MongoDB 4.0 配置文件解读
Core Options
4.0 新增
cloud Options +
mongos-only Options +
去掉
Text Search Options
systemLog Options
systemLog:
verbosity:
quiet:
traceAllExceptions:
syslogFacility:
path:
logAppend:
logRotate:
destination:
timeStampFormat:
component:
accessControl:
verbosity:
command:
verbosity:
# COMMENT additional component verbosity settings omitted for brevity
systemLog.verbosity
Type: integer
Default: 0
在 3.0 版更改.
The default log message verbosity level for components. The verbosity level determines the amount of Informational and Debug messages MongoDB outputs.
组件的默认日志消息详细级别。详细级别确定MongoDB输出的信息和调试消息的数量。
The verbosity level can range from 0 to 5:
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.quiet
Type: boolean
静默输出。不建议用于生产系统。
systemLog.traceAllExceptions
Type: boolean
Print verbose information for debugging. Use for additional logging for support-related troubleshooting.
打印详细信息以进行调试。用于支持相关故障排除的其他日志记录。
systemLog.syslogFacility
Type: string
Default: user
The facility level used when logging messages to syslog. The value you specify must be supported by your operating system’s implementation of syslog. To use this option, you must enable the –syslog option.
将消息记录到syslog时使用的设施级别。您指定的值必须由操作系统的syslog实现支持。要使用此选项,必须启用–syslog选项。
systemLog.path
Type: string
The path of the log file to which mongod or mongos should send all diagnostic logging information, rather than the standard output or the host’s syslog. MongoDB creates the log file at the specified path.
mongod或mongos应向其发送所有诊断日志记录信息的日志文件的路径,而不是标准输出或主机的syslog。 MongoDB在指定的路径上创建日志文件。
systemLog.logAppend
Type: boolean
Default: False
When true, mongos or mongod appends new entries to the end of the existing log file when the mongos or mongod instance restarts. Without this option, mongod will back up the existing log and create a new file.
为true,则当mongos或mongod实例重新启动时,mongos或mongod会将新条目附加到现有日志文件的末尾。为false,mongod将备份现有日志并创建新文件。
systemLog.logRotate
Type: string
Default: rename
3.0.0 新版功能.
The behavior for the logRotate command. Specify either rename or reopen:
rename renames the log file.
reopen closes and reopens the log file following the typical Linux/Unix log rotate behavior. Use reopen when using the Linux/Unix logrotate utility to avoid log loss.
If you specify reopen, you must also set systemLog.logAppend to true.
systemLog.destination
Type: string
The destination to which MongoDB sends all log output. Specify either file or syslog. If you specify file, you must also specify systemLog.path.
If you do not specify systemLog.destination, MongoDB sends all log output to standard output.
MongoDB发送所有日志输出的目标。指定文件或syslog。如果指定file,则还必须指定systemLog.path。
如果未指定systemLog.destination,MongoDB会将所有日志输出发送到标准输出。
systemLog.timeStampFormat
Type: string
Default: iso8601-local
The time format for timestamps in log messages. Specify one of the following values:
日志消息中时间戳的时间格式。指定以下值之一
Value Description
ctime Displays timestamps as Wed Dec 31 18:17:54.811.
iso8601-utc Displays timestamps in Coordinated Universal Time (UTC) in the ISO-8601 format. For example, for New York at the start of the Epoch: 1970-01-01T00:00:00.000Z
iso8601-local Displays timestamps in local time in the ISO-8601 format. For example, for New York at the start of the Epoch: 1969-12-31T19:00:00.000-0500
systemLog.component Options
systemLog:
component:
accessControl:
verbosity:
command:
verbosity:
# COMMENT some component verbosity settings omitted for brevity
storage:
verbosity:
journal:
verbosity:
write:
verbosity:
systemLog.component.accessControl.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to access control. See ACCESS components.
The verbosity level can range from 0 to 5:
与访问控制相关的组件的日志消息详细级别.
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.command.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to commands. See COMMAND components.
The verbosity level can range from 0 to 5:
与命令相关的组件的日志消息详细级别。
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.control.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to control operations. See CONTROL components.
The verbosity level can range from 0 to 5:
与控制操作相关的组件的日志消息详细级别。
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.ftdc.verbosity
Type: integer
Default: 0
3.2 新版功能.
The log message verbosity level for components related to diagnostic data collection operations. See FTDC components.
The verbosity level can range from 0 to 5:
与诊断数据收集操作相关的组件的日志消息详细级别
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.geo.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to geospatial parsing operations. See GEO components.
The verbosity level can range from 0 to 5:
与地理空间解析操作相关的组件的日志消息详细级别
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.index.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to indexing operations. See INDEX components.
The verbosity level can range from 0 to 5:
与索引操作相关的组件的日志消息详细级别
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.network.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to networking operations. See NETWORK components.
与网络相关的组件的日志消息详细级别
The verbosity level can range from 0 to 5:
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.query.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to query operations. See QUERY components.
The verbosity level can range from 0 to 5:
与查询操作相关的组件的日志消息详细级别
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.replication.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to replication. See REPL components.
The verbosity level can range from 0 to 5:
与复制相关的组件的日志消息详细级别
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.sharding.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to sharding. See SHARDING components.
The verbosity level can range from 0 to 5:
与分片相关的组件的日志消息详细级别
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.storage.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to storage. See STORAGE components.
If systemLog.component.storage.journal.verbosity is unset, systemLog.component.storage.verbosity level also applies to journaling components.
The verbosity level can range from 0 to 5:
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.storage.journal.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to journaling. See JOURNAL components.
If systemLog.component.storage.journal.verbosity is unset, the journaling components have the same verbosity level as the parent storage components: i.e. either the systemLog.component.storage.verbosity level if set or the default verbosity level.
The verbosity level can range from 0 to 5:
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
systemLog.component.write.verbosity
Type: integer
Default: 0
3.0 新版功能.
