Redis-安装与配置

安装

Ubuntu
```
sudo apt install redis
```

安装完毕会自动创建一个 systemd 守护进程

 walkerjun@walkerjun:~$ systemctl status redis
  ● redis-server.service - Advanced key-value store
       Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; preset: enabled)
       Active: active (running) since Sun 2023-12-10 13:15:39 CST; 5h 37min ago
         Docs: http://redis.io/documentation,
               man:redis-server(1)
     Main PID: 1022 (redis-server)
       Status: "Ready to accept connections"
        Tasks: 5 (limit: 18763)
       Memory: 6.8M
          CPU: 1.838s
       CGroup: /system.slice/redis-server.service
               └─1022 "/usr/bin/redis-server 127.0.0.1:34679"

  12月 10 13:15:39 walkerjun systemd[1]: Starting redis-server.service - Advanced key-value store...
  12月 10 13:15:39 walkerjun systemd[1]: Started redis-server.service - Advanced key-value store.

查看 service 文件, redis 通过配置文件 /etc/redis/redis.conf 启动, 其中包含 port, 等配置, 可以修改再重启 systemd service, 很方便

walkerjun@walkerjun:~$ cat /lib/systemd/system/redis-server.service
[Unit]
Description=Advanced key-value store
After=network.target
Documentation=http://redis.io/documentation, man:redis-server(1)

[Service]
Type=notify
ExecStart=/usr/bin/redis-server /etc/redis/redis.conf --supervised systemd --daemonize no
PIDFile=/run/redis/redis-server.pid
TimeoutStopSec=0
Restart=always
User=redis

配置文件配置 `/etc/redis/redis.conf`

端口

# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 34679

持久化配置

`append-only file` (`AOF`)

在发生写入操作时, 则记录下来, 很靠谱的记录方式, 即使在发生机器断电或者 oom情况下, 也能保证数据不丢失

#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check https://redis.io/topics/persistence for more information.

appendonly yes

`redis database` (`RDB`)

通过保存快照实现, 触发快照保存的条件是: 过了 n 秒之后, 发生了 i 次更改的话, 则保存一个快照. 如果在这个条件没有满足前, 发生类似断电的情况的话, 就会有数据丢失的隐患

################################ SNAPSHOTTING  ################################

# Save the DB to disk.
#
# save <seconds> <changes> [<seconds> <changes> ...]
#
# Redis will save the DB if the given number of seconds elapsed and it
# surpassed the given number of write operations against the DB.
#
# Snapshotting can be completely disabled with a single empty string argument
# as in following example:
#
# save ""
#
# Unless specified otherwise, by default Redis will save the DB:
#   * After 3600 seconds (an hour) if at least 1 change was performed
#   * After 300 seconds (5 minutes) if at least 100 changes were performed
#   * After 60 seconds if at least 10000 changes were performed
#
# You can set these explicitly by uncommenting the following line.
#
# save 3600 1 300 100 60 10000

aclfile 配置

用来单独存放 acl 数据的文件, 建议使用, 因为用户密码这种敏感数据可以通过加密方式存储在 acl file 文件里

 # Using an external ACL file
 #
 # Instead of configuring users here in this file, it is possible to use
 # a stand-alone file just listing users. The two methods cannot be mixed:
 # if you configure users here and at the same time you activate the external
 # ACL file, the server will refuse to start.
 #
 # The format of the external ACL user file is exactly the same as the
 # format that is used inside redis.conf to describe users.
 #
 aclfile /etc/redis/users.acl

[注意事项]
* 第一次需要先创建该文件, 否则 redis 服务无法成功启动, sudo touch /etc/redis/users.acl
* 如上述英文文档中所述, 如果使用了 acl 文件, 就不能在 redis.conf 中配置用户了, 否则无法正常启动

命令行操作工具 `redis-cli`

可使用 redis-cli 登录服务器

walkerjun@walkerjun:~$ redis-cli
127.0.0.1:6379>

ACL 命令

ACL HELP

127.0.0.1:6379> ACL HELP
 1) ACL <subcommand> [<arg> [value] [opt] ...]. Subcommands are:
 2) CAT [<category>]
 3)     List all commands that belong to <category>, or all command categories
 4)     when no category is specified.
 5) DELUSER <username> [<username> ...]
 6)     Delete a list of users.
 7) DRYRUN <username> <command> [<arg> ...]
 8)     Returns whether the user can execute the given command without executing the command.
 9) GETUSER <username>
10)     Get the user's details.
11) GENPASS [<bits>]
12)     Generate a secure 256-bit user password. The optional `bits` argument can
13)     be used to specify a different size.
14) LIST
15)     Show users details in config file format.
16) LOAD
17)     Reload users from the ACL file.
18) LOG [<count> | RESET]
19)     Show the ACL log entries.
20) SAVE
21)     Save the current config to the ACL file.
22) SETUSER <username> <attribute> [<attribute> ...]
23)     Create or modify a user with the specified attributes.
24) USERS
25)     List all the registered usernames.
26) WHOAMI
27)     Return the current connection username.
28) HELP
29)     Prints this help.

