Introduction
Redis is an open-source in-memory data structure store. You can use it as a Memcached alternative to store simple key-value pairs, a NoSQL database, or even a message broker with the Pub-Sub pattern. This guide will show you how to install, configure, fine-tune, and secure Redis on Fedora 32.
Prerequisites
- A Fedora 32 server with enough free memory for Redis. One million small Key -> String-Value pairs use ~ 85 MB.
- Follow Rcs's best practices guides:
1. Install Redis
The Remi's RPM repo is a long-time and community-trusted repo for Fedora. Its Redis package is usually newer than Fedora's Redis package.
Enable the repo:
$ sudo dnf install https://rpms.remirepo.net/fedora/remi-release-32.rpm -y
List all available Redis packages in the Remi repo:
$ dnf repository-packages remi list --available | egrep ^redis
The result should look like this:
redis.x86_64 6.0.8-1.fc32.remi remi redis-devel.x86_64 6.0.8-1.fc32.remi remi redis-doc.noarch 6.0.8-1.fc32.remi remi
The values in the first column are package names. The values in the second column correspond to package versions.
Install Redis using its package name:
$ sudo dnf --enablerepo=remi install redis.x86_64 -y
Enable the Redis service to start at boot time:
$ sudo systemctl enable redis.service
Start Redis:
$ sudo systemctl start redis.service
2. Configure Redis
Open the Redis configuration file in your favorite editor:
$ sudo nano /etc/redis.conf
Set the desired memory capacity for your application:
maxmemory 128mb
By default, when maxmemory is reached, Redis will stop writing new data. If you want Redis to write new data by removing old data automatically, you have to tell Redis how to remove it. The allkeys-lru eviction policy is the right choice for most users. Add the following line:
maxmemory-policy allkeys-lru
Learn more about eviction methods here.
Set the save-to-disk policy.
By default, Redis will save its in-memory data on disk after a specified period or a specified number of write operations against the DB. The default settings are:
save 900 1 save 300 10 save 60 10000
That means saving will occur:
- after 900 sec (15 min) if at least 1 key changed
- after 300 sec (5 min) if at least 10 keys changed
- after 60 sec if at least 10000 keys changed
With the default settings above, Redis will restore your previous in-memory data to memory every time it restarts. If you don't need this feature, you can disable it entirely by commenting out those lines:
# save 900 1 # save 300 10 # save 60 10000
If you decide to keep this feature, you should upgrade the server to a bigger plan or add an appropriate Linux swap file to ensure that Redis's memory is double the maxmemory declared above. Otherwise, in the worst-case scenario, when the maxmemory is reached, the saving process can cause your server to run out of memory.
Save and close the configuration file, then restart Redis to apply the changes:
$ sudo systemctl restart redis.service
3. Fine-Tune the System
Each time Redis saves its data from memory to disk, it forks a new process from the main process to do this, resulting in a double memory footprint for Redis, causing data saving to fail if the amount of available memory is insufficient. To fix this issue, enter the following command:
$ echo 'vm.overcommit_memory = 1' | sudo tee -a /etc/sysctl.conf > /dev/null
Reload the sysctl values:
$ sudo sysctl -p
Transparent Huge Pages (THP) is a Linux memory management system that, when enabled, will create latency and memory usage issues with Redis. So, you will create a systemd service to disable THP at boot time before starting the Redis service.
Create the configuration file for the systemd service:
$ sudo nano /etc/systemd/system/disable-transparent-hugepage.service
Paste the following text into the file:
[Unit] Description=Disable Transparent Huge Pages (THP) for Redis. Before=redis.service [Service] Type=exec ExecStart=/bin/sh -c 'echo never | tee /sys/kernel/mm/transparent_hugepage/enabled > /dev/null' [Install] WantedBy=multi-user.target
Save and close the file, then enable the service:
$ sudo systemctl enable disable-transparent-hugepage.service
4. Verify the Setup
Restart the Redis server:
$ sudo reboot
After the server restarts, check the Redis log file to ensure there are not any warnings:
$ sudo tail -25 /var/log/redis/redis.log
Use the redis-cli program to connect to Redis through the default loopback IP 127.0.0.1 and port 6379:
$ redis-cli -h 127.0.0.1 -p 6379
If the connection succeeds, you will see the Redis command prompt:
127.0.0.1:6379>
Enter some Redis commands to ensure it works:
set testkey testvalue get testkey exit
If you see the following result, then Redis is working correctly:
127.0.0.1:6379> set testkey testvalue OK 127.0.0.1:6379> get testkey "testvalue" 127.0.0.1:6379> exit
5. (Optional) Configure Redis for Private Network Access
If you set up a production environment with multiple servers for your application, the application servers need access to the Redis server. It's recommended to use a private network for safety.
Configure the private network
Follow this guide to enable and configure a private network for this Redis server and the application servers that need to communicate with Redis.
Update the firewalld service to allow incoming connections from the private network:
$ sudo firewall-cmd --permanent --zone=trusted --change-interface=ens7
Delay the redis service start-up until the private interface is up and the IP address is assigned.
Fedora 32 uses NetworkManager to configure the network, so the NetworkManager-wait-online service must be enabled:
$ sudo systemctl enable NetworkManager-wait-online.service
Edit the redis service:
$ sudo systemctl edit redis.service
systemctl will invoke the default text editor for you. Paste the following text into the editor, then save and close it:
[Unit] After=network-online.target Wants=network-online.target
Edit the Redis configuration file:
$ sudo nano /etc/redis.conf
Add the private IP address that Redis should bind to. For example, if Redis should bind to both the internal loopback (127.0.0.1) and a private IP address (192.168.0.100):
bind 127.0.0.1 192.168.0.100
Save and close the configuration file, then restart Redis to apply the changes:
$ sudo systemctl restart redis.service
Test the private network
Connect to one of your application servers on your private network via SSH.
Assuming the application server is also Fedora 32, temporarily install the Redis package to get the redis-cli software.
$ sudo dnf install redis
Use the redis-cli program to connect to the Redis server through the private IP 192.168.0.100 and port 6379:.
$ redis-cli -h 192.168.0.100 -p 6379
If the connection succeeds, you will see the Redis command prompt:
192.168.0.100:6379>
Enter some Redis commands to ensure it works:
set testkey testvalue get testkey exit
If you see the following result, then Redis is working correctly.
192.168.0.100:6379> set testkey testvalue OK 192.168.0.100:6379> get testkey "testvalue" 192.168.0.100:6379> exit
Uninstall the Redis package on the application server.
$ sudo dnf remove redis
Conclusion
To learn more about Redis, see these resources: