您的位置:首页 > 数据库 > Redis

Redis之基础-3 Redis2.6.16版本之Redis安全性与主从复制

flying_ants 2014-04-03 10:11 106 查看
下面介绍Redis安全性与主从复制:

Redis规划:

Redis的安装位置:/usr/local/redis

Redis主配置文件:/usr/local/redis/redis_master.conf

Redis从配置文件:/usr/local/redis/redis_slave.conf 

Redis的日志文件:/usr/local/redis/redis.log

Redis的进程文件:/usr/local/redis/redis.pid 

Redis主服务器IP:192.168.2.200

Redis从服务器IP:192.168.2.210

Redis主从登录密码:jason 

一、安全性

设置客户端连接后进行任何其他指定前需要使用的密码。

警告:因为redis速度相当快,所以在一台比较好的服务器下,一个外部的用户可以在一秒钟进行150K次的密码尝试,这意味着你需要指定非常非常强大的密码来防止暴力破解。

修改redis.conf主配置文件:

# vim /usr/local/redis/redis.conf

# 建议设置密码复杂度高(生产环境)

requirepass jason

重启redis数据库:

# service redis restart

备注:设置bind 绑定IP/设置unixsocket /tmp/redis.sock 和 unixsocketperm 755

 

下面我们做一个实例,说明redis的安全性是如何实现的。

# 我们设置了连接的口令是jason

我们启动一个客户端试一下:

# /usr/local/redis/bin/redis-cli  

redis 127.0.0.1:6379> keys *  

(error) ERR operation not permitted  

redis 127.0.0.1:6379>

 

说明权限太小,我们可以当前的这个窗口中设置口令:

redis 127.0.0.1:6379> auth jason 

OK  

redis 127.0.0.1:6379> keys *  

1) "name"  

 

我们还可以在连接到服务器期间就指定一个口令,如下:

# /usr/local/redis/bin/redis-cli -a jason

redis 127.0.0.1:6379> keys *  

1) "name"  

二、主从复制

Redis主从复制配置和使用都非常简单。通过主从复制可以允许多个slave server拥有和master server相同的数据库副本。

Redis主从复制特点:

(1)master可以拥有多个slave

(2)多个slave可以连接同一个master外,还可以连接到其他slave

(3)主从复制不会阻塞master,在同步数据时,master可以继续处理client请求

(4)提高系统的伸缩性

Redis主从复制过程:

当配置好slave后,slave与master建立连接,然后发送sync命令。无论是第一次连接还是重新连接,master都会启动一个后台进程,将数据库快照保存到文件中,同时master主进程会开始收集新的写命令并缓存。后台进程完成写文件后,master就发送文件给slave,slave将文件保存到硬盘上,再加载到内存中,接着master就会把缓存的命令转发给slave,后续master将收到的写命令发送给slave。如果master同时收到多个slave发来的同步连接命令,master只会启动一个进程来写数据库镜像,然后发送给所有的slave。

 

Redis如何配置:

配置slave服务器很简单,只需要在slave的配置文件中加入如下配置

# vim /usr/local/redis/redis_slave.conf

slaveof 192.168.2.200 6379 #指定master的ip和端口

其它后继数据备份工作:

1、用redis-cli bgsave 命令每天凌晨一次持久化一次master redis上的数据,并CP到其它备份服务器上。

2、用redis-cli bgrewriteaof 命令每半小时持久化一次 slave redis上的数据,并CP到其它备份服务器上。

3、写个脚本 ,定期get master和slave上的key,看两个是否同步,如果没有同步,及时报警。

 

下面我们介绍如何搭建一个主从环境:

# slaveof <masterip> <masterport> 

slaveof 192.168.2.200 6379

我们在一台机器上启动主库192.168.2.200(端口6379),从库192.168.2.210(端口6379)

启动后主库控制台日志如下:

# cat /usr/local/redis/redis.log

[11430] 26 Nov 17:11:53.071 # Server started, Redis version 2.6.16

[11430] 26 Nov 17:11:53.072 * DB loaded from append only file: 0.000 seconds

[11430] 26 Nov 17:11:53.072 * The server is now ready to accept connections on port 6379

[11430] 26 Nov 17:11:54.070 - DB 0: 1 keys (0 volatile) in 4 slots HT.

[11430] 26 Nov 17:11:54.070 - 0 clients connected (0 slaves), 798672 bytes in use

[11430] 26 Nov 17:11:54.070 * Connecting to MASTER...

[11430] 26 Nov 17:11:54.070 * MASTER <-> SLAVE sync started

[11430] 26 Nov 17:11:54.071 * Non blocking connect for SYNC fired the event.

[11430] 26 Nov 17:11:54.072 * Master replied to PING, replication can continue...

[11430] 26 Nov 17:11:54.155 * MASTER <-> SLAVE sync: receiving 27 bytes from master

[11430] 26 Nov 17:11:54.156 * MASTER <-> SLAVE sync: Loading DB in memory

[11430] 26 Nov 17:11:54.156 * MASTER <-> SLAVE sync: Finished with success

[11430] 26 Nov 17:11:54.158 * Background append only file rewriting started by pid 11435

[11435] 26 Nov 17:11:54.165 * SYNC append only file rewrite performed

[11435] 26 Nov 17:11:54.166 * AOF rewrite: 0 MB of memory used by copy-on-write

[11430] 26 Nov 17:11:54.170 * Background AOF rewrite terminated with success

[11430] 26 Nov 17:11:54.170 * Parent diff successfully flushed to the rewritten AOF (0 bytes)

[11430] 26 Nov 17:11:54.170 * Background AOF rewrite finished successfully

[11430] 26 Nov 17:11:54.170 - Background AOF rewrite signal handler took 294us

 

启动后从库控制台日志如下:

# cat /usr/local/redis/redis.log  

[10726] 26 Nov 17:12:35.248 # Server started, Redis version 2.6.16

[10726] 26 Nov 17:12:35.248 * DB loaded from append only file: 0.000 seconds

[10726] 26 Nov 17:12:35.248 * The server is now ready to accept connections on port 6379

[10726] 26 Nov 17:12:35.248 * The server is now ready to accept connections at /tmp/redis.sock

[10726] 26 Nov 17:12:36.227 - Accepted 192.168.2.210:37605

[10726] 26 Nov 17:12:36.227 - DB 0: 1 keys (0 volatile) in 4 slots HT.

