docker基础篇-阳哥
文章目录
- docker基础篇-阳哥
- centos7最小安装准备工作
- 网络设置
- 安装必备工具
- 1.1 安装工具
- 1.5 优化ssh连接
- 1.1 修改ssh服务的配置文件
- 1.2 找到对应的行数修改如下
- 1.3 修改完成之后重启ssh服务
- 1.6 永久修改主机名
- sed命令
- sed命令替换文本_xbd_zc的博客-CSDN博客
- 1.镜像与容器
- 2.安装docker
- 1-安装步骤
- 1.卸载
- 2.设置存储库安装yum utils包
- 3.设置yum源
- 4.安装docker
- 5.设置华为云镜像加速
- 6.测试hello-world
- 2-常用命令
- 2.1容器命令
- 2.2重点命令
- 2.2.1启动守护式容器--后台服务器
- 2.2.2查看容器
- 2.2.3进入容器交互
- 2.2.4容器与宿主机文件交互
- 2.2.5导入和导出容器
- 小总结
- 3-docker镜像
- 3.1commit提交容器为新镜像
- 3.2案例-Ubuntu安装vim
- 小总结
- 3.3将镜像推送到阿里云仓库
- 3.3.1,建阿里云镜像仓库
- 3.3.2,镜像上传
- 3.3.3,拉取镜像
- 3.4将镜像推送到私有库(registry)
- 3.4.1修改配置文件使之支持http
- 3.4.2运行私有库registry
- 3.4.3push镜像到私服
- 3.4.4从私服pull到本地
- 4-docker容器数据卷
- 4.1作用
- 4.2数据卷案例
- 4.2.1添加容器数据卷
- 1查看数据卷是否挂载成功 docker inspect
- 2创建文件测试
- 3停止容器,并在宿主机目录下修改文件后再启动容器查看是否同步
- 4.2.2数据卷读写权限
- 4.2.3数据卷继承
- 5-docker常规安装简介
- 5.1常规安装步骤
- 5.2安装Tomcat
- 5.3安装Mysql5.7
- 5.4安装Redis
- 新建配置文件(放到文章末尾了)
- 启动容器
- **测试redis-cli连接**
- 修改配置文件, 查看是否生效
- 搭建图床
- 5.4.1redis配置
centos7最小安装准备工作
网络设置
vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static #启动的时候的 IP 取得的协议,这里是固定的,如果是动态主机的话,要改成 dhcp 才行#
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33 #设定网卡的名称,要跟文件名称对应 #
UUID=f5e37a10-3da9-47af-8dbb-370b7bf24509
DEVICE=ens33 #设定网卡的名称,要跟文件名称对应 #
ONBOOT=yes #是否在开机的的时候启动网卡#
IPADDR=192.168.22.100 #IP 地址# 必设置
GATEWAY=192.168.22.2 #网关地址# 必须设置 虚拟机注意查看网关地址
NETWORK=192.168.22.1 #该网段的第一个 IP# 可以不设置
BROADCAST=192.168.22.255 #最后一个同网段的广播地址# 可以不设置
NETMASK=255.255.255.0 #子网掩码# 必设置
DNS1=114.114.114.114 #必设置
#GATEWAYDEV=eth0 推荐阅读: linux网络配置文件(redhat、ubuntu系统) centos基本网络配置-网卡eth0、DNS、Host等
#linux主机刚安装好时,ONBOOT属性的缺省值为no,需要修改为yes,BOORPROTO缺省值为dhcp,需要修改为static。然后,设置IP地址,网络掩码,网关等。
安装必备工具
cd /etc/yum.repos.d/
rm -rf *
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
#更新yum软件包索引
yum makecache fast
#更新yum
yum install -y yum-utils
1.1 安装工具
yum -y install net-tools vim unzip gcc gcc-c++ pcre-devel openssl-devel wget
1.5 优化ssh连接
1.1 修改ssh服务的配置文件
/etc/ssh/sshd_config
1.2 找到对应的行数修改如下
sed -i '79s/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i '115s/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
1.3 修改完成之后重启ssh服务
systemctl restart sshd
1.6 永久修改主机名
#替换文件第一行为docker-master
sed -i '1c docker-master' /etc/hostname
#重启服务器后生效
reboot
vim /etc/hostname
修改为以下内容
[root@host-135 ~]# cat /etc/hostname
host-135
sed命令
sed命令替换文本_xbd_zc的博客-CSDN博客
1.镜像与容器
- 虚拟机(virtual machine)
- 带环境安装的一种解决方案, 虚拟出各种硬件,在虚拟机上安装系统,再从操作系统中安装部署各种应用
- Linux容器(Linux Containers,缩写为 LXC)
- 是在操作系统层面上实现虚拟化, 容器内无内核也不需要虚拟, 直接使用宿主机内核。
- 每个容器之间相互隔离,每个容器都有独立的文件系统,容器之间不会相互影响,能区分计算资源。
2.安装docker
1-安装步骤
1.卸载
systemctl stop docker
yum remove docker-ce docker-ce-cli containerd.io
rm -rf /var/lib/docker
rm -rf /var/lib/containerd
2.设置存储库安装yum utils包
(它提供了yum config manager实用程序)并设置稳定的存储库。
yum install -y yum-utils
3.设置yum源
这里使用阿里的
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#更新yum软件包索引
yum makecache fast
4.安装docker
yum -y install docker-ce docker-ce-cli containerd.io
#启动
systemctl start docker
#自启动
systemctl enable docker
5.设置华为云镜像加速
容器镜像服务-控制台 (huaweicloud.com)
镜像中心-镜像加速器
配置docker镜像加速
#创建文件夹
mkdir -p /etc/docker
#添加内容
tee /etc/docker/daemon.json <<- 'EOF'
{
"registry-mirrors": [ "https://043f20e3d9e4485083339341635f4362.mirror.swr.myhuaweicloud.com" ]
}
EOF
cat /etc/docker/daemon.json
#重启
systemctl daemon-reload
systemctl restart docker
#确认配置结果
docker info
#执行docker info,当Registry Mirrors字段的地址为加速器的地址时,说明加速器已经配置成功。
6.测试hello-world
docker run hello-world
2-常用命令
2.1容器命令
docker run [OPTIONS] IMAGE [COMMAND] [ARG…]
-
常用启动参数
-
-i interactive 交互, 一般与t配合使用
- -t tty 终端, 一般与i配合使用
- docker run -it ubuntu bash
-
–name 配置启动后的容器名
- docker run --name=myubuntu -it ubuntu bash
-
-d 后台启动
-
-p 配置端口映射 -p 外部端口:容器端口
-
-
退出容器
-
exit or ctrl+d 容器内部直接退出, 退出后容器关闭
-
ctrl+p+q 退出后容器不会关闭
-
-
启动已停止的容器
- docker start 容器ID/容器名
-
重启容器
- docker restart 容器ID/容器名
-
停止容器
-
docker stop 容器ID/容器名
-
强制停止 docker kill 容器ID/容器名
-
-
删除容器
- 已停止的容器 docker rm 容器ID
- 强制删除 docker rm -f 容器ID
- 删除多个
- docker rm -f $(docker ps -aq)
- docker ps -aq | xargs docker rm
- xargs就是把前面的结果放到后面的指令
- 删除多个
2.2重点命令
2.2.1启动守护式容器–后台服务器
启动时添加 -d参数 docker run -d 镜像名
Docker容器后台运行, 必须有一个前台进程, 容器运行的命令不是一直挂起的命令(如top,tail), 就会自动退出
如后台启动一个Ubuntu, 发现容器直接退出
[root@centos7 ~]# docker run -d ubuntu /bin/bash
39b05cc84038f7594d2ecef4c513122ed6f01be1ae23d717f4b354503e02f6b8
[root@centos7 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@centos7 ~]#
常用解决方案是: 将要运行的程序已前台进程形式运行, 常见就是命令行模式, 表示还有交互, 别中断
Redis前后台启动演示
前台交互式启动 : docker run -it redis
[root@centos7 ~]# docker run -it redis
1:C 21 Feb 2023 08:50:48.916 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 21 Feb 2023 08:50:48.916 # Redis version=7.0.8, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 21 Feb 2023 08:50:48.916 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
1:M 21 Feb 2023 08:50:48.917 * monotonic clock: POSIX clock_gettime
正常启动, 退出后容器自动关闭
后台守护式启动: docker run -d redis
[root@centos7 ~]# docker run -d redis
068a7f974e92e3eb06dd0e51c81aebd96cd070134d675f3622c41639c3901648
[root@centos7 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
068a7f974e92 redis "docker-entrypoint.s…" 4 seconds ago Up 3 seconds 6379/tcp frosty_lovelace
正常后台运行
2.2.2查看容器
容器角度: 可以把容器看做一个简易版的Linux环境(包括root用户权限、进程空间、用户空间和网络空间等)和运行在其中的应用程序
查看容器日志
- docker logs 容器ID
查看容器内运行的进程
- docker top 容器ID
查看容器内部细节
- docker inspect 容器ID
2.2.3进入容器交互
docker exec -it 容器ID /bin/bash
docker attach 容器ID
区别:
- attach直接进入容器启动命令终端,不会启动新的进程, exit退出会导致容器停止
- exec是在容器中打开新的终端, 并且可以启动新的进程,用exit退出 不会导致容器的停止
推荐使用exec, 退出终端不会停止
- attach
Ctrl+P+Q退出也不会停止
- exec
2.2.4容器与宿主机文件交互
#容器拷贝到宿主机
docker cp 容器ID/容器名:/容器内路径 /宿主机路径
#宿主机拷贝到容器(和上面反过来)
docker cp /宿主机路径 容器ID/容器名:/容器内路径
2.2.5导入和导出容器
- export导出容器为tar包
docker exprot 容器ID > 文件名.tar
- import导入容器镜像
docker import 文件名.tar 用户/镜像名:镜像版本
- 导出镜像
docker save -o 文件名.tar 镜像名
测试
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7c5472c955b3 ubuntu "bash" 4 minutes ago Up 57 seconds brave_margulis
#导出容器
[root@localhost ~]# docker export 7c547 > bbb.tar
[root@localhost ~]# ls
anaconda-ks.cfg `bbb.tar` Centos-7.repo epel-7.repo uuu.tar
#删除容器
[root@localhost ~]# docker rm -f 7c547
7c547
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest ba6acccedd29 16 months ago 72.8MB
#导入容器镜像
[root@localhost ~]# docker import bbb.tar 666/ubuntu:v1
sha256:db93c96b185b01e3c3b0c3e7ed9447214990bacc0825c9b2186e518ac8752b8d
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
666/ubuntu v1 db93c96b185b 4 seconds ago 72.8MB
ubuntu latest ba6acccedd29 16 months ago 72.8MB
#运行验证文件
[root@localhost ~]# docker run -it 666/ubuntu:v1 bash
root@cbd6780f611c:/# cat aaa.txt
hahah
小总结
关键字 | 说明 | 说明 |
---|---|---|
attach | Attach to a running container | 当前 shell 下 attach 连接指定运行镜像 |
build | Build an image from a Dockerfile | 通过 Dockerfile 定制镜像 |
commit | Create a new image from a container changes | 提交当前容器为新的镜像 |
cp | Copy files/folders from the containers filesystem to the host path | 从容器中拷贝指定文件或者目录到宿主机中 |
create | Create a new container | 创建一个新的容器,同 run,但不启动容器 |
diff | Inspect changes on a container’s filesystem | 查看 docker 容器变化 |
events | Get real time events from the server | 从 docker 服务获取容器实时事件 |
exec | Run a command in an existing container | 在已存在的容器上运行命令 |
export | Stream the contents of a container as a tar archive | 导出容器的内容流作为一个 tar 归档文件[对应 import ] |
history | Show the history of an image | 展示一个镜像形成历史 |
images | List images | 列出系统当前镜像 |
import | Create a new filesystem image from the contents of a tarball | 从tar包中的内容创建一个新的文件系统映像[对应export] |
info | Display system-wide information | 显示系统相关信息 |
inspect | Return low-level information on a container | 查看容器详细信息 |
kill | Kill a running container | kill 指定 docker 容器 |
load | Load an image from a tar archive | 从一个 tar 包中加载一个镜像[对应 save] |
login | Register or Login to the docker registry server | 注册或者登陆一个 docker 源服务器 |
logout | Log out from a Docker registry server | 从当前 Docker registry 退出 |
logs | Fetch the logs of a container | 输出当前容器日志信息 |
port | Lookup the public-facing port which is NAT-ed to PRIVATE_PORT | 查看映射端口对应的容器内部源端口 |
pause | Pause all processes within a container | 暂停容器 |
ps | List containers | 列出容器列表 |
pull | Pull an image or a repository from the docker registry server | 从docker镜像源服务器拉取指定镜像或者库镜像 |
push | Push an image or a repository to the docker registry server | 推送指定镜像或者库镜像至docker源服务器 |
restart | Restart a running container | 重启运行的容器 |
rm | Remove one or more containers | 移除一个或者多个容器 |
rmi | Remove one or more images | 移除一个或多个镜像[无容器使用该镜像才可删除,否则需删除相关容器才可继续或 -f 强制删除] |
run | Run a command in a new container | 创建一个新的容器并运行一个命令 |
save | Save an image to a tar archive | 保存一个镜像为一个 tar 包[对应 load] |
search | Search for an image on the Docker Hub | 在 docker hub 中搜索镜像 |
start | Start a stopped containers | 启动容器 |
stop | Stop a running containers | 停止容器 |
tag | Tag an image into a repository | 给源中镜像打标签 |
top | Lookup the running processes of a container | 查看容器中运行的进程信息 |
unpause | Unpause a paused container | 取消暂停容器 |
version | Show the docker version information | 查看 docker 版本号 |
wait | Block until a container stops, then print its exit code | 截取容器停止时的退出状态值 |
3-docker镜像
- 镜像分层
- 好处:共享资源,方便复用, 比如多个镜像都由同一个base镜像构建,那么Docker只需保存一份base镜像,同时内存中只需加载一份base镜像,就可以为所有容器服务,镜像的每一层都可以共享
Docker镜像层都是只读的,容器层是可写的
当容器启动时,一个新的可写层被加载到镜像的顶部。这一层通常被称为“容器层”, “容器层”之下的都交镜像层
3.1commit提交容器为新镜像
docker commit -m="提交描述信息" -a="作者" 容器ID 镜像名:tag
3.2案例-Ubuntu安装vim
Ubuntu安装vim
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbd6780f611c 666/ubuntu:v1 "bash" 34 minutes ago Up 34 minutes affectionate_wozniak
[root@localhost ~]# docker exec -it cbd67 bash
#直接拉取的Ubuntu镜像不带有vim命令
root@cbd6780f611c:/# vi aaa.txt
bash: vi: command not found
root@cbd6780f611c:/# vim aaa.txt
bash: vim: command not found
#Ubuntu的包管理工具-更新
root@cbd6780f611c:/# apt-get update
...................................
Reading package lists... Done
#安装vim
root@cbd6780f611c:/# apt-get -y install vim
.....................................
