Software & Configuration

Redis Sentinel

Set up Redis Sentinel for high availability, automatic failover when the primary Redis instance fails

Redis Sentinel provides high availability for Redis. It monitors your Redis instances, notifies administrators of failures, and automatically promotes a replica to primary when the primary goes down.

Architecture

Sentinel 1  Sentinel 2  Sentinel 3
     |            |            |
     └────────────┼────────────┘

          Primary Redis (writes)

         ┌────────┴────────┐
    Replica 1          Replica 2
     (reads)            (reads)

You need at least 3 Sentinel instances for a reliable quorum. They can run on the same servers as Redis or separately.

Requirements

  • 3 servers (or 3 processes on separate ports for testing)
  • Redis installed on all nodes
  • Redis replication configured (primary + replicas)

Set up Redis replication first before configuring Sentinel. Sentinel monitors an existing replication setup, it doesn't create it.

Step 1: Set up Redis replication

On the primary (/etc/redis/redis.conf):

bind 0.0.0.0
requirepass "StrongRedisPassword!"
masterauth "StrongRedisPassword!"

On each replica:

bind 0.0.0.0
requirepass "StrongRedisPassword!"
masterauth "StrongRedisPassword!"
replicaof PRIMARY_IP 6379

Restart Redis on all nodes:

sudo systemctl restart redis

Verify replication on the primary:

redis-cli -a StrongRedisPassword! INFO replication

Step 2: Configure Sentinel on each node

Create the Sentinel config (on all 3 nodes):

sudo nano /etc/redis/sentinel.conf
port 26379
daemonize yes
pidfile /var/run/redis/redis-sentinel.pid
logfile /var/log/redis/redis-sentinel.log
dir /tmp

# Monitor the primary (quorum = 2 out of 3 sentinels must agree)
sentinel monitor mymaster PRIMARY_IP 6379 2

# Sentinel password to connect to Redis
sentinel auth-pass mymaster StrongRedisPassword!

# How long to wait before deciding primary is down (ms)
sentinel down-after-milliseconds mymaster 5000

# How many replicas can be reconfigured at once during failover
sentinel parallel-syncs mymaster 1

# Failover timeout (ms)
sentinel failover-timeout mymaster 60000

Set permissions:

sudo chown redis:redis /etc/redis/sentinel.conf
sudo chmod 640 /etc/redis/sentinel.conf

Step 3: Create the Sentinel systemd service

sudo nano /etc/systemd/system/redis-sentinel.service
[Unit]
Description=Redis Sentinel
After=network.target

[Service]
Type=forking
User=redis
Group=redis
ExecStart=/usr/bin/redis-sentinel /etc/redis/sentinel.conf
ExecStop=/usr/bin/redis-cli -p 26379 SHUTDOWN
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable redis-sentinel
sudo systemctl start redis-sentinel

Firewall rules

# Redis port
sudo ufw allow 6379/tcp
# Sentinel port
sudo ufw allow 26379/tcp

Verify Sentinel is working

redis-cli -p 26379

> SENTINEL masters
> SENTINEL slaves mymaster
> SENTINEL sentinels mymaster
> SENTINEL get-master-addr-by-name mymaster

Test failover

# On the primary, force a failover
redis-cli -a StrongRedisPassword! DEBUG sleep 30
# Or: redis-cli -p 26379 SENTINEL failover mymaster

Watch Sentinel elect a new primary:

redis-cli -p 26379 SENTINEL get-master-addr-by-name mymaster

The IP should change to one of the replicas after ~10 seconds.

Connect your app to Sentinel

Applications should connect to Sentinel, not directly to the Redis IP, so they automatically follow failovers.

PHP (Predis):

$sentinels = [
    'tcp://10.0.0.1:26379',
    'tcp://10.0.0.2:26379',
    'tcp://10.0.0.3:26379',
];
$client = new Predis\Client($sentinels, [
    'replication' => 'sentinel',
    'service'     => 'mymaster',
    'parameters'  => ['password' => 'StrongRedisPassword!'],
]);

Node.js (ioredis):

const Redis = require('ioredis');
const redis = new Redis({
  sentinels: [
    { host: '10.0.0.1', port: 26379 },
    { host: '10.0.0.2', port: 26379 },
    { host: '10.0.0.3', port: 26379 },
  ],
  name: 'mymaster',
  password: 'StrongRedisPassword!',
  sentinelPassword: 'StrongRedisPassword!',
});

Python (redis-py):

from redis.sentinel import Sentinel

sentinel = Sentinel([
    ('10.0.0.1', 26379),
    ('10.0.0.2', 26379),
    ('10.0.0.3', 26379),
], password='StrongRedisPassword!')

master = sentinel.master_for('mymaster', socket_timeout=0.1)
slave = sentinel.slave_for('mymaster', socket_timeout=0.1)

Monitor Sentinel

# View Sentinel log
sudo tail -f /var/log/redis/redis-sentinel.log

# Check Sentinel status
redis-cli -p 26379 SENTINEL masters

# View failover history
grep "failover" /var/log/redis/redis-sentinel.log

Duplicati

Install Duplicati for encrypted, deduplicated backups to cloud storage, SFTP, and local destinations with a web UI

Keycloak SSO/IdP Setup

Deploy and configure Keycloak for single sign-on with OIDC and SAML integration

On this page

ArchitectureRequirementsStep 1: Set up Redis replicationStep 2: Configure Sentinel on each nodeStep 3: Create the Sentinel systemd serviceFirewall rulesVerify Sentinel is workingTest failoverConnect your app to SentinelMonitor Sentinel