Set up Redis Sentinel to monitor Redis master-replica deployments and automatically handle failover scenarios. This tutorial covers configuring a 3-node Sentinel cluster with quorum-based decision making for production-grade high availability.
Prerequisites
- At least 3 servers for proper quorum
- Network connectivity between all nodes
- Basic understanding of Redis replication
What this solves
Redis Sentinel provides high availability for Redis deployments by monitoring master and replica instances, detecting failures, and automatically promoting replicas to master when needed. This eliminates single points of failure and ensures your Redis service remains available during hardware or network issues.
Step-by-step configuration
Update system packages
Start by updating your package manager to ensure you get the latest Redis packages.
sudo apt update && sudo apt upgrade -yInstall Redis server
Install Redis on all nodes that will participate in the Sentinel cluster. You'll need Redis installed even on Sentinel-only nodes.
sudo apt install -y redis-server redis-sentinelConfigure Redis master instance
Configure the primary Redis instance that will initially serve as master. Set up authentication and bind to the appropriate network interface.
# Network and security
bind 0.0.0.0
protected-mode yes
port 6379
requirepass StrongMasterPass123
masterauth StrongMasterPass123
Persistence
save 900 1
save 300 10
save 60 10000
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
Logging
loglevel notice
logfile /var/log/redis/redis-server.log
syslog-enabled yes
syslog-ident redis
Memory management
maxmemory-policy allkeys-lru
tcp-keepalive 300Configure Redis replica instances
Set up replica instances on separate servers. These will automatically sync with the master and can be promoted during failover.
# Network and security
bind 0.0.0.0
protected-mode yes
port 6379
requirepass StrongReplicaPass123
masterauth StrongMasterPass123
Replication configuration
replicaof 203.0.113.10 6379
replica-read-only yes
replica-serve-stale-data yes
replica-priority 100
Persistence
save 900 1
save 300 10
save 60 10000
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
Logging
loglevel notice
logfile /var/log/redis/redis-server.log
syslog-enabled yes
syslog-ident redis
Memory management
maxmemory-policy allkeys-lru
tcp-keepalive 300Set correct Redis file permissions
Ensure Redis can read its configuration and write to data directories with proper ownership and minimal permissions.
sudo chown redis:redis /etc/redis/redis.conf
sudo chmod 640 /etc/redis/redis.conf
sudo chown -R redis:redis /var/lib/redis
sudo chmod 755 /var/lib/redis
sudo chown redis:redis /var/log/redis
sudo chmod 755 /var/log/redisNever use chmod 777. It gives every user on the system full access to your Redis files. Instead, use proper ownership with chown and minimal permissions as shown above.
Configure Redis Sentinel on first node
Set up the first Sentinel instance with monitoring configuration and quorum settings. The quorum determines how many Sentinels must agree before initiating failover.
# Basic Sentinel configuration
port 26379
bind 0.0.0.0
protected-mode no
sentinel deny-scripts-reconfig yes
Monitor master instance
sentinel monitor mymaster 203.0.113.10 6379 2
sentinel auth-pass mymaster StrongMasterPass123
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 30000
Logging
logfile /var/log/redis/sentinel.log
loglevel notice
syslog-enabled yes
syslog-ident sentinel
Working directory
dir /var/lib/redis/sentinelConfigure additional Sentinel nodes
Deploy identical Sentinel configurations on at least two more servers for redundancy. Use the same master IP but different Sentinel IDs.
# Basic Sentinel configuration
port 26379
bind 0.0.0.0
protected-mode no
sentinel deny-scripts-reconfig yes
Monitor master instance (same as other Sentinels)
sentinel monitor mymaster 203.0.113.10 6379 2
sentinel auth-pass mymaster StrongMasterPass123
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 30000
Logging
logfile /var/log/redis/sentinel.log
loglevel notice
syslog-enabled yes
syslog-ident sentinel
Working directory
dir /var/lib/redis/sentinelCreate Sentinel working directory
Create the directory where Sentinel stores its runtime state and ensure proper permissions.