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
root@cbd6780f611c:/# vim aaa.txt
hahah
~
"aaa.txt" 1L, 6C
提交该容器为新镜像
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbd6780f611c 666/ubuntu:v1 "bash" 55 minutes ago Up 55 minutes affectionate_wozniak
[root@localhost ~]# docker commit -m="add vim" -a="666" cbd678 666/ubuntu:v2
sha256:7993a19efeff889ac42a3d4538f676ac58dae89234fe76f044fc4174ebd8c1c6
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
666/ubuntu v2 7993a19efeff 30 seconds ago 182MB
666/ubuntu v1 db93c96b185b 59 minutes ago 72.8MB
运行新镜像测试
[root@localhost ~]# docker run -it 666/ubuntu:v2 bash
root@c19735995a1f:/# vim aaa.txt
hahah
~
"aaa.txt" 1L, 6C
小总结
Docker中的镜像分层 支持通过扩展先有镜像, 创建新的镜像。类似java继承一个base基础类,自己按需扩展。
新镜像是从base镜像一层层叠加生成的, 每次安装一个软件, 就在现有镜像上添加一层
3.3将镜像推送到阿里云仓库
3.3.1,建阿里云镜像仓库
容器镜像服务 (aliyun.com)
个人版-创建命名空间
创建镜像仓库
创建本地库
自动跳转操作基本信息, 附带操作指南
也可以从仓库-管理进入
3.3.2,镜像上传
1.登录阿里云Docker Registry
$ docker login --username=用户名 registry.cn-hangzhou.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded #登录成功
用于登录的用户名为阿里云账号全名,密码为开通服务时设置的密码。
您可以在访问凭证页面修改凭证密码。
2.将镜像推送到Registry
#给镜像打标签
docker tag [ImageId] registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:[镜像版本号]
#上传镜像
docker push registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:[镜像版本号]
请根据实际镜像信息替换示例中的[ImageId]和[镜像版本号]参数。
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
666/ubuntu v2 7993a19efeff 22 hours ago 182MB
666/ubuntu v1 db93c96b185b 23 hours ago 72.8MB
ubuntu latest ba6acccedd29 16 months ago 72.8MB
[root@localhost ~]# docker tag 7993a19efeff registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:v1
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim v1 7993a19efeff 22 hours ago 182MB
666/ubuntu v2 7993a19efeff 22 hours ago 182MB
666/ubuntu v1 db93c96b185b 23 hours ago 72.8MB
ubuntu latest ba6acccedd29 16 months ago 72.8MB
[root@localhost ~]# docker push registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:v1
The push refers to repository [registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim]
b51348661685: Pushed
7f39613ee1b6: Pushed
v1: digest: sha256:9977a47e8b92845e260e6e665339ec0d4eddec0c85291ddf9a67fe37108bde5a size: 741
[root@localhost ~]#
版本已更新
3.3.3,拉取镜像
从Registry中拉取镜像
docker pull registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:[镜像版本号]
测试
- 删除镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
666/ubuntu v2 7993a19efeff 22 hours ago 182MB
registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim v1 7993a19efeff 22 hours ago 182MB
ubuntu latest ba6acccedd29 16 months ago 72.8MB
[root@localhost ~]# docker rmi -f 7993a19efeff
Untagged: 666/ubuntu:v2
Untagged: registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:v1
Untagged: registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim@sha256:9977a47e8b92845e260e6e665339ec0d4eddec0c85291ddf9a67fe37108bde5a
Deleted: sha256:7993a19efeff889ac42a3d4538f676ac58dae89234fe76f044fc4174ebd8c1c6
- 拉取镜像运行
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest ba6acccedd29 16 months ago 72.8MB
[root@localhost ~]# docker pull registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:v1
v1: Pulling from ubuntu-9527/ubuntu-vim
b24487b1f920: Already exists
b8547e637054: Already exists
Digest: sha256:9977a47e8b92845e260e6e665339ec0d4eddec0c85291ddf9a67fe37108bde5a
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:v1
registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:v1
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim v1 7993a19efeff 22 hours ago 182MB
ubuntu latest ba6acccedd29 16 months ago 72.8MB
[root@localhost ~]# docker run -it registry.cn-hangzhou.aliyuncs.com/ubuntu-9527/ubuntu-vim:v1
root@3c091e6251f2:/# vim aaa.txt
3.4将镜像推送到私有库(registry)
Docker Registry是官方提供的工具,可以用于构建私有镜像仓库
3.4.1修改配置文件使之支持http
docker默认不允许http方式推送镜像,通过配置选项来取消这个限制。====> 修改完后如果不生效,建议重启docker。
修改deamon.json
tee /etc/docker/daemon.json <<- 'EOF'
{
"registry-mirrors": ["https://你的ID注意替换.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.0.201 IP注意替换:5000"]
}
EOF
#重启docker
systemctl restart docker
3.4.2运行私有库registry
docker run -d -p 5000:5000 -v /home/myregistry/:/tmp/registry --privileged=true registry
- -d 后台运行
- -p 5000:5000 宿主机5000端口与容器5000端口映射
- -v /home/myregistry/:/tmp/registry 数据卷挂载 ,前面是宿主机目录:后面容器内目录
- –privileged=true 添加挂载目录权限
[root@localhost ~]# mkdir /home/myregistry #私有仓库目录
[root@localhost ~]# docker run -d -p 5000:5000 -v /home/myregistry/:/tmp/registry --privileged=true registry
1e211c5914e625a27a1d55937c5b580eb83ed0d52e2d2188c9ae0dc5f056bb7c
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1e211c5914e6 registry "/entrypoint.sh /etc…" 4 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp loving_ptolemy
[root@localhost ~]#
3.4.3push镜像到私服
修改符合私服规范的tag
docker tag 镜像:Tag Host:Port/Repository:Tag
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
666/ubuntu v1 db93c96b185b 24 hours ago 72.8MB
registry latest b8604a3fe854 15 months ago 26.2MB
ubuntu latest ba6acccedd29 16 months ago 72.8MB
[root@localhost ~]# docker tag 666/ubuntu:v1 192.168.0.201:5000/myubuntu:v2
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.0.201:5000/myubuntu v2 db93c96b185b 24 hours ago 72.8MB
666/ubuntu v1 db93c96b185b 24 hours ago 72.8MB
registry latest b8604a3fe854 15 months ago 26.2MB
ubuntu
push到私服库
[root@localhost ~]# docker push 192.168.0.201:5000/myubuntu:v2
The push refers to repository [192.168.0.201:5000/myubuntu]
7f39613ee1b6: Pushed
v2: digest: sha256:970d3faf324bdba3b984e299c13dcaf2cfcb3fa210dc634cb1b45d70999b35b1 size: 528
验证私服库上有什么镜像
[root@localhost ~]# curl -XGET http://192.168.0.201:5000/v2/_catalog
{"repositories":["myubuntu"]}
3.4.4从私服pull到本地
docker pull 192.168.0.201:5000/myubuntu:v2
[root@localhost ~]# docker pull 192.168.0.201:5000/myubuntu:v2
v2: Pulling from myubuntu
b24487b1f920: Already exists
Digest: sha256:970d3faf324bdba3b984e299c13dcaf2cfcb3fa210dc634cb1b45d70999b35b1
Status: Downloaded newer image for 192.168.0.201:5000/myubuntu:v2
192.168.0.201:5000/myubuntu:v2
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.0.201:5000/myubuntu v2 db93c96b185b 25 hours ago 72.8MB
registry latest b8604a3fe854 15 months ago 26.2MB
ubuntu latest ba6acccedd29 16 months ago 72.8MB
[root@localhost ~]# docker run -it 192.168.0.201:5000/myubuntu:v2 bash
root@ea1c22707ae8:/# cat aaa.txt
hahah
4-docker容器数据卷
–privileged=true 参数的作用
大约在0.6版,privileged被引入Docker。
使用–privileged参数,container内的root可以拥有真正的权限,否则,container内的root只是外部的一个普通用户的权限。
使用privileged启动容器,可以看到很多host上的设备,并且可以执行mount,甚至允许你在docker容器中启动docker容器。
4.1作用
卷是目录或文件, 存在一个或多个容器中, 由docker挂载到容器, 单不属于联合文件系统, 因此能够绕过Union File System提供一些用于持续存储或共享数据的特性:
卷的设计目的就是数据的持久化, 完全独立于容器的生存周期, 因此Docker不会再容器删除时删除其挂载的数据卷。
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录 镜像名
将运用与运行的环境打包镜像,run后形成容器实例运行 ,但是我们对数据的要求希望是持久化的。
Docker容器产生的数据,如果不备份,那么当容器实例删除后,容器内的数据自然也就没有了。为了能保存数据在docker中我们使用卷。
特点:
- 数据卷可在容器之间共享或重用数据
- 卷中的更改可以直接实时生效
- 数据卷中的更改不会包含在镜像的更新中
- 数据卷的生命周期一直持续到没有容器使用它为止
4.2数据卷案例
4.2.1添加容器数据卷
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录 镜像名
#运行容器u1并挂载数据卷
[root@centos7master ~]# docker run -itd --privileged=true -v /home/master_data:/home/container_date --name=u1 ubuntu
511f386158e2e647856e7cf089a807793e4168568d5b8ef21bb86ea17bdef2d1
[root@centos7master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
511f386158e2 ubuntu "bash" 2 seconds ago Up 1 second u1
1查看数据卷是否挂载成功 docker inspect
[root@centos7master ~]# docker inspect u1
#找到mounts
"Mounts": [
{
"Type": "bind",
"Source": "/home/master_data", #宿主机目录
"Destination": "/home/container_date",#容器目录
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
]
2创建文件测试
- 宿主机master创建文件- 容器内部查看存在
- 容器内创建文件- 宿主机查看存在
[root@centos7master ~]# cd /home/master_data/ #挂载卷时没有此路径会自动创建
#在宿主机目录下创建master.txt
[root@centos7master master_data]# touch master.txt && echo 'master-hello' > master.txt
[root@centos7master master_data]# cat master.txt
master-hello
[root@centos7master master_data]# docker exec -it u1 bash #进入u1
root@511f386158e2:/# cd /home/container_date/
#容器中查看宿主机master创建的文件是否存在
root@511f386158e2:/home/container_date# cat master.txt
master-hello
#在容器目录下创建container.txt
root@511f386158e2:/home/container_date# touch container.txt && echo 'container-hello' > container.txt
root@511f386158e2:/home/container_date# cat container.txt
container-hello
root@511f386158e2:/home/container_date# exit
exit
#宿主机中查看容器创建的文件是否存在
[root@centos7master master_data]# cat /home/master_data/container.txt
container-hello
3停止容器,并在宿主机目录下修改文件后再启动容器查看是否同步
[root@centos7master master_data]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
511f386158e2 ubuntu "bash" 15 minutes ago Up 15 minutes u1
