Redis之基础-3 Redis2.6.16版本之Redis安全性与主从复制

下面介绍Redis安全性与主从复制:

Redis规划:
Redis的安装位置:/usr/local/redis
Redis主配置文件:/usr/local/redis/redis_master.conf
Redis从配置文件:/usr/local/redis/redis_slave.conf 
Redis的日志文件:/usr/local/redis/redis.log
Redis的进程文件:/usr/local/redis/redis.pid 
Redis主服务器IP:192.168.2.200
Redis从服务器IP:192.168.2.210
Redis主从登录密码:jason 

一、安全性
设置客户端连接后进行任何其他指定前需要使用的密码。
警告:因为redis速度相当快,所以在一台比较好的服务器下,一个外部的用户可以在一秒钟进行150K次的密码尝试,这意味着你需要指定非常非常强大的密码来防止暴力破解。

修改redis.conf主配置文件:
# vim /usr/local/redis/redis.conf
# 建议设置密码复杂度高(生产环境)
requirepass jason

重启redis数据库:
# service redis restart
备注:设置bind 绑定IP/设置unixsocket /tmp/redis.sock 和 unixsocketperm 755
 
下面我们做一个实例,说明redis的安全性是如何实现的。
# 我们设置了连接的口令是jason
我们启动一个客户端试一下:
# /usr/local/redis/bin/redis-cli  
redis 127.0.0.1:6379> keys *  
(error) ERR operation not permitted  
redis 127.0.0.1:6379>
 
说明权限太小,我们可以当前的这个窗口中设置口令:
redis 127.0.0.1:6379> auth jason 
OK  
redis 127.0.0.1:6379> keys *  
1) "name"  
 
我们还可以在连接到服务器期间就指定一个口令,如下:
# /usr/local/redis/bin/redis-cli -a jason
redis 127.0.0.1:6379> keys *  
1) "name"  

二、主从复制
Redis主从复制配置和使用都非常简单。通过主从复制可以允许多个slave server拥有和master server相同的数据库副本。
Redis主从复制特点:
(1)master可以拥有多个slave
(2)多个slave可以连接同一个master外,还可以连接到其他slave
(3)主从复制不会阻塞master,在同步数据时,master可以继续处理client请求
(4)提高系统的伸缩性

Redis主从复制过程:
当配置好slave后,slave与master建立连接,然后发送sync命令。无论是第一次连接还是重新连接,master都会启动一个后台进程,将数据库快照保存到文件中,同时master主进程会开始收集新的写命令并缓存。后台进程完成写文件后,master就发送文件给slave,slave将文件保存到硬盘上,再加载到内存中,接着master就会把缓存的命令转发给slave,后续master将收到的写命令发送给slave。如果master同时收到多个slave发来的同步连接命令,master只会启动一个进程来写数据库镜像,然后发送给所有的slave。
 
Redis如何配置:
配置slave服务器很简单,只需要在slave的配置文件中加入如下配置
# vim /usr/local/redis/redis_slave.conf
slaveof 192.168.2.200 6379 #指定master的ip和端口

其它后继数据备份工作:
1、用redis-cli bgsave 命令每天凌晨一次持久化一次master redis上的数据,并CP到其它备份服务器上。
2、用redis-cli bgrewriteaof 命令每半小时持久化一次 slave redis上的数据,并CP到其它备份服务器上。
3、写个脚本 ,定期get master和slave上的key,看两个是否同步,如果没有同步,及时报警。
 
下面我们介绍如何搭建一个主从环境:
# slaveof <masterip> <masterport> 
slaveof 192.168.2.200 6379
我们在一台机器上启动主库192.168.2.200(端口6379),从库192.168.2.210(端口6379)