The log message verbosity level for components related to write operations. See WRITE components.
The verbosity level can range from 0 to 5:
与写操作相关的组件的日志消息详细级别
0 is the MongoDB’s default log verbosity level, to include Informational messages.
1 to 5 increases the verbosity level to include Debug messages.
processManagement Options
processManagement:
fork:
pidFilePath:
processManagement.fork
Type: boolean
Default: False
Enable a daemon mode that runs the mongos or mongod process in the background. By default mongos or mongod does not run as a daemon: typically you will run mongos or mongod as a daemon, either by using processManagement.fork or by using a controlling process that handles the daemonization process (e.g. as with upstart and systemd).
启用在后台运行mongos或mongod进程的守护程序模式。默认情况下,mongos或mongod不作为守护程序运行:通常使用processManagement.fork或使用处理守护进程的控制进程(例如upstart和systemd)运行mongos或mongod作为守护程序。
The Linux package init scripts do not expect processManagement.fork to change from the defaults. If you use the Linux packages and change processManagement.fork, you will have to use your own init scripts and disable the built-in scripts.
processManagement.pidFilePath
Type: string
Specifies a file location to hold the process ID of the mongos or mongod process where mongos or mongod will write its PID. This is useful for tracking the mongos or mongod process in combination with the –fork option. Without a specified processManagement.pidFilePath option, the process creates no PID file.
指定用于保存mongos或mongod进程的进程ID的文件位置,其中mongos或mongod将写入其PID。这对于跟踪mongos或mongod进程以及–fork选项非常有用。如果没有指定的processManagement.pidFilePath选项,则该进程不会创建PID文件。
net Options
net:
port:
bindIp:
bindIpAll:
maxIncomingConnections:
wireObjectCheck:
ipv6:
unixDomainSocket:
enabled:
pathPrefix:
filePermissions:
ssl:
sslOnNormalPorts:
certificateSelector:
clusterCertificateSelector:
mode:
PEMKeyFile:
PEMKeyPassword:
clusterFile:
clusterPassword:
CAFile:
clusterCAFile:
CRLFile:
allowConnectionsWithoutCertificates:
allowInvalidCertificates:
allowInvalidHostnames:
disabledProtocols:
FIPSMode:
compression:
compressors:
serviceExecutor:
net.port
Type: integer
Default: 27017
The TCP port on which the MongoDB instance listens for client connections.
net.bindIp
Type: string
Default: localhost
NOTE
Starting in MongoDB 3.6, mongos and mongod bind to localhost by default. See Default Bind to Localhost.
从MongoDB 3.6开始,mongos和mongod默认绑定到localhost。
EXAMPLE
localhost,/tmp/mongod.sock
TIP
When possible, use a logical DNS hostname instead of an ip address, particularly when configuring replica set members or sharded cluster members. The use of logical DNS hostnames avoids configuration changes due to ip address changes.
如果可能,请使用逻辑DNS主机名而不是IP地址,尤其是在配置副本集成员或分片集群成员时。逻辑DNS主机名的使用避免了由于IP地址更改而导致的配置更改。
To bind to all IPv4 addresses, enter 0.0.0.0.
To bind to all IPv4 and IPv6 addresses, enter ::,0.0.0.0 or alternatively, use the net.bindIpAll setting.
net.bindIpAll
Type: boolean
Default: False
New in version 3.6.
If true, the mongos and mongod instance binds to all ip addresses. When attaching mongos and mongod to a publicly accessible interface, ensure that you have implemented proper authentication and firewall restrictions to protect the integrity of your database.
对所有ip开放访问权限。
Alternatively, set the net.bindIp setting to ::,0.0.0.0 to bind to all IP addresses.
NOTE
net.bindIp and net.bindIpAll are mutually exclusive. That is, you can specify one or the other, but not both.
net.bindIp和net.bindIpAll是互斥的
net.maxIncomingConnections
Type: integer
Default: 65536
The maximum number of simultaneous connections that mongos or mongod will accept. This setting has no effect if it is higher than your operating system’s configured maximum connection tracking threshold.
mongos或mongod将接受的最大同时连接数。如果此设置高于操作系统配置的最大连接跟踪阈值,则此设置无效。
Do not assign too low of a value to this option, or you will encounter errors during normal application operation.
This is particularly useful for a mongos if you have a client that creates multiple connections and allows them to timeout rather than closing them.
In this case, set maxIncomingConnections to a value slightly higher than the maximum number of connections that the client creates, or the maximum size of the connection pool.
This setting prevents the mongos from causing connection spikes on the individual shards. Spikes like these may disrupt the operation and memory allocation of the sharded cluster.
此设置可防止mongos在各个分片上引起连接尖峰。这些尖峰可能会破坏分片群集的操作和内存分配。
net.wireObjectCheck
Type: boolean
Default: True
When true, the mongod or mongos instance validates all requests from clients upon receipt to prevent clients from inserting malformed or invalid BSON into a MongoDB database.
如果为true,则mongod或mongos实例会在收到客户端时验证所有来自客户端的请求,以防止客户端将格式错误或无效的BSON插入MongoDB数据库。
net.ipv6
Type: boolean
Default: False
Removed in version 3.0.
Enables or disables IPv6 support. mongos or mongod disables IPv6 support by default.
默认不支持ipv6.
net.unixDomainSocket Options
net:
unixDomainSocket:
enabled:
pathPrefix:
filePermissions:
net.unixDomainSocket.enabled
Type: boolean
Default: True
Enable or disable listening on the UNIX domain socket. net.unixDomainSocket.enabled applies only to Unix-based systems.
启用或禁用UNIX域套接字上的侦听。
When net.unixDomainSocket.enabled is true, mongos or mongod listens on the UNIX socket.
The mongos or mongod process always listens on the UNIX socket unless one of the following is true:
- net.unixDomainSocket.enabled is false
- –nounixsocket is set. The command line option takes precedence over the configuration file setting.
- net.bindIp is not set
- net.bindIp does not specify localhost
2.6 新版功能: mongos or mongod installed from official .deb and .rpm packages have the bind_ip configuration set to 127.0.0.1 by default.
net.unixDomainSocket.pathPrefix
Type: string
Default: /tmp
The path for the UNIX socket. net.unixDomainSocket.pathPrefix applies only to Unix-based systems.
UNIX套接字的路径。
If this option has no value, the mongos or mongod process creates a socket with /tmp as a prefix. MongoDB creates and listens on a UNIX socket unless one of the following is true:
如果此选项没有值,则mongos或mongod进程会创建一个以/ tmp作为前缀的套接字。 MongoDB在UNIX套接字上创建和侦听,除非满足以下条件之一
- net.unixDomainSocket.enabled is false
- –nounixsocket is set.
- net.bindIp is not set
- net.bindIp does not specify localhost
net.unixDomainSocket.filePermissions
Type: int
Default: 0700
Sets the permission for the UNIX domain socket file.
套接字权限。
net.http Options
net:
http:
enabled:
JSONPEnabled:
RESTInterfaceEnabled:
警告
Ensure that the HTTP status interface, the REST API, and the JSON API are all disabled in production environments to prevent potential data exposure and vulnerability to attackers.
确保在生产环境中禁用HTTP状态界面,REST API和JSON API,以防止潜在的数据暴露和攻击者的漏洞。
net.http Options
Changed in version 3.6: MongoDB 3.6 removes the deprecated net.http options. The options have been deprecated since version 3.2.
在版本3.6中更改:MongoDB 3.6删除了已弃用的net.http选项。自3.2版以来,这些选项已被弃用。
net.ssl Options
net:
ssl:
sslOnNormalPorts:
mode:
PEMKeyFile:
PEMKeyPassword:
certificateSelector:
clusterCertificateSelector:
clusterFile:
clusterPassword:
CAFile:
clusterCAFile:
CRLFile:
allowConnectionsWithoutCertificates:
allowInvalidCertificates:
allowInvalidHostnames:
disabledProtocols:
FIPSMode:
net.ssl.sslOnNormalPorts
Type: boolean
Deprecated since version 2.6: Use net.ssl.mode: requireSSL instead.
Enable or disable TLS/SSL for mongos or mongod.
With net.ssl.sslOnNormalPorts, a mongos or mongod requires TLS/SSL encryption for all connections on the default MongoDB port, or the port specified by net.port. By default, net.ssl.sslOnNormalPorts is disabled.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.mode
Type: string
New in version 2.6.
Enable or disable TLS/SSL or mixed TLS/SSL used for all network connections. The argument to the net.ssl.mode setting can be one of the following:
Value Description
disabled The server does not use TLS/SSL.
allowSSL Connections between servers do not use TLS/SSL. For incoming connections, the server accepts both TLS/SSL and non-TLS/non-SSL.
preferSSL Connections between servers use TLS/SSL. For incoming connections, the server accepts both TLS/SSL and non-TLS/non-SSL.
requireSSL The server uses and accepts only TLS/SSL encrypted connections.
Starting in version 3.4, if –sslCAFile or ssl.CAFile is not specified and you are not using x.509 authentication, the system-wide CA certificate store will be used when connecting to an TLS/SSL-enabled server.
If using x.509 authentication, –sslCAFile or ssl.CAFile must be specified unless using –sslCertificateSelector.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.PEMKeyFile
Type: string
NOTE
Starting in 4.0, on macOS or Windows, you can use a certificate from the operating system’s secure store instead of a PEM key file. See net.ssl.certificateSelector.
The .pem file that contains both the TLS/SSL certificate and key.
On Linux/BSD, you must specify net.ssl.PEMKeyFile when TLS/SSL is enabled.
On Windows or macOS, you must specify either net.ssl.PEMKeyFile or net.ssl.certificateSelector when TLS/SSL is enabled.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.PEMKeyPassword
Type: string
The password to de-crypt the certificate-key file (i.e. PEMKeyFile). Use the net.ssl.PEMKeyPassword option only if the certificate-key file is encrypted. In all cases, the mongos or mongod will redact the password from all logging and reporting output.
Starting in MongoDB 4.0:
On Linux/BSD, if the private key in the PEM file is encrypted and you do not specify the net.ssl.PEMKeyPassword option, MongoDB will prompt for a passphrase. See TLS/SSL Certificate Passphrase.
On macOS or Windows, if the private key in the PEM file is encrypted, you must explicitly specify the net.ssl.PEMKeyPassword option. Alternatively, you can use a certificate from the secure system store (see net.ssl.certificateSelector) instead of a PEM key file or use an unencrypted PEM file.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.certificateSelector
Type: string
New in version 4.0: Available on Windows and macOS as an alternative to net.ssl.PEMKeyFile.
net.ssl.PEMKeyFile and net.ssl.certificateSelector options are mutually exclusive. You can only specify one.
Specifies a certificate property in order to select a matching certificate from the operating system’s certificate store.
net.ssl.certificateSelector accepts an argument of the format
Property Value type Description
subject ASCII string Subject name or common name on certificate
thumbprint hex string
A sequence of bytes, expressed as hexadecimal, used to identify a public key by its SHA-1 digest.
The thumbprint is sometimes referred to as a fingerprint.
net.ssl.clusterCertificateSelector
Type: string
New in version 4.0: Available on Windows and macOS as an alternative to net.ssl.clusterFile.
net.ssl.clusterFile and net.ssl.clusterCertificateSelector options are mutually exclusive. You can only specify one.
Specifies a certificate property in order to select a matching certificate from the operating system’s certificate store to use for internal authentication.
net.ssl.clusterCertificateSelector accepts an argument of the format
Property Value type Description
subject ASCII string Subject name or common name on certificate
thumbprint hex string
A sequence of bytes, expressed as hexadecimal, used to identify a public key by its SHA-1 digest.