[root@centos7master master_data]# docker stop u1
u1
[root@centos7master master_data]# ls #停止容器后数据存在
container.txt master.txt
[root@centos7master master_data]# touch master1.txt && echo 'master1-hello' > master1.txt
[root@centos7master master_data]# ls
container.txt master1.txt master.txt
[root@centos7master master_data]# docker start u1
u1
[root@centos7master master_data]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
511f386158e2 ubuntu "bash" 16 minutes ago Up 2 seconds u1
[root@centos7master master_data]# docker exec -it u1 bash
root@511f386158e2:/# cd /home/container_date/
root@511f386158e2:/home/container_date# ls #重新启动后数据存在
container.txt master.txt master1.txt
root@511f386158e2:/home/container_date# cat master1.txt
master1-hello
4.2.2数据卷读写权限
不写默认读写-rw
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录:rw 镜像名
只读-ro :容器实例内部被限制,只能读取不能写
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录:ro 镜像名
- 容器内部只读
[root@centos7master]# docker run -itd --privileged=true -v /home/master_data/:/home/container_data:ro --name u3 ubuntu
5340e3cb177e3d465bae2604bc5df0367049c56d64ffa1fcc3e1d8bc041f175f
[root@centos7master]# docker exec -it u3 bash
root@5340e3cb177e:/# cd /home/container_data/
root@5340e3cb177e:/home/container_data# touch 111.txt #容器内部创建失败
touch: cannot touch '111.txt': Read-only file system
root@5340e3cb177e:/home/container_data# exit
exit
[root@centos7master master_data]# cd /home/master_data/ #宿主机创建成功
[root@centos7master master_data]# touch 111.txt
[root@centos7master master_data]# ls
111.txt
[root@centos7master]#
4.2.3数据卷继承
- 可继承父容器的卷规则
docker run -it --privileged=true --volumes-from 父容器 --name u2 ubuntu
5-docker常规安装简介
5.1常规安装步骤
- 搜索镜像
docker search 镜像名
- 拉取镜像
docker pull 镜像名
- 查看镜像
docker images 镜像名
- 启动镜像 - 服务端口映射
docker run -p外部端口:容器内端口 镜像名
- 停止容器
docker stop 容器ID
- 移除容器
docker rm 容器ID
5.2安装Tomcat
- 拉取镜像(可省略), 默认最新版, 需下载指定版本可上官网查看
docker pull tomcat
- 启动镜像 映射端口8080
docker run -d -p8080:8080 --name tm1 tomcat
- 访问测试- 404
- 新版Tomcat webapps目录为空, 可将webapps.dist内容换过来
mv webapps/webapps.dist/* webapps/
[root@centos7master ~]# docker exec -it tm1 bash
root@76843a633e85:/usr/local/tomcat# mv webapps/webapps.dist/* webapps/
root@76843a633e85:/usr/local/tomcat# ls webapps -l
total 4
drwxr-xr-x. 3 root root 223 Dec 22 2021 ROOT
drwxr-xr-x. 15 root root 4096 Dec 22 2021 docs
drwxr-xr-x. 7 root root 99 Dec 22 2021 examples
drwxr-xr-x. 6 root root 79 Dec 22 2021 host-manager
drwxr-xr-x. 6 root root 114 Dec 22 2021 manager
- 刷新页面
- 直接使用Tomcat8(无需修改)
docker run -d -p 8081:8080 --name tm8 billygoo/tomcat8-jdk8
5.3安装Mysql5.7
运行mysql容器实例
docker run -d -p 3306:3306 --privileged=true -v /home/mysql/log:/var/log/mysql -v /home/mysql/data:/var/lib/mysql -v /home/mysql/conf:/etc/mysql/conf.d -eMYSQL_ROOT_PASSWORD=123456 --name mysql mysql:5.7
docker run -dp 3306:3306 --privileged=true -v /home/mysql/pic/log:/var/log/mysql -v /home/mysql/pic/data:/var/lib/mysql -v /home/mysql/pic/conf:/etc/mysql/conf.d -eMYSQL_ROOT_PASSWORD=123321 --name picmsq mysql:5.7
添加配置文件my.cnf设置字符集
tee /home/mysql/conf/my.cnf <<- 'EOF'
[client]
default_character_set=utf8
[mysqld]
collation_server = utf8_general_ci
character_set_server = utf8
EOF
重启容器, 建库表测试
- 进入容器可输入中文加入
-e LANG=C.UTF-8
docker exec -it -e LANG=C.UTF-8 mysql bash
docker restart mysql
docker exec -it mysql bash
mysql -uroot -p123456
mysql> show databases ;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
mysql> create database db1;
Query OK, 1 row affected (0.00 sec)
mysql> use db1;
Database changed
mysql> create table t1(id int,name varchar(20));
Query OK, 0 rows affected (0.03 sec)
mysql> insert into t1 values (1,'zs');
Query OK, 1 row affected (0.10 sec)
mysql> insert into t1 values (2,'李四');
Query OK, 1 row affected (0.00 sec)
mysql> select * from t1;
+------+--------+
| id | name |
+------+--------+
| 1 | zs |
| 2 | 李四 |
+------+--------+
2 rows in set (0.00 sec)
mysql> SHOW VARIABLES LIKE 'character%';
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.01 sec)
使用Navicat连接测试
5.4安装Redis
新建配置文件(放到文章末尾了)
mkdir -p /home/redis
vim /home/redis/redis.conf
- 修改配置文件
- 开启Redis验证(可选)
requirepass 123
- 允许Redis外地连接 注掉 #bind 127.0.0.1
daemonize yes
与docker run -d
冲突导致启动失败, 设置为daemonize no
- Redis数据持久化(可选)
appendonly yes
- 开启Redis验证(可选)
启动容器
docker run -dp 6378:6379 --name r1 --privileged=true -v /home/redis/redis.conf:/etc/redis/redis.conf -v /home/redis/data:/data redis:6.0.8 redis-server /etc/redis/redis.conf
测试redis-cli连接
进入容器, redis-cli
[root@centos7master ~]# docker exec -it r1 bash
root@581c537a6da7:/data# redis-cli
127.0.0.1:6379> set k1 666
OK
127.0.0.1:6379> get k1
"666"
修改配置文件, 查看是否生效
修改conf databases 默认是16个
#默认是16
[root@master redis]# cat redis.conf | awk 'NR==186'
databases 16
#修改为10
[root@master redis]# sed -i '186 s/databases 16/databases 10/g' redis.conf
[root@master redis]# cat redis.conf | awk 'NR==186'
databases 10
重启服务, 验证配置
#重启r1
[root@centos7master ~]# docker restart r1
r1
[root@centos7master ~]# docker exec -it r1 bash
root@581c537a6da7:/data# redis-cli
127.0.0.1:6379> select 10 #确认已生效
(error) ERR DB index is out of range
127.0.0.1:6379> select 9
OK
搭建图床
搭建兰空图床(Lsky Pro)-docker_xbd_zc的博客-CSDN博客
5.4.1redis配置
# Redis configuration file example.
#
# Note that in order to read the configuration file, Redis must be
# started with the file path as first argument:
#
# ./redis-server /path/to/redis.conf
# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1GB 1Gb 1gB are all the same.
################################## INCLUDES ###################################
# Include one or more other config files here. This is useful if you
# have a standard template that goes to all Redis servers but also need
# to customize a few per-server settings. Include files can include
# other files, so use this wisely.
#
# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
# from admin or Redis Sentinel. Since Redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# If instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
# include /path/to/local.conf
# include /path/to/other.conf
################################## MODULES #####################################
# Load modules at startup. If the server is not able to load modules
# it will abort. It is possible to use multiple loadmodule directives.
#
# loadmodule /path/to/my_module.so
# loadmodule /path/to/other_module.so
################################## NETWORK #####################################
# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only into
# the IPv4 loopback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#bind 127.0.0.1
# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
# "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode no
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379
# TCP listen() backlog.
#
# In high requests-per-second environments you need an high backlog in order
# to avoid slow clients connections issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
# Unix socket.
#
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
# unixsocket /tmp/redis.sock
# unixsocketperm 700
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
# TCP keepalive.
#
# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
# of communication. This is useful for two reasons:
#
# 1) Detect dead peers.
# 2) Take the connection alive from the point of view of network
# equipment in the middle.
#
# On Linux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection the double of the time is needed.
# On other kernels the period depends on the kernel configuration.
#
# A reasonable value for this option is 300 seconds, which is the new
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
################################# GENERAL #####################################
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
daemonize no
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
# They do not enable continuous liveness pings back to your supervisor.
supervised no
# If a pid file is specified, Redis writes it where specified at startup
# and removes it at exit.
#
# When the server runs non daemonized, no pid file is created if none is
# specified in the configuration. When the server is daemonized, the pid file
# is used even if not specified, defaulting to "/var/run/redis.pid".
#
# Creating a pid file is best effort: if Redis is not able to create it
# nothing bad happens, the server will start and run normally.
pidfile /var/run/redis_6379.pid
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel notice
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile ""
