update packaging config files

Former-commit-id: 0c5d12b91455db4acad57665db8aac79180b42ab

pkg/deb/conf/keydb.conf

@@ -32,8 +32,17 @@
 # If instead you are interested in using includes to override configuration
 # options, it is better to use include as the last line.
 #
+# Included paths may contain wildcards. All files matching the wildcards will
+# be included in alphabetical order.
+# Note that if an include path contains a wildcards but no files match it when
+# the server is started, the include statement will be ignored and no error will
+# be emitted.  It is safe, therefore, to include wildcard files from empty
+# directories.
+#
 # include /path/to/local.conf
 # include /path/to/other.conf
+# include /path/to/fragments/*.conf
+#
 
 ################################## MODULES #####################################
 
@@ -49,7 +58,7 @@
 # for connections from all available network interfaces on the host machine.
 # It is possible to listen to just one or multiple selected interfaces using
 # the "bind" configuration directive, followed by one or more IP addresses.
-# Each address can be prefixed by "-", which means that KeyDB will not fail to
+# Each address can be prefixed by "-", which means that redis will not fail to
 # start if the address is not available. Being not available only refers to
 # addresses that does not correspond to any network interfece. Addresses that
 # are already in use will always fail, and unsupported protocols will always BE
@@ -65,14 +74,16 @@
 # internet, binding to all the interfaces is dangerous and will expose the
 # instance to everybody on the internet. So by default we uncomment the
 # following bind directive, that will force KeyDB to listen only on the
-# IPv4 and IPv6 (if available) loopback interface addresses (this means KeyDB
-# will only be able to accept client connections from the same host that it is
-# running on).
+# IPv4 and IPv6 (if available) loopback interface addresses (this means KeyDB will only be able to
+# accept client connections from the same host that it is running on).
 #
 # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
 # JUST COMMENT OUT THE FOLLOWING LINE.
+#
+# You will also need to set a password unless you explicitly disable protected
+# mode.
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-bind 127.0.0.1 ::1
+bind 127.0.0.1 -::1
 
 # Protected mode is a layer of security protection, in order to avoid that
 # KeyDB instances left open on the internet are accessed and exploited.
@@ -112,7 +123,7 @@ tcp-backlog 511
 # incoming connections. There is no default, so KeyDB will not listen
 # on a unix socket when not specified.
 #
-# unixsocket /run/keydb.sock
+# unixsocket /tmp/keydb.sock
 # unixsocketperm 700
 
 # Close the connection after a client is idle for N seconds (0 to disable)
@@ -131,7 +142,8 @@ timeout 0
 # Note that to close the connection the double of the time is needed.
 # On other kernels the period depends on the kernel configuration.
 #
-# A reasonable value for this option is 300 seconds, which is the default.
+# A reasonable value for this option is 300 seconds, which is the new
+# KeyDB default starting with KeyDB 3.2.1.
 tcp-keepalive 300
 
 ################################# TLS/SSL #####################################
@@ -205,12 +217,9 @@ tcp-keepalive 300
 #
 # tls-cluster yes
 
-# By default, only TLSv1.2 and TLSv1.3 are enabled and it is highly recommended
-# that older formally deprecated versions are kept disabled to reduce the attack surface.
-# You can explicitly specify TLS versions to support.
-# Allowed values are case insensitive and include "TLSv1", "TLSv1.1", "TLSv1.2",
-# "TLSv1.3" (OpenSSL >= 1.1.1) or any combination.
-# To enable only TLSv1.2 and TLSv1.3, use:
+# Explicitly specify TLS versions to support. Allowed values are case insensitive
+# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or
+# any combination. To enable only TLSv1.2 and TLSv1.3, use:
 #
 # tls-protocols "TLSv1.2 TLSv1.3"
 
@@ -252,7 +261,6 @@ tcp-keepalive 300
 
 # By default KeyDB does not run as a daemon. Use 'yes' if you need it.
 # Note that KeyDB will write a pid file in /var/run/keydb.pid when daemonized.
-# When KeyDB is supervised by upstart or systemd, this parameter has no impact.
 daemonize no
 
 # If you run KeyDB from upstart or systemd, KeyDB can interact with your
@@ -261,17 +269,11 @@ daemonize no
 #   supervised upstart - signal upstart by putting KeyDB into SIGSTOP mode
 #                        requires "expect stop" in your upstart job config
 #   supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
-#                        on startup, and updating KeyDB status on a regular
-#                        basis.
 #   supervised auto    - detect upstart or systemd method based on
 #                        UPSTART_JOB or NOTIFY_SOCKET environment variables
 # Note: these supervision methods only signal "process is ready."
 #       They do not enable continuous pings back to your supervisor.
-#
-# The default is "no". To run under upstart/systemd, you can simply uncomment
-# the line below:
-#
-# supervised auto
+# supervised no
 
 # If a pid file is specified, KeyDB writes it where specified at startup
 # and removes it at exit.
@@ -282,9 +284,6 @@ daemonize no
 #
 # Creating a pid file is best effort: if KeyDB is not able to create it
 # nothing bad happens, the server will start and run normally.
-#
-# Note that on modern Linux systems "/run/keydb.pid" is more conforming
-# and should be used instead.
 pidfile /var/run/keydb_6379.pid
 
 # Specify the server verbosity level.
@@ -316,7 +315,7 @@ logfile /var/log/keydb/keydb-server.log
 # crash-log-enabled no
 
 # To disable the fast memory check that's run as part of the crash log, which
-# will possibly let KeyDB terminate sooner, uncomment the following:
+# will possibly let keydb terminate sooner, uncomment the following:
 #
 # crash-memcheck-enabled no
 
@@ -326,19 +325,21 @@ logfile /var/log/keydb/keydb-server.log
 databases 16
 
 # By default KeyDB shows an ASCII art logo only when started to log to the
-# standard output and if the standard output is a TTY and syslog logging is
-# disabled. Basically this means that normally a logo is displayed only in
-# interactive sessions.
+# standard output and if the standard output is a TTY. Basically this means
+# that normally a logo is displayed only in interactive sessions.
 #
 # However it is possible to force the pre-4.0 behavior and always show a
 # ASCII art logo in startup logs by setting the following option to yes.
-always-show-logo no
+always-show-logo yes
 
 # By default, KeyDB modifies the process title (as seen in 'top' and 'ps') to
 # provide some runtime information. It is possible to disable this and leave
 # the process name as executed by setting the following to no.
 set-proc-title yes
 
