Install and Configure Redis® on CentOS 8
Introduction
Redis® is an open-source in-memory data structure store. You can use it as a Memcached alternative to store simple key-value pairs, as a NoSQL database, or even a message broker with the Pub-Sub pattern. This guide will show you how to install, configure, fine-tune, and secure Redis® on CentOS 8.
Prerequisites
- A CentOS 8 server with enough free memory for Redis®. 1 million small Key -> String-Value pairs use ~ 85 MB.
- Follow Vultr's best practices guides:
1. Install Redis®
The Remi's RPM repo is a long-time and community-trusted repo for CentOS. Its Redis® package is usually newer than CentOS's Redis® package.
Enable the repo:
$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -yList all available Redis® packages in the Remi repo.
$ dnf module list | grep redisThe result should look like this:
redis 5 [d] common [d] Redis persistent key-value database redis remi-5.0 common [d] Redis persistent key-value database redis remi-6.0 common [d] Redis persistent key-value databaseThe values in the second column above correspond to major versions of Redis®.
Assuming the latest major version is 6.0, install that version:
$ sudo dnf module install redis:remi-6.0 -yEnable the Redis® service to start at boot time.
$ sudo systemctl enable redis.serviceStart Redis®.
$ sudo systemctl start redis.service
2. Configure Redis®
Open the Redis® configuration file in your favorite editor:
$ sudo nano /etc/redis.confSet the desired memory capacity for your application.
maxmemory 128mbBy default, when maxmemory is reached, Redis® will stop writing new data. If you want Redis® to write new data by removing old data automatically, you have to tell Redis® how to remove it. The allkeys-lru eviction policy is a good choice for most users. Add the following line:
maxmemory-policy allkeys-lruLearn more about eviction methods here.
Set the save-to-disk policy.
By default, Redis® will save its in-memory data on disk after a specified period or a specified number of write operations against the DB. The default settings are:
save 900 1 save 300 10 save 60 10000That means saving will occur:
- after 900 sec (15 min) if at least 1 key changed
- after 300 sec (5 min) if at least 10 keys changed
- after 60 sec if at least 10000 keys changed
With the default settings above, Redis® will load the saved data into memory every time it restarts. So your previous in-memory data will be restored. If you don't need this feature, you can disable it entirely by commenting out those lines:
# save 900 1 # save 300 10 # save 60 10000If you decide to keep this feature, you should upgrade the server to a bigger plan or add an appropriate Linux swap file to ensure that Redis® memory is double the maxmemory declared above. Otherwise, in the worst-case scenario, when the maxmemory is reached, the saving process can cause your server to run out of memory.
Save and close the configuration file, then restart Redis® to apply the changes.
$ sudo systemctl restart redis.service
3. Fine-Tune the System
Check the Redis® log file:
$ sudo tail /var/log/redis/redis.logYou will see some information like this:
5228:M 15 Aug 2020 04:14:29.133 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. 5228:M 15 Aug 2020 04:14:29.133 # Server initialized 5228:M 15 Aug 2020 04:14:29.133 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 5228:M 15 Aug 2020 04:14:29.133 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.To fix the first warning, enter the following command.
$ echo 'net.core.somaxconn = 512' | sudo tee -a /etc/sysctl.conf > /dev/nullTo fix the second warning, enter the following command.
$ echo 'vm.overcommit_memory = 1' | sudo tee -a /etc/sysctl.conf > /dev/nullReload the sysctl values.
$ sudo sysctl -pTo fix the last warning, you need to disable transparent hugepages at boot time before starting the Redis® service.
Create a new script file:
$ sudo nano /usr/bin/disable-transparent-hugepagePaste the following text into the file:
#!/bin/bash echo never > /sys/kernel/mm/transparent_hugepage/enabled exit 0Save and close the file, then make it runnable and owned by the root account:
$ sudo chown root:root /usr/bin/disable-transparent-hugepage $ sudo chmod 770 /usr/bin/disable-transparent-hugepageNext, create the configuration file for the systemd service that will call the script at boot time:
$ sudo nano /etc/systemd/system/disable-transparent-hugepage.servicePaste the following text into the file:
[Unit] Description=Disable Transparent Huge Pages (THP) for Redis. Before=redis.service [Service] Type=exec ExecStart=/usr/bin/disable-transparent-hugepage [Install] WantedBy=multi-user.targetSave and close the file, then enable the service:
$ sudo systemctl enable disable-transparent-hugepage.service
4. Verify the Setup
Restart the Redis® server:
$ sudo rebootAfter the server restarts, check the Redis® log file to ensure there are not any warnings:
$ sudo tail /var/log/redis/redis.logUse the redis-cli program to connect to Redis® through the default loopback IP 127.0.0.1 and port 6379.
$ redis-cli -h 127.0.0.1 -p 6379If the connection succeeds, you will see the Redis® command prompt:
127.0.0.1:6379>Enter some Redis® commands to ensure it works:
set testkey testvalue get testkey exitIf you see the following result, then Redis® is working correctly.
127.0.0.1:6379> set testkey testvalue OK 127.0.0.1:6379> get testkey "testvalue" 127.0.0.1:6379> exit
5. (Optional) Configure Redis® for Private Network Access
If you set up a production environment with multiple servers for your application, the application servers need access to the Redis® server. It's recommended to use a private network for safety.
Configure the private network
Follow this guide to enable and configure a private network for this Redis® server and the application servers that need to communicate with Redis®.
Update the firewalld service to allow incoming connections from the private network:
$ sudo firewall-cmd --permanent --zone=trusted --change-interface=ens7Create a systemd service to delay the Redis® start-up until the private interface is up and IP address is assigned.
$ sudo nano /etc/systemd/system/redis.service.d/wait-for-ips.confPaste the following text into the file, then save and close it:
[Unit] After=network-online.target Wants=network-online.targetEdit the Redis® configuration file.
$ sudo nano /etc/redis.confAdd the private IP address that Redis® should bind to. For example, if Redis® should bind to both the internal loopback (127.0.0.1) and a private IP address (192.168.0.100):
bind 127.0.0.1 192.168.0.100Save and close the configuration file.
Restart Redis® to apply the changes.
$ sudo systemctl restart redis.service
Test the private network
Connect to one of your application servers on your private network via SSH.
Assuming the application server is also CentOS 8, temporarily install Redis® to get the redis-cli software.
$ sudo dnf install redisUse the redis-cli program to connect to the Redis® server.
$ redis-cli -h 192.168.0.100 -p 6379If the connection succeeds, you will see the Redis® command prompt:
192.168.0.100:6379>Enter some Redis® commands to ensure it works:
set testkey testvalue get testkey exitIf you see the following result, then Redis® is working correctly.
127.0.0.1:6379> set testkey testvalue OK 127.0.0.1:6379> get testkey "testvalue" 127.0.0.1:6379> exitUninstall the redis package on the application server.
$ sudo dnf remove redis
Conclusion
To learn more about Redis®, see these resources: