Redis: Compile & Configuration

Links:

https://gist.github.com/hackedunit/a53f0b5376b3772d278078f686b04d38#file-install-redis-md 

 

 

 

  

  

Compile:  

dnf install centos-release-scl scl-utils-build
dnf install devtoolset-10-toolchain
scl enable devtoolset-10 bash
gcc --version
make MALLOC=libc
make distclean  # 编译失败
make install PREFIX=/usr/local/bin  # 默认安装到 /usr/local/bin


redis-cli -h localhost -p 6379
> ping
> shutdown


# Optional
cd deps
make lua hiredis linenoise
cd deps/jemalloc
./configure


# Optional: MALLOC=libc MALLOC=jemalloc
# libsystemd-dev libc6-dev on Debian/Ubuntu or systemd-devel on CentOS
CFLAGS='-march=x86-64 -fPIC' PREFIX=/usr/local/redis/ USE_SYSTEMD=yes BUILD_WITH_SYSTEMD=yes make

 

Prerequisites:

groupadd --gid 6379 --system redis
useradd --uid 6379 --gid 6379 --comment 'Redis Server' --shell /sbin/nologin --system --no-create-home redis
mkdir /etc/redis /var/lib/redis
chown redis:redis /var/lib/redis

 

Unit: 

redis.service: 

cat <<'EOF' > /etc/systemd/system/redis.service
[Unit]
Description=Redis In-Memory Data Store
Documentation=http://redis.io/documentation, man:redis-server(1)
AssertPathExists=/var/lib/redis
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
PIDFile=/run/redis/redis.pid

User=redis
Group=redis

ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf --supervised systemd --daemonize no
ExecReload=/bin/kill -USR2 $MAINPID
# ExecStop=/bin/kill -SIGTERM $MAINPID
ExecStop=/usr/local/bin/redis-cli -h 127.0.0.1 -p 6379 shutdown


UMask=0077
PrivateTmp=yes
WorkingDirectory=/var/lib/redis
RuntimeDirectory=redis
RuntimeDirectoryMode=0755
RestartSec=5s
Restart=on-failure

[Install]
WantedBy=multi-user.target
Alias=redis-server.service
EOF


mkdir -pv /etc/systemd/system/redis.service.d

cat <<'EOF' > /etc/systemd/system/redis.service.d/limit.conf
[Service]
LimitNOFILE=16777216
OOMScoreAdjust=-1000

TimeoutStartSec=infinity
TimeoutStopSec=infinity
TimeoutSec=5

#TimeoutStartSec=90s
#TimeoutStopSec=90s
EOF

[Service]
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
ReadWritePaths=-/var/lib/redis
ReadWritePaths=-/var/log/redis
ReadWritePaths=-/var/run/redis

NoNewPrivileges=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX

# redis-server can write to its own config file when in cluster mode so we
# permit writing there by default. If you are not using this feature, it is
# recommended that you replace the following lines with "ProtectSystem=full".
ProtectSystem=true
ReadWriteDirectories=-/etc/redis

 

 

redis-sentinel.service:

[Unit]
Description=Redis Sentinel
After=network.target

[Service]
User=redis
Group=redis
Type=notify
LimitNOFILE=65535
ExecStart=/usr/local/redis/bin/redis-sentinel /usr/local/redis/config/sentinel6800.conf --daemonize no --supervised systemd
ExecStop=/bin/kill -SIGTERM $MAINPID

[Install]
WantedBy=multi-user.target

 

redis.conf:

 

#---------------------------------------------------------------------
# Group
#---------------------------------------------------------------------
@bitmap
@cluster
@connection
@generic
@geo
@hash
@hyperloglog
@list
@pubsub
@scripting
@server
@set
@sorted-set
@stream
@string
@transactions
ACL CAT DELUSER
APPEND
ASKING
AUTH
BGREWRITEAOF
BGSAVE
BITCOUNT


#---------------------------------------------------------------------
# General
#---------------------------------------------------------------------
# When Redis is supervised by systemd, this parameter has no impact
daemonize no
supervised systemd  # The default is auto
pidfile /run/redis/redis.pid
loglevel notice
logfile ""  # ard output. Note that if you use standard output for logging but daemonize, logs will be sent to /dev/null
unixsocket /run/redis/redis.sock
unixsocketperm 700
maxclients 10000
glueoutputbuf yes  # 在向客户端应答时，是否把较小的包合并为一个包发送，默认为开启
always-show-logo no
set-proc-title yes
proc-title-template "{title} {listen-addr} {server-mode} {port} {tls-port} {unixsocket} {config-file}"


#---------------------------------------------------------------------
# Network
#---------------------------------------------------------------------
bind 0.0.0.0 ::
port 6379
# bind-source-addr 10.0.0.1
protected-mode yes
tcp-backlog 511
tcp-keepalive 300
timeout 0  # Close the connection after a client is idle for N seconds (0 to disable)
# no    - Block for any connection (remain immutable)
# yes   - Allow for any connection (no protection)
# local - Allow only for local connections. Ones originating from the
#         IPv4 address (127.0.0.1), IPv6 address (::1) or Unix domain sockets.
# enable-protected-configs no
# enable-debug-command no
# enable-module-command no