+# Retrieving "message of today" using CURL requests.
+#enable-motd yes
+
 # When changing the process title, KeyDB uses the following template to construct
 # the modified title.
 #
@@ -357,29 +358,28 @@ set-proc-title yes
 proc-title-template "{title} {listen-addr} {server-mode}"
 
 ################################ SNAPSHOTTING  ################################
+#
+# Save the DB on disk:
+#
+#   save <seconds> <changes>
+#
+#   Will save the DB if both the given number of seconds and the given
+#   number of write operations against the DB occurred.
+#
+#   In the example below the behavior will be to save:
+#   after 900 sec (15 min) if at least 1 key changed
+#   after 300 sec (5 min) if at least 10 keys changed
+#   after 60 sec if at least 10000 keys changed
+#
+#   It is also possible to remove all the previously configured save
+#   points by adding a save directive with a single empty string argument
+#   like in the following example:
+#
+#   save ""
 
-# Save the DB to disk.
-#
-# save <seconds> <changes>
-#
-# KeyDB will save the DB if both the given number of seconds and the given
-# number of write operations against the DB occurred.
-#
-# Snapshotting can be completely disabled with a single empty string argument
-# as in following example:
-#
-# save ""
-#
-# Unless specified otherwise, by default KeyDB will save the DB:
-#   * After 3600 seconds (an hour) if at least 1 key changed
-#   * After 300 seconds (5 minutes) if at least 100 keys changed
-#   * After 60 seconds if at least 10000 keys changed
-#
-# You can set these explicitly by uncommenting the three following lines.
-#
-# save 3600 1
-# save 300 100
-# save 60 10000
+save 900 1
+save 300 10
+save 60 10000
 
 # By default KeyDB will stop accepting writes if RDB snapshots are enabled
 # (at least one save point) and the latest background save failed.
@@ -484,9 +484,9 @@ dir /var/lib/keydb
 #
 # However this is not enough if you are using KeyDB ACLs (for KeyDB version
 # 6 or greater), and the default user is not capable of running the PSYNC
-# command and/or other commands needed for replication. In this case it's
-# better to configure a special user to use with replication, and specify the
-# masteruser configuration as such:
+# command and/or other commands needed for replication (gathered in the
+# @replication group). In this case it's better to configure a special user to
+# use with replication, and specify the masteruser configuration as such:
 #
 # masteruser <username>
 #
@@ -508,6 +508,20 @@ dir /var/lib/keydb
 #
 replica-serve-stale-data yes
 
+# Active Replicas will allow read only data access while loading remote RDBs
+# provided they are permitted to serve stale data.  As an option you may also
+# permit them to accept write commands.  This is an EXPERIMENTAL feature and
+# may result in commands not being fully synchronized
+#
+# allow-write-during-load no
+
+# You can modify the number of masters necessary to form a replica quorum when
+# multi-master is enabled and replica-serve-stale-data is "no".  By default 
+# this is set to -1 which implies the number of known masters (e.g. those
+# you added with replicaof)
+#
+# replica-quorum -1
+
 # You can configure a replica instance to accept writes or not. Writing against
 # a replica instance may be useful to store some ephemeral data (because data
 # written on a replica will be easily deleted after resync with the master) but
@@ -526,13 +540,11 @@ replica-read-only yes
 
 # Replication SYNC strategy: disk or socket.
 #
-# -------------------------------------------------------
-# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
-# -------------------------------------------------------
+# New replicas and reconnecting replicas that are not able to continue the
+# replication process just receiving differences, need to do what is called a
+# "full synchronization". An RDB file is transmitted from the master to the
+# replicas.
 #
-# New replicas and reconnecting replicas that are not able to continue the replication
-# process just receiving differences, need to do what is called a "full
-# synchronization". An RDB file is transmitted from the master to the replicas.
 # The transmission can happen in two different ways:
 #
 # 1) Disk-backed: The KeyDB master creates a new process that writes the RDB
@@ -542,14 +554,14 @@ replica-read-only yes
 #              RDB file to replica sockets, without touching the disk at all.
 #
 # With disk-backed replication, while the RDB file is generated, more replicas
-# can be queued and served with the RDB file as soon as the current child producing
-# the RDB file finishes its work. With diskless replication instead once
-# the transfer starts, new replicas arriving will be queued and a new transfer
-# will start when the current one terminates.
+# can be queued and served with the RDB file as soon as the current child
+# producing the RDB file finishes its work. With diskless replication instead
+# once the transfer starts, new replicas arriving will be queued and a new
+# transfer will start when the current one terminates.
 #
 # When diskless replication is used, the master waits a configurable amount of
-# time (in seconds) before starting the transfer in the hope that multiple replicas
-# will arrive and the transfer can be parallelized.
+# time (in seconds) before starting the transfer in the hope that multiple
+# replicas will arrive and the transfer can be parallelized.
 #
 # With slow disks and fast (large bandwidth) networks, diskless replication
 # works better.
@@ -560,8 +572,8 @@ repl-diskless-sync no
 # to the replicas.
 #
 # This is important since once the transfer starts, it is not possible to serve
-# new replicas arriving, that will be queued for the next RDB transfer, so the server
-# waits a delay in order to let more replicas arrive.
+# new replicas arriving, that will be queued for the next RDB transfer, so the
+# server waits a delay in order to let more replicas arrive.
 #
 # The delay is specified in seconds, and by default is 5 seconds. To disable
 # it entirely just set it to 0 seconds and the transfer will start ASAP.
@@ -572,7 +584,7 @@ repl-diskless-sync-delay 5
 # does not immediately store an RDB on disk, it may cause data loss during
 # failovers. RDB diskless load + KeyDB modules not handling I/O reads may also
 # cause KeyDB to abort in case of I/O errors during the initial synchronization
-# stage with the master. Use only if you know what you are doing.
+# stage with the master. Use only if your do what you are doing.
 # -----------------------------------------------------------------------------
 #
 # Replica can load the RDB it reads from the replication link directly from the
@@ -628,10 +640,10 @@ repl-diskless-load disabled
 repl-disable-tcp-nodelay no
 
 # Set the replication backlog size. The backlog is a buffer that accumulates
-# replica data when replicas are disconnected for some time, so that when a replica
-# wants to reconnect again, often a full resync is not needed, but a partial
-# resync is enough, just passing the portion of data the replica missed while
-# disconnected.
+# replica data when replicas are disconnected for some time, so that when a
+# replica wants to reconnect again, often a full resync is not needed, but a
+# partial resync is enough, just passing the portion of data the replica
+# missed while disconnected.
 #
 # The bigger the replication backlog, the longer the replica can endure the
 # disconnect and later be able to perform a partial resynchronization.
@@ -653,13 +665,13 @@ repl-disable-tcp-nodelay no
 #
 # repl-backlog-ttl 3600
 