The thumbprint is sometimes referred to as a fingerprint.
net.ssl.clusterFile
Type: string
NOTE
Starting in 4.0, on macOS or Windows, you can use a certificate from the operating system’s secure store instead of a PEM key file. See net.ssl.clusterCertificateSelector.
The .pem file that contains the x.509 certificate-key file for membership authentication for the cluster or replica set.
If net.ssl.clusterFile does not specify the .pem file for internal cluster authentication or the alternative net.ssl.clusterCertificateSelector, the cluster uses the .pem file specified in the PEMKeyFile setting or the certificate returned by the net.ssl.certificateSelector.
If using x.509 authentication, –sslCAFile or ssl.CAFile must be specified unless using –sslCertificateSelector.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.clusterPassword
Type: string
New in version 2.6.
The password to de-crypt the x.509 certificate-key file specified with –sslClusterFile. Use the net.ssl.clusterPassword option only if the certificate-key file is encrypted. In all cases, the mongos or mongod will redact the password from all logging and reporting output.
Starting in MongoDB 4.0:
On Linux/BSD, if the private key in the x.509 file is encrypted and you do not specify the net.ssl.clusterPassword option, MongoDB will prompt for a passphrase. See TLS/SSL Certificate Passphrase.
On macOS or Windows, if the private key in the x.509 file is encrypted, you must explicitly specify the net.ssl.clusterPassword option. Alternatively, you can either use a certificate from the secure system store (see net.ssl.clusterCertificateSelector) instead of a cluster PEM file or use an unencrypted PEM file.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.CAFile
Type: string
The .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using relative or absolute paths.
Starting in 4.0, on macOS or Windows, you can use a certificate from the operating system’s secure store instead of a PEM key file. See net.ssl.certificateSelector. When using the secure store, you do not need to, but can, also specify the net.ssl.CAFile.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.clusterCAFile
Type: string
New in version 4.0.3.
The .pem file that contains the root certificate chain from the Certificate Authority used to validate the certificate presented by a client establishing a connection. Specify the file name of the .pem file using relative or absolute paths.
If net.ssl.clusterCAFile does not specify the .pem file for validating the certificate from a client establishing a connection, the cluster uses the .pem file specified in the net.ssl.CAFile option.
net.ssl.clusterCAFile lets you use separate Certificate Authorities to verify the client to server and server to client portions of the TLS handshake.
Starting in 4.0, on macOS or Windows, you can use a certificate from the operating system’s secure store instead of a PEM key file. See net.ssl.clusterCertificateSelector. When using the secure store, you do not need to, but can, also specify the net.ssl.clusterCAFile.
Requires that net.ssl.CAFile is set.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.CRLFile
Type: string
The the .pem file that contains the Certificate Revocation List. Specify the file name of the .pem file using relative or absolute paths.
NOTE
Starting in MongoDB 4.0, you cannot specify net.ssl.CRLFile on macOS. Use net.ssl.certificateSelector instead.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.allowConnectionsWithoutCertificates
Type: boolean
For clients that do not present certificates, mongos or mongod bypasses TLS/SSL certificate validation when establishing the connection.
For clients that present a certificate, however, mongos or mongod performs certificate validation using the root certificate chain specified by CAFile and reject clients with invalid certificates.
Use the net.ssl.allowConnectionsWithoutCertificates option if you have a mixed deployment that includes clients that do not or cannot present certificates to the mongos or mongod.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.allowInvalidCertificates
Type: boolean
Enable or disable the validation checks for TLS/SSL certificates on other servers in the cluster and allows the use of invalid certificates to connect.
NOTE
Starting in MongoDB 4.0, if you specify –sslAllowInvalidCertificates or ssl.allowInvalidCertificates: true when using x.509 authentication, an invalid certificate is only sufficient to establish a TLS/SSL connection but is insufficient for authentication.
When using the net.ssl.allowInvalidCertificates setting, MongoDB logs a warning regarding the use of the invalid certificate.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.allowInvalidHostnames
Type: boolean
Default: False
New in version 3.0.
When net.ssl.allowInvalidHostnames is true, MongoDB disables the validation of the hostnames in TLS/SSL certificates, allowing mongod to connect to MongoDB instances if the hostname their certificates do not match the specified hostname.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
net.ssl.disabledProtocols
Type: string
New in version 3.0.7.
Prevents a MongoDB server running with TLS/SSL from accepting incoming connections that use a specific protocol or protocols. To specify multiple protocols, use a comma separated list of protocols.
net.ssl.disabledProtocols recognizes the following protocols: TLS1_0, TLS1_1, TLS1_2, and starting in version 4.0.4 (and 3.6.9), TLS1_3.
On macOS, you cannot disable TLS1_1 and leave both TLS1_0 and TLS1_2 enabled. You must disable at least one of the other two, for example, TLS1_0,TLS1_1.
To list multiple protocols, specify as a comma separated list of protocols. For example TLS1_0,TLS1_1.
Specifying an unrecognized protocol will prevent the server from starting.
The specified disabled protocols overrides any default disabled protocols.
Starting in version 4.0, MongoDB disables the use of TLS 1.0 if TLS 1.1+ is available on the system. To enable the disabled TLS 1.0, specify none to net.ssl.disabledProtocols. See Disable TLS 1.0.
Members of replica sets and sharded clusters must speak at least one protocol in common.
SEE ALSO
Disallow Protocols
net.ssl.FIPSMode
Type: boolean
Enable or disable the use of the FIPS mode of the TLS/SSL library for the mongos or mongod. Your system must have a FIPS compliant library to use the net.ssl.FIPSMode option.
NOTE
FIPS-compatible TLS/SSL is available only in MongoDB Enterprise. See Configure MongoDB for FIPS for more information.
net.compression Option
net:
compression:
compressors:
net.compression.compressors
Type:
New in version 3.4.
Changed in version 3.6:
Add support for zlib compressor.
Enabled by default. To disable, set to disabled.