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# syslog-enabled no
# Specify the syslog identity.
# syslog-ident redis
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
# syslog-facility local0
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 16
# By default Redis shows an ASCII art logo only when started to log to the
# standard output and if the standard output is a TTY. Basically this means
# that normally a logo is displayed only in interactive sessions.
#
# However it is possible to force the pre-4.0 behavior and always show a
# ASCII art logo in startup logs by setting the following option to yes.
always-show-logo yes
################################ SNAPSHOTTING ################################
#
# Save the DB on disk:
#
# save <seconds> <changes>
#
# Will save the DB if both the given number of seconds and the given
# number of write operations against the DB occurred.
#
# In the example below the behaviour will be to save:
# after 900 sec (15 min) if at least 1 key changed
# after 300 sec (5 min) if at least 10 keys changed
# after 60 sec if at least 10000 keys changed
#
# Note: you can disable saving completely by commenting out all "save" lines.
#
# It is also possible to remove all the previously configured save
# points by adding a save directive with a single empty string argument
# like in the following example:
#
# save ""
save 900 1
save 300 10
save 60 10000
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
# Compress string objects using LZF when dump .rdb databases?
# For default that's set to 'yes' as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
# The filename where to dump the DB
dbfilename dump.rdb
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir ./
################################# REPLICATION #################################
# Master-Replica replication. Use replicaof to make a Redis instance a copy of
# another Redis server. A few things to understand ASAP about Redis replication.
#
# +------------------+ +---------------+
# | Master | ---> | Replica |
# | (receive writes) | | (exact copy) |
# +------------------+ +---------------+
#
# 1) Redis replication is asynchronous, but you can configure a master to
# stop accepting writes if it appears to be not connected with at least
# a given number of replicas.
# 2) Redis replicas are able to perform a partial resynchronization with the
# master if the replication link is lost for a relatively small amount of
# time. You may want to configure the replication backlog size (see the next
# sections of this file) with a sensible value depending on your needs.
# 3) Replication is automatic and does not need user intervention. After a
# network partition replicas automatically try to reconnect to masters
# and resynchronize with them.
#
# replicaof <masterip> <masterport>
# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the replica to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the replica request.
#
# masterauth <master-password>
# When a replica loses its connection with the master, or when the replication
# is still in progress, the replica can act in two different ways:
#
# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
#
# 2) if replica-serve-stale-data is set to 'no' the replica will reply with
# an error "SYNC with master in progress" to all the kind of commands
# but to INFO, replicaOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG,
# SUBSCRIBE, UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB,
# COMMAND, POST, HOST: and LATENCY.
#
replica-serve-stale-data yes
# You can configure a replica instance to accept writes or not. Writing against
# a replica instance may be useful to store some ephemeral data (because data
# written on a replica will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default replicas are read-only.
#
# Note: read only replicas are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only replica exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
# security of read only replicas using 'rename-command' to shadow all the
# administrative / dangerous commands.
replica-read-only yes
# Replication SYNC strategy: disk or socket.
#
# -------------------------------------------------------
# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
# -------------------------------------------------------
#
# New replicas and reconnecting replicas that are not able to continue the replication
# process just receiving differences, need to do what is called a "full
# synchronization". An RDB file is transmitted from the master to the replicas.
# The transmission can happen in two different ways:
#
# 1) Disk-backed: The Redis master creates a new process that writes the RDB
# file on disk. Later the file is transferred by the parent
# process to the replicas incrementally.
# 2) Diskless: The Redis master creates a new process that directly writes the
# RDB file to replica sockets, without touching the disk at all.
#
# With disk-backed replication, while the RDB file is generated, more replicas
# can be queued and served with the RDB file as soon as the current child producing
# the RDB file finishes its work. With diskless replication instead once
# the transfer starts, new replicas arriving will be queued and a new transfer
# will start when the current one terminates.
#
# When diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple replicas
# will arrive and the transfer can be parallelized.
#
# With slow disks and fast (large bandwidth) networks, diskless replication
# works better.
repl-diskless-sync no
# When diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the RDB via socket
# to the replicas.
#
# This is important since once the transfer starts, it is not possible to serve
# new replicas arriving, that will be queued for the next RDB transfer, so the server
# waits a delay in order to let more replicas arrive.
#
# The delay is specified in seconds, and by default is 5 seconds. To disable
# it entirely just set it to 0 seconds and the transfer will start ASAP.
repl-diskless-sync-delay 5
# Replicas send PINGs to server in a predefined interval. It's possible to change
# this interval with the repl_ping_replica_period option. The default value is 10
# seconds.
#
# repl-ping-replica-period 10
# The following option sets the replication timeout for:
#
# 1) Bulk transfer I/O during SYNC, from the point of view of replica.
# 2) Master timeout from the point of view of replicas (data, pings).
# 3) Replica timeout from the point of view of masters (REPLCONF ACK pings).
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-replica-period otherwise a timeout will be detected
# every time there is low traffic between the master and the replica.
#
# repl-timeout 60
# Disable TCP_NODELAY on the replica socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
# less bandwidth to send data to replicas. But this can add a delay for
# the data to appear on the replica side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
# If you select "no" the delay for data to appear on the replica side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
# or when the master and replicas are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
# Set the replication backlog size. The backlog is a buffer that accumulates
# replica data when replicas are disconnected for some time, so that when a replica
# wants to reconnect again, often a full resync is not needed, but a partial
# resync is enough, just passing the portion of data the replica missed while
# disconnected.
#
# The bigger the replication backlog, the longer the time the replica can be
# disconnected and later be able to perform a partial resynchronization.
#
# The backlog is only allocated once there is at least a replica connected.
#
# repl-backlog-size 1mb
# After a master has no longer connected replicas for some time, the backlog
# will be freed. The following option configures the amount of seconds that
# need to elapse, starting from the time the last replica disconnected, for
# the backlog buffer to be freed.
#
# Note that replicas never free the backlog for timeout, since they may be
# promoted to masters later, and should be able to correctly "partially
# resynchronize" with the replicas: hence they should always accumulate backlog.
#
# A value of 0 means to never release the backlog.
#
# repl-backlog-ttl 3600
# The replica priority is an integer number published by Redis in the INFO output.
# It is used by Redis Sentinel in order to select a replica to promote into a
# master if the master is no longer working correctly.
#
# A replica with a low priority number is considered better for promotion, so
# for instance if there are three replicas with priority 10, 100, 25 Sentinel will
# pick the one with priority 10, that is the lowest.
#
# However a special priority of 0 marks the replica as not able to perform the
# role of master, so a replica with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
replica-priority 100
# It is possible for a master to stop accepting writes if there are less than
# N replicas connected, having a lag less or equal than M seconds.
#
# The N replicas need to be in "online" state.
#
# The lag in seconds, that must be <= the specified value, is calculated from
# the last ping received from the replica, that is usually sent every second.
#
# This option does not GUARANTEE that N replicas will accept the write, but
# will limit the window of exposure for lost writes in case not enough replicas
# are available, to the specified number of seconds.
#
# For example to require at least 3 replicas with a lag <= 10 seconds use:
#
# min-replicas-to-write 3
# min-replicas-max-lag 10
#
# Setting one or the other to 0 disables the feature.
#
# By default min-replicas-to-write is set to 0 (feature disabled) and
# min-replicas-max-lag is set to 10.
# A Redis master is able to list the address and port of the attached
# replicas in different ways. For example the "INFO replication" section
# offers this information, which is used, among other tools, by
# Redis Sentinel in order to discover replica instances.
# Another place where this info is available is in the output of the
# "ROLE" command of a master.
#
# The listed IP and address normally reported by a replica is obtained
# in the following way:
#
# IP: The address is auto detected by checking the peer address
# of the socket used by the replica to connect with the master.
#
# Port: The port is communicated by the replica during the replication
# handshake, and is normally the port that the replica is using to
# listen for connections.
#
# However when port forwarding or Network Address Translation (NAT) is
# used, the replica may be actually reachable via different IP and port
# pairs. The following two options can be used by a replica in order to
# report to its master a specific set of IP and port, so that both INFO
# and ROLE will report those values.
#
# There is no need to use both the options if you need to override just
# the port or the IP address.
#
# replica-announce-ip 5.5.5.5
# replica-announce-port 1234
################################## SECURITY ###################################
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to replicas may cause problems.
################################### CLIENTS ####################################
# Set the max number of connected clients at the same time. By default
# this limit is set to 10000 clients, however if the Redis server is not
# able to configure the process file limit to allow for the specified limit
# the max number of allowed clients is set to the current file limit
# minus 32 (as Redis reserves a few file descriptors for internal uses).
#
# Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clients reached'.
#
# maxclients 10000
############################## MEMORY MANAGEMENT ################################
# Set a memory usage limit to the specified amount of bytes.
# When the memory limit is reached Redis will try to remove keys
# according to the eviction policy selected (see maxmemory-policy).
#
# If Redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', Redis will start to reply with errors to commands
# that would use more memory, like SET, LPUSH, and so on, and will continue
# to reply to read-only commands like GET.
#
# This option is usually useful when using Redis as an LRU or LFU cache, or to
# set a hard memory limit for an instance (using the 'noeviction' policy).
#
# WARNING: If you have replicas attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the replicas are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of replicas is full with DELs of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# In short... if you have replicas attached it is suggested that you set a lower
# limit for maxmemory so that there is some free RAM on the system for replica
# output buffers (but this is not needed if the policy is 'noeviction').
#
# maxmemory <bytes>
# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
# is reached. You can select among five behaviors:
#
# volatile-lru -> Evict using approximated LRU among the keys with an expire set.
# allkeys-lru -> Evict any key using approximated LRU.
# volatile-lfu -> Evict using approximated LFU among the keys with an expire set.
# allkeys-lfu -> Evict any key using approximated LFU.
# volatile-random -> Remove a random key among the ones with an expire set.
# allkeys-random -> Remove a random key, any key.
# volatile-ttl -> Remove the key with the nearest expire time (minor TTL)
# noeviction -> Don't evict anything, just return an error on write operations.
#
# LRU means Least Recently Used
# LFU means Least Frequently Used
#
# Both LRU, LFU and volatile-ttl are implemented using approximated
# randomized algorithms.
#
# Note: with any of the above policies, Redis will return an error on write
# operations, when there are no suitable keys for eviction.
#
# At the date of writing these commands are: set setnx setex append
# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
# getset mset msetnx exec sort
#
# The default is:
#
# maxmemory-policy noeviction
# LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can tune it for speed or
# accuracy. For default Redis will check five keys and pick the one that was
# used less recently, you can change the sample size using the following
# configuration directive.
#
# The default of 5 produces good enough results. 10 Approximates very closely
# true LRU but costs more CPU. 3 is faster but not very accurate.
#
# maxmemory-samples 5
# Starting from Redis 5, by default a replica will ignore its maxmemory setting
# (unless it is promoted to master after a failover or manually). It means
# that the eviction of keys will be just handled by the master, sending the
# DEL commands to the replica as keys evict in the master side.
#
# This behavior ensures that masters and replicas stay consistent, and is usually
# what you want, however if your replica is writable, or you want the replica to have
# a different memory setting, and you are sure all the writes performed to the
# replica are idempotent, then you may change this default (but be sure to understand
# what you are doing).
#
# Note that since the replica by default does not evict, it may end using more
# memory than the one set via maxmemory (there are certain buffers that may
# be larger on the replica, or data structures may sometimes take more memory and so
# forth). So make sure you monitor your replicas and make sure they have enough
# memory to never hit a real out-of-memory condition before the master hits
# the configured maxmemory setting.
#
# replica-ignore-maxmemory yes
############################# LAZY FREEING ####################################
# Redis has two primitives to delete keys. One is called DEL and is a blocking
# deletion of the object. It means that the server stops processing new commands
# in order to reclaim all the memory associated with an object in a synchronous
# way. If the key deleted is associated with a small object, the time needed
# in order to execute the DEL command is very small and comparable to most other
# O(1) or O(log_N) commands in Redis. However if the key is associated with an
# aggregated value containing millions of elements, the server can block for
# a long time (even seconds) in order to complete the operation.
#
# For the above reasons Redis also offers non blocking deletion primitives
# such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and
# FLUSHDB commands, in order to reclaim memory in background. Those commands
# are executed in constant time. Another thread will incrementally free the
# object in the background as fast as possible.
#
# DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled.
# It's up to the design of the application to understand when it is a good
# idea to use one or the other. However the Redis server sometimes has to
# delete keys or flush the whole database as a side effect of other operations.
# Specifically Redis deletes objects independently of a user call in the
# following scenarios:
#
# 1) On eviction, because of the maxmemory and maxmemory policy configurations,
# in order to make room for new data, without going over the specified
# memory limit.
# 2) Because of expire: when a key with an associated time to live (see the
# EXPIRE command) must be deleted from memory.
# 3) Because of a side effect of a command that stores data on a key that may
# already exist. For example the RENAME command may delete the old key
# content when it is replaced with another one. Similarly SUNIONSTORE
# or SORT with STORE option may delete existing keys. The SET command
# itself removes any old content of the specified key in order to replace
# it with the specified string.
# 4) During replication, when a replica performs a full resynchronization with
# its master, the content of the whole database is removed in order to
# load the RDB file just transferred.
#
# In all the above cases the default is to delete objects in a blocking way,
# like if DEL was called. However you can configure each case specifically
# in order to instead release memory in a non-blocking way like if UNLINK
# was called, using the following configuration directives:
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
############################## APPEND ONLY MODE ###############################
# By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, but an issue with the Redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# The Append Only File is an alternative persistence mode that provides
# much better durability. For instance using the default data fsync policy
# (see later in the config file) Redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the Redis process itself happens, but the operating system is
# still running correctly.
#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check http://redis.io/topics/persistence for more information.
appendonly no
# The name of the append only file (default: "appendonly.aof")
appendfilename "appendonly.aof"
# The fsync() call tells the Operating System to actually write data on disk
# instead of waiting for more data in the output buffer. Some OS will really flush
# data on disk, some other OS will just try to do it ASAP.
#
# Redis supports three different modes:
#
# no: don't fsync, just let the OS flush the data when it wants. Faster.
# always: fsync after every write to the append only log. Slow, Safest.
# everysec: fsync only one time every second. Compromise.
#
# The default is "everysec", as that's usually the right compromise between
# speed and data safety. It's up to you to understand if you can relax this to
# "no" that will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# More details please check the following article:
# http://antirez.com/post/redis-persistence-demystified.html
#
# If unsure, use "everysec".
# appendfsync always
appendfsync everysec
# appendfsync no
# When the AOF fsync policy is set to always or everysec, and a background
# saving process (a background save or AOF log background rewriting) is
# performing a lot of I/O against the disk, in some Linux configurations
# Redis may block too long on the fsync() call. Note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# In order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# BGSAVE or BGREWRITEAOF is in progress.
#
# This means that while another child is saving, the durability of Redis is
# the same as "appendfsync none". In practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default Linux settings).
#
# If you have latency problems turn this to "yes". Otherwise leave it as
# "no" that is the safest pick from the point of view of durability.
no-appendfsync-on-rewrite no
# Automatic rewrite of the append only file.
# Redis is able to automatically rewrite the log file implicitly calling
# BGREWRITEAOF when the AOF log size grows by the specified percentage.
#
# This is how it works: Redis remembers the size of the AOF file after the
# latest rewrite (if no rewrite has happened since the restart, the size of
# the AOF at startup is used).
#
# This base size is compared to the current size. If the current size is
# bigger than the specified percentage, the rewrite is triggered. Also
# you need to specify a minimal size for the AOF file to be rewritten, this
# is useful to avoid rewriting the AOF file even if the percentage increase
# is reached but it is still pretty small.
#
# Specify a percentage of zero in order to disable the automatic AOF
# rewrite feature.
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
# An AOF file may be found to be truncated at the end during the Redis
# startup process, when the AOF data gets loaded back into memory.
# This may happen when the system where Redis is running
# crashes, especially when an ext4 filesystem is mounted without the
# data=ordered option (however this can't happen when Redis itself
# crashes or aborts but the operating system still works correctly).
#
# Redis can either exit with an error when this happens, or load as much
# data as possible (the default now) and start if the AOF file is found
# to be truncated at the end. The following option controls this behavior.
#
# If aof-load-truncated is set to yes, a truncated AOF file is loaded and
# the Redis server starts emitting a log to inform the user of the event.
# Otherwise if the option is set to no, the server aborts with an error
# and refuses to start. When the option is set to no, the user requires
# to fix the AOF file using the "redis-check-aof" utility before to restart
# the server.
#
# Note that if the AOF file will be found to be corrupted in the middle
# the server will still exit with an error. This option only applies when
# Redis will try to read more data from the AOF file but not enough bytes
# will be found.
aof-load-truncated yes
# When rewriting the AOF file, Redis is able to use an RDB preamble in the
# AOF file for faster rewrites and recoveries. When this option is turned
# on the rewritten AOF file is composed of two different stanzas:
#
# [RDB file][AOF tail]
#
# When loading Redis recognizes that the AOF file starts with the "REDIS"
# string and loads the prefixed RDB file, and continues loading the AOF
# tail.
aof-use-rdb-preamble yes
################################ LUA SCRIPTING ###############################
# Max execution time of a Lua script in milliseconds.
#
# If the maximum execution time is reached Redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# When a long running script exceeds the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