用户操作

查看用户列表

127.0.0.1:6379> ACL LIST
1) "user default on nopass ~* &* +@all"

查看当前用户
```
127.0.0.1:6379> ACL WHOAMI
"default"
```

添加/删除用户

127.0.0.1:6379> ACL SETUSER walkerjun
OK
127.0.0.1:6379> 
127.0.0.1:6379> ACL LIST
1) "user default on nopass ~* &* +@all"
2) "user walkerjun off resetchannels -@all"
127.0.0.1:6379> ACL DElUSER walkerjun
(integer) 1
 127.0.0.1:6379> 
127.0.0.1:6379> ACL LIST
1) "user default on nopass ~* &* +@all"
 127.0.0.1:6379> ACL SAVE
 OK

这里添加的用户没有任何权限

用户权限操作

简单权限配置

添加用户, 带密码, 并且限制只能使用 GET 命令, 而且只能获取以 cache: 开头的 key
```
127.0.0.1:6379> acl setuser walkerjun on >test123 ~cached:* +get
OK
127.0.0.1:6379> ACL SAVE
OK
```
这条命令:
- 添加了用户 walkerjun,
- 设置了用户状态为 on,
- 设置了密码为 test123
- 设置了获取key的模式为以 cached: 开头
- 设置了 get 命令的权限且仅有该权限
- ACL SAVE 设置了保存了这个 acl 配置, 注意这个操作, 需要提前在 redis.conf 中设置好 aclfile, 这个在上面的 aclfile 配置 中有描述

切换到新用户

auth walkerjun test123

验证上面配置权限

127.0.0.1:6379> auth walkerjun test123
OK
127.0.0.1:6379> 
127.0.0.1:6379> get testkey
(error) NOPERM this user has no permissions to access one of the keys used as arguments
# 没有权限
127.0.0.1:6379> 
127.0.0.1:6379> 
127.0.0.1:6379> get cached:test_key  
(nil)  # 没有报错, 有权限, 但是不存在这个 key, 显示为 nil

127.0.0.1:6379> 
127.0.0.1:6379> auth default huang  # 切换回 defalut, 来设置这个 key
OK
127.0.0.1:6379> set cached:test_key 12345
OK
127.0.0.1:6379> auth walkerjun test123  # 切换回 walkerjun
OK
127.0.0.1:6379> get cached:test_key  # 这一次成功获取了这个 key
"12345"
127.0.0.1:6379> 
127.0.0.1:6379> set test 123   # 正如所配置的权限, 这个用户没有 set 命令的权限
(error) NOPERM this user has no permissions to run the 'set' command
127.0.0.1:6379>

为已有用户再增加一个 set 权限

127.0.0.1:6379> acl setuser walkerjun +set
OK
127.0.0.1:6379> ACL SAVE
OK
129.0.0.1:6379> acl list
130) "user default on nopass ~* &* +@all"
131) "user walkerjun on #ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae ~cached:* resetchannels -@all +set +get"
132.0.0.1:6379> 
133.0.0.1:6379> auth walkerjun test123
OK
127.0.0.1:6379> 
127.0.0.1:6379> set test 123
(error) NOPERM this user has no permissions to access one of the keys used as arguments
# 由于这个用户仍然配置了模式 `~cached:*`, 所以无法设置这个 key
127.0.0.1:6379> 
127.0.0.1:6379> set cached:test 1234
OK
127.0.0.1:6379> 
127.0.0.1:6379> get cached:test
"1234"
127.0.0.1:6379>

批量配置命令权限

使用命令分类, 来完成批量配置

查看命令分类列表

127.0.0.1:6379> acl cat
 1) "keyspace"
 2) "read"
 3) "write"
 .....

查看类别包含的命令

127.0.0.1:6379> acl cat read
 1) "zlexcount"
 2) "sinter"
 ....
27) "keys"
28) "hscan"
...
63) "get"
...
127.0.0.1:6379>

配置读/写权限

127.0.0.1:6379> acl setuser walkerjun +@read +@write
OK
127.0.0.1:6379> acl list
1) "user default on nopass ~* &* +@all"
2) "user walkerjun on #ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae ~cached:* resetchannels -@all +@write +@read"
127.0.0.1:6379> 
127.0.0.1:6379> auth walkerjun test123
OK
127.0.0.1:6379> 
127.0.0.1:6379> keys *
1) "cached:test"
2) "test_key"
3) "cached:test_key"
127.0.0.1:6379>

常用权限配置

配置密码, 无限制模式, 有读/写权限

 127.0.0.1:6379> acl setuser walkerjun on ~* +@read +@write >test123
 OK
 127.0.0.1:6379> acl list
 1) "user default on nopass ~* &* +@all"
 2) "user walkerjun on #ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae ~* resetchannels -@all +@write +@read"
 127.0.0.1:6379> acl save
 OK

安装

配置文件配置 /etc/redis/redis.conf

端口