#---------------------------------------------------------------------
# Kernel OOM Control
#---------------------------------------------------------------------
oom-score-adj no
oom-score-adj-values 0 200 800


#---------------------------------------------------------------------
# Memory Management
#---------------------------------------------------------------------
# maxmemory <bytes>
# maxmemory-policy noeviction  # Don't evict anything, just return an error on write operations.
# maxmemory-samples 5
# maxmemory-eviction-tenacity 10
# replica-ignore-maxmemory yes
# active-expire-effort 1


#---------------------------------------------------------------------
#  lazy freeing
#---------------------------------------------------------------------
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
lazyfree-lazy-user-del no
lazyfree-lazy-user-flush no


#---------------------------------------------------------------------
# security
#---------------------------------------------------------------------
requirepass adulteration  # AUTH default <password>
#ACL
user default on nopass ~* &* +@all
user worker +@list +@connection ~jobs:* on >ffa9203c493aa99
user u1 off +@all ~* &* >u1
user u1 on +@all ~* &* nopass
user default off
user default on nopass ~* &* +@all
acllog-max-len 128  # The ACL Log is stored in memory. Define the maximum entry length of the ACL Log below
acl-pubsub-default resetchannels
# aclfile /etc/redis/users.acl


#---------------------------------------------------------------------
# limits
#---------------------------------------------------------------------
max-clients 0  # no limit
maxmemory <bytes>
maxmemory-policy volatile-lru (only for keys with ttl set) | allkeys-lru | volaile-random (only for keys with ttl set) | allkeys-random | volatile-ttl | noeviction
maxmemory-samples 3-7


#---------------------------------------------------------------------
# log
#---------------------------------------------------------------------
# syslog-ident redis
# syslog-facility local0
# crash-log-enabled no
# crash-memcheck-enabled no
# 是否在每次更新操作后进行日志记录，Redis 在默认情况下是异步的把数据写入磁盘，如果不开启，可能会在断电时导致一段时间内的数据丢失。因为 redis 本身同步数据文件是按上面 save 条件来同步的，所以有的数据会在一段时间内只存在于内存中。默认为 no


#---------------------------------------------------------------------
# slowlog
#---------------------------------------------------------------------
slowlog-log-slower-than 10000
slowlog-max-len 128


#---------------------------------------------------------------------
# database
#---------------------------------------------------------------------
databases 16  # 数据库的数量，默认数据库为0，可以使用SELECT 命令在连接上指定数据库id
dir /var/lib/redis

# rdb
dbfilename dump.rdb
rdbcompression yes  # 存储至本地数据库时是否压缩数据，默认为 yes，Redis 采用 LZF 压缩，如果为了节省 CPU 时间，可以关闭该选项，但会导致数据库文件变的巨大
rdbchecksum yes
rdb-del-sync-files no
stop-writes-on-bgsave-error yes  # 有监控时, 设为no
# save <seconds> <changes> [<seconds> <changes> ...]
# save 3600 1 300 100 60 10000  # default

# AOF
appendonly no
appendfilename appendonly.aof
appenddirname appendonlydir
# no：表示等操作系统进行数据缓存同步到磁盘（快）
# always：表示每次更新操作后手动调用 fsync() 将数据写到磁盘（慢，安全）
# everysec：表示每秒同步一次（折中，默认值）
appendfsync everysec
no-appendfsync-on-rewrite no  # prevent fsync() from being called in the main process while a BGSAVE or BGREWRITEAOF is in progress
# Automatic rewrite of the append only file
auto-aof-rewrite-percentage 100  # 增长一倍大小时, Automatic rewrite
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
aof-timestamp-enabled no


#---------------------------------------------------------------------
# replication
#---------------------------------------------------------------------
slaveof <masterip> <masterport>
masterauth <password>
# masteruser <username>
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync yes
repl-diskless-sync-delay 5
repl-diskless-sync-max-replicas 0
repl-diskless-load disabled
# repl-ping-replica-period 10
# repl-timeout 60
repl-disable-tcp-nodelay no
# repl-backlog-size 1mb
# repl-backlog-ttl 3600

replica-priority 100


#---------------------------------------------------------------------
# Threaded I/O
#---------------------------------------------------------------------
io-threads 4
io-threads-do-reads yes


#---------------------------------------------------------------------
# kernel OOM control
#---------------------------------------------------------------------
oom-score-adj no
oom-score-adj-values 0 200 800


#---------------------------------------------------------------------
# shutdown
#---------------------------------------------------------------------
# shutdown-timeout 10
# shutdown-on-sigint default
# shutdown-on-sigterm default


#---------------------------------------------------------------------
# redis cluster
#---------------------------------------------------------------------
# cluster-enabled yes  # Normal Redis instances can't be part of a Redis Cluster
# cluster-config-file nodes-6379.conf
# cluster-node-timeout 15000
cluster-require-full-coverage no | yes