When I manually kill the service at the redis master node, the slave node cannot be scheduled.
The slave Sentinel error log is as follows.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
13322:X 16 Mar 2023 05:56:05.855 * Sentinel new configuration saved on disk
13322:X 16 Mar 2023 05:56:05.855 # +vote-for-leader 56633d20baa5b74afdabb4284967c899fa616471 26
13322:X 16 Mar 2023 05:56:05.855 # -failover-abort-not-elected master mymaster 192.168.31.70 6379
13322:X 16 Mar 2023 05:56:05.856 # 15f4d378df4ce62a6d4dd1e5e722c57f53d7c790 voted for 15f4d378df4ce62a6d4dd1e5e722c57f53d7c790 26
13322:X 16 Mar 2023 05:56:05.911 # +tilt #tilt mode entered
13322:X 16 Mar 2023 05:56:06.035 # ff18930550a34009800c8897cef1283456d8bc0d voted for ff18930550a34009800c8897cef1283456d8bc0d 26
13322:X 16 Mar 2023 05:56:34.940 * Sentinel new configuration saved on disk
13322:X 16 Mar 2023 05:56:34.940 # +new-epoch 27
13322:X 16 Mar 2023 05:56:34.944 * Sentinel new configuration saved on disk
13322:X 16 Mar 2023 05:56:34.944 # +vote-for-leader 15f4d378df4ce62a6d4dd1e5e722c57f53d7c790 27
13322:X 16 Mar 2023 05:56:35.960 # -tilt #tilt mode exited
13322:X 16 Mar 2023 05:56:35.960 # Next failover delay: I will not start a failover before Thu Mar 16 05:56:55 2023
13322:X 16 Mar 2023 05:56:55.391 # +new-epoch 28
13322:X 16 Mar 2023 05:56:55.392 # +try-failover master mymaster 192.168.31.70 6379
13322:X 16 Mar 2023 05:56:57.516 * Sentinel new configuration saved on disk
13322:X 16 Mar 2023 05:56:57.516 # +vote-for-leader 56633d20baa5b74afdabb4284967c899fa616471 28
13322:X 16 Mar 2023 05:56:57.517 # ff18930550a34009800c8897cef1283456d8bc0d voted for ff18930550a34009800c8897cef1283456d8bc0d 28
13322:X 16 Mar 2023 05:56:57.517 # 15f4d378df4ce62a6d4dd1e5e722c57f53d7c790 voted for 15f4d378df4ce62a6d4dd1e5e722c57f53d7c790 28
13322:X 16 Mar 2023 05:56:57.617 # +tilt #tilt mode entered
13322:X 16 Mar 2023 05:57:16.242 * Sentinel new configuration saved on disk
13322:X 16 Mar 2023 05:57:16.242 # +new-epoch 29
13322:X 16 Mar 2023 05:57:16.250 * Sentinel new configuration saved on disk
13322:X 16 Mar 2023 05:57:16.250 # +vote-for-leader ff18930550a34009800c8897cef1283456d8bc0d 29
13322:X 16 Mar 2023 05:57:27.629 # -tilt #tilt mode exited
13322:X 16 Mar 2023 05:57:27.629 # -failover-abort-not-elected master mymaster 192.168.31.70 6379
|
Here we find that the new election has succeeded, but the scheduling keeps prompting failure later.
Cause
Protected mode (protected-mode) is enabled in redis.conf
with the following configuration file.
We need to set protected-mode to protected-mode no
in the redis master-slave.
We also need to set Sentinel.conf
to protected-mode no
as well.
Then restart the redis master-slave and Sentinel sentry cluster.
Why you need to turn off redis protected-mode
Redis protected-mode is a security feature that restricts direct connections from the external network. In protected-mode, Redis can only be accessed locally, and external networks cannot connect to the Redis server. Turning on protected-mode protects the Redis server from third-party attacks.
When Redis is in protected mode, connections from external networks can only be accepted if protected-mode no is configured with redis.conf or explicitly specified via the CONFIG SET command. This will prevent unauthorized direct connections and improve the security of the Redis server.
If Redis protected mode is turned on, it may affect application access. Applications will need to connect to Redis by binding to 127.0.0.1 (i.e., they can only connect locally), which may prevent applications from accessing Redis remotely from other computers. if applications need to access Redis from other servers, they will need to turn protected mode off and modify the bind configuration to allow access to only a specific range of IP addresses Redis servers.
In summary, Redis protected mode can improve the security of the Redis server, but may have an impact on application access, so it needs to be considered and adjusted as appropriate.