我要评论
目录
- 前言
- 一、含义
- 二、docker架构
- 三、安装docker
- 四、docker常用命令
- 4.1 帮助启动类命令
- 4.2 镜像命令
- 4.3 容器命令
- 4.3.1 列出当前正在运行的所有容器:docker ps [options]
- 4.3.2 新建\启动容器: docker run
- 4.3.3 退出容器: exit
- 4.3.4 启动已停止运行的容器:docker start 容器id或者容器名
- 4.3.5 重启容器:docker restart 容器id或者容器名
- 4.3.6 停止容器:docker stop 容器id或者容器名
- 4.3.7 强制停止容器:docker kill 容器id或容器名
- 4.3.8 删除容器:docker rm 容器id或容器名
- 4.3.9 查看容器日志:docker logs 容器id/容器名
- 4.3.10 查看容器内运行的进程:docker top 容器id/容器名
- 4.3.11 查看容器内部的细节:docker inspect 容器id/容器名
- 4.3.12 进入正在运行的容器:docker exec -it 容器id bashshell
- 4.3.13 从容器内的文件拷贝到主机上:docker cp 容器id:容器路径 主机路径
- 4.3.14 将容器以压缩包的形式导出到当前路径下:docker export 容器id > 压缩文件名.tar
- 4.3.15 用tar包创建镜像:cat 文件名.tar | docker import - 镜像用户/镜像名:镜像版本
- 五、docker镜像
- 六、docker容器数据卷
- 七、常见软件安装
- 八、搭建mysql主从复制
- 九、搭建redis集群
- 十、dockerfile
- 十一、docker网络
- 十二、docker-compose容器编排
- 十三、docker轻量级可视化工具protainer
- 十四、部署springboot超详细步骤
前言
本博客参考b站视频:b站docker
一、含义
二、docker架构
-
镜像你可以把它看成java中的类,而容器可以看做是类的实例化对象,容器是由镜像实例化而来。
-
一个类可以有多个对象,同理,一个镜像可以有多个容器。
-
简而言之,镜像是文件,容器是进程,容器是基于镜像创建的,即容器中的进程依赖于镜像中的文件。
三、安装docker
官网:https://docs.docker.com/engine/install/centos/
3.1 搭建gcc环境(gcc是编程语言译器)
yum -y install gcc
yum -y install gcc-c++
3.2 安装需要的软件包
yum install -y yum-utils
3.3 安装镜像仓库
官网上的是
但是因为docker的服务器是在国外,所以有时候从仓库中下载镜像的时候会连接被拒绝或者连接超时的情况,所以可以使用阿里云镜像仓库
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.4 更新yum软件包索引
yum makecache fast
3.5 安装docker引擎
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
3.6 启动docker
systemctl start docker
#开启自启动
systemctl enable docker
#查看进程
ps -ef | grep docker
#查看版本
docker version
docker run hello-world
3.7 阿里云镜像加速配置
为了提高镜像的拉取、发布的速度,可以配置阿里云镜像加速
查看加速器地址
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'eof'
{
"registry-mirrors": ["自己的镜像加速地址"]
}
eof
sudo systemctl daemon-reload
sudo systemctl restart docker
测试:执行docker run hello-world
额外:卸载docker
sudo yum remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
四、docker常用命令
4.1 帮助启动类命令
4.1.1 启动docker: systemctl start docker
4.1.2 停止docker: systemctl stop docker
4.1.3 重启docker: systemctl restart docker
4.1.4 查看docker状态: systemctl status docker
4.1.5 开机自启动: systemctl enable docker
4.1.6 查看docker概要信息: docker info
4.1.7 查看docker总体帮助文档: docker --help
4.1.8 查看docker命令帮助文档: docker 具体命令 --help
4.2 镜像命令
4.2.1 列出主机上的所有镜像:docker images
各个选项说明:
repository:表示镜像的仓库源
tag:镜像的标签版本号
image id:镜像id
created:镜像创建时间
size:镜像大小
同一仓库源可以有多个 tag版本,代表这个仓库源的不同个版本,我们使用 repository:tag 来定义不同的镜像。
如果你不指定一个镜像的版本标签,例如你只使用 ubuntu,docker 将默认使用 ubuntu:latest 镜像
options说明:
-a :列出本地所有的镜像(含历史映像层)
-q :只显示镜像id。
各个选项说明:
name:镜像名称
description:镜像说明
stars:点赞数量
offical:是否是官方的
automated:是否是自动构建的
options说明:
--limit : 只列出n个镜像,默认25个
docker search --limit 5 redis
4.2.2 下载镜像:docker pull
4.2.3 查看镜像/容器/数据卷所占的空间 :docker system df
各个选项说明:
type:类型(镜像、容器、数据卷)
total:总数
size:大小
reclaimable:伸缩性
4.2.3 删除镜像: docker rmi 镜像名/镜像id
4.2.4 查看镜像详细信息: docker inspect 镜像名/镜像id
4.2.5 查看私有仓库指定镜像所有版本
面试题:谈谈docker虚悬镜像是什么?
仓库名、标签都是的镜像,俗称虚悬镜像dangling image
4.3 容器命令
有镜像才能创建容器, 这是根本前提(在docker内下载一个centos或者ubuntu镜像演示)
4.3.1 列出当前正在运行的所有容器:docker ps [options]
options说明(常用):
-a :列出当前所有正在运行的容器+历史上运行过的
-l :显示最近创建的容器。
-n:显示最近n个创建的容器。
-q :静默模式,只显示容器编号。
4.3.2 新建\启动容器: docker run
options说明(常用):有些是一个减号,有些是两个减号
--name="容器新名字":为容器指定一个名称;
-d: 后台运行容器并返回容器id,也即启动守护式容器(后台运行);
-i:以交互模式运行容器,通常与 -t 同时使用;
-t:为容器重新分配一个伪输入终端,通常与 -i同时使用;也即启动交互式容器(前台有伪终端,等待交互);
-p: 随机端口映射,大写p
-p: 指定端口映射,小写p
docker命令中/bin/bash的作用是:docker中必须要保持一个进程的运行,要不然整个容器启动后就会马上kill itself,这个/bin/bash就表示启动容器后启动bash
(也可以不加/bin/bash,后台会默认一个脚本)。
在大部分的场景下,我们希望 docker 的服务是在后台运行的, 我们可以过 -d 指定容器的后台运行模式
在后台开启一个容器后,再查询当前运行中的容器(docker ps),发现并没有。
很重要的要说明的一点: docker容器后台运行,就必须有一个前台进程。
这个是docker的机制问题,比如你的web容器,我们以nginx为例,正常情况下,我们配置启动服务只需要启动响应的service即可。例如service nginx start。但是,这样做,nginx为后台进程模式运行,就导致docker前台没有运行的应用,这样的容器后台启动后,会立即自杀因为他觉得他没事可做了。所以,最佳的解决方案是将你要运行的程序以前台进程的形式运行,常见就是命令行模式,表示我还有交互操作,别中断 (也即,使用-it 和-d分别运行同一个容器).
4.3.3 退出容器: exit
4.3.4 启动已停止运行的容器:docker start 容器id或者容器名
4.3.5 重启容器:docker restart 容器id或者容器名
4.3.6 停止容器:docker stop 容器id或者容器名
4.3.7 强制停止容器:docker kill 容器id或容器名
4.3.8 删除容器:docker rm 容器id或容器名
4.3.9 查看容器日志:docker logs 容器id/容器名
4.3.10 查看容器内运行的进程:docker top 容器id/容器名
4.3.11 查看容器内部的细节:docker inspect 容器id/容器名
4.3.12 进入正在运行的容器:docker exec -it 容器id bashshell
方式1:
方式2:
4.3.13 从容器内的文件拷贝到主机上:docker cp 容器id:容器路径 主机路径
将容器ubuntu1.0中/opt目录下的test.txt文件cp到主机上
4.3.14 将容器以压缩包的形式导出到当前路径下:docker export 容器id > 压缩文件名.tar
4.3.15 用tar包创建镜像:cat 文件名.tar | docker import - 镜像用户/镜像名:镜像版本
使用刚刚解压的镜像创建一个容器,查看容器中是否有test.txt文件。
五、docker镜像
5.1 联合文件系统(unionfs)
unionfs是一种分层、轻量级并且高性能的文件系统,它支持对文件系统的修改作为一次提交来一层层的叠加,同时可以将不同目录挂载到同一个虚拟文件系统下,unionfs是docker镜像的基础,镜像可以通过分层来进行继承,基于基础镜像(没有父镜像),可以制作各种具体的应用镜像。
特性:一次同时加载多个文件系统,但从外面看起来,只能看到一个文件系统该,联合加载会把各层文件系统叠加起来,这样最终的文件系统会包含所有底层的文件和目录。
5.2 docker镜像加载原理
docker的镜像实际上是由一层层的文件系统组成,这种层级的文件系统就是unionfs
bootfs(boot文件系统)主要包含bootloader和kernel,bootloader主要是引导加载kernel,linux刚启动的时候会加载bootfs文件系统,在docker镜像的最底层是bootfs。这一层与linux系统该是一样的,包含boot加载器和内核。当boot加载完成后整个内核就都在内存中了,此时内存的使用权已由bootfs转交给内核,此时系统也会卸载bootfs。
rootfs(root文件系统),在bootfs之上,包含的是典型linux系统中的/dev,/proc,/bin,/etc等标准目录和文件。rootfs就是各种不同的操作系统该发行版,如ubuntu、centos等。
对于一个精简的os,rootfs可以很小,只需要包括最基本的命令、工具和程序库就可以了,因为底层直接用host的kernel,自己只需要提供rootfs就行了。所以对于不同的linux发行版,bootfs基本是一致的,rootfs会有差别,因此不同的发行版可以共用bootfs。
5.3 镜像的特点和优点
- 特点:
docker镜像都是只读的,当容器启动时,一个新的可写层被加载到镜像的顶部,这一层通常被称作“容器层”,“容器层”之下的为“镜像层”。
- 优点:
使用分层镜像的优点是可以共享资源,比如有多个镜像都从相同的base镜像构建而来,那么宿主机上只需要保存一份base镜像,内存中也只需要加载一份base镜像,就可以为所有容器服务了。镜像的每一层都可以被共享。 以pull为例,在下载的过程中可以看到docker的镜像好像是在一层一层的在下载。
5.4 镜像的commit命令
例子:自己在原始ubuntu镜像中下载vim命令后,再commit成为一个新的ubuntu镜像
- 原始的ubuntu镜像仅有72.8mb
- 根据此镜像,创建容器,并且下载vim
- 将此容器提交,使之成为新的镜像
docker commit -m="提交的描述信息" -a="作者" 容器id 要创建的目标镜像名:[标签名]
5.5 远程仓库交互
与远程仓库推送/拉取镜像流程图
5.5.1 远程阿里云仓库交互
阿里云官网:https://www.aliyun.com/
使用上图的脚本,将本地ubuntu1.0推送到自己的阿里云仓库
$ docker login --username=gaoqiangmath registry.cn-chengdu.aliyuncs.com
$ docker tag [imageid] registry.cn-chengdu.aliyuncs.com/gq_ynu/ubuntu1.0:[镜像版本号]
$ docker push registry.cn-chengdu.aliyuncs.com/gq_ynu/ubuntu1.0:[镜像版本号]
测试:
删除本地镜像,从阿里云仓库中拉取
$ docker pull registry.cn-chengdu.aliyuncs.com/gq_ynu/ubuntu1.0:[镜像版本号]
5.5.2 远程私有仓库docker registry交互
dockerhub、阿里云这样的公共镜像仓库可能不太方便,涉及机密的公司不可能提供镜像给公网,所以需要创建一个本地私人仓库供给团队使用,基于公司内部项目构建镜像。
docker registry是官方提供的工具,可以用于构建私有镜像仓库
六、docker容器数据卷
6.1 含义与特点
卷就是目录或文件,存在于一个或多个容器中,由docker挂载到容器,但不属于联合文件系统,因此能够绕过union file system提供一些用于持续存储或共享数据的特性:数据卷的设计目的就是数据的持久化,完全独立于容器的生存周期,因此docker不会在容器删除时删除其挂载的数据卷。
数据卷会将docker容器内的数据保存进宿主机的磁盘中,运行一个带有容器卷存储功能的容器实例。
- 数据卷可在容器之间共享或重用数据
- 容器和宿主机之间数据共享
- 卷中的更改可以直接实时生效
- 数据卷中的更改不会包含在镜像的更新中
- 数据卷的生命周期一直持续到没有容器使用它为止
6.2 容器数据卷操作
6.2.1 容器伴随数据卷启动
#主机路径和容器路径自己设定,没有的话,会自动创建
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录 镜像名
dokcer inspect 容器id
6.2.2 容器和宿主机之间数据共享
- 在容器自己设定的路径内(/opt/docker_data)编辑文件,主机自己设定的路径(/opt/host_data)会跟着同步,反之亦然
- 即使容器停止了,在宿主机操作数据卷,等到容器重新启动了也能实现数据共享
6.2.3 容器卷ro和rw的读写规则
- rw:容器卷默认,也即可读写
- ro:容器内仅可读,不可写(主机可读写)
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录:ro --name:容器名 镜像名
6.2.4 容器卷的继承
- 已知第一个容器1:d21d825a96c5 完成和宿主机的映射
- 新建一个容器继承容器1和主机卷规则
docker run -it --privileged=true --volumes-from 父类 --name:容器名 镜像名
七、常见软件安装
7.1 tomcat
说明:由于较新版的tomcat需要删除容器下/usr/local/tomcat目录下的webapps文件,并将webapps.dist重命名为webapp。所以推荐下载旧版的tomcat。
步骤:
- docker hub上面查找tomcat镜像(这里采用8.0.53版本)
- 从docker hub上拉取tomcat镜像到本地
- docker images查看是否有拉取到的tomcat
- 使用tomcat镜像创建容器实例
7.1.1 步骤一:docker hub上面查找tomcat镜像
7.1.2 步骤二:从docker hub上拉取tomcat镜像到本地
7.1.3 步骤三:docker images查看是否有拉取到的tomcat
7.1.4 步骤四:使用tomcat镜像创建容器实例
7.2 mysql
7.2.1 常规安装
7.2.1.1 步骤一:docker hub上面查找mysql镜像
7.2.1.2 步骤二:从docker hub上拉取tomcat镜像到本地
docker pull mysql:8.0.31
7.2.1.3 步骤三:docker images查看是否有拉取到的mysql
7.2.1.4 步骤四:使用mysql镜像创建容器实例
1、首先:创建容器
docker run -p 主机端口号:容器端口 -e mysql_root_password=密码 -d mysql:版本
(注意,需要先看看3306是否被占用,因为有可能主机自己安装了mysql)
2、其次:进入容器,进入mysql
docker exec -it 容器id bashshell
测试:查看数据库,创建数据库
查看docker容器下mysql的字符集编码
show variables like 'character%'
3、使用远程可视化工具连接测试
首先:
select host,user,plugin from mysql.user;
查看红框内是否如下:
若不是,输入命令:
#修改加密规则
alter user 'root'@'localhost' identified by 'root' password expire never;
#更新密码
alter user 'root'@'localhost' identified with mysql_native_password by '123456';
alter user 'root'@'%' identified with mysql_native_password by '123456';
#刷新
flush privileges;
使用sql yog链接,成功!
7.2.2 伴随容器数据卷安装(重点)
为了防止数据丢失和误删问题,采用数据卷的形式实现数据备份:
7.2.2.1 步骤一、二、三
步骤一、二、三和常规安装一样,
7.2.2.2 步骤四:伴随数据卷创建容器实例
步骤四:伴随数据卷创建容器实例
docker run -d -p 3306:3306 --privileged=true \
-v /opt/mysql/log:/var/log/mysql \
-v /opt/mysql/data:/var/lib/mysql \
-v /opt/mysql/conf:/etc/mysql/conf.d \
-e mysql_root_password=123456 \
--name mysql \
mysql:8.0.31
测试:
在主机的配置文件目录下新建mysql的配置文件my.cnf
设置mysql字符编码为utf-8 (mysql8以及以上不需要再配置编码)
[client]
default_character_set=utf8
[mysqld]
collation_server = utf8_general_ci
character_set_server = utf8
切换到容器内,发现对应目录同步了配置文件
链接远程sqlyog:
在容器内,进入mysql,依次输入:
#修改加密规则
alter user 'root'@'localhost' identified by 'root' password expire never;
#更新密码
alter user 'root'@'localhost' identified with mysql_native_password by '123456';
alter user 'root'@'%' identified with mysql_native_password by '123456';
#刷新
flush privileges;
7.3 redis
7.3.1 步骤一:docker hub上面查找redis镜像
7.3.2 步骤二:docker hub上面拉取redis镜
(这里拉取redis6.0.8)
7.3.3 步骤三:docker images查看是否有拉取到的redis
7.3.3 步骤四:使用redis镜像创建容器实例(带数据卷)
7.3.3.1 首先:获取redis.conf 模板
redis配置文件官网:redis配置文件官网
redis.conf 模板(6.0版本)
# redis configuration file example.
#
# note that in order to read the configuration file, redis must be
# started with the file path as first argument:
#
# ./redis-server /path/to/redis.conf
# note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5gb 4m and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1gb 1gb 1gb are all the same.
################################## includes ###################################
# include one or more other config files here. this is useful if you
# have a standard template that goes to all redis servers but also need
# to customize a few per-server settings. include files can include
# other files, so use this wisely.
#
# note that option "include" won't be rewritten by command "config rewrite"
# from admin or redis sentinel. since redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# if instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
# include /path/to/local.conf
# include /path/to/other.conf
################################## modules #####################################
# load modules at startup. if the server is not able to load modules
# it will abort. it is possible to use multiple loadmodule directives.
#
# loadmodule /path/to/my_module.so
# loadmodule /path/to/other_module.so
################################## network #####################################
# by default, if no "bind" configuration directive is specified, redis listens
# for connections from all available network interfaces on the host machine.
# it is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more ip addresses.
#
# examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ warning ~~~ if the computer running redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. so by default we uncomment the
# following bind directive, that will force redis to listen only on the
# ipv4 loopback interface address (this means redis will only be able to
# accept client connections from the same host that it is running on).
#
# if you are sure you want your instance to listen to all the interfaces
# just comment out the following line.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bind 127.0.0.1
# protected mode is a layer of security protection, in order to avoid that
# redis instances left open on the internet are accessed and exploited.
#
# when protected mode is on and if:
#
# 1) the server is not binding explicitly to a set of addresses using the
# "bind" directive.
# 2) no password is configured.
#
# the server only accepts connections from clients connecting from the
# ipv4 and ipv6 loopback addresses 127.0.0.1 and ::1, and from unix domain
# sockets.
#
# by default protected mode is enabled. you should disable it only if
# you are sure you want clients from other hosts to connect to redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes
# accept connections on the specified port, default is 6379 (iana #815344).
# if port 0 is specified redis will not listen on a tcp socket.
port 6379
# tcp listen() backlog.
#
# in high requests-per-second environments you need a high backlog in order
# to avoid slow clients connection issues. note that the linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
# unix socket.
#
# specify the path for the unix socket that will be used to listen for
# incoming connections. there is no default, so redis will not listen
# on a unix socket when not specified.
#
# unixsocket /tmp/redis.sock
# unixsocketperm 700
# close the connection after a client is idle for n seconds (0 to disable)
timeout 0
# tcp keepalive.
#
# if non-zero, use so_keepalive to send tcp acks to clients in absence
# of communication. this is useful for two reasons:
#
# 1) detect dead peers.
# 2) force network equipment in the middle to consider the connection to be
# alive.
#
# on linux, the specified value (in seconds) is the period used to send acks.
# note that to close the connection the double of the time is needed.
# on other kernels the period depends on the kernel configuration.
#
# a reasonable value for this option is 300 seconds, which is the new
# redis default starting with redis 3.2.1.
tcp-keepalive 300
################################# tls/ssl #####################################
# by default, tls/ssl is disabled. to enable it, the "tls-port" configuration
# directive can be used to define tls-listening ports. to enable tls on the
# default port, use:
#
# port 0
# tls-port 6379
# configure a x.509 certificate and private key to use for authenticating the
# server to connected clients, masters or cluster peers. these files should be
# pem formatted.
#
# tls-cert-file redis.crt
# tls-key-file redis.key
# configure a dh parameters file to enable diffie-hellman (dh) key exchange:
#
# tls-dh-params-file redis.dh
# configure a ca certificate(s) bundle or directory to authenticate tls/ssl
# clients and peers. redis requires an explicit configuration of at least one
# of these, and will not implicitly use the system wide configuration.
#
# tls-ca-cert-file ca.crt
# tls-ca-cert-dir /etc/ssl/certs
# by default, clients (including replica servers) on a tls port are required
# to authenticate using valid client side certificates.
#
# if "no" is specified, client certificates are not required and not accepted.
# if "optional" is specified, client certificates are accepted and must be
# valid if provided, but are not required.
#
# tls-auth-clients no
# tls-auth-clients optional
# by default, a redis replica does not attempt to establish a tls connection
# with its master.
#
# use the following directive to enable tls on replication links.
#
# tls-replication yes
# by default, the redis cluster bus uses a plain tcp connection. to enable
# tls for the bus protocol, use the following directive:
#
# tls-cluster yes
# explicitly specify tls versions to support. allowed values are case insensitive
# and include "tlsv1", "tlsv1.1", "tlsv1.2", "tlsv1.3" (openssl >= 1.1.1) or
# any combination. to enable only tlsv1.2 and tlsv1.3, use:
#
# tls-protocols "tlsv1.2 tlsv1.3"
# configure allowed ciphers. see the ciphers(1ssl) manpage for more information
# about the syntax of this string.
#
# note: this configuration applies only to <= tlsv1.2.
#
# tls-ciphers default:!medium
# configure allowed tlsv1.3 ciphersuites. see the ciphers(1ssl) manpage for more
# information about the syntax of this string, and specifically for tlsv1.3
# ciphersuites.
#
# tls-ciphersuites tls_chacha20_poly1305_sha256
# when choosing a cipher, use the server's preference instead of the client
# preference. by default, the server follows the client's preference.
#
# tls-prefer-server-ciphers yes
# by default, tls session caching is enabled to allow faster and less expensive
# reconnections by clients that support it. use the following directive to disable
# caching.
#
# tls-session-caching no
# change the default number of tls sessions cached. a zero value sets the cache
# to unlimited size. the default size is 20480.
#
# tls-session-cache-size 5000
# change the default timeout of cached tls sessions. the default timeout is 300
# seconds.
#
# tls-session-cache-timeout 60
################################# general #####################################
# by default redis does not run as a daemon. use 'yes' if you need it.
# note that redis will write a pid file in /var/run/redis.pid when daemonized.
daemonize no
# if you run redis from upstart or systemd, redis can interact with your
# supervision tree. options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting redis into sigstop mode
# requires "expect stop" in your upstart job config
# supervised systemd - signal systemd by writing ready=1 to $notify_socket
# supervised auto - detect upstart or systemd method based on
# upstart_job or notify_socket environment variables
# note: these supervision methods only signal "process is ready."
# they do not enable continuous pings back to your supervisor.
supervised no
# if a pid file is specified, redis writes it where specified at startup
# and removes it at exit.
#
# when the server runs non daemonized, no pid file is created if none is
# specified in the configuration. when the server is daemonized, the pid file
# is used even if not specified, defaulting to "/var/run/redis.pid".
#
# creating a pid file is best effort: if redis is not able to create it
# nothing bad happens, the server will start and run normally.
pidfile /var/run/redis_6379.pid
# specify the server verbosity level.
# this can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel notice
# specify the log file name. also the empty string can be used to force
# redis to log on the standard output. note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile ""
# to enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# syslog-enabled no
# specify the syslog identity.
# syslog-ident redis
# specify the syslog facility. must be user or between local0-local7.
# syslog-facility local0
# set the number of databases. the default database is db 0, you can select
# a different one on a per-connection basis using select <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 16
# by default redis shows an ascii art logo only when started to log to the
# standard output and if the standard output is a tty. basically this means
# that normally a logo is displayed only in interactive sessions.
#
# however it is possible to force the pre-4.0 behavior and always show a
# ascii art logo in startup logs by setting the following option to yes.
always-show-logo yes
################################ snapshotting ################################
#
# save the db on disk:
#
# save <seconds> <changes>
#
# will save the db if both the given number of seconds and the given
# number of write operations against the db occurred.
#
# in the example below the behavior will be to save:
# after 900 sec (15 min) if at least 1 key changed
# after 300 sec (5 min) if at least 10 keys changed
# after 60 sec if at least 10000 keys changed
#
# note: you can disable saving completely by commenting out all "save" lines.
#
# it is also possible to remove all the previously configured save
# points by adding a save directive with a single empty string argument
# like in the following example:
#
# save ""
save 900 1
save 300 10
save 60 10000
# by default redis will stop accepting writes if rdb snapshots are enabled
# (at least one save point) and the latest background save failed.
# this will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# if the background saving process will start working again redis will
# automatically allow writes again.
#
# however if you have setup your proper monitoring of the redis server
# and persistence, you may want to disable this feature so that redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
# compress string objects using lzf when dump .rdb databases?
# by default compression is enabled as it's almost always a win.
# if you want to save some cpu in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
# since version 5 of rdb a crc64 checksum is placed at the end of the file.
# this makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading rdb files, so you can disable it
# for maximum performances.
#
# rdb files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
# the filename where to dump the db
dbfilename dump.rdb
# remove rdb files used by replication in instances without persistence
# enabled. by default this option is disabled, however there are environments
# where for regulations or other security concerns, rdb files persisted on
# disk by masters in order to feed replicas, or stored on disk by replicas
# in order to load them for the initial synchronization, should be deleted
# asap. note that this option only works in instances that have both aof
# and rdb persistence disabled, otherwise is completely ignored.
#
# an alternative (and sometimes better) way to obtain the same effect is
# to use diskless replication on both master and replicas instances. however
# in the case of replicas, diskless is not always an option.
rdb-del-sync-files no
# the working directory.
#
# the db will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# the append only file will also be created inside this directory.
#
# note that you must specify a directory here, not a file name.
dir ./
################################# replication #################################
# master-replica replication. use replicaof to make a redis instance a copy of
# another redis server. a few things to understand asap about redis replication.
#
# +------------------+ +---------------+
# | master | ---> | replica |
# | (receive writes) | | (exact copy) |
# +------------------+ +---------------+
#
# 1) redis replication is asynchronous, but you can configure a master to
# stop accepting writes if it appears to be not connected with at least
# a given number of replicas.
# 2) redis replicas are able to perform a partial resynchronization with the
# master if the replication link is lost for a relatively small amount of
# time. you may want to configure the replication backlog size (see the next
# sections of this file) with a sensible value depending on your needs.
# 3) replication is automatic and does not need user intervention. after a
# network partition replicas automatically try to reconnect to masters
# and resynchronize with them.
#
# replicaof <masterip> <masterport>
# if the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the replica to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the replica request.
#
# masterauth <master-password>
#
# however this is not enough if you are using redis acls (for redis version
# 6 or greater), and the default user is not capable of running the psync
# command and/or other commands needed for replication. in this case it's
# better to configure a special user to use with replication, and specify the
# masteruser configuration as such:
#
# masteruser <username>
#
# when masteruser is specified, the replica will authenticate against its
# master using the new auth form: auth <username> <password>.
# when a replica loses its connection with the master, or when the replication
# is still in progress, the replica can act in two different ways:
#
# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
#
# 2) if replica-serve-stale-data is set to 'no' the replica will reply with
# an error "sync with master in progress" to all commands except:
# info, replicaof, auth, ping, shutdown, replconf, role, config, subscribe,
# unsubscribe, psubscribe, punsubscribe, publish, pubsub, command, post,
# host and latency.
#
replica-serve-stale-data yes
# you can configure a replica instance to accept writes or not. writing against
# a replica instance may be useful to store some ephemeral data (because data
# written on a replica will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# since redis 2.6 by default replicas are read-only.