默认情况下启用
Enables network compression for communication between this mongod or mongos instance and:
- other members in the deployment, if a member of a replica set or a sharded cluster
- a mongo shell
- drivers that support the OP_COMPRESSED message format.
IMPORTANT
Messages are compressed when both parties enable network compression. Otherwise, messages between the parties are uncompressed.
当双方都启用网络压缩时,将压缩消息。否则,各方之间的消息将被解压缩。
You can specify the following compressors:
- snappy (Default)
- zlib
If you specify multiple compressors, then the order in which you list the compressors matter as well as the communication initiator. For example, if a mongo shell specifies the following network compressors zlib,snappy and the mongod specifies snappy,zlib, messages between mongo shell and mongod uses zlib.
如果指定多个压缩器,则列出压缩器的顺序以及通信发起者有关。例如,如果mongo shell指定以下网络压缩器zlib,snappy和mongod指定snappy,zlib,mongo shell和mongod之间的消息使用zlib。
If the parties do not share at least one common compressor, messages between the parties are uncompressed. For example, if a mongo shell specifies the network compressor zlib and mongod specifies snappy, messages between mongo shell and mongod are not compressed.
如果各方没有相同的压缩器,则各方之间的消息是未压缩的。
net.serviceExecutor
Type: string
Default: synchronous
New in version 3.6.
Determines the threading and execution model mongos or mongod uses to execute client requests. The –serviceExecutor option accepts one of the following values:
确定mongos或mongod用于执行客户端请求的线程和执行模型。 –serviceExecutor选项接受以下值之一:
Value Description
synchronous The mongos or mongod uses synchronous networking and manages its networking thread pool on a per connection basis. Previous versions of MongoDB managed threads in this way.
mongos或mongod使用同步网络并基于每个连接管理其网络线程池。以前版本的MongoDB以这种方式管理线程。
adaptive The mongos or mongod uses the new experimental asynchronous networking mode with an adaptive thread pool which manages threads on a per request basis. This mode should have more consistent performance and use less resources when there are more inactive connections than database requests.
mongos或mongod使用新的实验性异步网络模式和自适应线程池,该线程池基于每个请求管理线程。当存在比数据库请求更多的非活动连接时,此模式应具有更一致的性能并使用更少的资源。
security Options
security:
keyFile:
clusterAuthMode:
authorization:
transitionToAuth:
javascriptEnabled:
redactClientLogData:
sasl:
hostName:
serviceName:
saslauthdSocketPath:
enableEncryption:
encryptionCipherMode:
encryptionKeyFile:
kmip:
keyIdentifier:
rotateMasterKey:
serverName:
port:
clientCertificateFile:
clientCertificatePassword:
clientCertificateSelector:
serverCAFile:
ldap:
servers:
bind:
method:
saslMechanisms:
queryUser:
queryPassword:
useOSDefaults:
transportSecurity:
timeoutMS:
userToDNMapping:
authz:
queryTemplate:
略 https://docs.mongodb.com/manual/reference/configuration-options/#net-options
setParameter Option
Set MongoDB parameter or parameters described in MongoDB Server Parameters
To set parameters in the YAML configuration file, use the following format:
setParameter:
storage Options
storage:
dbPath:
indexBuildRetry:
repairPath:
journal:
enabled:
commitIntervalMs:
directoryPerDB:
syncPeriodSecs:
engine:
mmapv1:
preallocDataFiles:
nsSize:
quota:
enforced:
maxFilesPerDB:
smallFiles:
journal:
debugFlags:
commitIntervalMs:
wiredTiger:
engineConfig:
cacheSizeGB:
journalCompressor:
directoryForIndexes:
collectionConfig:
blockCompressor:
indexConfig:
prefixCompression:
inMemory:
engineConfig:
inMemorySizeGB:
storage.dbPath
Type: string
Default: /data/db on Linux and macOS, \data\db on Windows
The directory where the mongod instance stores its data.
数据目录
storage.indexBuildRetry
Type: boolean
Default: True
Specifies whether mongod rebuilds incomplete indexes on the next start up. This applies in cases where mongod restarts after it has shut down or stopped in the middle of an index build. In such cases, mongod always removes any incomplete indexes, and then, by default, attempts to rebuild them. To stop mongod from rebuilding indexes, set this option to false.
指定mongod是否在下次启动时重建不完整的索引。这适用于mongod在索引构建过程中关闭或停止后重新启动的情况。在这种情况下,mongod总是删除任何不完整的索引,然后,默认情况下,尝试重建它们。要阻止mongod重建索引,请将此选项设置为false。
Changed in version 4.0: The setting storage.indexBuildRetry cannot be used in conjunction with replication.replSetName.
The storage.indexBuildRetry setting is available only for mongod.
Not available for mongod instances that use the in-memory storage engine.
不适用于使用内存存储引擎的mongod实例。
storage.repairPath
Type: string
Default: A _tmp_repairDatabase_
Only available for the MMAPv1 storage engine.
仅仅在MMAPv1存储引擎下可用
The working directory that MongoDB will use during the –repair operation. When –repair completes, the storage.repairPath directory is empty, and dbPath contains the repaired files.
The storage.repairPath setting is available only for mongod.
storage.journal.enabled
Type: boolean
Default: true on 64-bit systems, false on 32-bit systems
Enable or disable the durability journal to ensure data files remain valid and recoverable. This option applies only when you specify the storage.dbPath setting. mongod enables journaling by default.
启用或禁用持久性日志以确保数据文件保持有效和可恢复。仅当您指定storage.dbPath设置时,此选项才适用。 mongod默认启用日记功能。
Not available for mongod instances that use the in-memory storage engine.
在in-memory存储引擎下不可用
Starting in MongoDB 4.0, you cannot specify –nojournal option or storage.journal.enabled: false for replica set members that use the WiredTiger storage engine.