# used to stop a script that did not yet called write commands. The second
# is the only way to shut down the server in the case a write command was
# already issued by the script but the user doesn't want to wait for the natural
# termination of the script.
#
# Set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit 5000
################################ REDIS CLUSTER ###############################
# Normal Redis instances can't be part of a Redis Cluster; only nodes that are
# started as cluster nodes can. In order to start a Redis instance as a
# cluster node enable the cluster support uncommenting the following:
#
# cluster-enabled yes
# Every cluster node has a cluster configuration file. This file is not
# intended to be edited by hand. It is created and updated by Redis nodes.
# Every Redis Cluster node requires a different cluster configuration file.
# Make sure that instances running in the same system do not have
# overlapping cluster configuration file names.
#
# cluster-config-file nodes-6379.conf
# Cluster node timeout is the amount of milliseconds a node must be unreachable
# for it to be considered in failure state.
# Most other internal time limits are multiple of the node timeout.
#
# cluster-node-timeout 15000
# A replica of a failing master will avoid to start a failover if its data
# looks too old.
#
# There is no simple way for a replica to actually have an exact measure of
# its "data age", so the following two checks are performed:
#
# 1) If there are multiple replicas able to failover, they exchange messages
# in order to try to give an advantage to the replica with the best
# replication offset (more data from the master processed).
# Replicas will try to get their rank by offset, and apply to the start
# of the failover a delay proportional to their rank.
#
# 2) Every single replica computes the time of the last interaction with
# its master. This can be the last ping or command received (if the master
# is still in the "connected" state), or the time that elapsed since the
# disconnection with the master (if the replication link is currently down).
# If the last interaction is too old, the replica will not try to failover
# at all.
#
# The point "2" can be tuned by user. Specifically a replica will not perform
# the failover if, since the last interaction with the master, the time
# elapsed is greater than:
#
# (node-timeout * replica-validity-factor) + repl-ping-replica-period
#
# So for example if node-timeout is 30 seconds, and the replica-validity-factor
# is 10, and assuming a default repl-ping-replica-period of 10 seconds, the
# replica will not try to failover if it was not able to talk with the master
# for longer than 310 seconds.
#
# A large replica-validity-factor may allow replicas with too old data to failover
# a master, while a too small value may prevent the cluster from being able to
# elect a replica at all.
#
# For maximum availability, it is possible to set the replica-validity-factor
# to a value of 0, which means, that replicas will always try to failover the
# master regardless of the last time they interacted with the master.
# (However they'll always try to apply a delay proportional to their
# offset rank).
#
# Zero is the only value able to guarantee that when all the partitions heal
# the cluster will always be able to continue.
#
# cluster-replica-validity-factor 10
# Cluster replicas are able to migrate to orphaned masters, that are masters
# that are left without working replicas. This improves the cluster ability
# to resist to failures as otherwise an orphaned master can't be failed over
# in case of failure if it has no working replicas.
#
# Replicas migrate to orphaned masters only if there are still at least a
# given number of other working replicas for their old master. This number
# is the "migration barrier". A migration barrier of 1 means that a replica
# will migrate only if there is at least 1 other working replica for its master
# and so forth. It usually reflects the number of replicas you want for every
# master in your cluster.
#
# Default is 1 (replicas migrate only if their masters remain with at least
# one replica). To disable migration just set it to a very large value.
# A value of 0 can be set but is useful only for debugging and dangerous
# in production.
#
# cluster-migration-barrier 1
# By default Redis Cluster nodes stop accepting queries if they detect there
# is at least an hash slot uncovered (no available node is serving it).
# This way if the cluster is partially down (for example a range of hash slots
# are no longer covered) all the cluster becomes, eventually, unavailable.
# It automatically returns available as soon as all the slots are covered again.
#
# However sometimes you want the subset of the cluster which is working,
# to continue to accept queries for the part of the key space that is still
# covered. In order to do so, just set the cluster-require-full-coverage
# option to no.
#
# cluster-require-full-coverage yes
# This option, when set to yes, prevents replicas from trying to failover its
# master during master failures. However the master can still perform a
# manual failover, if forced to do so.
#
# This is useful in different scenarios, especially in the case of multiple
# data center operations, where we want one side to never be promoted if not
# in the case of a total DC failure.
#
# cluster-replica-no-failover no
# In order to setup your cluster make sure to read the documentation
# available at http://redis.io web site.
########################## CLUSTER DOCKER/NAT support ########################
# In certain deployments, Redis Cluster nodes address discovery fails, because
# addresses are NAT-ted or because ports are forwarded (the typical case is
# Docker and other containers).
#
# In order to make Redis Cluster working in such environments, a static
# configuration where each node knows its public address is needed. The
# following two options are used for this scope, and are:
#
# * cluster-announce-ip
# * cluster-announce-port
# * cluster-announce-bus-port
#
# Each instruct the node about its address, client port, and cluster message
# bus port. The information is then published in the header of the bus packets
# so that other nodes will be able to correctly map the address of the node
# publishing the information.
#
# If the above options are not used, the normal Redis Cluster auto-detection
# will be used instead.
#
# Note that when remapped, the bus port may not be at the fixed offset of
# clients port + 10000, so you can specify any port and bus-port depending
# on how they get remapped. If the bus-port is not set, a fixed offset of
# 10000 will be used as usually.
#
# Example:
#
# cluster-announce-ip 10.1.1.5
# cluster-announce-port 6379
# cluster-announce-bus-port 6380
################################## SLOW LOG ###################################
# The Redis Slow Log is a system to log queries that exceeded a specified
# execution time. The execution time does not include the I/O operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# You can configure the slow log with two parameters: one tells Redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. When a new command is logged the oldest one is removed from the
# queue of logged commands.
# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000
# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len 128
################################ LATENCY MONITOR ##############################
# The Redis latency monitoring subsystem samples different operations
# at runtime in order to collect data related to possible sources of
# latency of a Redis instance.
#
# Via the LATENCY command this information is available to the user that can
# print graphs and obtain reports.
#
# The system only logs operations that were performed in a time equal or
# greater than the amount of milliseconds specified via the
# latency-monitor-threshold configuration directive. When its value is set
# to zero, the latency monitor is turned off.
#
# By default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. Latency
# monitoring can easily be enabled at runtime using the command
# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0
############################# EVENT NOTIFICATION ##############################
# Redis can notify Pub/Sub clients about events happening in the key space.
# This feature is documented at http://redis.io/topics/notifications
#
# For instance if keyspace events notification is enabled, and a client
# performs a DEL operation on key "foo" stored in the Database 0, two
# messages will be published via Pub/Sub:
#
# PUBLISH __keyspace@0__:foo del
# PUBLISH __keyevent@0__:del foo
#
# It is possible to select the events that Redis will notify among a set
# of classes. Every class is identified by a single character:
#
# K Keyspace events, published with __keyspace@<db>__ prefix.
# E Keyevent events, published with __keyevent@<db>__ prefix.
# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
# $ String commands
# l List commands
# s Set commands
# h Hash commands
# z Sorted set commands
# x Expired events (events generated every time a key expires)
# e Evicted events (events generated when a key is evicted for maxmemory)
# A Alias for g$lshzxe, so that the "AKE" string means all the events.
#
# The "notify-keyspace-events" takes as argument a string that is composed
# of zero or multiple characters. The empty string means that notifications
# are disabled.
#
# Example: to enable list and generic events, from the point of view of the
# event name, use:
#
# notify-keyspace-events Elg
#
# Example 2: to get the stream of the expired keys subscribing to channel
# name __keyevent@0__:expired use:
#
notify-keyspace-events Ex
#
# By default all notifications are disabled because most users don't need
# this feature and the feature has some overhead. Note that if you don't
# specify at least one of K or E, no events will be delivered.
#notify-keyspace-events ""
############################### ADVANCED CONFIG ###############################
# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
# Lists are also encoded in a special way to save a lot of space.
# The number of entries allowed per internal list node can be specified
# as a fixed maximum size or a maximum number of elements.
# For a fixed maximum size, use -5 through -1, meaning:
# -5: max size: 64 Kb <-- not recommended for normal workloads
# -4: max size: 32 Kb <-- not recommended
# -3: max size: 16 Kb <-- probably not recommended
# -2: max size: 8 Kb <-- good
# -1: max size: 4 Kb <-- good
# Positive numbers mean store up to _exactly_ that number of elements
# per list node.
# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
# but if your use case is unique, adjust the settings as necessary.
list-max-ziplist-size -2
# Lists may also be compressed.
# Compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* from compression. The head and tail of the list
# are always uncompressed for fast push/pop operations. Settings are:
# 0: disable all list compression
# 1: depth 1 means "don't start compressing until after 1 node into the list,
# going from either the head or tail"
# So: [head]->node->node->...->node->[tail]
# [head], [tail] will always be uncompressed; inner nodes will compress.
# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
# 2 here means: don't compress head or head->next or tail->prev or tail,
# but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.
list-compress-depth 0
# Sets have a special encoding in just one case: when a set is composed
# of just strings that happen to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512
# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# A value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# The suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much PFADD,
# which is O(N) with the sparse encoding. The value can be raised to
# ~ 10000 when CPU is not a concern, but space is, and the data set is
# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000
# Streams macro node max size / items. The stream data structure is a radix
# tree of big nodes that encode multiple items inside. Using this configuration
# it is possible to configure how big a single node can be in bytes, and the
# maximum number of items it may contain before switching to a new node when
# appending new stream entries. If any of the following settings are set to
# zero, the limit is ignored, so for instance it is possible to set just a
# max entires limit by setting max-bytes to 0 and max-entries to the desired
# value.
stream-node-max-bytes 4096
stream-node-max-entries 100
# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply from time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes
# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including MONITOR clients
# replica -> replica clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# A client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# So for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# By default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# Instead there is a default limit for pubsub and replica clients, since
# subscribers and replicas receive data in a push fashion.
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Client query buffers accumulate new commands. They are limited to a fixed
# amount by default in order to avoid that a protocol desynchronization (for
# instance due to a bug in the client) will lead to unbound memory usage in
# the query buffer. However you can configure it here if you have very special
# needs, such us huge multi/exec requests or alike.
#
# client-query-buffer-limit 1gb
# In the Redis protocol, bulk requests, that are, elements representing single
# strings, are normally limited ot 512 mb. However you can change this limit
# here.
#
# proto-max-bulk-len 512mb
# Redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeout, purging expired keys that are
# never requested, and so forth.
#
# Not all tasks are performed with the same frequency, but Redis checks for
# tasks to perform according to the specified "hz" value.
#
# By default "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same time will make Redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# The range is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10
# Normally it is useful to have an HZ value which is proportional to the
# number of clients connected. This is useful in order, for instance, to
# avoid too many clients are processed for each background task invocation
# in order to avoid latency spikes.
#
# Since the default HZ value by default is conservatively set to 10, Redis
# offers, and enables by default, the ability to use an adaptive HZ value
# which will temporary raise when there are many connected clients.
#
# When dynamic HZ is enabled, the actual configured HZ will be used as
# as a baseline, but multiples of the configured HZ value will be actually
# used as needed once more clients are connected. In this way an idle
# instance will use very little CPU time while a busy instance will be
# more responsive.
dynamic-hz yes
# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 32 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
# When redis saves RDB file, if the following option is enabled
# the file will be fsync-ed every 32 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
rdb-save-incremental-fsync yes
# Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good
# idea to start with the default settings and only change them after investigating
# how to improve the performances and how the keys LFU change over time, which
# is possible to inspect via the OBJECT FREQ command.
#
# There are two tunable parameters in the Redis LFU implementation: the
# counter logarithm factor and the counter decay time. It is important to
# understand what the two parameters mean before changing them.
#
# The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis
# uses a probabilistic increment with logarithmic behavior. Given the value
# of the old counter, when a key is accessed, the counter is incremented in
# this way:
#
# 1. A random number R between 0 and 1 is extracted.
# 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1).
# 3. The counter is incremented only if R < P.
#
# The default lfu-log-factor is 10. This is a table of how the frequency
# counter changes with a different number of accesses with different
# logarithmic factors:
#
# +--------+------------+------------+------------+------------+------------+
# | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits |
# +--------+------------+------------+------------+------------+------------+
# | 0 | 104 | 255 | 255 | 255 | 255 |
# +--------+------------+------------+------------+------------+------------+
# | 1 | 18 | 49 | 255 | 255 | 255 |
# +--------+------------+------------+------------+------------+------------+
# | 10 | 10 | 18 | 142 | 255 | 255 |
# +--------+------------+------------+------------+------------+------------+
# | 100 | 8 | 11 | 49 | 143 | 255 |
# +--------+------------+------------+------------+------------+------------+
#
# NOTE: The above table was obtained by running the following commands:
#
# redis-benchmark -n 1000000 incr foo
# redis-cli object freq foo
#
# NOTE 2: The counter initial value is 5 in order to give new objects a chance
# to accumulate hits.
#
# The counter decay time is the time, in minutes, that must elapse in order
# for the key counter to be divided by two (or decremented if it has a value
# less <= 10).
#
# The default value for the lfu-decay-time is 1. A Special value of 0 means to
# decay the counter every time it happens to be scanned.
#
# lfu-log-factor 10
# lfu-decay-time 1
########################### ACTIVE DEFRAGMENTATION #######################
#
# WARNING THIS FEATURE IS EXPERIMENTAL. However it was stress tested
# even in production and manually tested by multiple engineers for some
# time.
#
# What is active defragmentation?
# -------------------------------
#
# Active (online) defragmentation allows a Redis server to compact the
# spaces left between small allocations and deallocations of data in memory,
# thus allowing to reclaim back memory.
#
# Fragmentation is a natural process that happens with every allocator (but
# less so with Jemalloc, fortunately) and certain workloads. Normally a server
# restart is needed in order to lower the fragmentation, or at least to flush
# away all the data and create it again. However thanks to this feature
# implemented by Oran Agra for Redis 4.0 this process can happen at runtime
# in an "hot" way, while the server is running.
#
# Basically when the fragmentation is over a certain level (see the
# configuration options below) Redis will start to create new copies of the
# values in contiguous memory regions by exploiting certain specific Jemalloc
# features (in order to understand if an allocation is causing fragmentation
# and to allocate it in a better place), and at the same time, will release the
# old copies of the data. This process, repeated incrementally for all the keys
# will cause the fragmentation to drop back to normal values.
#
# Important things to understand:
#
# 1. This feature is disabled by default, and only works if you compiled Redis
# to use the copy of Jemalloc we ship with the source code of Redis.
# This is the default with Linux builds.
#
# 2. You never need to enable this feature if you don't have fragmentation
# issues.
#
# 3. Once you experience fragmentation, you can enable this feature when
# needed with the command "CONFIG SET activedefrag yes".
#
# The configuration parameters are able to fine tune the behavior of the
# defragmentation process. If you are not sure about what they mean it is
# a good idea to leave the defaults untouched.
# Enabled active defragmentation
# activedefrag yes
# Minimum amount of fragmentation waste to start active defrag
# active-defrag-ignore-bytes 100mb
# Minimum percentage of fragmentation to start active defrag
# active-defrag-threshold-lower 10
# Maximum percentage of fragmentation at which we use maximum effort
# active-defrag-threshold-upper 100
# Minimal effort for defrag in CPU percentage
# active-defrag-cycle-min 5
# Maximal effort for defrag in CPU percentage
# active-defrag-cycle-max 75
# Maximum number of set/hash/zset/list fields that will be processed from
# the main dictionary scan
# active-defrag-max-scan-fields 1000
Redis server to compact the
# spaces left between small allocations and deallocations of data in memory,
# thus allowing to reclaim back memory.
#
# Fragmentation is a natural process that happens with every allocator (but
# less so with Jemalloc, fortunately) and certain workloads. Normally a server
# restart is needed in order to lower the fragmentation, or at least to flush
# away all the data and create it again. However thanks to this feature
# implemented by Oran Agra for Redis 4.0 this process can happen at runtime
# in an "hot" way, while the server is running.
#
# Basically when the fragmentation is over a certain level (see the
# configuration options below) Redis will start to create new copies of the
# values in contiguous memory regions by exploiting certain specific Jemalloc
# features (in order to understand if an allocation is causing fragmentation
# and to allocate it in a better place), and at the same time, will release the
# old copies of the data. This process, repeated incrementally for all the keys
# will cause the fragmentation to drop back to normal values.
#
# Important things to understand:
#
# 1. This feature is disabled by default, and only works if you compiled Redis
# to use the copy of Jemalloc we ship with the source code of Redis.
# This is the default with Linux builds.
#
# 2. You never need to enable this feature if you don't have fragmentation
# issues.
#
# 3. Once you experience fragmentation, you can enable this feature when
# needed with the command "CONFIG SET activedefrag yes".
#
# The configuration parameters are able to fine tune the behavior of the
# defragmentation process. If you are not sure about what they mean it is
# a good idea to leave the defaults untouched.
# Enabled active defragmentation
# activedefrag yes
# Minimum amount of fragmentation waste to start active defrag
# active-defrag-ignore-bytes 100mb
# Minimum percentage of fragmentation to start active defrag
# active-defrag-threshold-lower 10
# Maximum percentage of fragmentation at which we use maximum effort
# active-defrag-threshold-upper 100
# Minimal effort for defrag in CPU percentage
# active-defrag-cycle-min 5
# Maximal effort for defrag in CPU percentage
# active-defrag-cycle-max 75
# Maximum number of set/hash/zset/list fields that will be processed from
# the main dictionary scan
# active-defrag-max-scan-fields 1000