1. Redis安装
yum install redis
配置文件改动:bind 0.0.0.0
启动。
2. 首先第一个错误是:
Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.data.redis.RedisSystemException: Error in execution; nested exception is io.lettuce.core.RedisCommandExecutionException: READONLY You can't write against a read only slave.] with root cause
io.lettuce.core.RedisCommandExecutionException: READONLY You can't write against a read only slave.
at io.lettuce.core.protocol.AsyncCommand.completeResult(AsyncCommand.java:118)
at io.lettuce.core.protocol.AsyncCommand.complete(AsyncCommand.java:109)
at io.lettuce.core.protocol.CommandWrapper.complete(CommandWrapper.java:57)
at io.lettuce.core.protocol.CommandHandler.complete(CommandHandler.java:601)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:559)
at io.lettuce.core.protocol.CommandHandler.channelRead(CommandHandler.java:511)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:886)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:748)
在网上看到的解释是当主从复制的时候从主服务器向从服务器复制的时候,从服务器么有读写权限,所有报错。但是问题是我是单机器,单部署,根据不存在集群。
将配置文件redis.conf
中的slave-read-only yes
把yes
修改为no,重启服务器,这样确实好了。
3. 过了几天又报一个错误,错误信息如下:
2020-05-08 13:37:23.093 [http-nio-9001-exec-3] ERROR o.a.c.c.C.[.[localhost].[/].[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.data.redis.RedisSystemException: Error in execution; nested exception is io.lettuce.core.RedisCommandExecutionException: MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk. Commands that may modify the data set are disabled. Please check Redis logs for details about the error.] with root cause
io.lettuce.core.RedisCommandExecutionException: MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk. Commands that may modify the data set are disabled. Please check Redis logs for details about the error.
at io.lettuce.core.protocol.AsyncCommand.completeResult(AsyncCommand.java:118)
at io.lettuce.core.protocol.AsyncCommand.complete(AsyncCommand.java:109)
at io.lettuce.core.protocol.CommandWrapper.complete(CommandWrapper.java:57)
at io.lettuce.core.protocol.CommandHandler.complete(CommandHandler.java:601)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:559)
at io.lettuce.core.protocol.CommandHandler.channelRead(CommandHandler.java:511)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:886)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:748)
解析:意思是往硬盘上写备份的快照没有权限
解决方案是:将stop-writes-on-bgsave-error设置为no 重启就好了。
但是问题来了,过了四天,这个问题又发生了。这是重点
解决方案是重启一下就好了。
但是肯定后面还是会发生的。
找问题。
首先看redis.conf,在/etc/redis.conf目录下面,配置的dir /var/lib/redis/ logfile /var/log/redis
查看redis的日志,发现一个问题:当重启后,所有的日志都正常:如下:
_.-``__ ''-._
_.-`` `. `_. ''-._ Redis 3.2.12 (00000000/0) 64 bit
.-`` .-```. ```\/ _.,_ ''-._
( ' , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
| `-._ `._ / _.-' | PID: 303415
`-._ `-._ `-./ _.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' | http://redis.io
`-._ `-._`-.__.-'_.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' |
`-._ `-._`-.__.-'_.-' _.-'
`-._ `-.__.-' _.-'
`-._ _.-'
`-.__.-'
303415:M 12 May 09:13:58.759 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
303415:M 12 May 09:13:58.759 # Server started, Redis version 3.2.12
303415:M 12 May 09:13:58.759 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
303415:M 12 May 09:13:58.759 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
303415:M 12 May 09:13:58.759 * DB loaded from disk: 0.001 seconds
303415:M 12 May 09:13:58.759 * The server is now ready to accept connections on port 6379
303415:M 12 May 09:28:59.013 * 1 changes in 900 seconds. Saving...
303415:M 12 May 09:28:59.014 * Background saving started by pid 304863
304863:C 12 May 09:28:59.018 * DB saved on disk
304863:C 12 May 09:28:59.018 * RDB: 2 MB of memory used by copy-on-write
303415:M 12 May 09:28:59.115 * Background saving terminated with success
303415:M 12 May 09:47:45.717 * DB saved on disk
303415:M 12 May 09:47:45.723 * DB saved on disk
303415:M 12 May 09:47:45.725 * DB saved on disk
303415:M 12 May 09:47:45.733 * DB saved on disk
303415:M 12 May 09:47:45.748 * DB saved on disk
303415:M 12 May 09:47:45.751 * DB saved on disk
303415:M 12 May 09:47:45.754 * DB saved on disk
303415:M 12 May 09:47:45.760 * DB saved on disk
303415:M 12 May 09:47:45.766 * DB saved on disk
重启后,所有的正常,但是过一段时间后:
发现一会是Failed opening the RDB file ntp,一会是 Failed opening the RDB file root
然后通过 redis-cli
CONFIG GET dir
命令获取到的路径是 /etc/cron.d
但是配置文件里面明明是/var/lib/redis
这样,我就判断我的redis 被入侵了。
综上所述,基本上锁定了问题:
1. 在配置文件中增加requirepass 密码
2. 将CONFIG 的命令去掉
这样 就可以基本上保证安全了,
经过这样处理,
目前正在正常运行。
总结:
之前用的redis单服务都没有遇到过这种问题。这次都写问题都很突然。所以侵入的概率性很大。