Best Practices to Use the Sentinel Discovery Service

Redis Enterprise Software
sentinel

Last updated 18, Apr 2024

Question

What are the best practices to adopt the Redis Enterprise Sentinel Discovery Service?

Answer

Redis Enterprise offers a discovery service that is compliant with the Redis Sentinel API. Using such API it is possible to connect to the desired database using the database name only, without the port. The Sentinel discovery service is an alternative for applications not relying on the DNS resolution service, and it is an IP address-based connection method. Learn more about the discovery service from the documentation. An example to obtain a connection to the database follows. The connection to the discovery service must be against port 8001.

High Availability

The Discovery Service is available for querying on each node of the cluster, listening on port 8001, so it is possible to provide more IP addresses to guarantee the availability of the Discovery Service (especially useful in those cases where no DNS resolution is available).

from redis.sentinel import Sentinel

sentinel_list = [
('10.10.1.15', 8001),
('10.10.1.16', 8001),
('10.10.1.17', 8001)
]

# change this to the db name you want to connect
db_name = 'primarydb'

sentinel = Sentinel(sentinel_list, socket_timeout=0.1)
r = sentinel.master_for(db_name, socket_timeout=0.1, password='')
r.set('foo', 'bar')
print(r.get('foo'))

It is also possible to retrieve the IP address and port to connect to:

print(sentinel.discover_master(db_name))

Refer to the Sentinel object documentation to learn more about the API.

The database endpoint

Sentinel (by design) returns exactly one master endpoint regardless of the proxy policy; because of this, all clients will tend to connect to the same node, even if the proxy policy is all-master-shards or all-nodes. This is because SENTINEL MASTERS will always return one IP for a given database name.

For small databases likely to fit on one cluster node, Sentinel-based discovery does not cause unbalancing by the single node and proxy usage. When the DNS approach is off the table, either because of public IP requirements or prohibitions against running internal DNS services, the Sentinel Discovery Service may represent an advantage over the more common but more expensive Load Balancer approach.

Security considerations

The sentinel endpoint is UN-authenticated and will list all the databases and corresponding IP addresses. It has no TLS, which further adds complexity if TLS is enabled for a database at the framework client library level (e.g. Spring Data).

References

Learn about the Sentinel Discovery Service.