1 Install on Linux
Create user redis. This user will be used to start software in a non privileged mode.
$ adduser redis -d /home/redis
Install required packages to compile and install Redis and Extensions:
$ hostnamectl | grep System
On CentOS 7:
yum install wget gcc make cmake git python2 python2-pip systemd-devel libarchive
On CentOS 8:
dnf install wget gcc make cmake git python2 python2-pip systemd-devel libarchive
In CentOS 8, default python is version 3, but Redis require python2 to work. You'll ned to link version 2 executables to default python names:
ln -s /usr/bin/pip2 /usr/bin/pip ln -s /usr/bin/python2.7 /usr/bin/python
Redis only required GCC and GLIBC packages to build from Source. Run below set of commands to download the latest source code and install Redis latest version on the Linux system.
redis-stable.tar.gzYou can download the tested version from here
# su - redis $ wget http://download.redis.io/redis-stable.tar.gz $ tar xvzf redis-stable.tar.gz $ cd redis-stable
Run below commands to compile redis from source and install.
As root user:
$ su $ make BUILD_WITH_SYSTEMD=yes USE_SYSTEMD=yes $ make install
2 Configure operating system parameters
Configure kernel parameters for improbe REDIS performance. Edit
and add/change this parameters:
# Allow 65535 connections instead of 128 as before. net.core.somaxconn=65535 # Redis Background save may fail under low memory condition if overcommit_memory is 0 vm.overcommit_memory=1
Run the command:
Having Transparent Huge Pages (THP) support enabled in your kernel will create latency and memory usage issues with Redis. To fix this issue you need to disable TPH at the operating system level by executing some commands when system starts.
In order to disable them on system startup, you need to add Systemd Unit file with script that will disable THP.
Create following file:
sudo vi /etc/systemd/system/disable-thp.service
and paste there following content:
[Unit] Description=Disable Transparent Huge Pages (THP) [Service] Type=simple ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag" [Install] WantedBy=multi-user.target
Save the file and reload SystemD daemon:
sudo systemctl daemon-reload
Than you can start the script and enable it on boot level:
sudo systemctl enable disable-thp --now
Install this libraries as user root:
dnf install gcc-c++
From redis directory download RediSearch code from git.
RediSearch.tarYou can download the tested version from here
su - redis cd /home/redis git clone https://github.com/RediSearch/RediSearch.git cd RediSearch ls -l
From RediSearch create a build directory and from it, run
mkdir build cd build cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo
When running the command
cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo if the gcc-c++ is not installed
you will get the following error:
CMake Error at CMakeLists.txt:6 (project): No CMAKE_CXX_COMPILER could be found. Tell CMake where to find the compiler by setting either the environment variable "CXX" or the CMake cache entry CMAKE_CXX_COMPILER to the full path to the compiler, or to the compiler name if it is in the PATH. Error: --system-information failed on internal CMake!
To solve the problem you can run the follwoing command:
yum install gcc-c++
Go back to RediSearch directory and from it, run
Run this commands with root privileges or user root:
su cd /home/redis/RediSearch make
When building RediSearch, the following error may appear:
Makefile:3: deps/readies/mk/main: No such file or directory Makefile:105: /defs: No such file or directory Makefile:109: /rules: No such file or directory ./pack.sh: line 54: /home/redis/RediSearch/deps/readies/shibumi/functions: No such file or directory ./pack.sh: line 54: /home/redis/RediSearch/deps/readies/shibumi/functions: No such file or directory make: *** No rule to make target `/rules'. Stop.
This is because there are files that haven't been cloned correctly with the git clone command.
In order to fix this, run the following commands:
cd /home/redis/RediSearch/deps/ rm -rf readies/ git clone https://github.com/RedisLabsModules/readies.git
Now the readies folder should have the following files:
And run again:
cd /home/redis/RediSearch make
redisearch.sofile in build directory.