#
# note: read only replicas are not designed to be exposed to untrusted clients
# on the internet. it's just a protection layer against misuse of the instance.
# still a read only replica exports by default all the administrative commands
# such as config, debug, and so forth. to a limited extent you can improve
# security of read only replicas using 'rename-command' to shadow all the
# administrative / dangerous commands.
replica-read-only yes
# replication sync strategy: disk or socket.
#
# new replicas and reconnecting replicas that are not able to continue the
# replication process just receiving differences, need to do what is called a
# "full synchronization". an rdb file is transmitted from the master to the
# replicas.
#
# the transmission can happen in two different ways:
#
# 1) disk-backed: the redis master creates a new process that writes the rdb
# file on disk. later the file is transferred by the parent
# process to the replicas incrementally.
# 2) diskless: the redis master creates a new process that directly writes the
# rdb file to replica sockets, without touching the disk at all.
#
# with disk-backed replication, while the rdb file is generated, more replicas
# can be queued and served with the rdb file as soon as the current child
# producing the rdb file finishes its work. with diskless replication instead
# once the transfer starts, new replicas arriving will be queued and a new
# transfer will start when the current one terminates.
#
# when diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple
# replicas will arrive and the transfer can be parallelized.
#
# with slow disks and fast (large bandwidth) networks, diskless replication
# works better.
repl-diskless-sync no
# when diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the rdb via socket
# to the replicas.
#
# this is important since once the transfer starts, it is not possible to serve
# new replicas arriving, that will be queued for the next rdb transfer, so the
# server waits a delay in order to let more replicas arrive.
#
# the delay is specified in seconds, and by default is 5 seconds. to disable
# it entirely just set it to 0 seconds and the transfer will start asap.
repl-diskless-sync-delay 5
# -----------------------------------------------------------------------------
# warning: rdb diskless load is experimental. since in this setup the replica
# does not immediately store an rdb on disk, it may cause data loss during
# failovers. rdb diskless load + redis modules not handling i/o reads may also
# cause redis to abort in case of i/o errors during the initial synchronization
# stage with the master. use only if your do what you are doing.
# -----------------------------------------------------------------------------
#
# replica can load the rdb it reads from the replication link directly from the
# socket, or store the rdb to a file and read that file after it was completely
# received from the master.
#
# in many cases the disk is slower than the network, and storing and loading
# the rdb file may increase replication time (and even increase the master's
# copy on write memory and salve buffers).
# however, parsing the rdb file directly from the socket may mean that we have
# to flush the contents of the current database before the full rdb was
# received. for this reason we have the following options:
#
# "disabled" - don't use diskless load (store the rdb file to the disk first)
# "on-empty-db" - use diskless load only when it is completely safe.
# "swapdb" - keep a copy of the current db contents in ram while parsing
# the data directly from the socket. note that this requires
# sufficient memory, if you don't have it, you risk an oom kill.
repl-diskless-load disabled
# replicas send pings to server in a predefined interval. it's possible to
# change this interval with the repl_ping_replica_period option. the default
# value is 10 seconds.
#
# repl-ping-replica-period 10
# the following option sets the replication timeout for:
#
# 1) bulk transfer i/o during sync, from the point of view of replica.
# 2) master timeout from the point of view of replicas (data, pings).
# 3) replica timeout from the point of view of masters (replconf ack pings).
#
# it is important to make sure that this value is greater than the value
# specified for repl-ping-replica-period otherwise a timeout will be detected
# every time there is low traffic between the master and the replica. the default
# value is 60 seconds.
#
# repl-timeout 60
# disable tcp_nodelay on the replica socket after sync?
#
# if you select "yes" redis will use a smaller number of tcp packets and
# less bandwidth to send data to replicas. but this can add a delay for
# the data to appear on the replica side, up to 40 milliseconds with
# linux kernels using a default configuration.
#
# if you select "no" the delay for data to appear on the replica side will
# be reduced but more bandwidth will be used for replication.
#
# by default we optimize for low latency, but in very high traffic conditions
# or when the master and replicas are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
# set the replication backlog size. the backlog is a buffer that accumulates
# replica data when replicas are disconnected for some time, so that when a
# replica wants to reconnect again, often a full resync is not needed, but a
# partial resync is enough, just passing the portion of data the replica
# missed while disconnected.
#
# the bigger the replication backlog, the longer the replica can endure the
# disconnect and later be able to perform a partial resynchronization.
#
# the backlog is only allocated if there is at least one replica connected.
#
# repl-backlog-size 1mb
# after a master has no connected replicas for some time, the backlog will be
# freed. the following option configures the amount of seconds that need to
# elapse, starting from the time the last replica disconnected, for the backlog
# buffer to be freed.
#
# note that replicas never free the backlog for timeout, since they may be
# promoted to masters later, and should be able to correctly "partially
# resynchronize" with other replicas: hence they should always accumulate backlog.
#
# a value of 0 means to never release the backlog.
#
# repl-backlog-ttl 3600
# the replica priority is an integer number published by redis in the info
# output. it is used by redis sentinel in order to select a replica to promote
# into a master if the master is no longer working correctly.
#
# a replica with a low priority number is considered better for promotion, so
# for instance if there are three replicas with priority 10, 100, 25 sentinel
# will pick the one with priority 10, that is the lowest.
#
# however a special priority of 0 marks the replica as not able to perform the
# role of master, so a replica with priority of 0 will never be selected by
# redis sentinel for promotion.
#
# by default the priority is 100.
replica-priority 100
# it is possible for a master to stop accepting writes if there are less than
# n replicas connected, having a lag less or equal than m seconds.
#
# the n replicas need to be in "online" state.
#
# the lag in seconds, that must be <= the specified value, is calculated from
# the last ping received from the replica, that is usually sent every second.
#
# this option does not guarantee that n replicas will accept the write, but
# will limit the window of exposure for lost writes in case not enough replicas
# are available, to the specified number of seconds.
#
# for example to require at least 3 replicas with a lag <= 10 seconds use:
#
# min-replicas-to-write 3
# min-replicas-max-lag 10
#
# setting one or the other to 0 disables the feature.
#
# by default min-replicas-to-write is set to 0 (feature disabled) and
# min-replicas-max-lag is set to 10.
# a redis master is able to list the address and port of the attached
# replicas in different ways. for example the "info replication" section
# offers this information, which is used, among other tools, by
# redis sentinel in order to discover replica instances.
# another place where this info is available is in the output of the
# "role" command of a master.
#
# the listed ip address and port normally reported by a replica is
# obtained in the following way:
#
# ip: the address is auto detected by checking the peer address
# of the socket used by the replica to connect with the master.
#
# port: the port is communicated by the replica during the replication
# handshake, and is normally the port that the replica is using to
# listen for connections.
#
# however when port forwarding or network address translation (nat) is
# used, the replica may actually be reachable via different ip and port
# pairs. the following two options can be used by a replica in order to
# report to its master a specific set of ip and port, so that both info
# and role will report those values.
#
# there is no need to use both the options if you need to override just
# the port or the ip address.
#
# replica-announce-ip 5.5.5.5
# replica-announce-port 1234
############################### keys tracking #################################
# redis implements server assisted support for client side caching of values.
# this is implemented using an invalidation table that remembers, using
# 16 millions of slots, what clients may have certain subsets of keys. in turn
# this is used in order to send invalidation messages to clients. please
# check this page to understand more about the feature:
#
# https://redis.io/topics/client-side-caching
#
# when tracking is enabled for a client, all the read only queries are assumed
# to be cached: this will force redis to store information in the invalidation
# table. when keys are modified, such information is flushed away, and
# invalidation messages are sent to the clients. however if the workload is
# heavily dominated by reads, redis could use more and more memory in order
# to track the keys fetched by many clients.
#
# for this reason it is possible to configure a maximum fill value for the
# invalidation table. by default it is set to 1m of keys, and once this limit
# is reached, redis will start to evict keys in the invalidation table
# even if they were not modified, just to reclaim memory: this will in turn
# force the clients to invalidate the cached values. basically the table
# maximum size is a trade off between the memory you want to spend server
# side to track information about who cached what, and the ability of clients
# to retain cached objects in memory.
#
# if you set the value to 0, it means there are no limits, and redis will
# retain as many keys as needed in the invalidation table.
# in the "stats" info section, you can find information about the number of
# keys in the invalidation table at every given moment.
#
# note: when key tracking is used in broadcasting mode, no memory is used
# in the server side so this setting is useless.
#
# tracking-table-max-keys 1000000
################################## security ###################################
# warning: since redis is pretty fast, an outside user can try up to
# 1 million passwords per second against a modern box. this means that you
# should use very strong passwords, otherwise they will be very easy to break.
# note that because the password is really a shared secret between the client
# and the server, and should not be memorized by any human, the password
# can be easily a long string from /dev/urandom or whatever, so by using a
# long and unguessable password no brute force attack will be possible.
# redis acl users are defined in the following format:
#
# user <username> ... acl rules ...
#
# for example:
#
# user worker +@list +@connection ~jobs:* on >ffa9203c493aa99
#
# the special username "default" is used for new connections. if this user
# has the "nopass" rule, then new connections will be immediately authenticated
# as the "default" user without the need of any password provided via the
# auth command. otherwise if the "default" user is not flagged with "nopass"
# the connections will start in not authenticated state, and will require
# auth (or the hello command auth option) in order to be authenticated and
# start to work.
#
# the acl rules that describe what a user can do are the following:
#
# on enable the user: it is possible to authenticate as this user.
# off disable the user: it's no longer possible to authenticate
# with this user, however the already authenticated connections
# will still work.
# +<command> allow the execution of that command
# -<command> disallow the execution of that command
# +@<category> allow the execution of all the commands in such category
# with valid categories are like @admin, @set, @sortedset, ...
# and so forth, see the full list in the server.c file where
# the redis command table is described and defined.
# the special category @all means all the commands, but currently
# present in the server, and that will be loaded in the future
# via modules.
# +<command>|subcommand allow a specific subcommand of an otherwise
# disabled command. note that this form is not
# allowed as negative like -debug|segfault, but
# only additive starting with "+".
# allcommands alias for +@all. note that it implies the ability to execute
# all the future commands loaded via the modules system.
# nocommands alias for -@all.
# ~<pattern> add a pattern of keys that can be mentioned as part of
# commands. for instance ~* allows all the keys. the pattern
# is a glob-style pattern like the one of keys.
# it is possible to specify multiple patterns.
# allkeys alias for ~*
# resetkeys flush the list of allowed keys patterns.
# ><password> add this password to the list of valid password for the user.
# for example >mypass will add "mypass" to the list.
# this directive clears the "nopass" flag (see later).
# <<password> remove this password from the list of valid passwords.
# nopass all the set passwords of the user are removed, and the user
# is flagged as requiring no password: it means that every
# password will work against this user. if this directive is
# used for the default user, every new connection will be
# immediately authenticated with the default user without
# any explicit auth command required. note that the "resetpass"
# directive will clear this condition.
# resetpass flush the list of allowed passwords. moreover removes the
# "nopass" status. after "resetpass" the user has no associated
# passwords and there is no way to authenticate without adding
# some password (or setting it as "nopass" later).
# reset performs the following actions: resetpass, resetkeys, off,
# -@all. the user returns to the same state it has immediately
# after its creation.
#
# acl rules can be specified in any order: for instance you can start with
# passwords, then flags, or key patterns. however note that the additive
# and subtractive rules will change meaning depending on the ordering.
# for instance see the following example:
#
# user alice on +@all -debug ~* >somepassword
#
# this will allow "alice" to use all the commands with the exception of the
# debug command, since +@all added all the commands to the set of the commands
# alice can use, and later debug was removed. however if we invert the order
# of two acl rules the result will be different:
#
# user alice on -debug +@all ~* >somepassword
#
# now debug was removed when alice had yet no commands in the set of allowed
# commands, later all the commands are added, so the user will be able to
# execute everything.
#
# basically acl rules are processed left-to-right.
#
# for more information about acl configuration please refer to
# the redis web site at https://redis.io/topics/acl
# acl log
#
# the acl log tracks failed commands and authentication events associated
# with acls. the acl log is useful to troubleshoot failed commands blocked
# by acls. the acl log is stored in memory. you can reclaim memory with
# acl log reset. define the maximum entry length of the acl log below.
acllog-max-len 128
# using an external acl file
#
# instead of configuring users here in this file, it is possible to use
# a stand-alone file just listing users. the two methods cannot be mixed:
# if you configure users here and at the same time you activate the external
# acl file, the server will refuse to start.
#
# the format of the external acl user file is exactly the same as the
# format that is used inside redis.conf to describe users.
#
# aclfile /etc/redis/users.acl
# important note: starting with redis 6 "requirepass" is just a compatibility
# layer on top of the new acl system. the option effect will be just setting
# the password for the default user. clients will still authenticate using
# auth <password> as usually, or more explicitly with auth default <password>
# if they follow the new protocol: both will work.
#
# requirepass foobared
# command renaming (deprecated).
#
# ------------------------------------------------------------------------
# warning: avoid using this option if possible. instead use acls to remove
# commands from the default user, and put them only in some admin user you
# create for administrative purposes.
# ------------------------------------------------------------------------
#
# it is possible to change the name of dangerous commands in a shared
# environment. for instance the config command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# example:
#
# rename-command config b840fc02d524045429941cc15f59e41cb7be6c52
#
# it is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command config ""
#
# please note that changing the name of commands that are logged into the
# aof file or transmitted to replicas may cause problems.
################################### clients ####################################
# set the max number of connected clients at the same time. by default
# this limit is set to 10000 clients, however if the redis server is not
# able to configure the process file limit to allow for the specified limit
# the max number of allowed clients is set to the current file limit
# minus 32 (as redis reserves a few file descriptors for internal uses).
#
# once the limit is reached redis will close all the new connections sending
# an error 'max number of clients reached'.
#
# important: when redis cluster is used, the max number of connections is also
# shared with the cluster bus: every node in the cluster will use two
# connections, one incoming and another outgoing. it is important to size the
# limit accordingly in case of very large clusters.
#
# maxclients 10000
############################## memory management ################################
# set a memory usage limit to the specified amount of bytes.
# when the memory limit is reached redis will try to remove keys
# according to the eviction policy selected (see maxmemory-policy).
#
# if redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', redis will start to reply with errors to commands
# that would use more memory, like set, lpush, and so on, and will continue
# to reply to read-only commands like get.
#
# this option is usually useful when using redis as an lru or lfu cache, or to
# set a hard memory limit for an instance (using the 'noeviction' policy).
#
# warning: if you have replicas attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the replicas are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of replicas is full with dels of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# in short... if you have replicas attached it is suggested that you set a lower
# limit for maxmemory so that there is some free ram on the system for replica
# output buffers (but this is not needed if the policy is 'noeviction').
#
# maxmemory <bytes>
# maxmemory policy: how redis will select what to remove when maxmemory
# is reached. you can select one from the following behaviors:
#
# volatile-lru -> evict using approximated lru, only keys with an expire set.
# allkeys-lru -> evict any key using approximated lru.
# volatile-lfu -> evict using approximated lfu, only keys with an expire set.
# allkeys-lfu -> evict any key using approximated lfu.
# volatile-random -> remove a random key having an expire set.
# allkeys-random -> remove a random key, any key.
# volatile-ttl -> remove the key with the nearest expire time (minor ttl)
# noeviction -> don't evict anything, just return an error on write operations.
#
# lru means least recently used
# lfu means least frequently used
#
# both lru, lfu and volatile-ttl are implemented using approximated
# randomized algorithms.
#
# note: with any of the above policies, redis will return an error on write
# operations, when there are no suitable keys for eviction.
#
# at the date of writing these commands are: set setnx setex append
# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
# getset mset msetnx exec sort
#
# the default is:
#
# maxmemory-policy noeviction
# lru, lfu and minimal ttl algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can tune it for speed or
# accuracy. by default redis will check five keys and pick the one that was
# used least recently, you can change the sample size using the following
# configuration directive.
#
# the default of 5 produces good enough results. 10 approximates very closely
# true lru but costs more cpu. 3 is faster but not very accurate.
#
# maxmemory-samples 5
# starting from redis 5, by default a replica will ignore its maxmemory setting
# (unless it is promoted to master after a failover or manually). it means
# that the eviction of keys will be just handled by the master, sending the
# del commands to the replica as keys evict in the master side.
#
# this behavior ensures that masters and replicas stay consistent, and is usually
# what you want, however if your replica is writable, or you want the replica
# to have a different memory setting, and you are sure all the writes performed
# to the replica are idempotent, then you may change this default (but be sure
# to understand what you are doing).
#
# note that since the replica by default does not evict, it may end using more
# memory than the one set via maxmemory (there are certain buffers that may
# be larger on the replica, or data structures may sometimes take more memory
# and so forth). so make sure you monitor your replicas and make sure they
# have enough memory to never hit a real out-of-memory condition before the
# master hits the configured maxmemory setting.
#
# replica-ignore-maxmemory yes
# redis reclaims expired keys in two ways: upon access when those keys are
# found to be expired, and also in background, in what is called the
# "active expire key". the key space is slowly and interactively scanned
# looking for expired keys to reclaim, so that it is possible to free memory
# of keys that are expired and will never be accessed again in a short time.
#
# the default effort of the expire cycle will try to avoid having more than
# ten percent of expired keys still in memory, and will try to avoid consuming
# more than 25% of total memory and to add latency to the system. however
# it is possible to increase the expire "effort" that is normally set to
# "1", to a greater value, up to the value "10". at its maximum value the
# system will use more cpu, longer cycles (and technically may introduce
# more latency), and will tolerate less already expired keys still present
# in the system. it's a tradeoff between memory, cpu and latency.
#
# active-expire-effort 1
############################# lazy freeing ####################################
# redis has two primitives to delete keys. one is called del and is a blocking
# deletion of the object. it means that the server stops processing new commands
# in order to reclaim all the memory associated with an object in a synchronous
# way. if the key deleted is associated with a small object, the time needed
# in order to execute the del command is very small and comparable to most other
# o(1) or o(log_n) commands in redis. however if the key is associated with an
# aggregated value containing millions of elements, the server can block for
# a long time (even seconds) in order to complete the operation.
#
# for the above reasons redis also offers non blocking deletion primitives
# such as unlink (non blocking del) and the async option of flushall and
# flushdb commands, in order to reclaim memory in background. those commands
# are executed in constant time. another thread will incrementally free the
# object in the background as fast as possible.
#
# del, unlink and async option of flushall and flushdb are user-controlled.
# it's up to the design of the application to understand when it is a good
# idea to use one or the other. however the redis server sometimes has to
# delete keys or flush the whole database as a side effect of other operations.
# specifically redis deletes objects independently of a user call in the
# following scenarios:
#
# 1) on eviction, because of the maxmemory and maxmemory policy configurations,
# in order to make room for new data, without going over the specified
# memory limit.
# 2) because of expire: when a key with an associated time to live (see the
# expire command) must be deleted from memory.
# 3) because of a side effect of a command that stores data on a key that may
# already exist. for example the rename command may delete the old key
# content when it is replaced with another one. similarly sunionstore
# or sort with store option may delete existing keys. the set command
# itself removes any old content of the specified key in order to replace
# it with the specified string.
# 4) during replication, when a replica performs a full resynchronization with
# its master, the content of the whole database is removed in order to
# load the rdb file just transferred.
#
# in all the above cases the default is to delete objects in a blocking way,
# like if del was called. however you can configure each case specifically
# in order to instead release memory in a non-blocking way like if unlink
# was called, using the following configuration directives.
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
# it is also possible, for the case when to replace the user code del calls
# with unlink calls is not easy, to modify the default behavior of the del
# command to act exactly like unlink, using the following configuration
# directive:
lazyfree-lazy-user-del no
################################ threaded i/o #################################
# redis is mostly single threaded, however there are certain threaded
# operations such as unlink, slow i/o accesses and other things that are
# performed on side threads.
#
# now it is also possible to handle redis clients socket reads and writes
# in different i/o threads. since especially writing is so slow, normally
# redis users use pipelining in order to speed up the redis performances per
# core, and spawn multiple instances in order to scale more. using i/o
# threads it is possible to easily speedup two times redis without resorting
# to pipelining nor sharding of the instance.
#
# by default threading is disabled, we suggest enabling it only in machines
# that have at least 4 or more cores, leaving at least one spare core.
# using more than 8 threads is unlikely to help much. we also recommend using
# threaded i/o only if you actually have performance problems, with redis
# instances being able to use a quite big percentage of cpu time, otherwise
# there is no point in using this feature.
#
# so for instance if you have a four cores boxes, try to use 2 or 3 i/o
# threads, if you have a 8 cores, try to use 6 threads. in order to
# enable i/o threads use the following configuration directive:
#
# io-threads 4
#
# setting io-threads to 1 will just use the main thread as usual.
# when i/o threads are enabled, we only use threads for writes, that is
# to thread the write(2) syscall and transfer the client buffers to the
# socket. however it is also possible to enable threading of reads and
# protocol parsing using the following configuration directive, by setting
# it to yes:
#
# io-threads-do-reads no
#
# usually threading reads doesn't help much.
#
# note 1: this configuration directive cannot be changed at runtime via
# config set. aso this feature currently does not work when ssl is
# enabled.
#
# note 2: if you want to test the redis speedup using redis-benchmark, make
# sure you also run the benchmark itself in threaded mode, using the
# --threads option to match the number of redis threads, otherwise you'll not
# be able to notice the improvements.
############################ kernel oom control ##############################
# on linux, it is possible to hint the kernel oom killer on what processes
# should be killed first when out of memory.
#
# enabling this feature makes redis actively control the oom_score_adj value
# for all its processes, depending on their role. the default scores will
# attempt to have background child processes killed before all others, and
# replicas killed before masters.
#
# redis supports three options:
#
# no: don't make changes to oom-score-adj (default).
# yes: alias to "relative" see below.
# absolute: values in oom-score-adj-values are written as is to the kernel.
# relative: values are used relative to the initial value of oom_score_adj when
# the server starts and are then clamped to a range of -1000 to 1000.
# because typically the initial value is 0, they will often match the
# absolute values.
oom-score-adj no
# when oom-score-adj is used, this directive controls the specific values used
# for master, replica and background child processes. values range -2000 to
# 2000 (higher means more likely to be killed).
#
# unprivileged processes (not root, and without cap_sys_resource capabilities)
# can freely increase their value, but not decrease it below its initial
# settings. this means that setting oom-score-adj to "relative" and setting the
# oom-score-adj-values to positive values will always succeed.
oom-score-adj-values 0 200 800
############################## append only mode ###############################
# by default redis asynchronously dumps the dataset on disk. this mode is
# good enough in many applications, but an issue with the redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# the append only file is an alternative persistence mode that provides
# much better durability. for instance using the default data fsync policy
# (see later in the config file) redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the redis process itself happens, but the operating system is
# still running correctly.
#
# aof and rdb persistence can be enabled at the same time without problems.
# if the aof is enabled on startup redis will load the aof, that is the file
# with the better durability guarantees.
#
# please check http://redis.io/topics/persistence for more information.
appendonly no
# the name of the append only file (default: "appendonly.aof")
appendfilename "appendonly.aof"
# the fsync() call tells the operating system to actually write data on disk
# instead of waiting for more data in the output buffer. some os will really flush
# data on disk, some other os will just try to do it asap.
#
# redis supports three different modes:
#
# no: don't fsync, just let the os flush the data when it wants. faster.
# always: fsync after every write to the append only log. slow, safest.
# everysec: fsync only one time every second. compromise.
#
# the default is "everysec", as that's usually the right compromise between
# speed and data safety. it's up to you to understand if you can relax this to
# "no" that will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# more details please check the following article:
# http://antirez.com/post/redis-persistence-demystified.html
#
# if unsure, use "everysec".
# appendfsync always
appendfsync everysec
# appendfsync no
# when the aof fsync policy is set to always or everysec, and a background
# saving process (a background save or aof log background rewriting) is
# performing a lot of i/o against the disk, in some linux configurations
# redis may block too long on the fsync() call. note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# in order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# bgsave or bgrewriteaof is in progress.
#
# this means that while another child is saving, the durability of redis is
# the same as "appendfsync none". in practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default linux settings).
#
# if you have latency problems turn this to "yes". otherwise leave it as
# "no" that is the safest pick from the point of view of durability.
no-appendfsync-on-rewrite no
# automatic rewrite of the append only file.
# redis is able to automatically rewrite the log file implicitly calling
# bgrewriteaof when the aof log size grows by the specified percentage.
#
# this is how it works: redis remembers the size of the aof file after the
# latest rewrite (if no rewrite has happened since the restart, the size of
# the aof at startup is used).
#
# this base size is compared to the current size. if the current size is
# bigger than the specified percentage, the rewrite is triggered. also
# you need to specify a minimal size for the aof file to be rewritten, this
# is useful to avoid rewriting the aof file even if the percentage increase
# is reached but it is still pretty small.
#
# specify a percentage of zero in order to disable the automatic aof
# rewrite feature.
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
# an aof file may be found to be truncated at the end during the redis
# startup process, when the aof data gets loaded back into memory.
# this may happen when the system where redis is running
# crashes, especially when an ext4 filesystem is mounted without the
# data=ordered option (however this can't happen when redis itself
# crashes or aborts but the operating system still works correctly).
#
# redis can either exit with an error when this happens, or load as much
# data as possible (the default now) and start if the aof file is found
# to be truncated at the end. the following option controls this behavior.
#
# if aof-load-truncated is set to yes, a truncated aof file is loaded and
# the redis server starts emitting a log to inform the user of the event.
# otherwise if the option is set to no, the server aborts with an error
# and refuses to start. when the option is set to no, the user requires
# to fix the aof file using the "redis-check-aof" utility before to restart
# the server.
#
# note that if the aof file will be found to be corrupted in the middle
# the server will still exit with an error. this option only applies when
# redis will try to read more data from the aof file but not enough bytes
# will be found.
aof-load-truncated yes
# when rewriting the aof file, redis is able to use an rdb preamble in the
# aof file for faster rewrites and recoveries. when this option is turned
# on the rewritten aof file is composed of two different stanzas:
#
# [rdb file][aof tail]
#
# when loading, redis recognizes that the aof file starts with the "redis"
# string and loads the prefixed rdb file, then continues loading the aof
# tail.
aof-use-rdb-preamble yes
################################ lua scripting ###############################
# max execution time of a lua script in milliseconds.
#
# if the maximum execution time is reached redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# when a long running script exceeds the maximum execution time only the
