|
| 1 | +# Example sentinel.conf |
| 2 | + |
| 3 | +# *** IMPORTANT *** |
| 4 | +# |
| 5 | +# By default Sentinel will not be reachable from interfaces different than |
| 6 | +# localhost, either use the 'bind' directive to bind to a list of network |
| 7 | +# interfaces, or disable protected mode with "protected-mode no" by |
| 8 | +# adding it to this configuration file. |
| 9 | +# |
| 10 | +# Before doing that MAKE SURE the instance is protected from the outside |
| 11 | +# world via firewalling or other means. |
| 12 | +# |
| 13 | +# For example you may use one of the following: |
| 14 | +# |
| 15 | +# bind 127.0.0.1 192.168.1.1 |
| 16 | +# |
| 17 | +# protected-mode no |
| 18 | + |
| 19 | +# port <sentinel-port> |
| 20 | +# The port that this sentinel instance will run on |
| 21 | +port {{ redis_sentinel_port }} |
| 22 | + |
| 23 | +daemonize yes |
| 24 | + |
| 25 | +logfile "{{ redis_sentinel_workdir }}/sentinel_{{ redis_sentinel_port }}.log" |
| 26 | + |
| 27 | +pidfile "{{ redis_sentinel_workdir }}/sentinel_{{ redis_sentinel_port }}.pid" |
| 28 | +# sentinel announce-ip <ip> |
| 29 | +# sentinel announce-port <port> |
| 30 | +# |
| 31 | +# The above two configuration directives are useful in environments where, |
| 32 | +# because of NAT, Sentinel is reachable from outside via a non-local address. |
| 33 | +# |
| 34 | +# When announce-ip is provided, the Sentinel will claim the specified IP address |
| 35 | +# in HELLO messages used to gossip its presence, instead of auto-detecting the |
| 36 | +# local address as it usually does. |
| 37 | +# |
| 38 | +# Similarly when announce-port is provided and is valid and non-zero, Sentinel |
| 39 | +# will announce the specified TCP port. |
| 40 | +# |
| 41 | +# The two options don't need to be used together, if only announce-ip is |
| 42 | +# provided, the Sentinel will announce the specified IP and the server port |
| 43 | +# as specified by the "port" option. If only announce-port is provided, the |
| 44 | +# Sentinel will announce the auto-detected local IP and the specified port. |
| 45 | +# |
| 46 | +# Example: |
| 47 | +# |
| 48 | +# sentinel announce-ip 1.2.3.4 |
| 49 | + |
| 50 | +# dir <working-directory> |
| 51 | +# Every long running process should have a well-defined working directory. |
| 52 | +# For Redis Sentinel to chdir to /tmp at startup is the simplest thing |
| 53 | +# for the process to don't interfere with administrative tasks such as |
| 54 | +# unmounting filesystems. |
| 55 | +dir {{ redis_sentinel_workdir }} |
| 56 | + |
| 57 | +# sentinel monitor <master-name> <ip> <redis-port> <quorum> |
| 58 | +# |
| 59 | +# Tells Sentinel to monitor this master, and to consider it in O_DOWN |
| 60 | +# (Objectively Down) state only if at least <quorum> sentinels agree. |
| 61 | +# |
| 62 | +# Note that whatever is the ODOWN quorum, a Sentinel will require to |
| 63 | +# be elected by the majority of the known Sentinels in order to |
| 64 | +# start a failover, so no failover can be performed in minority. |
| 65 | +# |
| 66 | +# Slaves are auto-discovered, so you don't need to specify slaves in |
| 67 | +# any way. Sentinel itself will rewrite this configuration file adding |
| 68 | +# the slaves using additional configuration options. |
| 69 | +# Also note that the configuration file is rewritten when a |
| 70 | +# slave is promoted to master. |
| 71 | +# |
| 72 | +# Note: master name should not include special characters or spaces. |
| 73 | +# The valid charset is A-z 0-9 and the three characters ".-_". |
| 74 | +# sentinel monitor mymaster 127.0.0.1 6379 2 |
| 75 | + |
| 76 | +# sentinel auth-pass <master-name> <password> |
| 77 | +# |
| 78 | +# Set the password to use to authenticate with the master and slaves. |
| 79 | +# Useful if there is a password set in the Redis instances to monitor. |
| 80 | +# |
| 81 | +# Note that the master password is also used for slaves, so it is not |
| 82 | +# possible to set a different password in masters and slaves instances |
| 83 | +# if you want to be able to monitor these instances with Sentinel. |
| 84 | +# |
| 85 | +# However you can have Redis instances without the authentication enabled |
| 86 | +# mixed with Redis instances requiring the authentication (as long as the |
| 87 | +# password set is the same for all the instances requiring the password) as |
| 88 | +# the AUTH command will have no effect in Redis instances with authentication |
| 89 | +# switched off. |
| 90 | +# |
| 91 | +# Example: |
| 92 | +# |
| 93 | +# sentinel auth-pass mymaster MySUPER--secret-0123passw0rd |
| 94 | + |
| 95 | +# sentinel down-after-milliseconds <master-name> <milliseconds> |
| 96 | +# |
| 97 | +# Number of milliseconds the master (or any attached slave or sentinel) should |
| 98 | +# be unreachable (as in, not acceptable reply to PING, continuously, for the |
| 99 | +# specified period) in order to consider it in S_DOWN state (Subjectively |
| 100 | +# Down). |
| 101 | +# |