-# The replica priority is an integer number published by KeyDB in the INFO output.
-# It is used by KeyDB Sentinel in order to select a replica to promote into a
-# master if the master is no longer working correctly.
+# The replica priority is an integer number published by KeyDB in the INFO
+# output. It is used by KeyDB Sentinel in order to select a replica to promote
+# into a master if the master is no longer working correctly.
 #
 # A replica with a low priority number is considered better for promotion, so
-# for instance if there are three replicas with priority 10, 100, 25 Sentinel will
-# pick the one with priority 10, that is the lowest.
+# for instance if there are three replicas with priority 10, 100, 25 Sentinel
+# will pick the one with priority 10, that is the lowest.
 #
 # However a special priority of 0 marks the replica as not able to perform the
 # role of master, so a replica with priority of 0 will never be selected by
@@ -735,7 +747,7 @@ replica-priority 100
 
 # KeyDB implements server assisted support for client side caching of values.
 # This is implemented using an invalidation table that remembers, using
-# a radix key indexed by key name, what clients have which keys. In turn
+# 16 millions of slots, what clients may have certain subsets of keys. In turn
 # this is used in order to send invalidation messages to clients. Please
 # check this page to understand more about the feature:
 #
@@ -805,7 +817,7 @@ replica-priority 100
 #  -<command>   Disallow the execution of that command
 #  +@<category> Allow the execution of all the commands in such category
 #               with valid categories are like @admin, @set, @sortedset, ...
-#               and so forth, see the full list in the server.c file where
+#               and so forth, see the full list in the server.cpp file where
 #               the KeyDB command table is described and defined.
 #               The special category @all means all the commands, but currently
 #               present in the server, and that will be loaded in the future
@@ -867,6 +879,40 @@ replica-priority 100
 #
 # Basically ACL rules are processed left-to-right.
 #
+# The following is a list of command categories and their meanings:
+# * keyspace - Writing or reading from keys, databases, or their metadata 
+#     in a type agnostic way. Includes DEL, RESTORE, DUMP, RENAME, EXISTS, DBSIZE,
+#     KEYS, EXPIRE, TTL, FLUSHALL, etc. Commands that may modify the keyspace,
+#     key or metadata will also have `write` category. Commands that only read
+#     the keyspace, key or metadata will have the `read` category.
+# * read - Reading from keys (values or metadata). Note that commands that don't
+#     interact with keys, will not have either `read` or `write`.
+# * write - Writing to keys (values or metadata)
+# * admin - Administrative commands. Normal applications will never need to use
+#     these. Includes REPLICAOF, CONFIG, DEBUG, SAVE, MONITOR, ACL, SHUTDOWN, etc.
+# * dangerous - Potentially dangerous (each should be considered with care for
+#     various reasons). This includes FLUSHALL, MIGRATE, RESTORE, SORT, KEYS,
+#     CLIENT, DEBUG, INFO, CONFIG, SAVE, REPLICAOF, etc.
+# * connection - Commands affecting the connection or other connections.
+#     This includes AUTH, SELECT, COMMAND, CLIENT, ECHO, PING, etc.
+# * blocking - Potentially blocking the connection until released by another
+#     command.
+# * fast - Fast O(1) commands. May loop on the number of arguments, but not the
+#     number of elements in the key.
+# * slow - All commands that are not Fast.
+# * pubsub - PUBLISH / SUBSCRIBE related
+# * transaction - WATCH / MULTI / EXEC related commands.
+# * scripting - Scripting related.
+# * set - Data type: sets related.
+# * sortedset - Data type: zsets related.
+# * list - Data type: lists related.
+# * hash - Data type: hashes related.
+# * string - Data type: strings related.
+# * bitmap - Data type: bitmaps related.
+# * hyperloglog - Data type: hyperloglog related.
+# * geo - Data type: geo related.
+# * stream - Data type: streams related.
+#
 # For more information about ACL configuration please refer to
 # the Redis web site at https://redis.io/topics/acl
 
@@ -896,7 +942,7 @@ acllog-max-len 128
 # AUTH <password> as usually, or more explicitly with AUTH default <password>
 # if they follow the new protocol: both will work.
 #
-# The requirepass is not compatable with aclfile option and the ACL LOAD
+# The requirepass is not compatible with aclfile option and the ACL LOAD
 # command, these will cause requirepass to be ignored.
 #
 # requirepass foobared
@@ -993,13 +1039,13 @@ acllog-max-len 128
 # maxmemory <bytes>
 
 # MAXMEMORY POLICY: how KeyDB will select what to remove when maxmemory
-# is reached. You can select among five behaviors:
+# is reached. You can select one from the following behaviors:
 #
-# volatile-lru -> Evict using approximated LRU among the keys with an expire set.
+# volatile-lru -> Evict using approximated LRU, only keys with an expire set.
 # allkeys-lru -> Evict any key using approximated LRU.
-# volatile-lfu -> Evict using approximated LFU among the keys with an expire set.
+# volatile-lfu -> Evict using approximated LFU, only keys with an expire set.
 # allkeys-lfu -> Evict any key using approximated LFU.
-# volatile-random -> Remove a random key among the ones with an expire set.
+# volatile-random -> Remove a random key having an expire set.
 # allkeys-random -> Remove a random key, any key.
 # volatile-ttl -> Remove the key with the nearest expire time (minor TTL)
 # noeviction -> Don't evict anything, just return an error on write operations.
@@ -1010,12 +1056,14 @@ acllog-max-len 128
 # Both LRU, LFU and volatile-ttl are implemented using approximated
 # randomized algorithms.
 #
-# Note: with any of the above policies, when there are no suitable keys for
-# eviction, KeyDB will return an error on write operations that require
-# more memory. These are usually commands that create new keys, add data or
-# modify existing keys. A few examples are: SET, INCR, HSET, LPUSH, SUNIONSTORE,
-# SORT (due to the STORE argument), and EXEC (if the transaction includes any
-# command that requires memory).
+# Note: with any of the above policies, KeyDB will return an error on write
+#       operations, when there are no suitable keys for eviction.
+#
+#       At the date of writing these commands are: set setnx setex append
+#       incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
+#       sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
+#       zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
+#       getset mset msetnx exec sort
 #
 # The default is:
 #
@@ -1046,17 +1094,17 @@ acllog-max-len 128
 # DEL commands to the replica as keys evict in the master side.
 #
 # This behavior ensures that masters and replicas stay consistent, and is usually
-# what you want, however if your replica is writable, or you want the replica to have
-# a different memory setting, and you are sure all the writes performed to the
-# replica are idempotent, then you may change this default (but be sure to understand
-# what you are doing).
+# what you want, however if your replica is writable, or you want the replica
+# to have a different memory setting, and you are sure all the writes performed
+# to the replica are idempotent, then you may change this default (but be sure
+# to understand what you are doing).
 #
 # Note that since the replica by default does not evict, it may end using more
 # memory than the one set via maxmemory (there are certain buffers that may
-# be larger on the replica, or data structures may sometimes take more memory and so
-# forth). So make sure you monitor your replicas and make sure they have enough
-# memory to never hit a real out-of-memory condition before the master hits
-# the configured maxmemory setting.
+# be larger on the replica, or data structures may sometimes take more memory
+# and so forth). So make sure you monitor your replicas and make sure they
+# have enough memory to never hit a real out-of-memory condition before the
+# master hits the configured maxmemory setting.
 #
 # replica-ignore-maxmemory yes
 