# script kill and shutdown nosave commands are available. the first can be
# used to stop a script that did not yet call any write commands. the second
# is the only way to shut down the server in the case a write command was
# already issued by the script but the user doesn't want to wait for the natural
# termination of the script.
#
# set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit 5000
################################ redis cluster ###############################
# normal redis instances can't be part of a redis cluster; only nodes that are
# started as cluster nodes can. in order to start a redis instance as a
# cluster node enable the cluster support uncommenting the following:
#
# cluster-enabled yes
# every cluster node has a cluster configuration file. this file is not
# intended to be edited by hand. it is created and updated by redis nodes.
# every redis cluster node requires a different cluster configuration file.
# make sure that instances running in the same system do not have
# overlapping cluster configuration file names.
#
# cluster-config-file nodes-6379.conf
# cluster node timeout is the amount of milliseconds a node must be unreachable
# for it to be considered in failure state.
# most other internal time limits are a multiple of the node timeout.
#
# cluster-node-timeout 15000
# a replica of a failing master will avoid to start a failover if its data
# looks too old.
#
# there is no simple way for a replica to actually have an exact measure of
# its "data age", so the following two checks are performed:
#
# 1) if there are multiple replicas able to failover, they exchange messages
# in order to try to give an advantage to the replica with the best
# replication offset (more data from the master processed).
# replicas will try to get their rank by offset, and apply to the start
# of the failover a delay proportional to their rank.
#
# 2) every single replica computes the time of the last interaction with
# its master. this can be the last ping or command received (if the master
# is still in the "connected" state), or the time that elapsed since the
# disconnection with the master (if the replication link is currently down).
# if the last interaction is too old, the replica will not try to failover
# at all.
#
# the point "2" can be tuned by user. specifically a replica will not perform
# the failover if, since the last interaction with the master, the time
# elapsed is greater than:
#
# (node-timeout * cluster-replica-validity-factor) + repl-ping-replica-period
#
# so for example if node-timeout is 30 seconds, and the cluster-replica-validity-factor
# is 10, and assuming a default repl-ping-replica-period of 10 seconds, the
# replica will not try to failover if it was not able to talk with the master
# for longer than 310 seconds.
#
# a large cluster-replica-validity-factor may allow replicas with too old data to failover
# a master, while a too small value may prevent the cluster from being able to
# elect a replica at all.
#
# for maximum availability, it is possible to set the cluster-replica-validity-factor
# to a value of 0, which means, that replicas will always try to failover the
# master regardless of the last time they interacted with the master.
# (however they'll always try to apply a delay proportional to their
# offset rank).
#
# zero is the only value able to guarantee that when all the partitions heal
# the cluster will always be able to continue.
#
# cluster-replica-validity-factor 10
# cluster replicas are able to migrate to orphaned masters, that are masters
# that are left without working replicas. this improves the cluster ability
# to resist to failures as otherwise an orphaned master can't be failed over
# in case of failure if it has no working replicas.
#
# replicas migrate to orphaned masters only if there are still at least a
# given number of other working replicas for their old master. this number
# is the "migration barrier". a migration barrier of 1 means that a replica
# will migrate only if there is at least 1 other working replica for its master
# and so forth. it usually reflects the number of replicas you want for every
# master in your cluster.
#
# default is 1 (replicas migrate only if their masters remain with at least
# one replica). to disable migration just set it to a very large value.
# a value of 0 can be set but is useful only for debugging and dangerous
# in production.
#
# cluster-migration-barrier 1
# by default redis cluster nodes stop accepting queries if they detect there
# is at least a hash slot uncovered (no available node is serving it).
# this way if the cluster is partially down (for example a range of hash slots
# are no longer covered) all the cluster becomes, eventually, unavailable.
# it automatically returns available as soon as all the slots are covered again.
#
# however sometimes you want the subset of the cluster which is working,
# to continue to accept queries for the part of the key space that is still
# covered. in order to do so, just set the cluster-require-full-coverage
# option to no.
#
# cluster-require-full-coverage yes
# this option, when set to yes, prevents replicas from trying to failover its
# master during master failures. however the master can still perform a
# manual failover, if forced to do so.
#
# this is useful in different scenarios, especially in the case of multiple
# data center operations, where we want one side to never be promoted if not
# in the case of a total dc failure.
#
# cluster-replica-no-failover no
# this option, when set to yes, allows nodes to serve read traffic while the
# the cluster is in a down state, as long as it believes it owns the slots.
#
# this is useful for two cases. the first case is for when an application
# doesn't require consistency of data during node failures or network partitions.
# one example of this is a cache, where as long as the node has the data it
# should be able to serve it.
#
# the second use case is for configurations that don't meet the recommended
# three shards but want to enable cluster mode and scale later. a
# master outage in a 1 or 2 shard configuration causes a read/write outage to the
# entire cluster without this option set, with it set there is only a write outage.
# without a quorum of masters, slot ownership will not change automatically.
#
# cluster-allow-reads-when-down no
# in order to setup your cluster make sure to read the documentation
# available at http://redis.io web site.
########################## cluster docker/nat support ########################
# in certain deployments, redis cluster nodes address discovery fails, because
# addresses are nat-ted or because ports are forwarded (the typical case is
# docker and other containers).
#
# in order to make redis cluster working in such environments, a static
# configuration where each node knows its public address is needed. the
# following two options are used for this scope, and are:
#
# * cluster-announce-ip
# * cluster-announce-port
# * cluster-announce-bus-port
#
# each instructs the node about its address, client port, and cluster message
# bus port. the information is then published in the header of the bus packets
# so that other nodes will be able to correctly map the address of the node
# publishing the information.
#
# if the above options are not used, the normal redis cluster auto-detection
# will be used instead.
#
# note that when remapped, the bus port may not be at the fixed offset of
# clients port + 10000, so you can specify any port and bus-port depending
# on how they get remapped. if the bus-port is not set, a fixed offset of
# 10000 will be used as usual.
#
# example:
#
# cluster-announce-ip 10.1.1.5
# cluster-announce-port 6379
# cluster-announce-bus-port 6380
################################## slow log ###################################
# the redis slow log is a system to log queries that exceeded a specified
# execution time. the execution time does not include the i/o operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# you can configure the slow log with two parameters: one tells redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. when a new command is logged the oldest one is removed from the
# queue of logged commands.
# the following time is expressed in microseconds, so 1000000 is equivalent
# to one second. note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000
# there is no limit to this length. just be aware that it will consume memory.
# you can reclaim memory used by the slow log with slowlog reset.
slowlog-max-len 128
################################ latency monitor ##############################
# the redis latency monitoring subsystem samples different operations
# at runtime in order to collect data related to possible sources of
# latency of a redis instance.
#
# via the latency command this information is available to the user that can
# print graphs and obtain reports.
#
# the system only logs operations that were performed in a time equal or
# greater than the amount of milliseconds specified via the
# latency-monitor-threshold configuration directive. when its value is set
# to zero, the latency monitor is turned off.
#
# by default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. latency
# monitoring can easily be enabled at runtime using the command
# "config set latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0
############################# event notification ##############################
# redis can notify pub/sub clients about events happening in the key space.
# this feature is documented at http://redis.io/topics/notifications
#
# for instance if keyspace events notification is enabled, and a client
# performs a del operation on key "foo" stored in the database 0, two
# messages will be published via pub/sub:
#
# publish __keyspace@0__:foo del
# publish __keyevent@0__:del foo
#
# it is possible to select the events that redis will notify among a set
# of classes. every class is identified by a single character:
#
# k keyspace events, published with __keyspace@<db>__ prefix.
# e keyevent events, published with __keyevent@<db>__ prefix.
# g generic commands (non-type specific) like del, expire, rename, ...
# $ string commands
# l list commands
# s set commands
# h hash commands
# z sorted set commands
# x expired events (events generated every time a key expires)
# e evicted events (events generated when a key is evicted for maxmemory)
# t stream commands
# m key-miss events (note: it is not included in the 'a' class)
# a alias for g$lshzxet, so that the "ake" string means all the events
# (except key-miss events which are excluded from 'a' due to their
# unique nature).
#
# the "notify-keyspace-events" takes as argument a string that is composed
# of zero or multiple characters. the empty string means that notifications
# are disabled.
#
# example: to enable list and generic events, from the point of view of the
# event name, use:
#
# notify-keyspace-events elg
#
# example 2: to get the stream of the expired keys subscribing to channel
# name __keyevent@0__:expired use:
#
# notify-keyspace-events ex
#
# by default all notifications are disabled because most users don't need
# this feature and the feature has some overhead. note that if you don't
# specify at least one of k or e, no events will be delivered.
notify-keyspace-events ""
############################### gopher server #################################
# redis contains an implementation of the gopher protocol, as specified in
# the rfc 1436 (https://www.ietf.org/rfc/rfc1436.txt).
#
# the gopher protocol was very popular in the late '90s. it is an alternative
# to the web, and the implementation both server and client side is so simple
# that the redis server has just 100 lines of code in order to implement this
# support.
#
# what do you do with gopher nowadays? well gopher never *really* died, and
# lately there is a movement in order for the gopher more hierarchical content
# composed of just plain text documents to be resurrected. some want a simpler
# internet, others believe that the mainstream internet became too much
# controlled, and it's cool to create an alternative space for people that
# want a bit of fresh air.
#
# anyway for the 10nth birthday of the redis, we gave it the gopher protocol
# as a gift.
#
# --- how it works? ---
#
# the redis gopher support uses the inline protocol of redis, and specifically
# two kind of inline requests that were anyway illegal: an empty request
# or any request that starts with "/" (there are no redis commands starting
# with such a slash). normal resp2/resp3 requests are completely out of the
# path of the gopher protocol implementation and are served as usual as well.
#
# if you open a connection to redis when gopher is enabled and send it
# a string like "/foo", if there is a key named "/foo" it is served via the
# gopher protocol.
#
# in order to create a real gopher "hole" (the name of a gopher site in gopher
# talking), you likely need a script like the following:
#
# https://github.com/antirez/gopher2redis
#
# --- security warning ---
#
# if you plan to put redis on the internet in a publicly accessible address
# to server gopher pages make sure to set a password to the instance.
# once a password is set:
#
# 1. the gopher server (when enabled, not by default) will still serve
# content via gopher.
# 2. however other commands cannot be called before the client will
# authenticate.
#
# so use the 'requirepass' option to protect your instance.
#
# note that gopher is not currently supported when 'io-threads-do-reads'
# is enabled.
#
# to enable gopher support, uncomment the following line and set the option
# from no (the default) to yes.
#
# gopher-enabled no
############################### advanced config ###############################
# hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. these thresholds can be configured using the following directives.
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
# lists are also encoded in a special way to save a lot of space.
# the number of entries allowed per internal list node can be specified
# as a fixed maximum size or a maximum number of elements.
# for a fixed maximum size, use -5 through -1, meaning:
# -5: max size: 64 kb <-- not recommended for normal workloads
# -4: max size: 32 kb <-- not recommended
# -3: max size: 16 kb <-- probably not recommended
# -2: max size: 8 kb <-- good
# -1: max size: 4 kb <-- good
# positive numbers mean store up to _exactly_ that number of elements
# per list node.
# the highest performing option is usually -2 (8 kb size) or -1 (4 kb size),
# but if your use case is unique, adjust the settings as necessary.
list-max-ziplist-size -2
# lists may also be compressed.
# compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* from compression. the head and tail of the list
# are always uncompressed for fast push/pop operations. settings are:
# 0: disable all list compression
# 1: depth 1 means "don't start compressing until after 1 node into the list,
# going from either the head or tail"
# so: [head]->node->node->...->node->[tail]
# [head], [tail] will always be uncompressed; inner nodes will compress.
# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
# 2 here means: don't compress head or head->next or tail->prev or tail,
# but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.
list-compress-depth 0
# sets have a special encoding in just one case: when a set is composed
# of just strings that happen to be integers in radix 10 in the range
# of 64 bit signed integers.
# the following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512
# similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. this encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
# hyperloglog sparse representation bytes limit. the limit includes the
# 16 bytes header. when an hyperloglog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# a value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# the suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much pfadd,
# which is o(n) with the sparse encoding. the value can be raised to
# ~ 10000 when cpu is not a concern, but space is, and the data set is
# composed of many hyperloglogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000
# streams macro node max size / items. the stream data structure is a radix
# tree of big nodes that encode multiple items inside. using this configuration
# it is possible to configure how big a single node can be in bytes, and the
# maximum number of items it may contain before switching to a new node when
# appending new stream entries. if any of the following settings are set to
# zero, the limit is ignored, so for instance it is possible to set just a
# max entires limit by setting max-bytes to 0 and max-entries to the desired
# value.
stream-node-max-bytes 4096
stream-node-max-entries 100
# active rehashing uses 1 millisecond every 100 milliseconds of cpu time in
# order to help rehashing the main redis hash table (the one mapping top-level
# keys to values). the hash table implementation redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# the default is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries, freeing memory when possible.
#
# if unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that redis can reply from time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes
# the client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a pub/sub client can't consume messages as fast as the
# publisher can produce them).
#
# the limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including monitor clients
# replica -> replica clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# the syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# a client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# so for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# by default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# instead there is a default limit for pubsub and replica clients, since
# subscribers and replicas receive data in a push fashion.
#
# both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# client query buffers accumulate new commands. they are limited to a fixed
# amount by default in order to avoid that a protocol desynchronization (for
# instance due to a bug in the client) will lead to unbound memory usage in
# the query buffer. however you can configure it here if you have very special
# needs, such us huge multi/exec requests or alike.
#
# client-query-buffer-limit 1gb
# in the redis protocol, bulk requests, that are, elements representing single
# strings, are normally limited to 512 mb. however you can change this limit
# here, but must be 1mb or greater
#
# proto-max-bulk-len 512mb
# redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeout, purging expired keys that are
# never requested, and so forth.
#
# not all tasks are performed with the same frequency, but redis checks for
# tasks to perform according to the specified "hz" value.
#
# by default "hz" is set to 10. raising the value will use more cpu when
# redis is idle, but at the same time will make redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# the range is between 1 and 500, however a value over 100 is usually not