[10726] 26 Nov 17:12:36.227 - 1 clients connected (0 slaves), 827768 bytes in use

[10726] 26 Nov 17:12:36.229 * Slave ask for synchronization

[10726] 26 Nov 17:12:36.229 * Starting BGSAVE for SYNC

[10726] 26 Nov 17:12:36.231 * Background saving started by pid 10731

[10731] 26 Nov 17:12:36.239 * DB saved on disk

[10731] 26 Nov 17:12:36.239 * RDB: 0 MB of memory used by copy-on-write

[10726] 26 Nov 17:12:36.327 * Background saving terminated with success

[10726] 26 Nov 17:12:36.327 * Synchronization with slave succeeded

 

在主库上设置一对键值对:

# /usr/local/redis/bin/redis-cli -a jason

redis 127.0.0.1:6379> set name HongWan  

OK  

在从库上取一下这个键:

# /usr/local/redis/bin/redis-cli -a jason

redis 127.0.0.1:6379> get name  

"HongWan"  

说明主从是同步正常的。

 

那么我们如何判断哪个是主哪个是从呢?我们只需调用info这个命令就可以得到主从的信息了,我们在从库上执行info命令

redis 127.0.0.1:6379> info  

# Replication

role:slave  

master_host:192.168.2.200

master_port:6379  

master_link_status:up  

master_last_io_seconds_ago:10  

master_sync_in_progress:0  

db0:keys=1,expires=0 

 

里面有一个角色标识,来判断是主库还是从库,对于本例是一个从库,同时还有一个master_link_status用于标明主从是否异步,如果此值=up,说明同步正常;如果此值=down,说明同步异步。

db0:keys=1,expires=0,用于说明数据库有几个key,以及过期key的数量。

Redis Master配置文件:

# cat /usr/local/redis/redis_master.conf

daemonize yes

pidfile /usr/local/redis/redis.pid

port 6379

#bind 0.0.0.0

unixsocket /tmp/redis.sock

unixsocketperm 755

timeout 300

tcp-keepalive 300

loglevel verbose

logfile /usr/local/redis/redis.log

databases 16

save 900 1

save 300 10

save 60 10000

stop-writes-on-bgsave-error yes

rdbcompression yes

rdbchecksum yes

dbfilename dump.rdb

dir /usr/local/redis/

slave-serve-stale-data yes

slave-read-only yes

repl-disable-tcp-nodelay no

slave-priority 100

requirepass jason

maxclients 10000

maxmemory 256m

appendonly yes

appendfsync everysec

no-appendfsync-on-rewrite no

auto-aof-rewrite-percentage 100

auto-aof-rewrite-min-size 64mb

lua-time-limit 5000

slowlog-log-slower-than 10000

slowlog-max-len 128

hash-max-ziplist-entries 512

hash-max-ziplist-value 64

list-max-ziplist-entries 512

list-max-ziplist-value 64

set-max-intset-entries 512

zset-max-ziplist-entries 128

zset-max-ziplist-value 64

activerehashing yes

client-output-buffer-limit normal 0 0 0

client-output-buffer-limit slave 256mb 64mb 60

client-output-buffer-limit pubsub 32mb 8mb 60

hz 10

aof-rewrite-incremental-fsync yes

 

Redis Slave配置文件:

# cat /usr/local/redis/redis_slave.conf

daemonize yes

pidfile /usr/local/redis/redis.pid

port 6379

#bind 0.0.0.0

unixsocket /tmp/redis.sock

unixsocketperm 755

timeout 300

tcp-keepalive 300

loglevel verbose

logfile /usr/local/redis/redis.log

databases 16

save 900 1

save 300 10

save 60 10000

stop-writes-on-bgsave-error yes

rdbcompression yes

rdbchecksum yes

dbfilename dump.rdb

dir /usr/local/redis

slaveof 192.168.2.200 6379

masterauth jason

slave-serve-stale-data yes

slave-read-only yes

repl-disable-tcp-nodelay no

slave-priority 100

requirepass jason

appendonly yes

appendfsync everysec

no-appendfsync-on-rewrite no

auto-aof-rewrite-percentage 100

auto-aof-rewrite-min-size 64mb

lua-time-limit 5000

slowlog-log-slower-than 10000

slowlog-max-len 128

hash-max-ziplist-entries 512

hash-max-ziplist-value 64

list-max-ziplist-entries 512

list-max-ziplist-value 64

set-max-intset-entries 512

zset-max-ziplist-entries 128

zset-max-ziplist-value 64

activerehashing yes

client-output-buffer-limit normal 0 0 0

client-output-buffer-limit slave 256mb 64mb 60

client-output-buffer-limit pubsub 32mb 8mb 60

hz 10

aof-rewrite-incremental-fsync yes
标签: