From 5ce20c34857eedc3fa6c96de03c60f806b097a5e Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Tue, 30 Sep 2025 13:44:21 -0400 Subject: [PATCH 1/2] Configuration optimizations --- roles/redis/templates/redis.conf.j2 | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/redis/templates/redis.conf.j2 b/roles/redis/templates/redis.conf.j2 index 387e474e..0004d7b7 100644 --- a/roles/redis/templates/redis.conf.j2 +++ b/roles/redis/templates/redis.conf.j2 @@ -663,6 +663,7 @@ repl-disable-tcp-nodelay no # The backlog is only allocated if there is at least one replica connected. # # repl-backlog-size 1mb +repl-backlog-size 536870912 # After a master has no connected replicas for some time, the backlog will be # freed. The following option configures the amount of seconds that need to @@ -727,6 +728,7 @@ replica-priority 100 # min-replicas-max-lag is set to 10. {% if redis_replication_enabled | bool %} min-replicas-to-write 1 +min-replicas-max-lag 30 {% endif %} # A Redis master is able to list the address and port of the attached @@ -903,11 +905,11 @@ replica-announce-port {{ redis_port }} {% if redis_auth_enabled %} user default off user admin on allkeys allchannels allcommands >{{ redis_user_admin_password }} -user itential on allkeys allchannels allcommands -asking -cluster -readonly -readwrite -bgrewriteaof -bgsave -failover -flushall -flushdb -psync -replconf -replicaof -save -shutdown -sync >{{ redis_user_itential_password }} +user itential on ~* &* -@all +@read +@write +@scripting +@connection +@pubsub +script|load +script|exists -script|flush -flushall -flushdb -save -bgsave -bgrewriteaof -replicaof -psync -replconf -shutdown -failover -cluster -asking -sync -readonly -readwrite +info +role >{{ redis_user_itential_password }} user prometheus on -@all +@connection +memory -readonly +strlen +config|get +xinfo +pfcount +zcard +type +xlen -readwrite -command +client -wait +scard +llen +hlen +get +eval +slowlog +cluster|info -hello -echo +info +latency +scan -reset -auth -asking >{{ redis_user_prometheus_password }} {% if redis_replication_enabled %} user repluser on allchannels +psync +replconf +ping >{{ redis_user_repluser_password }} -user sentineluser on allchannels +multi +slaveof +ping +exec +subscribe +config|rewrite +role +publish +info +client|setname +client|kill +script|kill >{{ redis_user_sentineluser_password }} +user sentineluser on &* -@all +slaveof +ping +info +role +publish +subscribe +psubscribe +punsubscribe +client|setname +client|kill +multi +exec +replicaof +script|kill +config|rewrite >{{ redis_user_sentineluser_password }} {% endif %} {% endif %} @@ -1343,7 +1345,7 @@ appendfsync everysec # If you have latency problems turn this to "yes". Otherwise leave it as # "no" that is the safest pick from the point of view of durability. -no-appendfsync-on-rewrite no +no-appendfsync-on-rewrite yes # Automatic rewrite of the append only file. # Redis is able to automatically rewrite the log file implicitly calling @@ -1879,7 +1881,7 @@ activerehashing yes # # Both the hard or the soft limit can be disabled by setting them to zero. client-output-buffer-limit normal 0 0 0 -client-output-buffer-limit replica 256mb 64mb 60 +client-output-buffer-limit replica 512mb 128mb 60 client-output-buffer-limit pubsub 32mb 8mb 60 # Client query buffers accumulate new commands. They are limited to a fixed From c25032ddddc9b319493e5067218aa7a3b197388b Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Thu, 11 Dec 2025 06:44:32 -0500 Subject: [PATCH 2/2] Adjust Redis configuration templates --- roles/redis/templates/redis.conf.j2 | 8 +++++--- roles/redis/templates/sentinel.conf.j2 | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/redis/templates/redis.conf.j2 b/roles/redis/templates/redis.conf.j2 index 0004d7b7..6d807084 100644 --- a/roles/redis/templates/redis.conf.j2 +++ b/roles/redis/templates/redis.conf.j2 @@ -145,7 +145,7 @@ timeout 0 # # A reasonable value for this option is 300 seconds, which is the new # Redis default starting with Redis 3.2.1. -tcp-keepalive 300 +tcp-keepalive 60 ################################# TLS/SSL ##################################### @@ -622,6 +622,7 @@ repl-diskless-load disabled # value is 10 seconds. # # repl-ping-replica-period 10 +repl-ping-replica-period 5 # The following option sets the replication timeout for: # @@ -635,6 +636,7 @@ repl-diskless-load disabled # value is 60 seconds. # # repl-timeout 60 +repl-timeout 30 # Disable TCP_NODELAY on the replica socket after SYNC? # @@ -728,7 +730,7 @@ replica-priority 100 # min-replicas-max-lag is set to 10. {% if redis_replication_enabled | bool %} min-replicas-to-write 1 -min-replicas-max-lag 30 +min-replicas-max-lag 10 {% endif %} # A Redis master is able to list the address and port of the attached @@ -905,7 +907,7 @@ replica-announce-port {{ redis_port }} {% if redis_auth_enabled %} user default off user admin on allkeys allchannels allcommands >{{ redis_user_admin_password }} -user itential on ~* &* -@all +@read +@write +@scripting +@connection +@pubsub +script|load +script|exists -script|flush -flushall -flushdb -save -bgsave -bgrewriteaof -replicaof -psync -replconf -shutdown -failover -cluster -asking -sync -readonly -readwrite +info +role >{{ redis_user_itential_password }} +user itential on ~* &* -@all +@read +@write +@stream +@transaction +@sortedset +@list +@hash +@string +@fast +@scripting +@connection +@pubsub +script|load +script|exists -script|flush -flushall -flushdb -save -bgsave -bgrewriteaof -replicaof -psync -replconf -shutdown -failover -cluster -asking -sync -readonly -readwrite +info +role >{{ redis_user_itential_password }} user prometheus on -@all +@connection +memory -readonly +strlen +config|get +xinfo +pfcount +zcard +type +xlen -readwrite -command +client -wait +scard +llen +hlen +get +eval +slowlog +cluster|info -hello -echo +info +latency +scan -reset -auth -asking >{{ redis_user_prometheus_password }} {% if redis_replication_enabled %} user repluser on allchannels +psync +replconf +ping >{{ redis_user_repluser_password }} diff --git a/roles/redis/templates/sentinel.conf.j2 b/roles/redis/templates/sentinel.conf.j2 index fbb0b532..a40fd02d 100644 --- a/roles/redis/templates/sentinel.conf.j2 +++ b/roles/redis/templates/sentinel.conf.j2 @@ -133,7 +133,7 @@ user sentineluser on >{{ redis_user_sentineluser_password }} &* -@all +auth +cli # Down). # # Default is 30 seconds. -sentinel down-after-milliseconds {{ redis_master_name }} 10000 +sentinel down-after-milliseconds {{ redis_master_name }} 5000 # IMPORTANT NOTE: starting with Redis 6.2 ACL capability is supported for # Sentinel mode, please refer to the Redis website https://redis.io/topics/acl @@ -237,7 +237,7 @@ sentinel parallel-syncs {{ redis_master_name }} 1 # the exact parallel-syncs progression as specified. # # Default is 3 minutes. -sentinel failover-timeout {{ redis_master_name }} 30000 +sentinel failover-timeout {{ redis_master_name }} 60000 # SCRIPTS EXECUTION #