# a good idea. most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10
# normally it is useful to have an hz value which is proportional to the
# number of clients connected. this is useful in order, for instance, to
# avoid too many clients are processed for each background task invocation
# in order to avoid latency spikes.
#
# since the default hz value by default is conservatively set to 10, redis
# offers, and enables by default, the ability to use an adaptive hz value
# which will temporarily raise when there are many connected clients.
#
# when dynamic hz is enabled, the actual configured hz will be used
# as a baseline, but multiples of the configured hz value will be actually
# used as needed once more clients are connected. in this way an idle
# instance will use very little cpu time while a busy instance will be
# more responsive.
dynamic-hz yes
# when a child rewrites the aof file, if the following option is enabled
# the file will be fsync-ed every 32 mb of data generated. this is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
# when redis saves rdb file, if the following option is enabled
# the file will be fsync-ed every 32 mb of data generated. this is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
rdb-save-incremental-fsync yes
# redis lfu eviction (see maxmemory setting) can be tuned. however it is a good
# idea to start with the default settings and only change them after investigating
# how to improve the performances and how the keys lfu change over time, which
# is possible to inspect via the object freq command.
#
# there are two tunable parameters in the redis lfu implementation: the
# counter logarithm factor and the counter decay time. it is important to
# understand what the two parameters mean before changing them.
#
# the lfu counter is just 8 bits per key, it's maximum value is 255, so redis
# uses a probabilistic increment with logarithmic behavior. given the value
# of the old counter, when a key is accessed, the counter is incremented in
# this way:
#
# 1. a random number r between 0 and 1 is extracted.
# 2. a probability p is calculated as 1/(old_value*lfu_log_factor+1).
# 3. the counter is incremented only if r < p.
#
# the default lfu-log-factor is 10. this is a table of how the frequency
# counter changes with a different number of accesses with different
# logarithmic factors:
#
# +--------+------------+------------+------------+------------+------------+
# | factor | 100 hits | 1000 hits | 100k hits | 1m hits | 10m hits |
# +--------+------------+------------+------------+------------+------------+
# | 0 | 104 | 255 | 255 | 255 | 255 |
# +--------+------------+------------+------------+------------+------------+
# | 1 | 18 | 49 | 255 | 255 | 255 |
# +--------+------------+------------+------------+------------+------------+
# | 10 | 10 | 18 | 142 | 255 | 255 |
# +--------+------------+------------+------------+------------+------------+
# | 100 | 8 | 11 | 49 | 143 | 255 |
# +--------+------------+------------+------------+------------+------------+
#
# note: the above table was obtained by running the following commands:
#
# redis-benchmark -n 1000000 incr foo
# redis-cli object freq foo
#
# note 2: the counter initial value is 5 in order to give new objects a chance
# to accumulate hits.
#
# the counter decay time is the time, in minutes, that must elapse in order
# for the key counter to be divided by two (or decremented if it has a value
# less <= 10).
#
# the default value for the lfu-decay-time is 1. a special value of 0 means to
# decay the counter every time it happens to be scanned.
#
# lfu-log-factor 10
# lfu-decay-time 1
########################### active defragmentation #######################
#
# what is active defragmentation?
# -------------------------------
#
# active (online) defragmentation allows a redis server to compact the
# spaces left between small allocations and deallocations of data in memory,
# thus allowing to reclaim back memory.
#
# fragmentation is a natural process that happens with every allocator (but
# less so with jemalloc, fortunately) and certain workloads. normally a server
# restart is needed in order to lower the fragmentation, or at least to flush
# away all the data and create it again. however thanks to this feature
# implemented by oran agra for redis 4.0 this process can happen at runtime
# in a "hot" way, while the server is running.
#
# basically when the fragmentation is over a certain level (see the
# configuration options below) redis will start to create new copies of the
# values in contiguous memory regions by exploiting certain specific jemalloc
# features (in order to understand if an allocation is causing fragmentation
# and to allocate it in a better place), and at the same time, will release the
# old copies of the data. this process, repeated incrementally for all the keys
# will cause the fragmentation to drop back to normal values.
#
# important things to understand:
#
# 1. this feature is disabled by default, and only works if you compiled redis
# to use the copy of jemalloc we ship with the source code of redis.
# this is the default with linux builds.
#
# 2. you never need to enable this feature if you don't have fragmentation
# issues.
#
# 3. once you experience fragmentation, you can enable this feature when
# needed with the command "config set activedefrag yes".
#
# the configuration parameters are able to fine tune the behavior of the
# defragmentation process. if you are not sure about what they mean it is
# a good idea to leave the defaults untouched.
# enabled active defragmentation
# activedefrag no
# minimum amount of fragmentation waste to start active defrag
# active-defrag-ignore-bytes 100mb
# minimum percentage of fragmentation to start active defrag
# active-defrag-threshold-lower 10
# maximum percentage of fragmentation at which we use maximum effort
# active-defrag-threshold-upper 100
# minimal effort for defrag in cpu percentage, to be used when the lower
# threshold is reached
# active-defrag-cycle-min 1
# maximal effort for defrag in cpu percentage, to be used when the upper
# threshold is reached
# active-defrag-cycle-max 25
# maximum number of set/hash/zset/list fields that will be processed from
# the main dictionary scan
# active-defrag-max-scan-fields 1000
# jemalloc background thread for purging will be enabled by default
jemalloc-bg-thread yes
# it is possible to pin different threads and processes of redis to specific
# cpus in your system, in order to maximize the performances of the server.
# this is useful both in order to pin different redis threads in different
# cpus, but also in order to make sure that multiple redis instances running
# in the same host will be pinned to different cpus.
#
# normally you can do this using the "taskset" command, however it is also
# possible to this via redis configuration directly, both in linux and freebsd.
#
# you can pin the server/io threads, bio threads, aof rewrite child process, and
# the bgsave child process. the syntax to specify the cpu list is the same as
# the taskset command:
#
# set redis server/io threads to cpu affinity 0,2,4,6:
# server_cpulist 0-7:2
#
# set bio threads to cpu affinity 1,3:
# bio_cpulist 1,3
#
# set aof rewrite child process to cpu affinity 8,9,10,11:
# aof_rewrite_cpulist 8-11
#
# set bgsave child process to cpu affinity 1,10,11
# bgsave_cpulist 1,10-11
# in some cases redis will emit warnings and even refuse to start if it detects
# that the system is in bad state, it is possible to suppress these warnings
# by setting the following config which takes a space delimited list of warnings
# to suppress
#
# ignore-warnings arm64-cow-bug
7.3.3.2 其次:主机放置redis.conf文件
mkdir /opt/redis
vim redis.conf
7.3.3.3 再次:修改redis.conf文件
(用vim打开文件后,直接输入 /关键字 并回车,定位到第一个关键字,之后通过n向下查找,通过n向上查找)
7.3.3.4 最后:启动容器实例(带数据卷)
docker run -d -p 6379:6379 \
--name redis --privileged=true \
-v /opt/redis/redis.conf:/etc/redis/redis.conf \
-v /opt/redis/data:/data \
redis:6.0.8
(启动成功)
使用可视化软件resp远程连接redis
八、搭建mysql主从复制
8.1 拉取mysql镜像(以8.0.31为例)
docker pull mysql:8.0.31
8.2 创建主节点mysql实例对象
8.2.1 创建主节点mysql实例对象
docker run -p 3307:3306 \
--name mysql-master \
-v /opt/mysql-master/log:/var/log/mysql \
-v /opt/mysql-master/data:/var/lib/mysql \
-v /opt/mysql-master/conf:/etc/mysql/conf.d \
-e mysql_root_password=123456 \
-d mysql:8.0.31
8.2.2 修改主节点mysql实例对象配置文件
主机进入/opt/mysql-master/conf目录下新建my.cnf
vim /opt/mysql-master/conf/my.cnf
[mysqld]
## 设置server_id,同一局域网中需要唯一
server_id=100
## 指定不需要同步的数据库名称
binlog-ignore-db=mysql
## 开启二进制日志功能
log-bin=mall-mysql-bin
## 设置二进制日志使用内存大小(事务)
binlog_cache_size=1m
## 设置使用的二进制日志格式(mixed,statement,row)
binlog_format=mixed
## 二进制日志过期清理时间。默认值为0,表示不自动清理。
expire_logs_days=7
## 跳过主从复制中遇到的所有错误或指定类型的错误,避免slave端复制中断。
## 如:1062错误是指一些主键重复,1032错误是因为主从数据库数据不一致
slave_skip_errors=1062
8.2.3 修改完配置后重启master容器实例
docker restart mysql-master
8.2.4 进入主节点mysql-master容器实例,进入数据库
docker exec -it mysql-master /bin/bash
mysql -uroot -p123456
8.2.5 master容器实例内创建数据同步用户并授予权限
create user 'slave'@'%' identified by '123456';
alter user 'slave'@'%' identified with mysql_native_password by '123456';
grant replication slave, replication client on *.* to 'slave'@'%';
8.2.6 在主节点数据库查看主从同步状态
show master status;
8.3 创建从节点mysql实例对象
8.3.1 创建从节点mysql实例对象
docker run -p 3308:3306 \
--name mysql-slave \
-v /opt/mysql-slave/log:/var/log/mysql \
-v /opt/mysql-slave/data:/var/lib/mysql \
-v /opt/mysql-slave/conf:/etc/mysql/conf.d \
-e mysql_root_password=123456 \
-d mysql:8.0.31
8.3.2 修改从节点mysql实例对象配置文件
主机进入/opt/mysql-slave/conf目录下新建my.cnf
vim /opt/mysql-slave/conf/my.cnf
[mysqld]
## 设置server_id,同一局域网中需要唯一
server_id=101
## 指定不需要同步的数据库名称
binlog-ignore-db=mysql
## 开启二进制日志功能,以备slave作为其它数据库实例的master时使用
log-bin=mall-mysql-slave1-bin
## 设置二进制日志使用内存大小(事务)
binlog_cache_size=1m
## 设置使用的二进制日志格式(mixed,statement,row)
binlog_format=mixed
## 二进制日志过期清理时间。默认值为0,表示不自动清理。
expire_logs_days=7
## 跳过主从复制中遇到的所有错误或指定类型的错误,避免slave端复制中断。
## 如:1062错误是指一些主键重复,1032错误是因为主从数据库数据不一致
slave_skip_errors=1062
## relay_log配置中继日志
relay_log=mall-mysql-relay-bin
## log_slave_updates表示slave将复制事件写进自己的二进制日志
log_slave_updates=1
## slave设置为只读(具有super权限的用户除外)
read_only=1
8.3.3 修改完配置后重启slave容器实例
docker restart mysql-slave
8.3.4 进入从节点,配置主从复制
docker exec -it mysql-slave /bin/bash
mysql -uroot -p123456
//注意:master_password master_port要与master机一致
//注意 msater_user 要和8.2.5一致
//注意:master_log_file 以及 master_log_pos 要和8.2.6一致 即:mall-mysql-bin.000005 1452
change master to master_host='宿主机ip', master_user='slave', master_password='123456',
master_port=3307, master_log_file='mall-mysql-bin.000005', master_log_pos=1452, master_connect_retry=30;
参数说明:
master_host:主数据库的ip地址;master_port:主数据库的运行端口;master_user:在主数据库创建的用于同步数据的用户账号;master_password:在主数据库创建的用于同步数据的用户密码;master_log_file:指定从数据库要复制数据的日志文件,通过查看主数据的状态,获取file参数;master_log_pos:指定从数据库从哪个位置开始复制数据,通过主数据的状态,获取position参数;master_connect_retry:连接失败重试的时间间隔,单位为秒。
8.3.5 开启从数据库
start slave;
//停止从数据库:stop slave;
//重启从数据库:restart slave;
8.3.6 查看主从复制状态
在从节点的mysql数据库内查看
show slave status \g;
8.4 主从数据库测试
#修改加密规则
alter user 'root'@'localhost' identified by 'root' password expire never;
#更新密码
alter user 'root'@'localhost' identified with mysql_native_password by '123456';
alter user 'root'@'%' identified with mysql_native_password by '123456';
#刷新
flush privileges;
至此,成功!
8.5 将主从数据库打包成镜像
将主从数据库打包成镜像,保存至阿里云仓库
8.5.1 commit容器为镜像
docker commit -m="提交的描述信息" -a="作者" 容器id 要创建的目标镜像名:[标签名]
8.5.2 推送至阿里云镜像仓库
docker login --username=gaoqiangmath registry.cn-chengdu.aliyuncs.com
docker tag [imageid] registry.cn-chengdu.aliyuncs.com/gq_ynu/mysql8-master1.0:[镜像版本号]
docker push registry.cn-chengdu.aliyuncs.com/gq_ynu/mysql8-master1.0:[镜像版本号]
docker login --username=gaoqiangmath registry.cn-chengdu.aliyuncs.com
docker tag [imageid] registry.cn-chengdu.aliyuncs.com/gq_ynu/mysql8-slave1.0:[镜像版本号]
docker push registry.cn-chengdu.aliyuncs.com/gq_ynu/mysql8-slave1.0:[镜像版本号]
九、搭建redis集群
(稍等,后续再补充)
十、dockerfile
10.1 dockerfile简介
官网:https://docs.docker.com/engine/reference/builder/
10.2 dockerfile内容基础知识
- 每条保留字指令都必须为大写字母且后面要跟随至少一个参数
- 指令按照从上到下,顺序执行
- #表示注释
- 每条指令都会创建一个新的镜像层并对镜像进行提交
10.3 docker执行dockerfile的大致流程
- docker从基础镜像运行一个容器
- 执行一条指令并对容器作出修改
- 执行类似docker commit的操作提交一个新的镜像层
- docker再基于刚提交的镜像运行一个新容器
- 执行dockerfile中的下一条指令直到所有指令都执行完成
10.4 docker镜像、容器、dockerfile
- dockerfile,需要定义一个dockerfile,
dockerfile定义了进程需要的一切东西。dockerfile涉及的内容包括执行代码或者是文件、环境变量、依赖包、运行时环境、动态链接库、操作系统的发行版、服务进程和内核进程(当应用进程需要和系统服务和内核进程打交道,这时需要考虑如何设计namespace的权限控制)等等; - docker镜像,在用dockerfile定义一个文件之后,docker build时会产生一个docker镜像,当运行
- docker镜像时会真正开始提供服务;
docker容器,容器是直接提供服务的。
10.5 fockerfilie常用保留字指令
10.5.1 from
基础镜像,当前新镜像是基于哪个镜像的,指定一个已经存在的镜像作为模板,第一条必须是from
10.5.2 maintainer
镜像维护者的姓名和邮箱地址
10.5.3 run
容器构建时需要运行的命令
10.5.4 expose
当前容器对外暴露出的端口
10.5.5 workdir
指定在创建容器后,终端默认登陆的进来工作目录,一个落脚点
10.5.6 user
指定该镜像以什么样的用户去执行,如果都不指定,默认是root
10.5.7 env
用来在构建镜像过程中设置环境变量
这个环境变量可以在后续的任何run指令中使用,这就如同在命令前面指定了环境变量前缀一样;
也可以在其它指令中直接使用这些环境变量。
比如:workdir $my_path
10.5.8 add
将宿主机目录下的文件拷贝进镜像且会自动处理url和解压tar压缩包
10.5.9 copy
类似add,拷贝文件和目录到镜像中(但是不会自动解压)。
将从构建上下文目录中 <源路径> 的文件/目录复制到新的一层的镜像内的 <目标路径> 位置
10.5.10 volume
容器数据卷,用于数据保存和持久化工作
10.5.11 cmd
指定容器启动后的要干的事情
cmd会被docker run后面的命令覆盖
10.5.12 entrypoint
也是用来指定一个容器启动后要运行的命令
类似于 cmd 指令,但是entrypoint不会被docker run后面的命令覆盖, 而且这些命令行参数会被当作 参数送给 entrypoint 指令指定的程序。
10.6 dockerfile启动命令
docker build -f 脚本文件名(默认dockerfile可以省略) -t 镜像名字 .(表示当前路径)
10.7 使用dockerfile实现自定义镜像
自定义镜像需求:具备vim+ifconfig+jdk8环境
10.7.1 第一步:主机创建文件夹,用以存放dockerfile以及jdk
我放在主机:/usr/local/docker_file目录下:
10.6.2 第二步:编辑dockerfile
编辑cento7_docker_file
from centos:7
maintainer gq<94430980@qq.com>
env mypath /usr/local
workdir $mypath
#安装vim编辑器
run yum -y install vim
#安装ifconfig命令查看网络ip
run yum -y install net-tools
#安装java8及lib库
run yum -y install glibc.i686
run mkdir /usr/local/java
#add 是相对路径jar,把jdk-8u371-linux-x64.tar.gz添加到容器中,安装包必须要和dockerfile文件在同一位置
add jdk-8u371-linux-x64.tar.gz /usr/local/java/
#配置java环境变量
env java_home /usr/local/java/jdk1.8.0_371
env jre_home $java_home/jre
env classpath $java_home/lib/dt.jar:$java_home/lib/tools.jar:$jre_home/lib:$classpath
env path $java_home/bin:$path
expose 80
cmd echo $mypath
cmd echo "success--------------ok"
cmd /bin/bash
注意:centos版本指定为7 centos:7
10.6.3 第三步:启动dockerfile,创建镜像
#命令格式
docker build -f 脚本文件名(默认dockerfile可以省略) -t 镜像名字 .(表示当前路径)
实际命令
docker build -f cento7_docker_file -t cento7_java8 .