从MongoDB 4.0开始,您不能为使用WiredTiger存储引擎的副本集成员指定–nojournal选项或storage.journal.enabled:false。
storage.journal.commitIntervalMs
Type: number
Default: 100 or 30
New in version 3.2.
The maximum amount of time in milliseconds that the mongod process allows between journal operations. Values can range from 1 to 500 milliseconds. Lower values increase the durability of the journal, at the expense of disk performance. The default journal commit interval is 100 milliseconds.
mongod进程允许在日志操作之间的最长时间(以毫秒为单位)。值的范围为1到500毫秒。较低的值会增加日志的持久性,但会牺牲磁盘性能。默认日记帐提交间隔为100毫秒。
.
On WiredTiger, the default journal commit interval is 100 milliseconds. Additionally, a write with j:true will cause an immediate sync of the journal.
在WiredTiger上,默认日志提交间隔为100毫秒。此外,使用j:true进行写入将导致日志立即同步。
Not available for mongod instances that use the in-memory storage engine.
在in-memory存储引擎下不可用
storage.directoryPerDB
Type: boolean
Default: False
When true, MongoDB uses a separate directory to store data for each database. The directories are under the storage.dbPath directory, and each subdirectory name corresponds to the database name.
如果为true,MongoDB使用单独的目录来存储每个数据库的数据。这些目录位于storage.dbPath目录下,每个子目录名称对应于数据库名称
Changed in version 3.0: To change the storage.directoryPerDB option for existing deployments, you must restart the mongod instances with the new storage.directoryPerDB value and a new data directory (storage.dbPath value), and then repopulate the data.
在3.0版中更改:要更改现有部署的storage.directoryPerDB选项,必须使用新的storage.directoryPerDB值和新的数据目录(storage.dbPath值)重新启动mongod实例,然后重新填充数据。
- For standalone instances, you can use mongodump on the existing instance, stop the instance, restart with the new storage.directoryPerDB value and a new data directory, and use mongorestore to populate the new data directory.
对于独立实例,可以在现有实例上使用mongodump,停止实例,使用新的storage.directoryPerDB值和新数据目录重新启动,并使用mongorestore填充新数据目录。
- For replica sets, you can update in a rolling manner by stopping a secondary member, restart with the new storage.directoryPerDB value and a new data directory, and use initial sync to populate the new data directory. To update all members, start with the secondary members first. Then step down the primary, and update the stepped-down member.
对于副本集,您可以通过停止辅助成员,使用新的storage.directoryPerDB值和新数据目录重新启动来以滚动方式进行更新,并使用初始同步来填充新数据目录。要更新所有成员,请先从辅助成员开始。然后逐步降低主要成员,并更新降低成员。
Not available for mongod instances that use the in-memory storage engine.
storage.syncPeriodSecs
Type: number
Default: 60
The amount of time that can pass before MongoDB flushes data to the data files via an fsync operation.
MongoDB通过fsync将数据刷到数据文件的时间间隔。
Do not set this value on production systems. In almost every situation, you should use the default setting.
不要在生产系统上设置此值。在几乎所有情况下,您都应该使用默认设置
WARNING
If you set storage.syncPeriodSecs to 0, MongoDB will not sync the memory mapped files to disk.
如果将storage.syncPeriodSecs设置为0,MongoDB将不会将内存映射文件同步到磁盘
The mongod process writes data very quickly to the journal and lazily to the data files. storage.syncPeriodSecs has no effect on the journal files or journaling, but if storage.syncPeriodSecs is set to 0 the journal will eventually consume all available disk space. If you set storage.syncPeriodSecs to 0 for testing purposes, you should also set –nojournal to true.
mongod进程非常快速地将数据写入日志,并且懒洋洋地将数据写入数据文件。 storage.syncPeriodSecs对日志文件或日记功能没有影响,但如果storage.syncPeriodSecs设置为0,则日志将最终消耗所有可用磁盘空间。如果将storage.syncPeriodSecs设置为0以进行测试,则还应将–nojournal设置为true。
The serverStatus command reports the background flush thread’s status via the backgroundFlushing field.
Not available for mongod instances that use the in-memory storage engine.
storage.engine
Default: wiredTiger
Changed in version 4.0: MongoDB deprecates the MMAPv1 storage engine.
The storage engine for the mongod database. Available values include:
指定引擎。
Value Description
wiredTiger To specify the WiredTiger Storage Engine.
inMemory To specify the In-Memory Storage Engine.
New in version 3.2: Available in MongoDB Enterprise only.
mmapv1 (Deprecated in MongoDB 4.0) To specify the MMAPv1 Storage Engine.
storage.mmapv1 Options
DEPRECATED
MongoDB 4.0 deprecates the MMAPv1 Storage Engine and will remove MMAPv1 in a future release. To change your MMAPv1 storage engine deployment to WiredTiger Storage Engine, see:
- Change Standalone to WiredTiger
- Change Replica Set to WiredTiger
- Change Sharded Cluster to WiredTiger
storage.wiredTiger Options
storage:
wiredTiger:
engineConfig:
cacheSizeGB:
journalCompressor:
directoryForIndexes:
collectionConfig:
blockCompressor:
indexConfig:
prefixCompression:
storage.wiredTiger.engineConfig.cacheSizeGB
Type: float
The maximum size of the internal cache that WiredTiger will use for all data.
Changed in version 3.4: Values can range from 256MB to 10TB and can be a float. In addition, the default value has also changed.
Starting in 3.4, the WiredTiger internal cache, by default, will use the larger of either:
- 50% of (RAM - 1 GB), or
- 256 MB.
For example, on a system with a total of 4GB of RAM the WiredTiger cache will use 1.5GB of RAM (0.5 * (4 GB - 1 GB) = 1.5 GB). Conversely, a system with a total of 1.25 GB of RAM will allocate 256 MB to the WiredTiger cache because that is more than half of the total RAM minus one gigabyte (0.5 * (1.25 GB - 1 GB) = 128 MB < 256 MB).
