本文为mongoDB 4.0 副本集的详细安装配置文档。
1. 服务器基础环境优化
ulimit设置
1
2
3
4
5
6
7
| echo "" > /etc/security/limits.d/90-nproc.conf
echo "* hard nproc 150000" >> /etc/security/limits.d/90-nproc.conf
echo "* soft nproc 150000" >> /etc/security/limits.d/90-nproc.conf
echo "* hard nofile 250000" >> /etc/security/limits.d/90-nproc.conf
echo "* soft nofile 250000" >> /etc/security/limits.d/90-nproc.conf
echo "root soft nproc unlimited" >> /etc/security/limits.d/90-nproc.conf
|
TUP关闭
1
2
| echo "never"> /sys/kernel/mm/transparent_hugepage/defrag ;
echo "never"> /sys/kernel/mm/transparent_hugepage/enabled ;
|
tuned 安装
1
2
3
4
5
6
7
| yum install -y tuned;
service tuned start ;
chkconfig tuned on ;
service ktune start ;
chkconfig ktune on ;
tuned-adm active;
tuned-adm --list ;
|
2. 基础组件安装
1
| yum install -y numactl nc
|
3. MongoDB 安装
机器安排
1
2
3
| 192.168.11.176 primary
192.168.11.177 secondary
192.168.11.178 secondary
|
基础目录创建
1
| mkdir /data0/mongodb/5118_wxs/{data,log} -p ;
|
软件包释放
1
2
3
| tar zxvf /data0/packages/percona-server-mongodb-4.0.10-5-centos6-x86_64.tar.gz -C /usr/local/ ;
ln -sf /usr/local/percona-server-mongodb-4.0.10-5 /usr/local/mongodb ;
ln -sf /usr/local/mongodb/bin/mongo* /usr/bin/ ;
|
创建 keyFile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| cat << EOF > /data0/mongodb/5118_wxs/keyFile
o6N9mXF59nASL2WVpnjSkI9mW4q3TUE7gadL35POm29fbHHlcOdo47KYuVENEKr9
p7iuymjlz1/pxSXZoFTAGv7Mn7fLNeInlF4EQyVjMsW68f4E0acQlArZ47uUublm
63NM6Bc6awHzgWd/blJqLzL+GhZ9tngvopHkGTT5hW64MP8YscrQmjsWvJp4AzA6
coakn98MG2VvOnDWNIkPjFf56Zhw26JuDpMDQWl5Gob6M8AtqObaL3apjm+MH4uN
F87DwqoQjue53YPSH7GxXe+cZ7ywruR0DZ3vAoFP3LgjnLh8dupz7zzjPi3n+idM
FNaOzJeBadYItvrdxsUyD/Q8PG3fmNiN+cM8tkLdvhuSRdbaoJ3QVw86BXRsqjlY
Njxf9oRb/CcN/HYrRq67jLcqRC5H6t6aVCTqKxPv8wRK3Exn+G08K/UukQ3Tru8f
tNtE4/+B33XNEaqYpl/Gpe8wS+xUG4QFWRbOoQAun4hGllIQObGAalklATZYPnIB
LtIBcH04myTIYY9lrtTvisSP39pkXbjVkdhMn/LBvZpEpiz1MKwK3+gCvurMshYk
Q/gdaddyLvdZYFiWCkNFvHmvCRt5BlBDFmofhUWI30qgoRPeflx+E0MH8VYmNBCM
zmK1omF4oVfZei1POLg0OT6r5K9KcHLkePMSYLkrJLjoaKnUy+GAMsLwuJqmgHZR
sbtnWrk+D3lxVogVAg4hNbpH5a7RjtH30DEFVkiUTK43LkQm9c5BbCT/C3b26KHO
D7z43Yr87h7iMSFkNWwOn+YGw950dolEtVZcj2FdMu3dYZsVlUSweJtSAt2CuBYN
jGYsr5OGNb+Haht4GFDrZUGT4YNT42JVwYC/7hNuvWx9ZcwpgDA4RNetvGaR0lpq
6ii29RLF5s1ge9Ec1U7FlTbVbaAdeB8vBFqCvdx8PygvKLhjGYj1gabaAdPCbJsX
b/txg5KecwpVrpSLs1bRiWUEu+55
EOF
chmod 400 /data0/mongodb/5118_wxs/keyFile ;
|
创建配置文件
具体配置见文章末尾
初始化实例
三节点依次启动 mongod
1
| numactl --interleave=all mongod -f /etc/mongodb5118.conf
|
在任一节点上执行(一般在想要成为 primary 的节点操作)
1
2
3
4
5
6
7
8
9
| mongo --host localhost --port 5118
config = { _id:"5118_wxs", members:[
{_id:0,host:"192.168.11.176:5118"},
{_id:1,host:"192.168.11.177:5118"},
{_id:2,host:"192.168.11.178:5118"}]
}
rs.initiate(config)
|
账号授权
管理员账号创建
1
2
| use admin;
db.createUser({user:'root',pwd:'123#', roles:[{role:'root', db:'admin'}]})
|
普通库账号创建(需要重启实例)
4.0开始需要退出当前终端,使用认证的方式重新连接,否则报错 command insert requires authentication。
生产库
1
2
3
| mongo --host=192.168.11.176 -uroot -p"123#" --port=5118 --authenticationDatabase=admin
use wxs_demo_com;
db.demo.insert({"age":1});
|
单库授权
1
2
3
4
5
6
7
| db.createUser(
{
user:"wxs_prod_user",
pwd:"S2O7c288XRcDwnHa",
roles:[{role:"readWrite",db:"wxs_demo_com"}]
}
)
|
多库授权
1
2
3
4
5
6
7
8
9
10
11
| db.createUser(
{
user:"udc_thread_prod_user",
