interfere with administrative tasks such as
  57. # unmounting filesystems.
  58. dir /tmp
  59. # sentinel monitor <master-name> <ip> <redis-port> <quorum>
  60. #
  61. # Tells Sentinel to monitor this master, and to consider it in O_DOWN
  62. # (Objectively Down) state only if at least <quorum> sentinels agree.
  63. #
  64. # Note that whatever is the ODOWN quorum, a Sentinel will require to
  65. # be elected by the majority of the known Sentinels in order to
  66. # start a failover, so no failover can be performed in minority.
  67. #
  68. # Replicas are auto-discovered, so you don't need to specify replicas in
  69. # any way. Sentinel itself will rewrite this configuration file adding
  70. # the replicas using additional configuration options.
  71. # Also note that the configuration file is rewritten when a
  72. # replica is promoted to master.
  73. #
  74. # Note: master name should not include special characters or spaces.
  75. # The valid charset is A-z 0-9 and the three characters ".-_".
  76. sentinel monitor mymaster 127.0.0.1 6379 2
  77. # sentinel auth-pass <master-name> <password>
  78. #
  79. # Set the password to use to authenticate with the master and replicas.
  80. # Useful if there is a password set in the Redis instances to monitor.
  81. #
  82. # Note that the master password is also used for replicas, so it is not
  83. # possible to set a different password in masters and replicas instances
  84. # if you want to be able to monitor these instances with Sentinel.
  85. #
  86. # However you can have Redis instances without the authentication enabled
  87. # mixed with Redis instances requiring the authentication (as long as the
  88. # password set is the same for all the instances requiring the password) as
  89. # the AUTH command will have no effect in Redis instances with authentication
  90. # switched off.
  91. #
  92. # Example:
  93. #
  94. # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
  95. # sentinel down-after-milliseconds <master-name> <milliseconds>
  96. #
  97. # Number of milliseconds the master (or any attached replica or sentinel) should
  98. # be unreachable (as in, not acceptable reply to PING, continuously, for the
  99. # specified period) in order to consider it in S_DOWN state (Subjectively
  100. # Down).
  101. #
  102. # Default is 30 seconds.
  103. sentinel down-after-milliseconds mymaster 30000
  104. # sentinel parallel-syncs <master-name> <numreplicas>
  105. #
  106. # How many replicas we can reconfigure to point to the new replica simultaneously
  107. # during the failover. Use a low number if you use the replicas to serve query
  108. # to avoid that all the replicas will be unreachable at about the same
  109. # time while performing the synchronization with the master.
  110. sentinel parallel-syncs mymaster 1
  111. # sentinel failover-timeout <master-name> <milliseconds>
  112. #
  113. # Specifies the failover timeout in milliseconds. It is used in many ways:
  114. #
  115. # - The time needed to re-start a failover after a previous failover was
  116. # already tried against the same master by a given Sentinel, is two
  117. # times the failover timeout.
  118. #
  119. # - The time needed for a replica replicating to a wrong master according
  120. # to a Sentinel current configuration, to be forced to replicate
  121. # with the right master, is exactly the failover timeout (counting since
  122. # the moment a Sentinel detected the misconfiguration).
  123. #
  124. # - The time needed to cancel a failover that is already in progress but
  125. # did not produced any configuration change (SLAVEOF NO ONE yet not
  126. # acknowledged by the promoted replica).
  127. #
  128. # - The maximum time a failover in progress waits for all the replicas to be
  129. # reconfigured as replicas of the new master. However even after this time
  130. # the replicas will be reconfigured by the Sentinels anyway, but not with
  131. # the exact parallel-syncs progression as specified.
  132. #
  133. # Default is 3 minutes.
  134. sentinel failover-timeout mymaster 180000
  135. # SCRIPTS EXECUTION
  136. #
  137. # sentinel notification-script and sentinel reconfig-script are used in order
  138. # to configure scripts that are called to notify the system administrator
  139. # or to reconfigure clients after a failover. The scripts are executed
  140. # with the following rules for error handling:
  141. #
  142. # If script exits with "1" the execution is retried later (up to a maximum
  143. # number of times currently set to 10).
  144. #
  145. # If script exits with "2" (or an higher value) the script execution is
  146. # not retried.
  147. #
  148. # If script terminates because it receives a signal the behavior is the same
  149. # as exit code 1.
  150. #
  151. # A script has a maximum running time of 60 seconds. After this limit is
  152. # reached the script is terminated with a SIGKILL and the execution retried.
  153. # NOTIFICATION SCRIPT
  154. #
  155. # sentinel notification-script <master-name> <script-path>
  156. #
  157. # Call the specified notification script for any sentinel event that is
  158. # generated in the WARNING level (for instance -sdown, -odown, and so forth).
  159. # This script should notify the system administrator via email, SMS, or any
  160. # other messaging system, that there is something wrong with the monitored
  161. # Redis systems.
  162. #
  163. # The script is called with just two arguments: the first is the event type
  164. # and the second the event description.
  165. #
  166. # The script must exist and be executable in order for sentinel to start if
  167. # this option is provided.
  168. #
  169. # Example:
  170. #
  171. # sentinel notification-script mymaster /var/redis/notify.sh
  172. # CLIENTS RECONFIGURATION SCRIPT
  173. #
  174. # sentinel client-reconfig-script <master-name> <script-path>
  175. #
  176. # When the master changed because of a failover a script can be called in
  177. # order to perform application-specific tasks to notify the clients that the
  178. # configuration has changed and the master is at a different address.
  179. #
  180. # The following arguments are passed to the script:
  181. #
  182. # <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port>
  183. #
  184. # <state> is currently always "failover"
  185. # <role> is either "leader" or "observer"
  186. #
  187. # The arguments from-ip, from-port, to-ip, to-port are used to communicate
  188. # the old address of the master and the new address of the elected replica
  189. # (now a master).
  190. #
  191. # This script should be resistant to multiple invocations.
  192. #
  193. # Example:
  194. #
  195. # sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
  196. # SECURITY
  197. #
  198. # By default SENTINEL SET will not be able to change the notification-script
  199. # and client-reconfig-script at runtime. This avoids a trivial security issue
  200. # where clients can set the script to anything and trigger a failover in order
  201. # to get the program executed.
  202. sentinel deny-scripts-reconfig yes
  203. # REDIS COMMANDS RENAMING
  204. #
  205. # Sometimes the Redis server has certain commands, that are needed for Sentinel
  206. # to work correctly, renamed to unguessable strings. This is often the case
  207. # of CONFIG and SLAVEOF in the context of providers that provide Redis as
  208. # a service, and don't want the customers to reconfigure the instances outside
  209. # of the administration console.
  210. #
  211. # In such case it is possible to tell Sentinel to use different command names
  212. # instead of the normal ones. For example if the master "mymaster", and the
  213. # associated replicas, have "CONFIG" all renamed to "GUESSME", I could use:
  214. #
  215. # SENTINEL rename-command mymaster CONFIG GUESSME
  216. #
  217. # After such configuration is set, every time Sentinel would use CONFIG it will
  218. # use GUESSME instead. Note that there is no actual need to respect the command
  219. # case, so writing "config guessme" is the same in the example above.
  220. #
  221. # SENTINEL SET can also be used in order to perform this configuration at runtime.
  222. #
  223. # In order to set a command back to its original name (undo the renaming), it
  224. # is possible to just rename a command to itsef:
  225. #
  226. # SENTINEL rename-command mymaster CONFIG CONFIG