@@ -1140,52 +1188,6 @@ lazyfree-lazy-user-del no
 
 lazyfree-lazy-user-flush no
 
-################################ THREADED I/O #################################
-
-# KeyDB is mostly single threaded, however there are certain threaded
-# operations such as UNLINK, slow I/O accesses and other things that are
-# performed on side threads.
-#
-# Now it is also possible to handle KeyDB clients socket reads and writes
-# in different I/O threads. Since especially writing is so slow, normally
-# KeyDB users use pipelining in order to speed up the KeyDB performances per
-# core, and spawn multiple instances in order to scale more. Using I/O
-# threads it is possible to easily speedup two times KeyDB without resorting
-# to pipelining nor sharding of the instance.
-#
-# By default threading is disabled, we suggest enabling it only in machines
-# that have at least 4 or more cores, leaving at least one spare core.
-# Using more than 8 threads is unlikely to help much. We also recommend using
-# threaded I/O only if you actually have performance problems, with KeyDB
-# instances being able to use a quite big percentage of CPU time, otherwise
-# there is no point in using this feature.
-#
-# So for instance if you have a four cores boxes, try to use 2 or 3 I/O
-# threads, if you have a 8 cores, try to use 6 threads. In order to
-# enable I/O threads use the following configuration directive:
-#
-# io-threads 4
-#
-# Setting io-threads to 1 will just use the main thread as usual.
-# When I/O threads are enabled, we only use threads for writes, that is
-# to thread the write(2) syscall and transfer the client buffers to the
-# socket. However it is also possible to enable threading of reads and
-# protocol parsing using the following configuration directive, by setting
-# it to yes:
-#
-# io-threads-do-reads no
-#
-# Usually threading reads doesn't help much.
-#
-# NOTE 1: This configuration directive cannot be changed at runtime via
-# CONFIG SET. Aso this feature currently does not work when SSL is
-# enabled.
-#
-# NOTE 2: If you want to test the KeyDB speedup using keydb-benchmark, make
-# sure you also run the benchmark itself in threaded mode, using the
-# --threads option to match the number of KeyDB threads, otherwise you'll not
-# be able to notice the improvements.
-
 ############################ KERNEL OOM CONTROL ##############################
 
 # On Linux, it is possible to hint the kernel OOM killer on what processes
@@ -1223,7 +1225,7 @@ oom-score-adj-values 0 200 800
 # Usually the kernel Transparent Huge Pages control is set to "madvise" or
 # or "never" by default (/sys/kernel/mm/transparent_hugepage/enabled), in which
 # case this config has no effect. On systems in which it is set to "always",
-# KeyDB will attempt to disable it specifically for the keydb process in order
+# KeyDB will attempt to disable it specifically for the KeyDB process in order
 # to avoid latency problems specifically with fork(2) and CoW.
 # If for some reason you prefer to keep it enabled, you can set this config to
 # "no" and the kernel global to "always".
@@ -1248,7 +1250,7 @@ disable-thp yes
 # If the AOF is enabled on startup KeyDB will load the AOF, that is the file
 # with the better durability guarantees.
 #
-# Please check https://redis.io/topics/persistence for more information.
+# Please check http://redis.io/topics/persistence for more information.
 
 appendonly no
 
@@ -1378,13 +1380,7 @@ aof-use-rdb-preamble yes
 lua-time-limit 5000
 
 ################################ KEYDB CLUSTER  ###############################
-#
-# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-# WARNING EXPERIMENTAL: KeyDB Cluster is considered to be stable code, however
-# in order to mark it as "mature" we need to wait for a non trivial percentage
-# of users to deploy it in production.
-# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-#
+
 # Normal KeyDB instances can't be part of a KeyDB Cluster; only nodes that are
 # started as cluster nodes can. In order to start a KeyDB instance as a
 # cluster node enable the cluster support uncommenting the following:
@@ -1492,7 +1488,7 @@ lua-time-limit 5000
 # cluster-require-full-coverage yes
 
 # This option, when set to yes, prevents replicas from trying to failover its
-# master during master failures. However the replica can still perform a
+# master during master failures. However the master can still perform a
 # manual failover, if forced to do so.
 #
 # This is useful in different scenarios, especially in the case of multiple
@@ -1501,8 +1497,24 @@ lua-time-limit 5000
 #
 # cluster-replica-no-failover no
 
+# This option, when set to yes, allows nodes to serve read traffic while the
+# the cluster is in a down state, as long as it believes it owns the slots. 
+#
+# This is useful for two cases.  The first case is for when an application 
+# doesn't require consistency of data during node failures or network partitions.
+# One example of this is a cache, where as long as the node has the data it
+# should be able to serve it. 
+#
+# The second use case is for configurations that don't meet the recommended  
+# three shards but want to enable cluster mode and scale later. A 
+# master outage in a 1 or 2 shard configuration causes a read/write outage to the
+# entire cluster without this option set, with it set there is only a write outage.
+# Without a quorum of masters, slot ownership will not change automatically. 
+#
+# cluster-allow-reads-when-down no
+
 # In order to setup your cluster make sure to read the documentation
-# available at https://redis.io web site.
+# available at http://redis.io web site.
 