启动后主库控制台日志如下:
# cat /usr/local/redis/redis.log
[11430] 26 Nov 17:11:53.071 # Server started, Redis version 2.6.16
[11430] 26 Nov 17:11:53.072 * DB loaded from append only file: 0.000 seconds
[11430] 26 Nov 17:11:53.072 * The server is now ready to accept connections on port 6379
[11430] 26 Nov 17:11:54.070 - DB 0: 1 keys (0 volatile) in 4 slots HT.
[11430] 26 Nov 17:11:54.070 - 0 clients connected (0 slaves), 798672 bytes in use
[11430] 26 Nov 17:11:54.070 * Connecting to MASTER...
[11430] 26 Nov 17:11:54.070 * MASTER <-> SLAVE sync started
[11430] 26 Nov 17:11:54.071 * Non blocking connect for SYNC fired the event.
[11430] 26 Nov 17:11:54.072 * Master replied to PING, replication can continue...
[11430] 26 Nov 17:11:54.155 * MASTER <-> SLAVE sync: receiving 27 bytes from master
[11430] 26 Nov 17:11:54.156 * MASTER <-> SLAVE sync: Loading DB in memory
[11430] 26 Nov 17:11:54.156 * MASTER <-> SLAVE sync: Finished with success
[11430] 26 Nov 17:11:54.158 * Background append only file rewriting started by pid 11435
[11435] 26 Nov 17:11:54.165 * SYNC append only file rewrite performed
[11435] 26 Nov 17:11:54.166 * AOF rewrite: 0 MB of memory used by copy-on-write
[11430] 26 Nov 17:11:54.170 * Background AOF rewrite terminated with success
[11430] 26 Nov 17:11:54.170 * Parent diff successfully flushed to the rewritten AOF (0 bytes)
[11430] 26 Nov 17:11:54.170 * Background AOF rewrite finished successfully
[11430] 26 Nov 17:11:54.170 - Background AOF rewrite signal handler took 294us
 
启动后从库控制台日志如下:
# cat /usr/local/redis/redis.log  
[10726] 26 Nov 17:12:35.248 # Server started, Redis version 2.6.16
[10726] 26 Nov 17:12:35.248 * DB loaded from append only file: 0.000 seconds
[10726] 26 Nov 17:12:35.248 * The server is now ready to accept connections on port 6379
[10726] 26 Nov 17:12:35.248 * The server is now ready to accept connections at /tmp/redis.sock
[10726] 26 Nov 17:12:36.227 - Accepted 192.168.2.210:37605
[10726] 26 Nov 17:12:36.227 - DB 0: 1 keys (0 volatile) in 4 slots HT.
[10726] 26 Nov 17:12:36.227 - 1 clients connected (0 slaves), 827768 bytes in use
[10726] 26 Nov 17:12:36.229 * Slave ask for synchronization
[10726] 26 Nov 17:12:36.229 * Starting BGSAVE for SYNC
[10726] 26 Nov 17:12:36.231 * Background saving started by pid 10731
[10731] 26 Nov 17:12:36.239 * DB saved on disk
[10731] 26 Nov 17:12:36.239 * RDB: 0 MB of memory used by copy-on-write
[10726] 26 Nov 17:12:36.327 * Background saving terminated with success
[10726] 26 Nov 17:12:36.327 * Synchronization with slave succeeded
 
在主库上设置一对键值对:
# /usr/local/redis/bin/redis-cli -a jason
redis 127.0.0.1:6379> set name HongWan  
OK  

在从库上取一下这个键:
# /usr/local/redis/bin/redis-cli -a jason
redis 127.0.0.1:6379> get name  
"HongWan"  
说明主从是同步正常的。
 
那么我们如何判断哪个是主哪个是从呢?我们只需调用info这个命令就可以得到主从的信息了,我们在从库上执行info命令
redis 127.0.0.1:6379> info  
# Replication
role:slave  
master_host:192.168.2.200
master_port:6379  
master_link_status:up  
master_last_io_seconds_ago:10  
master_sync_in_progress:0  
db0:keys=1,expires=0 
 
里面有一个角色标识,来判断是主库还是从库,对于本例是一个从库,同时还有一个master_link_status用于标明主从是否异步,如果此值=up,说明同步正常;如果此值=down,说明同步异步。
db0:keys=1,expires=0,用于说明数据库有几个key,以及过期key的数量。

Redis Master配置文件:
# cat /usr/local/redis/redis_master.conf
daemonize yes
pidfile /usr/local/redis/redis.pid
port 6379
#bind 0.0.0.0
unixsocket /tmp/redis.sock
unixsocketperm 755
timeout 300
tcp-keepalive 300
loglevel verbose
logfile /usr/local/redis/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /usr/local/redis/
slave-serve-stale-data yes
slave-read-only yes
repl-disable-tcp-nodelay no
slave-priority 100
requirepass jason
maxclients 10000
maxmemory 256m
appendonly yes
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
 
Redis Slave配置文件:
# cat /usr/local/redis/redis_slave.conf
daemonize yes
pidfile /usr/local/redis/redis.pid
port 6379
#bind 0.0.0.0
unixsocket /tmp/redis.sock
unixsocketperm 755
timeout 300
tcp-keepalive 300
loglevel verbose
logfile /usr/local/redis/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /usr/local/redis
slaveof 192.168.2.200 6379
masterauth jason
slave-serve-stale-data yes
slave-read-only yes
repl-disable-tcp-nodelay no
slave-priority 100
requirepass jason
appendonly yes
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes

阅读更多
博主设置当前文章不允许评论。
换一批

没有更多推荐了,返回首页