| 102 | +# Default is 30 seconds. |
| 103 | +# sentinel down-after-milliseconds mymaster 30000 |
| 104 | + |
| 105 | +# sentinel parallel-syncs <master-name> <numslaves> |
| 106 | +# |
| 107 | +# How many slaves we can reconfigure to point to the new slave simultaneously |
| 108 | +# during the failover. Use a low number if you use the slaves to serve query |
| 109 | +# to avoid that all the slaves will be unreachable at about the same |
| 110 | +# time while performing the synchronization with the master. |
| 111 | +# sentinel parallel-syncs mymaster 1 |
| 112 | + |
| 113 | +# sentinel failover-timeout <master-name> <milliseconds> |
| 114 | +# |
| 115 | +# Specifies the failover timeout in milliseconds. It is used in many ways: |
| 116 | +# |
| 117 | +# - The time needed to re-start a failover after a previous failover was |
| 118 | +# already tried against the same master by a given Sentinel, is two |
| 119 | +# times the failover timeout. |
| 120 | +# |
| 121 | +# - The time needed for a slave replicating to a wrong master according |
| 122 | +# to a Sentinel current configuration, to be forced to replicate |
| 123 | +# with the right master, is exactly the failover timeout (counting since |
| 124 | +# the moment a Sentinel detected the misconfiguration). |
| 125 | +# |
| 126 | +# - The time needed to cancel a failover that is already in progress but |
| 127 | +# did not produced any configuration change (SLAVEOF NO ONE yet not |
| 128 | +# acknowledged by the promoted slave). |
| 129 | +# |
| 130 | +# - The maximum time a failover in progress waits for all the slaves to be |
| 131 | +# reconfigured as slaves of the new master. However even after this time |
| 132 | +# the slaves will be reconfigured by the Sentinels anyway, but not with |
| 133 | +# the exact parallel-syncs progression as specified. |
| 134 | +# |
| 135 | +# Default is 3 minutes. |
| 136 | +# sentinel failover-timeout mymaster 180000 |
| 137 | + |
| 138 | +# SCRIPTS EXECUTION |
| 139 | +# |
| 140 | +# sentinel notification-script and sentinel reconfig-script are used in order |
| 141 | +# to configure scripts that are called to notify the system administrator |
| 142 | +# or to reconfigure clients after a failover. The scripts are executed |
| 143 | +# with the following rules for error handling: |
| 144 | +# |
| 145 | +# If script exits with "1" the execution is retried later (up to a maximum |
| 146 | +# number of times currently set to 10). |
| 147 | +# |
| 148 | +# If script exits with "2" (or an higher value) the script execution is |
| 149 | +# not retried. |
| 150 | +# |
| 151 | +# If script terminates because it receives a signal the behavior is the same |
| 152 | +# as exit code 1. |
| 153 | +# |
| 154 | +# A script has a maximum running time of 60 seconds. After this limit is |
| 155 | +# reached the script is terminated with a SIGKILL and the execution retried. |
| 156 | + |
| 157 | +# NOTIFICATION SCRIPT |
| 158 | +# |
| 159 | +# sentinel notification-script <master-name> <script-path> |
| 160 | +# |
| 161 | +# Call the specified notification script for any sentinel event that is |
| 162 | +# generated in the WARNING level (for instance -sdown, -odown, and so forth). |
| 163 | +# This script should notify the system administrator via email, SMS, or any |
| 164 | +# other messaging system, that there is something wrong with the monitored |
| 165 | +# Redis systems. |
| 166 | +# |
| 167 | +# The script is called with just two arguments: the first is the event type |
| 168 | +# and the second the event description. |
| 169 | +# |
| 170 | +# The script must exist and be executable in order for sentinel to start if |
| 171 | +# this option is provided. |
| 172 | +# |
| 173 | +# Example: |
| 174 | +# |
| 175 | +# sentinel notification-script mymaster /var/redis/notify.sh |
| 176 | + |
| 177 | +# CLIENTS RECONFIGURATION SCRIPT |
| 178 | +# |
| 179 | +# sentinel client-reconfig-script <master-name> <script-path> |
| 180 | +# |
| 181 | +# When the master changed because of a failover a script can be called in |
| 182 | +# order to perform application-specific tasks to notify the clients that the |
| 183 | +# configuration has changed and the master is at a different address. |
| 184 | +# |
| 185 | +# The following arguments are passed to the script: |
| 186 | +# |
| 187 | +# <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port> |
| 188 | +# |
| 189 | +# <state> is currently always "failover" |
| 190 | +# <role> is either "leader" or "observer" |
| 191 | +# |
| 192 | +# The arguments from-ip, from-port, to-ip, to-port are used to communicate |
| 193 | +# the old address of the master and the new address of the elected slave |
| 194 | +# (now a master). |
| 195 | +# |
| 196 | +# This script should be resistant to multiple invocations. |
| 197 | +# |
| 198 | +# Example: |
| 199 | +# |
| 200 | +# sentinel client-reconfig-script mymaster /var/redis/reconfig.sh |
| 201 | + |
0 commit comments