 ########################## CLUSTER DOCKER/NAT support  ########################
 
@@ -1520,9 +1532,10 @@ lua-time-limit 5000
 # * cluster-announce-bus-port
 #
 # Each instructs the node about its address, client ports (for connections
-# without and with TLS) and cluster message bus port. The information is then
-# published in the header of the bus packets so that other nodes will be able to
-# correctly map the address of the node publishing the information.
+# without and with TLS), and cluster message
+# bus port. The information is then published in the header of the bus packets
+# so that other nodes will be able to correctly map the address of the node
+# publishing the information.
 #
 # If cluster-tls is set to yes and cluster-announce-tls-port is omitted or set
 # to zero, then cluster-announce-port refers to the TLS port. Note also that
@@ -1591,7 +1604,7 @@ latency-monitor-threshold 0
 ############################# EVENT NOTIFICATION ##############################
 
 # KeyDB can notify Pub/Sub clients about events happening in the key space.
-# This feature is documented at https://redis.io/topics/notifications
+# This feature is documented at http://redis.io/topics/notifications
 #
 # For instance if keyspace events notification is enabled, and a client
 # performs a DEL operation on key "foo" stored in the Database 0, two
@@ -1639,64 +1652,6 @@ latency-monitor-threshold 0
 #  specify at least one of K or E, no events will be delivered.
 notify-keyspace-events ""
 
-############################### GOPHER SERVER #################################
-
-# KeyDB contains an implementation of the Gopher protocol, as specified in
-# the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt).
-#
-# The Gopher protocol was very popular in the late '90s. It is an alternative 
-# to the web, and the implementation both server and client side is so simple
-# that the KeyDB server has just 100 lines of code in order to implement this
-# support.
-#
-# What do you do with Gopher nowadays? Well Gopher never *really* died, and
-# lately there is a movement in order for the Gopher more hierarchical content
-# composed of just plain text documents to be resurrected. Some want a simpler
-# internet, others believe that the mainstream internet became too much
-# controlled, and it's cool to create an alternative space for people that
-# want a bit of fresh air.
-#
-# Anyway for the 10nth birthday of the KeyDB, we gave it the Gopher protocol
-# as a gift.
-#
-# --- HOW IT WORKS? ---
-#
-# The KeyDB Gopher support uses the inline protocol of KeyDB, and specifically
-# two kind of inline requests that were anyway illegal: an empty request
-# or any request that starts with "/" (there are no KeyDB commands starting
-# with such a slash). Normal RESP2/RESP3 requests are completely out of the
-# path of the Gopher protocol implementation and are served as usual as well.
-#
-# If you open a connection to KeyDB when Gopher is enabled and send it
-# a string like "/foo", if there is a key named "/foo" it is served via the
-# Gopher protocol.
-#
-# In order to create a real Gopher "hole" (the name of a Gopher site in Gopher
-# talking), you likely need a script like the following:
-#
-#   https://github.com/antirez/gopher2redis
-#
-# --- SECURITY WARNING ---
-#
-# If you plan to put KeyDB on the internet in a publicly accessible address
-# to server Gopher pages MAKE SURE TO SET A PASSWORD to the instance.
-# Once a password is set:
-#
-#   1. The Gopher server (when enabled, not by default) will kill serve
-#      content via Gopher.
-#   2. However other commands cannot be called before the client will
-#      authenticate.
-#
-# So use the 'requirepass' option to protect your instance.
-#
-# Note that Gopher is not currently supported when 'io-threads-do-reads'
-# is enabled.
-#
-# To enable Gopher support, uncomment the following line and set the option
-# from no (the default) to yes.
-#
-# gopher-enabled no
-
 ############################### ADVANCED CONFIG ###############################
 
 # Hashes are encoded using a memory efficient data structure when they have a
@@ -1769,7 +1724,7 @@ hll-sparse-max-bytes 3000
 # maximum number of items it may contain before switching to a new node when
 # appending new stream entries. If any of the following settings are set to
 # zero, the limit is ignored, so for instance it is possible to set just a
-# max entries limit by setting max-bytes to 0 and max-entries to the desired
+# max entires limit by setting max-bytes to 0 and max-entries to the desired
 # value.
 stream-node-max-bytes 4096
 stream-node-max-entries 100
@@ -1944,10 +1899,6 @@ rdb-save-incremental-fsync yes
 
 ########################### ACTIVE DEFRAGMENTATION #######################
 #
-# WARNING THIS FEATURE IS EXPERIMENTAL. However it was stress tested
-# even in production and manually tested by multiple engineers for some
-# time.
-#
 # What is active defragmentation?
 # -------------------------------
 #
@@ -1959,7 +1910,7 @@ rdb-save-incremental-fsync yes
 # less so with Jemalloc, fortunately) and certain workloads. Normally a server
 # restart is needed in order to lower the fragmentation, or at least to flush
 # away all the data and create it again. However thanks to this feature
-# implemented by Oran Agra for KeyDB 4.0 this process can happen at runtime
+# implemented by Oran Agra for Redis 4.0 this process can happen at runtime
 # in a "hot" way, while the server is running.
 #
 # Basically when the fragmentation is over a certain level (see the
@@ -1987,7 +1938,7 @@ rdb-save-incremental-fsync yes
 # a good idea to leave the defaults untouched.
 
 # Enabled active defragmentation
-# activedefrag yes
+# activedefrag no
 
 # Minimum amount of fragmentation waste to start active defrag
 # active-defrag-ignore-bytes 100mb
@@ -1998,11 +1949,13 @@ rdb-save-incremental-fsync yes
 # Maximum percentage of fragmentation at which we use maximum effort
 # active-defrag-threshold-upper 100
 
-# Minimal effort for defrag in CPU percentage
-# active-defrag-cycle-min 5
+# Minimal effort for defrag in CPU percentage, to be used when the lower
+# threshold is reached
+# active-defrag-cycle-min 1
 
-# Maximal effort for defrag in CPU percentage
-# active-defrag-cycle-max 75
+# Maximal effort for defrag in CPU percentage, to be used when the upper
+# threshold is reached
+# active-defrag-cycle-max 25
 
 # Maximum number of set/hash/zset/list fields that will be processed from
 # the main dictionary scan
@@ -2024,7 +1977,7 @@ jemalloc-bg-thread yes
 # the bgsave child process. The syntax to specify the cpu list is the same as
 # the taskset command:
 #
-# Set KeyDB server/io threads to cpu affinity 0,2,4,6:
+# Set redis server/io threads to cpu affinity 0,2,4,6:
 # server_cpulist 0-7:2
 #
 # Set bio threads to cpu affinity 1,3:
@@ -2043,6 +1996,23 @@ jemalloc-bg-thread yes
 #
 # ignore-warnings ARM64-COW-BUG
 
+# The minimum number of clients on a thread before KeyDB assigns new connections to a different thread
+#  Tuning this parameter is a tradeoff between locking overhead and distributing the workload over multiple cores
+# min-clients-per-thread 50
+
+# How often to run RDB load progress callback?
+# The callback runs during key load to ping other servers and prevent timeouts.
+# It also updates load time estimates.
+# Change these values to run it more or less often. It will run when either condition is true.
+# Either when x bytes have been processed, or when x keys have been loaded.
+# loading-process-events-interval-bytes 2097152
+# loading-process-events-interval-keys 8192
+
+# Avoid forwarding RREPLAY messages to other masters?
+#   WARNING: This setting is dangerous! You must be certain all masters are connected to each
+#   other in a true mesh topology or data loss will occur!
+#   This command can be used to reduce multimaster bus traffic
+# multi-master-no-forward no
 
 # Path to directory for file backed scratchpad.  The file backed scratchpad
 # reduces memory requirements by storing rarely accessed data on disk 
@@ -2052,6 +2022,8 @@ jemalloc-bg-thread yes
 # Number of worker threads serving requests.  This number should be related to the performance
 # of your network hardware, not the number of cores on your machine.  We don't recommend going
 # above 4 at this time.  By default this is set 1.
+#
+# Note: KeyDB does not use io-threads, but io-threads is a config alias for server-threads
 server-threads 2
 
 # Should KeyDB pin threads to CPUs? By default this is disabled, and KeyDB will not bind threads.
@@ -2069,4 +2041,3 @@ server-threads 2
 
 # Enable FLASH support? (Pro Only)
 # storage-provider flash /path/to/flash/db
-

pkg/deb/conf/sentinel.conf

@@ -20,12 +20,12 @@
 # The port that this sentinel instance will run on
 port 26379
 
-# By default Redis Sentinel does not run as a daemon. Use 'yes' if you need it.
-# Note that Redis will write a pid file in /var/run/keydb-sentinel.pid when
+# By default KeyDB Sentinel does not run as a daemon. Use 'yes' if you need it.
+# Note that KeyDB will write a pid file in /var/run/keydb-sentinel.pid when
 # daemonized.
 daemonize yes
 
-# When running daemonized, Redis Sentinel writes a pid file in
+# When running daemonized, KeyDB Sentinel writes a pid file in
 # /var/run/keydb-sentinel.pid by default. You can specify a custom pid file
 # location here.
 pidfile /var/run/sentinel/keydb-sentinel.pid
@@ -59,7 +59,7 @@ logfile /var/log/keydb/keydb-sentinel.log
 
 # dir <working-directory>
 # Every long running process should have a well-defined working directory.
-# For Redis Sentinel to chdir to /tmp at startup is the simplest thing
+# For KeyDB Sentinel to chdir to /tmp at startup is the simplest thing
 # for the process to don't interfere with administrative tasks such as
 # unmounting filesystems.
 dir /var/lib/keydb
@@ -86,22 +86,34 @@ sentinel monitor mymaster 127.0.0.1 6379 2
 # sentinel auth-pass <master-name> <password>
 #
 # Set the password to use to authenticate with the master and replicas.
-# Useful if there is a password set in the Redis instances to monitor.
+# Useful if there is a password set in the KeyDB instances to monitor.
 #
 # Note that the master password is also used for replicas, so it is not
 # possible to set a different password in masters and replicas instances
 # if you want to be able to monitor these instances with Sentinel.
 #
-# However you can have Redis instances without the authentication enabled
-# mixed with Redis instances requiring the authentication (as long as the
+# However you can have KeyDB instances without the authentication enabled
+# mixed with KeyDB instances requiring the authentication (as long as the
 # password set is the same for all the instances requiring the password) as
-# the AUTH command will have no effect in Redis instances with authentication
+# the AUTH command will have no effect in KeyDB instances with authentication
 # switched off.
 #
 # Example:
 #
 # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
 
+# sentinel auth-user <master-name> <username>
+#
+# This is useful in order to authenticate to instances having ACL capabilities,
+# that is, running KeyDB 6.0 or greater. When just auth-pass is provided the
+# Sentinel instance will authenticate to KeyDB using the old "AUTH <pass>"
+# method. When also an username is provided, it will use "AUTH <user> <pass>".
+# In the KeyDB servers side, the ACL to provide just minimal access to
+# Sentinel instances, should be configured along the following lines:
+#
+#     user sentinel-user >somepassword +client +subscribe +publish \
+#                        +ping +info +multi +slaveof +config +client +exec on
+
 # sentinel down-after-milliseconds <master-name> <milliseconds>
 #
 # Number of milliseconds the master (or any attached replica or sentinel) should
@@ -112,6 +124,73 @@ sentinel monitor mymaster 127.0.0.1 6379 2
 # Default is 30 seconds.
 sentinel down-after-milliseconds mymaster 30000
 
+# IMPORTANT NOTE: starting with KeyDB 6.2 ACL capability is supported for
+# Sentinel mode, please refer to the Redis website https://redis.io/topics/acl
+# for more details.
+
+# Sentinel's ACL users are defined in the following format:
+#
+#   user <username> ... acl rules ...
+#
+# For example:
+#
+#   user worker +@admin +@connection ~* on >ffa9203c493aa99
+#
+# For more information about ACL configuration please refer to the Redis
+# website at https://redis.io/topics/acl and KeyDB server configuration 
+# template keydb.conf.
+
+# ACL LOG
+#
+# The ACL Log tracks failed commands and authentication events associated
+# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked 
+# by ACLs. The ACL Log is stored in memory. You can reclaim memory with 
+# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
+acllog-max-len 128
+
+# Using an external ACL file
+#
+# Instead of configuring users here in this file, it is possible to use
+# a stand-alone file just listing users. The two methods cannot be mixed:
+# if you configure users here and at the same time you activate the external
+# ACL file, the server will refuse to start.
+#
+# The format of the external ACL user file is exactly the same as the
+# format that is used inside keydb.conf to describe users.
+#
+# aclfile /etc/keydb/sentinel-users.acl
+
+# requirepass <password>
+#
+# You can configure Sentinel itself to require a password, however when doing
+# so Sentinel will try to authenticate with the same password to all the
+# other Sentinels. So you need to configure all your Sentinels in a given
+# group with the same "requirepass" password. Check the following documentation
+# for more info: https://redis.io/topics/sentinel
+#
+# IMPORTANT NOTE: starting with KeyDB 6.2 "requirepass" is a compatibility
+# layer on top of the ACL system. The option effect will be just setting
+# the password for the default user. Clients will still authenticate using
+# AUTH <password> as usually, or more explicitly with AUTH default <password>
+# if they follow the new protocol: both will work.
+#
+# New config files are advised to use separate authentication control for
+# incoming connections (via ACL), and for outgoing connections (via
+# sentinel-user and sentinel-pass) 
+#
+# The requirepass is not compatable with aclfile option and the ACL LOAD
+# command, these will cause requirepass to be ignored.
+
+# sentinel sentinel-user <username>
+#
+# You can configure Sentinel to authenticate with other Sentinels with specific
+# user name. 
+
+# sentinel sentinel-pass <password>
+#
+# The password for Sentinel to authenticate with other Sentinels. If sentinel-user
+# is not configured, Sentinel will use 'default' user with sentinel-pass to authenticate.
+
 # sentinel parallel-syncs <master-name> <numreplicas>
 #
 # How many replicas we can reconfigure to point to the new replica simultaneously
@@ -172,7 +251,7 @@ sentinel failover-timeout mymaster 180000
 # generated in the WARNING level (for instance -sdown, -odown, and so forth).
 # This script should notify the system administrator via email, SMS, or any
 # other messaging system, that there is something wrong with the monitored
-# Redis systems.
+# KeyDB systems.
 #
 # The script is called with just two arguments: the first is the event type
 # and the second the event description.
@@ -182,7 +261,7 @@ sentinel failover-timeout mymaster 180000
 #
 # Example:
 #
-# sentinel notification-script mymaster /var/redis/notify.sh
+# sentinel notification-script mymaster /var/keydb/notify.sh
 
 # CLIENTS RECONFIGURATION SCRIPT
 #
@@ -207,7 +286,7 @@ sentinel failover-timeout mymaster 180000
 #
 # Example:
 #
-# sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
+# sentinel client-reconfig-script mymaster /var/keydb/reconfig.sh
 
 # SECURITY
 #
@@ -218,11 +297,11 @@ sentinel failover-timeout mymaster 180000
 
 sentinel deny-scripts-reconfig yes
 
-# REDIS COMMANDS RENAMING
+# KEYDB COMMANDS RENAMING
 #
-# Sometimes the Redis server has certain commands, that are needed for Sentinel
+# Sometimes the KeyDB server has certain commands, that are needed for Sentinel
 # to work correctly, renamed to unguessable strings. This is often the case
-# of CONFIG and SLAVEOF in the context of providers that provide Redis as
+# of CONFIG and SLAVEOF in the context of providers that provide KeyDB as
 # a service, and don't want the customers to reconfigure the instances outside
 # of the administration console.
 #
@@ -239,6 +318,24 @@ sentinel deny-scripts-reconfig yes
 # SENTINEL SET can also be used in order to perform this configuration at runtime.
 #
 # In order to set a command back to its original name (undo the renaming), it
-# is possible to just rename a command to itsef:
+# is possible to just rename a command to itself:
 #
 # SENTINEL rename-command mymaster CONFIG CONFIG
+
+# HOSTNAMES SUPPORT
+#
+# Normally Sentinel uses only IP addresses and requires SENTINEL MONITOR
+# to specify an IP address. Also, it requires the KeyDB replica-announce-ip
+# keyword to specify only IP addresses.
+#
+# You may enable hostnames support by enabling resolve-hostnames. Note
+# that you must make sure your DNS is configured properly and that DNS
+# resolution does not introduce very long delays.
+#
+SENTINEL resolve-hostnames no
+
+# When resolve-hostnames is enabled, Sentinel still uses IP addresses
+# when exposing instances to users, configuration files, etc. If you want
+# to retain the hostnames when announced, enable announce-hostnames below.
+#
+SENTINEL announce-hostnames no

pkg/rpm/keydb_build/keydb_rpm/etc/keydb/sentinel.conf

@@ -20,20 +20,20 @@
 # The port that this sentinel instance will run on
 port 26379
 
-# By default Redis Sentinel does not run as a daemon. Use 'yes' if you need it.
-# Note that Redis will write a pid file in /var/run/redis-sentinel.pid when
+# By default KeyDB Sentinel does not run as a daemon. Use 'yes' if you need it.
+# Note that KeyDB will write a pid file in /var/run/keydb-sentinel.pid when
 # daemonized.
 daemonize no
 
-# When running daemonized, Redis Sentinel writes a pid file in
-# /var/run/redis-sentinel.pid by default. You can specify a custom pid file
+# When running daemonized, KeyDB Sentinel writes a pid file in
+# /var/run/keydb-sentinel.pid by default. You can specify a custom pid file
 # location here.
-pidfile /var/run/redis-sentinel.pid
+pidfile /var/run/sentinel/keydb-sentinel.pid
 
 # Specify the log file name. Also the empty string can be used to force
 # Sentinel to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile /var/log/redis/sentinel.log
+logfile /var/log/keydb/keydb-sentinel.log
 
 # sentinel announce-ip <ip>
 # sentinel announce-port <port>
@@ -59,12 +59,12 @@ logfile /var/log/redis/sentinel.log
 
 # dir <working-directory>
 # Every long running process should have a well-defined working directory.
-# For Redis Sentinel to chdir to /tmp at startup is the simplest thing
+# For KeyDB Sentinel to chdir to /tmp at startup is the simplest thing
 # for the process to don't interfere with administrative tasks such as
 # unmounting filesystems.
 dir /tmp
 
-# sentinel monitor <master-name> <ip> <redis-port> <quorum>
+# sentinel monitor <master-name> <ip> <keydb-port> <quorum>
 #
 # Tells Sentinel to monitor this master, and to consider it in O_DOWN
 # (Objectively Down) state only if at least <quorum> sentinels agree.
@@ -86,22 +86,34 @@ sentinel monitor mymaster 127.0.0.1 6379 2
 # sentinel auth-pass <master-name> <password>
 #
 # Set the password to use to authenticate with the master and replicas.
-# Useful if there is a password set in the Redis instances to monitor.
+# Useful if there is a password set in the KeyDB instances to monitor.
 #
 # Note that the master password is also used for replicas, so it is not
 # possible to set a different password in masters and replicas instances
 # if you want to be able to monitor these instances with Sentinel.
 #
-# However you can have Redis instances without the authentication enabled
-# mixed with Redis instances requiring the authentication (as long as the
+# However you can have KeyDB instances without the authentication enabled
+# mixed with KeyDB instances requiring the authentication (as long as the
 # password set is the same for all the instances requiring the password) as
-# the AUTH command will have no effect in Redis instances with authentication
+# the AUTH command will have no effect in KeyDB instances with authentication
 # switched off.
 #
 # Example:
 #
 # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
 
+# sentinel auth-user <master-name> <username>
+#
+# This is useful in order to authenticate to instances having ACL capabilities,
+# that is, running KeyDB 6.0 or greater. When just auth-pass is provided the
+# Sentinel instance will authenticate to KeyDB using the old "AUTH <pass>"
+# method. When also an username is provided, it will use "AUTH <user> <pass>".
+# In the KeyDB servers side, the ACL to provide just minimal access to
+# Sentinel instances, should be configured along the following lines:
+#
+#     user sentinel-user >somepassword +client +subscribe +publish \
+#                        +ping +info +multi +slaveof +config +client +exec on
+
 # sentinel down-after-milliseconds <master-name> <milliseconds>
 #
 # Number of milliseconds the master (or any attached replica or sentinel) should
@@ -112,6 +124,73 @@ sentinel monitor mymaster 127.0.0.1 6379 2
 # Default is 30 seconds.
 sentinel down-after-milliseconds mymaster 30000
 
+# IMPORTANT NOTE: starting with KeyDB 6.2 ACL capability is supported for
+# Sentinel mode, please refer to the Redis website https://redis.io/topics/acl
+# for more details.
+
+# Sentinel's ACL users are defined in the following format:
+#
+#   user <username> ... acl rules ...
+#
+# For example:
+#
+#   user worker +@admin +@connection ~* on >ffa9203c493aa99
+#
+# For more information about ACL configuration please refer to the Redis
+# website at https://redis.io/topics/acl and KeyDB server configuration 
+# template keydb.conf.
+
+# ACL LOG
+#
+# The ACL Log tracks failed commands and authentication events associated
+# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked 
+# by ACLs. The ACL Log is stored in memory. You can reclaim memory with 
+# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
+acllog-max-len 128
+
+# Using an external ACL file
+#
+# Instead of configuring users here in this file, it is possible to use
+# a stand-alone file just listing users. The two methods cannot be mixed:
+# if you configure users here and at the same time you activate the external
+# ACL file, the server will refuse to start.
+#
+# The format of the external ACL user file is exactly the same as the
+# format that is used inside keydb.conf to describe users.
+#
+# aclfile /etc/keydb/sentinel-users.acl
+
+# requirepass <password>
+#
+# You can configure Sentinel itself to require a password, however when doing
+# so Sentinel will try to authenticate with the same password to all the
+# other Sentinels. So you need to configure all your Sentinels in a given
+# group with the same "requirepass" password. Check the following documentation
+# for more info: https://redis.io/topics/sentinel
+#
+# IMPORTANT NOTE: starting with KeyDB 6.2 "requirepass" is a compatibility
+# layer on top of the ACL system. The option effect will be just setting
+# the password for the default user. Clients will still authenticate using
+# AUTH <password> as usually, or more explicitly with AUTH default <password>
+# if they follow the new protocol: both will work.
+#
+# New config files are advised to use separate authentication control for
+# incoming connections (via ACL), and for outgoing connections (via
+# sentinel-user and sentinel-pass) 
+#
+# The requirepass is not compatable with aclfile option and the ACL LOAD
+# command, these will cause requirepass to be ignored.
+
+# sentinel sentinel-user <username>
+#
+# You can configure Sentinel to authenticate with other Sentinels with specific
+# user name. 
+
+# sentinel sentinel-pass <password>
+#
+# The password for Sentinel to authenticate with other Sentinels. If sentinel-user
+# is not configured, Sentinel will use 'default' user with sentinel-pass to authenticate.
+
 # sentinel parallel-syncs <master-name> <numreplicas>
 #
 # How many replicas we can reconfigure to point to the new replica simultaneously
@@ -172,7 +251,7 @@ sentinel failover-timeout mymaster 180000
 # generated in the WARNING level (for instance -sdown, -odown, and so forth).
 # This script should notify the system administrator via email, SMS, or any
 # other messaging system, that there is something wrong with the monitored
-# Redis systems.
+# KeyDB systems.
 #
 # The script is called with just two arguments: the first is the event type
 # and the second the event description.
@@ -182,7 +261,7 @@ sentinel failover-timeout mymaster 180000
 #
 # Example:
 #
-# sentinel notification-script mymaster /var/redis/notify.sh
+# sentinel notification-script mymaster /var/keydb/notify.sh
 
 # CLIENTS RECONFIGURATION SCRIPT
 #
@@ -207,7 +286,7 @@ sentinel failover-timeout mymaster 180000
 #
 # Example:
 #
-# sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
+# sentinel client-reconfig-script mymaster /var/keydb/reconfig.sh
 
 # SECURITY
 #
@@ -218,11 +297,11 @@ sentinel failover-timeout mymaster 180000
 
 sentinel deny-scripts-reconfig yes
 
-# REDIS COMMANDS RENAMING
+# KEYDB COMMANDS RENAMING
 #
-# Sometimes the Redis server has certain commands, that are needed for Sentinel
+# Sometimes the KeyDB server has certain commands, that are needed for Sentinel
 # to work correctly, renamed to unguessable strings. This is often the case
-# of CONFIG and SLAVEOF in the context of providers that provide Redis as
+# of CONFIG and SLAVEOF in the context of providers that provide KeyDB as
 # a service, and don't want the customers to reconfigure the instances outside
 # of the administration console.
 #
@@ -239,6 +318,24 @@ sentinel deny-scripts-reconfig yes
 # SENTINEL SET can also be used in order to perform this configuration at runtime.
 #
 # In order to set a command back to its original name (undo the renaming), it
-# is possible to just rename a command to itsef:
+# is possible to just rename a command to itself:
 #
 # SENTINEL rename-command mymaster CONFIG CONFIG
+
+# HOSTNAMES SUPPORT
+#
+# Normally Sentinel uses only IP addresses and requires SENTINEL MONITOR
+# to specify an IP address. Also, it requires the KeyDB replica-announce-ip
+# keyword to specify only IP addresses.
+#
+# You may enable hostnames support by enabling resolve-hostnames. Note
+# that you must make sure your DNS is configured properly and that DNS
+# resolution does not introduce very long delays.
+#
+SENTINEL resolve-hostnames no
+
+# When resolve-hostnames is enabled, Sentinel still uses IP addresses
+# when exposing instances to users, configuration files, etc. If you want
+# to retain the hostnames when announced, enable announce-hostnames below.
+#
+SENTINEL announce-hostnames no