环境:Cent OS 7.0 Redis 3.2.1
Redis的安装与启动
这里我把Redis放在/home/xuliugen/software/下,所以在该目录下执行下列命令:
$ wget http://download.redis.io/releases/redis-3.2.1.tar.gz
$ tar xzf redis-3.2.1.tar.gz
$ cd redis-3.2.1
$ make
至此Redis已经安装完成,首先试一下能不能把启动:
启动命令(在/home/xuliugen/software/redis-3.2.1目录下执行):
[root@localhost redis-3.2.1]# ./src/redis-server ../redis.conf
如下:
常见问题及解决方法
根据上图中的警告信息,下边是具体的解决方法
1、启动的时候没有设置配置文件
这个版本的时候需要指定,如果不指定的话,在后期修改了配置文件不会起到对应的效果
11292:C 25 Jul 13:13:58.034 # Warning: no config file specified,using the default config. In order to specify a config file use ./redis-server /path/to/redis.conf
这个说的是在启动的时候要制定配置文件,如果没有指定的话就会按照默认的配置,因此我们要制定具体的位置,具体命令为:
[root@localhost src]# ./redis-server ../redis.conf
2、启动时报错及解决方法
1、WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
2、WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
第一个警告两个方式解决(overcommit_memory)
echo "vm.overcommit_memory=1" > /etc/sysctl.conf 或 vi /etcsysctl.conf
echo 1 > /proc/sys/vm/overcommit_memory 不需要启机器就生效
第二个警告解决
echo 511 > /proc/sys/net/core/somaxconn
其实在报错信息的时候已经给出了解决的方法,按照给定的具体的方法解决即可。
3、在上述 2 中的解决方法的一些参数说明
(1)overcommit_memory参数说明:
设置内存分配策略(可选,根据服务器的实际情况进行设置)
/proc/sys/vm/overcommit_memory
可选值:0、1、2。
0, 表示内核将检查是否有足够的可用内存供应用进程使用;如果有足够的可用内存,内存申请允许;否则,内存申请失败,并把错误返回给应用进程。 1, 表示内核允许分配所有的物理内存,而不管当前的内存状态如何。 2, 表示内核允许分配超过所有物理内存和交换空间总和的内存
注意:redis在dump数据的时候,会fork出一个子进程,理论上child进程所占用的内存和parent是一样的,比如parent占用 的内存为8G,这个时候也要同样分配8G的内存给child,如果内存无法负担,往往会造成redis服务器的down机或者IO负载过高,效率下降。所 以这里比较优化的内存分配策略应该设置为 1(表示内核允许分配所有的物理内存,而不管当前的内存状态如何)。
(2)这里又涉及到Overcommit和OOM。
什么是Overcommit和OOM,在Unix中,当一个用户进程使用malloc()函数申请内存时,假如返回值是NULL,则这个进程知道当前没有可用内存空间,就会做相应的处理工作。许多进程会打印错误信息并退出。
Linux使用另外一种处理方式,它对大部分申请内存的请求都回复”yes”,以便能跑更多更大的程序。因为申请内存后,并不会马上使用内存。这种技术叫做Overcommit。
当内存不足时,会发生OOM killer(OOM=out-of-memory)。它会选择杀死一些进程(用户态进程,不是内核线程),以便释放内存。
(3)Overcommit的策略
Linux下overcommit有三种策略(Documentation/vm/overcommit-accounting):
- 启发式策略。合理的overcommit会被接受,不合理的overcommit会被拒绝。
- 任何overcommit都会被接受。
- 当系统分配的内存超过swap+N%*物理RAM(N%由vm.overcommit_ratio决定)时,会拒绝commit。
overcommit的策略通过vm.overcommit_memory设置。
overcommit的百分比由vm.overcommit_ratio设置。
echo 2 > /proc/sys/vm/overcommit_memory
echo 80 > /proc/sys/vm/overcommit_ratio
当oom-killer发生时,linux会选择杀死哪些进程选择进程的函数是oom_badness函数(在mm/oom_kill.c中),该函数会计算每个进程的点数(0~1000)。点数越高,这个进程越有可能被杀死。每个进程的点数跟oom_score_adj有关,而且oom_score_adj可以被设置(-1000最低,1000最高)。
设置Redis外网可访问
值得注意的是在3.2.0以后的新版本中引入了一种proteced mode
模式,详见:http://redis.io/topics/security
# By default,if no "bind" configuration directive is specified,Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive,followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet,binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive,that will force Redis to listen only into
# the IPv4 lookback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bind 127.0.0.1
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured,nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good Box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
简单的就是:
bind 127.0.0.1
protected-mode yes
# requirepass foobared
默认绑定的是127.0.01,默认开启了:protected-mode模式,按照官方的说法,如果默认开启了protected-mode模式在没有配置绑定IP和密码的情况下,是只允许回环地址进行访问的,就只允许127.0.0.1进行访问,那我们就在默认的配置下进行启动,通过SSH工具在其他机器上进行访问,看看运行的效果:
[root@localhost redis-3.2.1]# ./src/redis-server ../redis.conf
很显然是没有办法访问到,在3.2.0以前的版本中可以将绑定的IP进行修改为本机IP,例如我运行Redis的服务器IP为192.168.1.149,那我的配置为0.0.0.0
,顺便指定Redis的密码,# requirepass foobared 将这一行去掉注释,选择自己喜欢的密码,重启服务即可正常访问。
DENIED Redis is running in protected mode because protected mode is enabled
(error) DENIED Redis is running in protected mode because protected mode is enabled,no bind address was specified,no authentication password is requested to clients. In this mode connections are only accepted from the lookback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running,however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file,and setting the protected mode option to 'no',and then restarting the server. 3) If you started the server manually just for testing,restart it with the --portected-mode no option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
通过外网访问Redis可能会遇到这个问题,Redis protected-mode 是3.2 之后加入的新特性,在redis.conf的注释中,我们可以了解到,他的具体作用和启用条件:
# Protected mode is a layer of security protection,in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
# "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1,and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured,nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes
可以看到 protected-mode 是为了禁止公网访问redis cache,加强redis安全的。它启用的条件,有两个:
1) 没有bind IP
2) 没有设置访问密码
如果启用了,则只能够通过lookback ip(127.0.0.1)访问Redis cache,如果从外网访问,则会返回相应的错误信息,就是上图中的信息。
因此在新的版本中,应该配置绑定IP和访问密码,这样的话才不会报错误,在Redis的一个论坛中,老外也探讨了这个问题,可以参考:https://www.reddit.com/r/redis/comments/3zv85m/new_security_feature_redis_protected_mode/
Redis常用命令
1、启动Redis,这里指定具体的配置文件
[root@localhost redis-3.2.1]# ./redis-server ../redis.conf
2、查看Redis服务和进程
[root@localhost redis-3.2.1]# ps -ef | grep redis
[root@localhost redis-3.2.1]# netstat -ano | grep 6379
3、访问客户端Cli
[root@localhost redis-3.2.1]# ./src/redis-cli
如果设置密码,用参数 -a指定密码
[root@localhost redis-3.2.1]# ./src/redis-cli -a yourpassword
注意:上述的操作过程中,始终是关闭了防火墙的,关闭的命令如下:
centos 7:
systemctl stop firewalld.service #停止
systemctl disable firewalld.service #禁用
centos 7之前的版本:
service iptables stop #停止
chkconfig iptables off #禁用
如果只是想开启某一个端口,例如:6379的话,可以搜索一下具体的配置过程,这里不再累述。
原文链接:https://www.f2er.com/centos/381458.html