6 Linux firewall
From a local connection (calls from the same server) is not necessary to implement any rule in the firewall.
On the other hand, in order to restrict access and avoid opening to the entire network, if it is necessary to call the redis service from other machines, we will add a rule to only allow the IPs of those machines
For example, if we have 2 balanced application servers that use redis, we add the rule for the IP of the paired server ( not for our own)
Make sure you do it in the area corresponding to where the redis service runs. At the following example the IP 220.127.116.11 is from another server allowed connections to the redis server running at the own server.
firewall-cmd --permanent --zone=public --remove-port=6379/tcp firewall-cmd --permanent --zone=internal --remove-port=6379/tcp firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="18.104.22.168/32" port protocol="tcp" port="6379" accept' firewall-cmd --reload firewall-cmd --list-all-zones
7 Start Redis with ReadiSeach
redisearch.so to /home/redis/bin/
mkdir -p /home/redis/bin/ # Option 1 cp build/redisearch.so /home/redis/bin/ # Option 2 cp bin/linux-x64-release/search/redisearch.so /home/redis/bin/
redis-server --loadmodule /home/redis/bin/redisearch.so
To test Redisearch, from another console you can execute:
Edit the file redis.conf to set the following parameters:
- By default, if no "bind" configuration directive is specified, Redis listens for connections from all available network interfaces on the host machine.
Ensure that the "bind" parameter is uncommented and defined to the IP for the localhost (to allow connections from zabbix agent) and the own redis server (192.168.50.121 is an example):
bind localhost 192.168.50.121
- Specify the working directory ("/home/redis" or the corresponding one in your installation):
Then uncomment it and change foobared to your password. Make sure you choose something pretty long, 32 characters or so would probably be good, it's easy for an outside user to guess upwards of 150k passwords a second.
By default protected mode is enabled. You should disable it only if you are sure you want clients from other hosts to connect to Redis
even if no authentication is configured, nor a specific set of interfaces are explicitly listed using the "bind" directive. Maintain active.
In order to start redis with Redisearch module you must specify the library path in the loadmodule parameter ("/home/redis/bin/redisearch.so" or the corresponding one in your installation):
This values will be configured at Studio configuration database.
9 Systemd and Selinux
Stablish the work directory where user redis have permissions as for example /home/redis (or /data/redis). Edit the file redis.conf and modify "dir" argument:
# The working directory. # # The DB will be written inside this directory, with the filename specified # above using the 'dbfilename' configuration directive. # # The Append Only File will also be created inside this directory. # # Note that you must specify a directory here, not a file name. dir /home/redis
To run redis under systemd, you need to set supervised systemd. There is two ways
- At redis.conf modify the value for "supervised"
- Or add to the redis-server.service the flag "--supervised systemd" to the ExecStart. This is the preferred mode.
Create the new file
[Unit] Description=Redis Server After=network.target [Service] Type=notify LimitNOFILE=64000 PIDFile=/home/redis/redis.pid User=redis PermissionsStartOnly=true ExecStartPre=-/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' ExecStartPre=/usr/bin/mkdir -p /home/redis/log ## ExecStart=/usr/local/bin/redis-server /home/redis/redis-stable/redis.conf --supervised systemd ExecStart=/home/redis/redis-stable/src/redis-server /home/redis/redis-stable/redis.conf --supervised systemd ExecStop=/bin/kill -15 $MAINPID Restart=on-failure TimeoutStartSec=600 # RestartSec=180s [Install] WantedBy=multi-user.target
systemctl enable redis-server --now
Check the status
systemctl status redis-server
If the service does not starts, you can find the possible issue on selinux policies
chcon -R -t bin_t /home/redis/redis-stable/src semanage fcontext -a -t bin_t "/home/redis/redis-stable/src(/.*)?" restorecon -r -v /home/redis/redis-stable/src
Add to /etc/systemd/system/redis-server.service:Copy
systemctl restart redis-server systemctl status redis-server