Redis建置學習心得
話說設定Redis的複寫動作並不難, 但是似乎很沒有安全感, 任何機器只要能連線到master的, 就指定自己為slave的話, 那資料不是就容易外流? 因此, 在設定複寫時, 可以在master上加上一組密碼, 然後要設定slave的角色時, 必須加入密碼才能連線.
在master上加上replication master角色的密碼, 修改master上的 /etc/redis/6379.conf
################################## SECURITY ###################################
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
requirepass abcd1234
在所有的slave上, 指定/etc/redis/6329.conf檔案中的masterauth 參數, 並給與master上指定的requierpass的密碼
# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the slave to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
# masterauth <master-password>
Masterauth abcd1234
然後重啟Redis Instance, 包含master與slave, 密碼才會生效.
PS. 此流程可以併在建立時一起做, 如果原本的master就有密碼的話.
PS. 由於指定了master的replication密碼, 所以在看master的複寫的狀況時, 也要在語法加上 -a 的參數來指定密碼
[root@Redis01 ~]# redis-cli -h 192.168.127.101 -p 6379 info replication
NOAUTH Authentication required.
[root@Redis01 ~]# redis-cli -h 192.168.127.101 -p 6379 -a abcd1234 info replication
# Replication
role:master
connected_slaves:2
slave0:ip=192.168.127.102,port=6379,state=online,offset=281,lag=0
slave1:ip=192.168.127.103,port=6379,state=online,offset=281,lag=0
master_repl_offset:281
repl_backlog_active:1
repl_backlog_size:1048576
repl_backlog_first_byte_offset:2
repl_backlog_histlen:280