例如,在总共4GB RAM的系统上,WiredTiger缓存将使用1.5GB的RAM(0.5 *(4 GB - 1 GB)= 1.5 GB)。相反,一个总共1.25 GB RAM的系统将为WiredTiger缓存分配256 MB,因为这超过总RAM的一半减去1 GB(0.5 *(1.25 GB - 1 GB)= 128 MB <256 MB) 。
Avoid increasing the WiredTiger internal cache size above its default value.
With WiredTiger, MongoDB utilizes both the WiredTiger internal cache and the filesystem cache.
Via the filesystem cache, MongoDB automatically uses all free memory that is not used by the WiredTiger cache or by other processes.
避免将WiredTiger内部缓存大小增加到其默认值以上。
使用WiredTiger,MongoDB同时使用WiredTiger内部缓存和文件系统缓存。
通过文件系统缓存,MongoDB自动使用WiredTiger缓存或其他进程未使用的所有可用内存。
NOTE
The storage.wiredTiger.engineConfig.cacheSizeGB limits the size of the WiredTiger internal cache. The operating system will use the available free memory for filesystem cache, which allows the compressed MongoDB data files to stay in memory. In addition, the operating system will use any free RAM to buffer file system blocks and file system cache.
storage.wiredTiger.engineConfig.cacheSizeGB限制了WiredTiger内部缓存的大小。操作系统将使用可用的空闲内存用于文件系统缓存,这允许压缩的MongoDB数据文件保留在内存中。此外,操作系统将使用任何空闲RAM来缓冲文件系统块和文件系统缓存。
To accommodate the additional consumers of RAM, you may have to decrease WiredTiger internal cache size.
为了容纳额外的RAM使用者,您可能必须减少WiredTiger内部缓存大小
The default WiredTiger internal cache size value assumes that there is a single mongod instance per machine. If a single machine contains multiple MongoDB instances, then you should decrease the setting to accommodate the other mongod instances.
默认的WiredTiger内部缓存大小值假定每台计算机有一个mongod实例。如果单个计算机包含多个MongoDB实例,则应减少该设置以适应其他mongod实例。
If you run mongod in a container (e.g. lxc, cgroups, Docker, etc.) that does not have access to all of the RAM available in a system, you must set storage.wiredTiger.engineConfig.cacheSizeGB to a value less than the amount of RAM available in the container. The exact amount depends on the other processes running in the container.
storage.wiredTiger.engineConfig.journalCompressor
Default: snappy
New in version 3.0.0.
The type of compression to use to compress WiredTiger journal data.
用于压缩WiredTiger日志数据的压缩类型
Available compressors are:
- none
- snappy
- zlib
storage.wiredTiger.engineConfig.directoryForIndexes
Type: boolean
Default: false
New in version 3.0.0.
When storage.wiredTiger.engineConfig.directoryForIndexes is true, mongod stores indexes and collections in separate subdirectories under the data (i.e. storage.dbPath) directory. Specifically, mongod stores the indexes in a subdirectory named index and the collection data in a subdirectory named collection.
当storage.wiredTiger.engineConfig.directoryForIndexes为true时,mongod将索引和集合存储在数据(即storage.dbPath)目录下的单独子目录中。具体来说,mongod将索引存储在名为index的子目录中,并将集合数据存储在名为collection的子目录中。
By using a symbolic link, you can specify a different location for the indexes. Specifically, when mongod instance is not running, move the index subdirectory to the destination and create a symbolic link named index under the data directory to the new destination.
通过使用符号链接,您可以为索引指定其他位置。具体来说,当mongod实例未运行时,将index子目录移动到目标,并在数据目录下创建一个名为index的符号链接到新目标。
storage.wiredTiger.collectionConfig.blockCompressor
Default: snappy
New in version 3.0.0.
The default type of compression to use to compress collection data. You can override this on a per-collection basis when creating collections.
用于压缩集合数据的默认压缩类型。您可以在创建集合时基于每个集合覆盖此设置。
Available compressors are:
- none
- snappy
- zlib
storage.wiredTiger.collectionConfig.blockCompressor affects all collections created. If you change the value of storage.wiredTiger.collectionConfig.blockCompressor on an existing MongoDB deployment, all new collections will use the specified compressor. Existing collections will continue to use the compressor specified when they were created, or the default compressor at that time.
storage.wiredTiger.collectionConfig.blockCompressor 会影响所有创建的集合。如果在现有MongoDB部署中更改storage.wiredTiger.collectionConfig.blockCompressor的值,则所有新集合都将使用指定的压缩器。现有集合将继续使用创建时指定的压缩器,或当时的默认压缩器。
storage.wiredTiger.indexConfig.prefixCompression
Default: true
New in version 3.0.0.
Enables or disables prefix compression for index data.
启用或禁用索引数据的前缀压缩。
The storage.wiredTiger.indexConfig.prefixCompression setting affects all indexes created. If you change the value of storage.wiredTiger.indexConfig.prefixCompression on an existing MongoDB deployment, all new indexes will use prefix compression. Existing indexes are not affected.
storage.wiredTiger.indexConfig.prefixCompression设置会影响所有创建的索引。如果在现有MongoDB部署中更改storage.wiredTiger.indexConfig.prefixCompression的值,则所有新索引都将使用前缀压缩。现有索引不受影响。
storage.inmemory Options
storage:
inMemory:
engineConfig:
inMemorySizeGB:
storage.inMemory.engineConfig.inMemorySizeGB
Type: float
Default: 50% of physical RAM less 1 GB
Changed in version 3.4: Values can range from 256MB to 10TB and can be a float.
Maximum amount of memory to allocate for in-memory storage engine data, including indexes, oplog if the mongod is part of replica set, replica set or sharded cluster metadata, etc.
By default, the in-memory storage engine uses 50% of physical RAM minus 1 GB.
默认情况下,内存存储引擎使用50%的物理RAM减去1 GB。
ENTERPRISE FEATURE
Available in MongoDB Enterprise only.
