Advanced Redis features: security and master-slave Replication

Security

Set the password to be used before other settings are made after the client connects.

Warning because redis is quite fast, an external user can try a K password in one second on a better server, this means you need to specify a very powerful password to prevent brute-force cracking.

 
 

  
  
# requirepass foobared 
  
  
 requirepass beijing 
 
 

Next we will conduct an experiment to illustrate how redis security is achieved.

The connection password is beijing.

Start a client and give it a try:

 
 

  
  
[root@localhost redis-2.2.12]# src/redis-cli  
  
  
redis 127.0.0.1:6379> keys *  
  
  
(error) ERR operation not permitted  
  
  
redis 127.0.0.1:6379> 
 
 

The permission is too small. We can set a password in the current window.

 
 

  
  
redis 127.0.0.1:6379> auth beijing  
  
  
OK  
  
  
redis 127.0.0.1:6379> keys *  
  
  
1) "name"  
  
  
redis 127.0.0.1:6379> 
 
 

You can also specify a password when connecting to the server, as shown below:

 
 

  
  
[root@localhost redis-2.2.12]# src/redis-cli -a beijing  
  
  
redis 127.0.0.1:6379> keys *  
  
  
1) "name"  
  
  
　redis 127.0.0.1:6379> 
 
 

We can see that a password can be specified during connection.

Master-slave Replication

Redis master-slave replication is easy to configure and use. Master-slave replication allows multiple slave servers to have the same database copies as the master server.

1. redis master-slave replication features:

(1) The master can have multiple slave instances.

(2) Multiple Server Load balancer instances can be connected to the same master or other Server Load balancer instances.

(3) master-slave replication does not block the master. During data synchronization, the master can continue to process client requests.

(4) Improve system scalability

2. Master-slave redis replication process:

After configuring slave, slave establishes a connection with the master and then sends the sync command. Whether it is the first connection or re-connection, the master will start a background process, save the database snapshot to the file, and the master process will start to collect new write commands and cache. After the background process writes a file, the master sends the file to slave. slave saves the file to the hard disk and loads it into the memory. Then the master forwards the cached command to slave, in the future, the master will send the write command received to the slave. If the master node receives synchronous connection commands from multiple slave instances at the same time, the master node starts only one process to write database images and sends them to all slave instances.

3. How to configure

It is easy to configure the slave server. You only need to add the following configurations to the slave configuration file.

 
 

  
  
Slaveof 192.168.1.1 6379 # specify the master's ip address and port
 
 

The following is an experiment to demonstrate how to build a master-slave environment:

 
 

  
  
# slaveof <masterip> <masterport> 
  
  
slaveof localhost 6379 
 
 

We start the master database (Port 6379) on a machine, slave database (Port 6378)

After the master database is started, the console log is as follows:

 
 

  
  
[root@localhost redis-2.2.12]# src/redis-server redis.conf   
  
  
[7064] 09 Aug 20:13:12 * Server started, Redis version 2.2.12  
  
  
[7064] 09 Aug 20:13:12 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.  
  
  
[7064] 09 Aug 20:13:12 * The server is now ready to accept connections on port 6379  
  
  
[7064] 09 Aug 20:13:13 - 0 clients connected (0 slaves), 539512 bytes in use  
  
  
[7064] 09 Aug 20:13:18 - 0 clients connected (0 slaves), 539512 bytes in use  
  
  
[7064] 09 Aug 20:13:20 - Accepted 127.0.0.1:37789  
  
  
[7064] 09 Aug 20:13:20 * Slave ask for synchronization  
  
  
[7064] 09 Aug 20:13:20 * Starting BGSAVE for SYNC  
  
  
[7064] 09 Aug 20:13:20 * Background saving started by pid 7067  
  
  
[7067] 09 Aug 20:13:20 * DB saved on disk  
  
  
[7064] 09 Aug 20:13:20 * Background saving terminated with success  
  
  
[7064] 09 Aug 20:13:20 * Synchronization with slave succeeded  
  
  
[7064] 09 Aug 20:13:23 - 0 clients connected (1 slaves), 547380 bytes in use 
 
 

After the startup, the log from the Database Console is as follows:

 
 

  
  
[root@localhost redis-2.2.12]# src/redis-server redis.slave   
  
  
[7066] 09 Aug 20:13:20 * Server started, Redis version 2.2.12  
  
  
[7066] 09 Aug 20:13:20 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.  
  
  
[7066] 09 Aug 20:13:20 * The server is now ready to accept connections on port 6378  
  
  
[7066] 09 Aug 20:13:20 - 0 clients connected (0 slaves), 539548 bytes in use  
  
  
[7066] 09 Aug 20:13:20 * Connecting to MASTER...  
  
  
[7066] 09 Aug 20:13:20 * MASTER <-> SLAVE sync started: SYNC sent  
  
  
[7066] 09 Aug 20:13:20 * MASTER <-> SLAVE sync: receiving 10 bytes from master  
  
  
[7066] 09 Aug 20:13:20 * MASTER <-> SLAVE sync: Loading DB in memory  
  
  
[7066] 09 Aug 20:13:20 * MASTER <-> SLAVE sync: Finished with success  
  
  
[7068] 09 Aug 20:13:20 * SYNC append only file rewrite performed  
  
  
[7066] 09 Aug 20:13:20 * Background append only file rewriting started by pid 7068  
  
  
[7066] 09 Aug 20:13:21 * Background append only file rewriting terminated with success  
  
  
[7066] 09 Aug 20:13:21 * Parent diff flushed into the new append log file with success (0 bytes)  
  
  
[7066] 09 Aug 20:13:21 * Append only file successfully rewritten.  
  
  
[7066] 09 Aug 20:13:21 * The new append only file was selected for future appends.  
  
  
[7066] 09 Aug 20:13:25 - 1 clients connected (0 slaves), 547396 bytes in use 
 
 

We set a key-value pair on the master database.

 
 

  
  
redis 127.0.0.1:6379> set name HongWan  
  
  
OK  
  
  
redis 127.0.0.1:6379> 
 
 

Obtain this key from the slave database.

 
 

  
  
redis 127.0.0.1:6378> get name  
  
  
"HongWan"  
  
  
redis 127.0.0.1:6378> 
 
 

It indicates that the master-slave synchronization is normal.

So how can we determine which is the master and which is the slave? We only need to call the info command to obtain the Master/Slave information. We can execute the info command on the slave database.

 
 

  
  
redis 127.0.0.1:6378> info  
  
  
.  
  
  
.  
  
  
.  
  
  
role:slave  
  
  
master_host:localhost  
  
  
master_port:6379  
  
  
master_link_status:up  
  
  
master_last_io_seconds_ago:10  
  
  
master_sync_in_progress:0  
  
  
db0:keys=1,expires=0 
  
  
redis 127.0.0.1:6378> 
 
 

There is a role ID in it to determine whether it is the master database or slave database. For this example, it is a slave database, and there is also a master_link_status to indicate whether the master and slave nodes are asynchronous. If this value is up, synchronization is normal. If this value is down, synchronization is asynchronous;

Db0: keys = 1, expires = 0, which indicates that the database has several keys and the number of expired keys.