查看新建的镜像:
进入镜像:
docker run -it --name cento7_java8 cento7_java8 /bin/bash
10.7 虚悬镜像
仓库名和版本号都为<none>的就是虚悬镜像
查看所有的虚悬镜像
docker image ls -f dangling=true
删除所有虚悬镜像
docker image prune
十一、docker网络
11.1 docker网络是什么
docker启动时会在主机上自动创建一个docker0网桥,即一个linux网桥。容器借助网桥和主机或者其他容器进行通讯。
11.2 docker网络的相关命令
11.2.1 查看docker网络的相关命令
11.2.2 容器设定网络启动
docker run [--network 网络名] 容器名/容器id
11.3 docker网络的作用
- 容器间的互联和通信以及端口映射
- 容器ip变动时候可以通过服务名直接网络通信而不受到影响
11.4 docker网络模式
11.4.1 docker网络模式分类
11.4.2 bridge网络模式(默认)
docker 服务默认会创建一个 docker0 网桥(其上有一个 docker0 内部接口),该桥接网络的名称为docker0,它在内核层连通了其他的物理或虚拟网卡,这就将所有容器和本地主机都放到同一个物理网络。docker 默认指定了 docker0 接口 的 ip 地址和子网掩码,让主机和容器之间。宿主机和容器之间、容器与容器之间可以通过网桥docer0(bridge)相互通信
容器以bridge网络运行:
docker run --network bridge 容器名/容器id
11.4.3 host网络模式
容器将不会获得一个独立的network namespace, 而是和宿主机共用一个network namespace。容器将不会虚拟出自己的网卡而是使用宿主机的ip和端口。
容器以none网络运行:
docker run --network host 容器名/容器id
注意:当容器以host启动时,指定端口映射便没有意义
如:
11.4.4 none网络模式
在none模式下,并不为docker容器进行任何网络配置。 也就是说,这个docker容器没有网卡、ip、路由等信息,只有一个lo需要我们自己为docker容器添加网卡、配置ip等。
容器以none网络运行:
docker run --network none 容器名/容器id
11.4.5 container网络模式
新建的容器和已经存在的一个容器共享一个网络ip配置而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的ip,而是和一个指定的容器共享ip、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。
容器以none网络运行:
(创建一个tomcat容器,再创建第二个tomcat容器,创建第二个容器的时候指定使用第一个tomcat容器的网络配置。)
docker run -d -p 8084:8080 --name t4 tomcat:8.0.19
docker run -d -p 8085:8080 --network container:t4 --name t5 tomcat:8.0.53
但是会提示端口号冲突,因为两台tomcat公用8080端口。
11.4.6 自定义网络模式
思考:两个容器之间可以互相ping对方的ip地址ping通(但是容器删掉之后,重新创建容器会生成不同的ip),但是可以互相ping对方的容器名ping通吗? 答案是不可以
docker多个容器之间的集群规划要使用服务名,因为ip是会变动(容器删掉之后,重新创建容器会生成不同的ip),使用自定义网络模式能够使用服务名进行通信
docker network create gq_network
docker run -d -p 8081:8080 --network gq_network --name t1 tomcat:8.0.19
docker run -d -p 8082:8080 --network gq_network --name t2 tomcat:8.0.19
进入容器t1,直接ping容器t2:ping t2
进入容器t2,直接ping容器t1:ping t1
发现互相都ping通了,测试成功
十二、docker-compose容器编排
12.1 docker-compose定义
docker-compose就是容器编排,负责实现对docker容器集群的快速编排。
docker-compose可以管理多个 docker 容器组成一个应用。你需要定义一个 yaml 格式的配置文件docker-compose.yml,写好多个容器之间的调用关系。然后,只要一个命令,就能同时启动/关闭这些容器
12.2 docker-compose作用
docker建议我们每一个容器中只运行一个服务,因为docker容器本身占用资源极少,所以最好是将每个服务单独的分割开来。但是这样我们又面临了一个问题?
如果我需要同时部署好多个服务,难道要每个服务单独写dockerfile然后在构建镜像,构建容器,这样工作量会和大。所以docker官方给我们提供了docker-compose多服务部署的工具
例如要实现一个web微服务项目,除了web服务容器本身,往往还需要再加上后端的数据库mysql服务容器,redis服务器,注册中心eureka,甚至还包括负载均衡容器等等。
compose允许用户通过一个单独的docker-compose.yml模板文件(yaml 格式)来定义一组相关联的应用容器为一个项目(project)。
可以很容易地用一个配置文件定义一个多容器的应用,然后使用一条指令安装这个应用的所有依赖,完成构建。docker-compose 解决了容器与容器之间如何管理编排的问题。
12.3 docker-compose安装
docker-compose官网:https://docs.docker.com/desktop/
(注意:新版docker自动安装了compose,直接输入下面的命令查看:)
docker compose version
12.4 docker-compose常用命令
12.5 docker-compose核心概念
12.6 docker-compose使用步骤
- 编写dockerfile定义各个微服务应用并构建出对应的镜像文件
- 使用 docker-compose.yml 定义一个完整业务单元,安排好整体应用中的各个容器服务。
- 最后,执行docker-compose up命令 来启动并运行整个应用程序,完成一键部署上线
12.7 使用compose部署springboot项目
以瑞吉外卖项目(优化版)为例:包含主从mysql以及redis
见十四章
十三、docker轻量级可视化工具protainer
13.1 protainer含义
portainer 是一款轻量级的应用,它提供了图形化界面,用于方便地管理docker环境,包括单机环境和集群环境。
13.2 protainer安装
docker pull portainer/portainer
第二步:根据portainer镜像创建容器实例
docker run -d -p 9000:9000 --name portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /www/portainer/data:/data \
-d portainer/portainer
设置账号和密码:admin gq333888
13.3 protainer中安装nginx
十四、部署springboot超详细步骤
14.1 例子1:主从mysql+redis
以瑞吉外卖项目(优化版)为例:包含主从mysql以及redis
14.1.1 观察项目的application.yml文件
观察项目的application.yml文件,查看需要配置哪些镜像
发现:需要配置两个mysql(主从复制),以及一个redis
两个mysql(主从复制的):
具体构造:见八、搭建mysql主从复制
一个redis:
具体构造见:7.3 redis
14.1.2 搭建mysql主从以及redis
搭建mysql主从:见八、搭建mysql主从复制
搭建redis见:7.3 redis
14.1.3 打包springboot项目为镜像并且启动容器
14.1.3.1 方式一:基于idea一键打包(推荐)
vim /usr/lib/systemd/system/docker.service
添加如下内容:
-h unix:///var/run/docker.sock -h tcp://0.0.0.0:2375
刷新:
#重新加载配置文件
systemctl daemon-reload
#重启服务
systemctl restart docker.service
#查看端口是否开启
netstat -nlpt
#如果找不到netstat命令,可进行安装。
yum install net-tools
#直接curl看是否生效
curl http://127.0.0.1:2375/info
<properties>
<!-- docker镜像前缀 -->
<docker.image.prefix>gq</docker.image.prefix>
</properties>
<build>
<plugins>
<plugin>
<groupid>org.springframework.boot</groupid>
<artifactid>spring-boot-maven-plugin</artifactid>
<version>2.6.6</version>
</plugin>
<!-- docker插件-->
<plugin>
<groupid>com.spotify</groupid>
<artifactid>docker-maven-plugin</artifactid>
<version>1.0.0</version>
<configuration>
<!-- 远程docker的地址 -->
<dockerhost>http://192.168.10.100:2375</dockerhost>
<!-- 镜像名称、前缀、项目名 -->
<imagename>${docker.image.prefix}/${project.artifactid}</imagename>
<!--镜像的标签(版本) 为maven中的version:<version>1.0-snapshot</version>-->
<imagetags>
<imagetag>${project.version}</imagetag>
</imagetags>
<!-- 基础镜像jdk 1.8-->
<baseimage>java</baseimage>
<!-- 制作者提供本人信息 -->
<maintainer>gaoqiang gaoqiangmath@163.com</maintainer>
<!--切换到/root目录 -->
<workdir>/root</workdir>
<!--创建镜像后,如果启动容器,执行的命令-->
<cmd>["java", "-version"]</cmd>
<entrypoint>["java", "-jar", "${project.build.finalname}.jar"]</entrypoint>
<!-- 这里是复制 jar 包到 docker 容器里面的指定目录配置 -->
<resources>
<resource>
<!--将jar包复制到docker容器里面的root目录下,注意不是宿主机-->
<targetpath>/root</targetpath>
<!--用于指定需要复制的根目录,${project.build.directory}表示target目录-->
<directory>${project.build.directory}</directory>
<!--用于指定需要复制的文件。${project.build.finalname}.jar指的是打包后的jar 包文件。-->
<include>${project.build.finalname}.jar</include>
</resource>
</resources>
</configuration>
</plugin>
</plugins>
</build>
5、对项目进行 打包。并构建镜像到docker 上。
(每次修改了代码后,想要再次打包,仅需要调整pom中version 即可,然后再次打包)
mvn clean package docker:build
查看镜像是否打包成功:
启动容器:
docker run -it --name=reggie_take_out gq/reggie_take_out:1.0-sanpshot
14.1.3.2 方式二:手动打包(不推荐)
手动打包也即:将springboot项目打包成jar包,放入到linux主机指定目录内,然后手动编辑dockerfile,打包成镜像:
将此jar包导入到服务器(linux主机)任意目录下,这里我导入到了/usr/local/jar/reggie目录下
在此目录下,新建dokcerfile文件。任意命名为:reggie_dockerfile,编辑:
#基础镜像使用java
from java:8
# 作者
maintainer gq
# 将jar包添加到容器/root目录下
add reggie_take_out-2.0-snapshot.jar /root/reggie_take_out-2.0-snapshot.jar
#设定工作目录为root下
workdir /root
# 运行jar包
entrypoint ["java","-jar","/reggie_take_out-2.0-snapshot.jar"]
cmd ["java", "-version"]
#暴露8080端口作为微服务
expose 8080
#命令格式
docker build -f 脚本文件名(默认dockerfile可以省略) -t 镜像名字 .(表示当前路径)
实际命令:
#命令格式
docker build -f reggie_dockerfile -t reggie:2.0
最后输入docker images 发现镜像打包成功
启动容器:
docker run -it --name=reggie_takeout 镜像id
发表评论