sudo mkdir -p /var/lib/redis/sentinel
sudo chown redis:redis /var/lib/redis/sentinel
sudo chmod 755 /var/lib/redis/sentinel
sudo chown redis:redis /etc/redis/sentinel.conf
sudo chmod 640 /etc/redis/sentinel.confConfigure firewall rules
Open the necessary ports for Redis and Sentinel communication between cluster nodes.
sudo ufw allow from 203.0.113.0/24 to any port 6379 comment 'Redis'
sudo ufw allow from 203.0.113.0/24 to any port 26379 comment 'Redis Sentinel'
sudo ufw reloadStart Redis master and replica services
Enable and start Redis on the master and replica nodes first, then verify replication is working.
sudo systemctl enable --now redis-server
sudo systemctl status redis-serverStart Redis Sentinel services
Start Sentinel on all three nodes after Redis instances are running and replication is established.
sudo systemctl enable --now redis-sentinel
sudo systemctl status redis-sentinelTest automatic failover
Simulate master failure by stopping the Redis master service and observe Sentinel promoting a replica.
# On master node, stop Redis to simulate failure
sudo systemctl stop redis-server
Monitor Sentinel logs during failover
sudo tail -f /var/log/redis/sentinel.log
Check which instance is now master
redis-cli -p 26379 sentinel mastersVerify your setup
Check that Sentinel is monitoring your Redis instances and can detect the current master.
# Check Sentinel status
redis-cli -p 26379 sentinel masters
redis-cli -p 26379 sentinel slaves mymaster
redis-cli -p 26379 sentinel sentinels mymaster
Verify Redis replication
redis-cli -h 203.0.113.10 -a StrongMasterPass123 info replication
Test failover capabilities
redis-cli -p 26379 sentinel failover mymasterCommon issues
| Symptom | Cause | Fix |
|---|---|---|
| Sentinel can't connect to master | Firewall blocking ports or wrong IP | Check firewall rules and master bind address |
| Authentication failures | Mismatched passwords in config | Verify requirepass and masterauth match |
| Failover doesn't trigger | Insufficient Sentinels or wrong quorum | Check at least 3 Sentinels running with quorum=2 |
| Permission denied errors | Wrong file ownership or permissions | sudo chown redis:redis /etc/redis/* && chmod 640 |
| Split-brain scenarios | Network partitions with even Sentinel count | Always use odd number of Sentinels (3, 5, 7) |
Next steps
Automated install script
Run this to automate the entire setup
install.sh
#!/usr/bin/env bash
set -euo pipefail
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Default values
MASTER_IP=""
NODE_TYPE=""
MASTER_PASSWORD="StrongMasterPass123"
REPLICA_PASSWORD="StrongReplicaPass123"
# Usage function
usage() {
echo "Usage: $0 <master|replica|sentinel> <master_ip> [options]"
echo "Options:"
echo " --master-password PASSWORD Set master password (default: StrongMasterPass123)"
echo " --replica-password PASSWORD Set replica password (default: StrongReplicaPass123)"
echo "Examples:"
echo " $0 master 203.0.113.10"
echo " $0 replica 203.0.113.10"
echo " $0 sentinel 203.0.113.10"
exit 1
}
# Parse arguments
if [[ $# -lt 2 ]]; then
usage
fi
NODE_TYPE="$1"
MASTER_IP="$2"
shift 2
while [[ $# -gt 0 ]]; do
case $1 in
--master-password)
MASTER_PASSWORD="$2"
shift 2
;;
--replica-password)
REPLICA_PASSWORD="$2"
shift 2
;;
*)
echo -e "${RED}Unknown option: $1${NC}"
usage
;;
esac
done
# Validate node type
if [[ ! "$NODE_TYPE" =~ ^(master|replica|sentinel)$ ]]; then
echo -e "${RED}Error: Invalid node type. Must be master, replica, or sentinel${NC}"
usage
fi
# Detect distribution
if [ -f /etc/os-release ]; then
. /etc/os-release
case "$ID" in
ubuntu|debian)
PKG_MGR="apt"
PKG_UPDATE="apt update && apt upgrade -y"
PKG_INSTALL="apt install -y"
REDIS_CONF="/etc/redis/redis.conf"
SENTINEL_CONF="/etc/redis/sentinel.conf"
REDIS_SERVICE="redis-server"
SENTINEL_SERVICE="redis-sentinel"
;;
almalinux|rocky|centos|rhel|ol|fedora)
PKG_MGR="dnf"
PKG_UPDATE="dnf update -y"
PKG_INSTALL="dnf install -y"
REDIS_CONF="/etc/redis/redis.conf"
SENTINEL_CONF="/etc/redis-sentinel.conf"
REDIS_SERVICE="redis"
SENTINEL_SERVICE="redis-sentinel"
;;
amzn)
PKG_MGR="yum"
PKG_UPDATE="yum update -y"
PKG_INSTALL="yum install -y"
REDIS_CONF="/etc/redis/redis.conf"
SENTINEL_CONF="/etc/redis-sentinel.conf"
REDIS_SERVICE="redis"
SENTINEL_SERVICE="redis-sentinel"
;;
*)
echo -e "${RED}Error: Unsupported distribution: $ID${NC}"
exit 1
;;
esac
else
echo -e "${RED}Error: Cannot detect distribution${NC}"
exit 1
fi
# Cleanup function for rollback
cleanup() {
echo -e "${RED}Error occurred. Cleaning up...${NC}"
systemctl stop $REDIS_SERVICE 2>/dev/null || true
systemctl stop $SENTINEL_SERVICE 2>/dev/null || true
}
trap cleanup ERR
# Check prerequisites
echo -e "${BLUE}[1/8] Checking prerequisites...${NC}"
if [[ $EUID -ne 0 ]]; then
echo -e "${RED}Error: This script must be run as root${NC}"
exit 1
fi
# Update system packages
echo -e "${BLUE}[2/8] Updating system packages...${NC}"
eval $PKG_UPDATE
# Install Redis and dependencies
echo -e "${BLUE}[3/8] Installing Redis packages...${NC}"
if [[ "$ID" =~ ^(ubuntu|debian)$ ]]; then
$PKG_INSTALL redis-server redis-sentinel
elif [[ "$ID" =~ ^(almalinux|rocky|centos|rhel|ol|fedora|amzn)$ ]]; then
if [[ "$ID" != "fedora" ]]; then
$PKG_INSTALL epel-release || true
fi
$PKG_INSTALL redis redis-sentinel
fi
# Create necessary directories
echo -e "${BLUE}[4/8] Creating directories and setting permissions...${NC}"
mkdir -p /var/lib/redis/sentinel
mkdir -p /var/log/redis
chown -R redis:redis /var/lib/redis
chmod 755 /var/lib/redis /var/lib/redis/sentinel
chown redis:redis /var/log/redis
chmod 755 /var/log/redis
# Configure Redis based on node type
echo -e "${BLUE}[5/8] Configuring Redis for $NODE_TYPE node...${NC}"
if [[ "$NODE_TYPE" == "master" || "$NODE_TYPE" == "replica" ]]; then
cat > "$REDIS_CONF" << EOF
# Network and security
bind 0.0.0.0
protected-mode yes
port 6379
requirepass $([[ "$NODE_TYPE" == "master" ]] && echo "$MASTER_PASSWORD" || echo "$REPLICA_PASSWORD")
masterauth $MASTER_PASSWORD
EOF
if [[ "$NODE_TYPE" == "replica" ]]; then
cat >> "$REDIS_CONF" << EOF
# Replication configuration
replicaof $MASTER_IP 6379
replica-read-only yes
replica-serve-stale-data yes
replica-priority 100
EOF
fi
cat >> "$REDIS_CONF" << EOF
# Persistence
save 900 1
save 300 10
save 60 10000
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
# Logging
loglevel notice
logfile /var/log/redis/redis-server.log
syslog-enabled yes
syslog-ident redis
# Memory management
maxmemory-policy allkeys-lru
tcp-keepalive 300
EOF
chown redis:redis "$REDIS_CONF"
chmod 640 "$REDIS_CONF"
fi
# Configure Sentinel
if [[ "$NODE_TYPE" == "sentinel" || "$NODE_TYPE" == "master" || "$NODE_TYPE" == "replica" ]]; then
echo -e "${BLUE}[6/8] Configuring Redis Sentinel...${NC}"
cat > "$SENTINEL_CONF" << EOF
# Basic Sentinel configuration
port 26379
bind 0.0.0.0
protected-mode no
sentinel deny-scripts-reconfig yes
# Monitor master instance
sentinel monitor mymaster $MASTER_IP 6379 2
sentinel auth-pass mymaster $MASTER_PASSWORD
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 30000
# Logging
logfile /var/log/redis/sentinel.log
loglevel notice
syslog-enabled yes
syslog-ident sentinel
# Working directory
dir /var/lib/redis/sentinel
EOF
chown redis:redis "$SENTINEL_CONF"
chmod 640 "$SENTINEL_CONF"
fi
# Configure firewall
echo -e "${BLUE}[7/8] Configuring firewall...${NC}"
if command -v firewall-cmd >/dev/null 2>&1 && systemctl is-active --quiet firewalld; then
if [[ "$NODE_TYPE" == "master" || "$NODE_TYPE" == "replica" ]]; then
firewall-cmd --permanent --add-port=6379/tcp
fi
firewall-cmd --permanent --add-port=26379/tcp
firewall-cmd --reload
elif command -v ufw >/dev/null 2>&1; then
if [[ "$NODE_TYPE" == "master" || "$NODE_TYPE" == "replica" ]]; then
ufw allow 6379/tcp
fi
ufw allow 26379/tcp
fi
# Start and enable services
echo -e "${BLUE}[8/8] Starting and enabling services...${NC}"
if [[ "$NODE_TYPE" == "master" || "$NODE_TYPE" == "replica" ]]; then
systemctl enable $REDIS_SERVICE
systemctl restart $REDIS_SERVICE
fi
systemctl enable $SENTINEL_SERVICE
systemctl restart $SENTINEL_SERVICE
# Verification checks
echo -e "${YELLOW}Performing verification checks...${NC}"
sleep 3
if [[ "$NODE_TYPE" == "master" || "$NODE_TYPE" == "replica" ]]; then
if systemctl is-active --quiet $REDIS_SERVICE; then
echo -e "${GREEN}✓ Redis service is running${NC}"
else
echo -e "${RED}✗ Redis service failed to start${NC}"
exit 1
fi
fi
if systemctl is-active --quiet $SENTINEL_SERVICE; then
echo -e "${GREEN}✓ Redis Sentinel service is running${NC}"
else
echo -e "${RED}✗ Redis Sentinel service failed to start${NC}"
exit 1
fi
# Test connectivity
if [[ "$NODE_TYPE" == "master" || "$NODE_TYPE" == "replica" ]]; then
if redis-cli -p 6379 -a "$([[ "$NODE_TYPE" == "master" ]] && echo "$MASTER_PASSWORD" || echo "$REPLICA_PASSWORD")" ping 2>/dev/null | grep -q PONG; then
echo -e "${GREEN}✓ Redis connectivity test passed${NC}"
else
echo -e "${YELLOW}⚠ Redis connectivity test failed (may need manual verification)${NC}"
fi
fi
echo -e "${GREEN}Redis $NODE_TYPE node installation and configuration completed successfully!${NC}"
echo -e "${YELLOW}Configuration files:${NC}"
if [[ "$NODE_TYPE" == "master" || "$NODE_TYPE" == "replica" ]]; then
echo -e " Redis: $REDIS_CONF"
fi
echo -e " Sentinel: $SENTINEL_CONF"
echo -e "${YELLOW}Log files:${NC}"
echo -e " Redis: /var/log/redis/redis-server.log"
echo -e " Sentinel: /var/log/redis/sentinel.log"Review the script before running. Execute with: bash install.sh
#redis
#sentinel
#high-availability
#failover
#clustering