Skip to main content

Install Redis & Configure Replication

We install the same two packages on all three nodes, then point the two replicas at the primary.

Install Redis and Sentinel (all three nodes)

sudo apt-get update
sudo apt-get install -y redis-server redis-sentinel
redis-server --version
# Redis server v=8.0.5 sha=00000000:0 malloc=jemalloc-5.3.0 bits=64

Ubuntu ships redis-server and redis-sentinel as separate packages, each with its own systemd unit (redis-server.service, redis-sentinel.service) and config file (/etc/redis/redis.conf, /etc/redis/sentinel.conf). No third-party repository is needed.

Configure the primary — redis-sv01

Three changes matter in /etc/redis/redis.conf: listen on the network, require a password, and set the same password for replication auth (so this node can act as a replica after a future failover).

# redis-sv01
sudo sed -i 's/^bind .*/bind 0.0.0.0 -::1/' /etc/redis/redis.conf
sudo tee -a /etc/redis/redis.conf >/dev/null <<'EOF'

# --- HA settings ---
requirepass ChangeMe_RedisPass
masterauth  ChangeMe_RedisPass
EOF
  • bind 0.0.0.0 -::1 — listen on all IPv4 interfaces (we drop IPv6 here for simplicity). protected-mode stays yes; because we set requirepass, that is safe.
  • requirepass — clients, Sentinels, and replicas must authenticate.
  • masterauth — the password this node uses when it is itself a replica. Every node needs it, because any node can become a replica after a failover.

Open the port to your subnet and (re)start:

sudo ufw allow from 10.100.100.0/24 to any port 6379 proto tcp
sudo systemctl enable --now redis-server
sudo systemctl restart redis-server

Configure the replicas — redis-sv02 and redis-sv03

Identical to the primary, plus one line telling them to replicate from redis-sv01:

# redis-sv02 and redis-sv03
sudo sed -i 's/^bind .*/bind 0.0.0.0 -::1/' /etc/redis/redis.conf
sudo tee -a /etc/redis/redis.conf >/dev/null <<'EOF'

# --- HA settings ---
requirepass ChangeMe_RedisPass
masterauth  ChangeMe_RedisPass
replicaof 10.100.100.101 6379
EOF
sudo ufw allow from 10.100.100.0/24 to any port 6379 proto tcp
sudo systemctl enable --now redis-server
sudo systemctl restart redis-server

replicaof is only the bootstrap starting point. After the first failover, Sentinel rewrites this line on every node to point at whoever is primary — you never manage it by hand again.

Verify replication

From the primary:

redis-cli -a ChangeMe_RedisPass --no-auth-warning info replication

role:master
connected_slaves:2
slave0:ip=10.100.100.102,port=6379,state=online,offset=0,lag=0
slave1:ip=10.100.100.103,port=6379,state=online,offset=0,lag=1

Two replicas, both state=online. Write on the primary and read it back on a replica to confirm data flows:

# on the primary
redis-cli -a ChangeMe_RedisPass --no-auth-warning set hello world
# on a replica (read-only)
redis-cli -h 10.100.100.102 -a ChangeMe_RedisPass --no-auth-warning get hello
# -> "world"

A replica refuses writes by default (replica-read-only yes) — exactly what you want.

No comments to display

Back to top