pwd:"OrTJArtNp20DHzYS",
roles:[{role:"readWrite",db:"advertisement"},
{role:"readWrite",db:"easylive"},
{role:"readWrite",db:"commentService"},
{role:"readWrite",db:"wechatThirdPlatform"},
{role:"readWrite",db:"elog"},]
}
)
|
1
| mongo --host=192.168.11.106 -uwxs_bch_user -p"VvpRuuk6kdemoPMz" --port=51060 --authenticationDatabase=bch_wxs_demo_com;
|
测试库
1
2
3
4
5
6
7
8
9
10
| goto_mongo_51060
use bch_wxs_demo_com;
db.demo.insert({"age":1});
db.createUser(
{
user:"wxs_bch_user",
pwd:"VvpRuuk6kdemoPMz",
roles:[{role:"readWrite",db:"bch_wxs_demo_com"}]
}
)
|
追加权限(可选)
1
2
3
4
| db.grantRolesToUser(
"udc_thread_prod_user",
[ { role: "dbAdmin", db: "udc_thread_demo_com" } ]
)
|
重启实例(可选)
1
| kill -9 `ps -ef|grep 5118|grep -v grep |awk '{print $2}'`
|
或者
1
2
3
| use admin ;
db.shutdownServer() ;
numactl --interleave=all mongod -f /etc/mongodb5118.conf
|
降级(可选)
手动rs.stepDown() 将当前主节点降级成从节点。
优先级设定(可选)
1
2
3
4
5
| cfg = rs.conf()
cfg.members[0].priority = 2
cfg.members[1].priority = 1
cfg.members[2].priority = 1
rs.reconfig(cfg)
|
验证
1
2
3
4
5
6
7
8
9
| mongo --host=192.168.11.176 -u root -p"123#" --port=5118 --authenticationDatabase=admin;
mongo --host=192.168.11.176 -u wxs_prod_user -p"S2O7c288XRcDwnHa" --port=5118 --authenticationDatabase=wxs_demo_com;
mongo --host=192.168.11.106 -u wxs_bch_user -p"VvpRuuk6kdemoPMz" --port=51060 --authenticationDatabase=bch_wxs_demo_com;
|
输出样例
生产库
——–项目 wxs.demo.com 生产环境MongoDB数据库配置信息 ———-
1.数据库配置清单如下:
##MongoDB(副本集):
replicaSet_name:5118_wxs
seeds: a5118.yz.wxs.grid.house.demo.com.cn, b5118.yz.wxs.grid.house.demo.com.cn, c5118.yz.wxs.grid.house.demo.com.cn
db_name: wxs_demo_com
db_port: 5118
username: wxs_prod_user
pwd: S2O7c288XRcDwnHa
authenticationDatabase: wxs_demo_com
2.域名解析
a5118.yz.wxs.grid.house.demo.com.cn 192.168.11.176
b5118.yz.wxs.grid.house.demo.com.cn 192.168.11.177
c5118.yz.wxs.grid.house.demo.com.cn 192.168.11.178
测试库
——–项目 wxs.bch.demo.com 测试环境MongoDB数据库配置信息 ———-
##MongoDB(副本集):
replicaSet_name:51060_bch_hcrm
seeds: 192.168.11.106, 192.168.11.112, 192.168.11.120
db_name: bch_wxs_demo_com
db_port: 51060
username: wxs_bch_user
pwd: VvpRuuk6kdemoPMz
authenticationDatabase: bch_wxs_demo_com
配置模板
需要修改 bindIp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
| cat << EOF > /etc/mongodb5118.conf
## base on mongodb4.0
# https://docs.mongodb.com/manual/reference/configuration-options/#systemlog-options
#Author xxj
#Date: 2018-11-16
#ps:
#if reconifg on another server,you will rewrite these items:
#systemLog.path
#net.port
#net.bindIp
#processManagement.pidFilePath
#security.keyFile
#storage.dbPath
#replication.replSetName
systemLog:
verbosity: 0 #default 0 ,debug:1-5
quiet: false
traceAllExceptions: true
#syslogFacility: <string>
path: /data0/mongodb/5118_wxs/log/mongod.log
logAppend: true
logRotate: rename #default
destination: file
timeStampFormat: iso8601-local #default
component:
accessControl:
verbosity: 0 #default 0 ,debug:1-5
command:
verbosity: 0
control:
verbosity: 0
ftdc:
verbosity: 0
geo:
verbosity: 0
index:
verbosity: 0
network:
verbosity: 0
query:
verbosity: 0
replication:
verbosity: 0
heartbeats:
verbosity: 0
rollback:
verbosity: 0
sharding:
verbosity: 0
storage:
verbosity: 0
journal:
verbosity: 0
recovery: #new in 4.0
verbosity: 0 #new in 4.0
transaction:
verbosity: 0 #new in 4.0.2.
write:
verbosity: 0
processManagement:
fork: true
pidFilePath: /data0/mongodb/5118_wxs/mongod_5118.pid
#timeZoneInfo: <string>
#cloud: #New in version 4.0. Available for MongoDB Community Edition.
# monitoring:
# free:
# state: runtime #runtime(default) ,on ,off
# #tag: <string>
net:
port: 5118
bindIp: 127.0.0.1, 192.168.11.176
#bindIpAll: false #false(default) net.bindIp and net.bindIpAll are mutually exclusive.
maxIncomingConnections: 3000
wireObjectCheck: true
#ipv6: <boolean>
unixDomainSocket:
enabled: true #true(default)
pathPrefix: /tmp #default: /tmp
filePermissions: 0700 #default: 0700
#ssl:
#sslOnNormalPorts: <boolean> # deprecated since 2.6
#mode: <string>
#PEMKeyFile: <string>
#PEMKeyPassword: <string>
#certificateSelector: <string>
#clusterCertificateSelector: <string>
#clusterFile: <string>
#clusterPassword: <string>
#CAFile: <string>
#clusterCAFile: <string>
#CRLFile: <string>
#allowConnectionsWithoutCertificates: <boolean>
#allowInvalidCertificates: <boolean>
#allowInvalidHostnames: <boolean>
#disabledProtocols: <string>
#FIPSMode: <boolean>
compression:
compressors: snappy #snappy(default),zlib
serviceExecutor: synchronous #synchronous(default),adaptive
security:
keyFile: /data0/mongodb/5118_wxs/keyFile
clusterAuthMode: keyFile #keyFile sendKeyFile sendX509 x509
authorization: enabled #disabled(default) enabled
transitionToAuth: false #false(default)
javascriptEnabled: true #true(default)
#redactClientLogData: false # false(default),Available in MongoDB Enterprise only.
storage:
dbPath: /data0/mongodb/5118_wxs/data
#indexBuildRetry: true #true(default) cannot be used in conjunction with replication.replSetName
#repairPath: <string> #for MMAPv1 only
journal:
enabled: true #true(default)
commitIntervalMs: 100 #wt default:100
directoryPerDB: true
syncPeriodSecs: 60 #default 60,Do not change this value on production systems
engine: wiredTiger
#mmapv1:
# preallocDataFiles: <boolean>
# nsSize: <int>
# quota:
# enforced: <boolean>
# maxFilesPerDB: <int>
# smallFiles: <boolean>
# journal:
# debugFlags: <int>
# commitIntervalMs: <num>
wiredTiger:
engineConfig:
cacheSizeGB: 10 #>10 for prod
journalCompressor: snappy #none snappy(default) zlib
directoryForIndexes: false #false(default)
collectionConfig:
blockCompressor: snappy #none snappy(default) zlib
indexConfig:
prefixCompression: true #true(default)
#inMemory:
# engineConfig:
# inMemorySizeGB: <number>
operationProfiling:
mode: slowOp # off(default) slowOp all
slowOpThresholdMs: 1000 #default 100
slowOpSampleRate: 1.0 #0-1,default 1 Type: double
replication:
oplogSizeMB: 20480 #20G
replSetName: 5118_wxs
#secondaryIndexPrefetch: <string> #for mmapv1 only
enableMajorityReadConcern: true #true(default) from 3.6 ,In general,avoid disable it
#sharding:
# clusterRole: shardsvr # configsvr shardsvr
# archiveMovedChunks: false #Starting in 3.2,false(default)
#auditLog:
# destination: <string>
# format: <string>
# path: <string>
# filter: <string>
#snmp:
# subagent: <boolean>
# master: <boolean>
##### mongos-only Options begin #####
#replication:
# localPingThresholdMs: 15 #default: 15
#sharding:
# configDB: <string> #<configReplSetName>/cfg1.example.net:27017, cfg2.example.net:27017,...
##### mongos-only Options end #####
EOF
|