只有企业版可用。
operationProfiling Options
operationProfiling:
mode:
slowOpThresholdMs:
slowOpSampleRate:
operationProfiling.mode
Type: string
Default: off
Specifies which operations should be profiled. The following profiler levels are available:
指定应分析哪些操作。以下分析器级别可用:
Level Description
off The profiler is off and does not collect any data. This is the default profiler level. 不收集
slowOp The profiler collects data for operations that take longer than the value of slowms.收集慢查询
all The profiler collects data for all operations. 收集所有操作
IMPORTANT
Profiling can impact performance and shares settings with the system log. Carefully consider any performance and security implications before configuring and enabling the profiler on a production deployment.
分析可以影响性能并与系统日志共享设置。在生产部署中配置和启用分析器之前,请仔细考虑任何性能和安全隐患。
operationProfiling.slowOpThresholdMs
Type: integer
Default: 100
The slow operation time threshold, in milliseconds. Operations that run for longer than this threshold are considered slow.
统计慢查询
When logLevel is set to 0, MongoDB records slow operations to the diagnostic log at a rate determined by slowOpSampleRate. At higher logLevel settings, all operations appear in the diagnostic log regardless of their latency.
当logLevel设置为0时,MongoDB以slowOpSampleRate确定的速率记录对诊断日志的慢速操作。在较高的logLevel设置下,无论延迟如何,所有操作都会显示在诊断日志中。
Changed in version 4.0: The slowOpThresholdMs setting is available for mongod and mongos. In earlier versions, slowOpThresholdMs is available for mongod only.
For mongod instances, the setting affects both the diagnostic log and, if enabled, the profiler.
For mongos instances, the setting affects the diagnostic log only and not the profiler since profiling is not available on mongos.
operationProfiling.slowOpSampleRate
Type: double
Default: 1.0
The fraction of slow operations that should be profiled or logged. operationProfiling.slowOpSampleRate accepts values between 0 and 1, inclusive.
设置慢查询抽样比例
Changed in version 4.0: The slowOpSampleRate setting is available for mongod and mongos. In earlier versions, slowOpSampleRate is available for mongod only.
For mongod instances, the setting affects both the diagnostic log and, if enabled, the profiler.
For mongos instances, the setting affects the diagnostic log only and not the profiler since profiling is not available on mongos.
replication Options
replication:
oplogSizeMB:
replSetName:
secondaryIndexPrefetch:
enableMajorityReadConcern:
replication.oplogSizeMB
Type: integer
The maximum size in megabytes for the replication operation log (i.e., the oplog).
设置Oplog大小
NOTE
Starting in MongoDB 4.0, the oplog can grow past its configured size limit to avoid deleting the majority commit point.
从MongoDB 4.0开始,oplog可以超过其配置的大小限制,以避免删除多数提交点
By default, the mongod process creates an oplog based on the maximum amount of space available. For 64-bit systems, the oplog is typically 5% of available disk space.
默认情况下,mongod进程根据可用的最大空间量创建oplog。对于64位系统,oplog通常占可用磁盘空间的5%。
Once the mongod has created the oplog for the first time, changing the replication.oplogSizeMB option will not affect the size of the oplog.
一旦mongod首次创建了oplog,更改replication.oplogSizeMB选项将不会影响oplog的大小。
To change the oplog size of a running replica set member, use the replSetResizeOplog administrative command. replSetResizeOplog enables you to resize the oplog dynamically without restarting the mongod process.
要更改正在运行的副本集成员的oplog大小,请使用replSetResizeOplog管理命令。 replSetResizeOplog使您可以动态调整oplog的大小,而无需重新启动mongod进程。
See Oplog Size for more information.
replication.replSetName
Type: string
The name of the replica set that the mongod is part of. All hosts in the replica set must have the same set name.
副本集名称设置。
Starting in MongoDB 4.0:
The setting replication.replSetName cannot be used in conjunction with storage.indexBuildRetry.
设置replication.replSetName不能与storage.indexBuildRetry一起使用。
For the WiredTiger storage engine, storage.journal.enabled: false cannot be used in conjunction with replication.replSetName.
对于WiredTiger存储引擎,storage.journal.enabled:false不能与replication.replSetName一起使用。
replication.secondaryIndexPrefetch
Type: string
Default: all
STORAGE ENGINE SPECIFIC FEATURE
存储引擎的特定功能
replication.secondaryIndexPrefetch is only available with the mmapv1 storage engine.
仅适用于mmapv1存储引擎
replication.enableMajorityReadConcern
Default: True
Starting in MongoDB 3.6, MongoDB enables support for “majority” read concern by default.
For MongoDB 4.0.3+ and 3.6.1+, you can disable read concern “majority” to prevent the storage cache pressure from immobilizing a deployment with a three-member primary-secondary-arbiter (PSA) architecture. For more information about disabling read concern “majority”, see Disable Read Concern Majority.
IMPORTANT
In general, avoid disabling “majority” read concern unless necessary. However, if you have a three-member replica set with a primary-secondary-arbiter (PSA) architecture or a sharded cluster with a three-member PSA shards, disable to prevent the storage cache pressure from immobilizing the deployment.
一般情况下,除非必要,否则请避免禁用“多数”读取问题。但是,如果您有一个具有主要辅助仲裁(PSA)体系结构的三成员副本集或具有三个成员PSA分片的分片集群,请禁用以防止存储缓存压力导致部署无法运行。
Disabling “majority” read concern disables support for Change Streams.
禁用“多数”读取问题会禁用对更改流的支持。
Disabling “majority” does not affect multi-document transactions; i.e. you can specify read concern “majority” for multi-document transactions even if read concern “majority” is disabled.
禁用“多数”不会影响多文档事务;即,即使读取关注“多数”被禁用,您也可以为多文档事务指定读取关注“多数”。
replication.enableMajorityReadConcern has no effect for MongoDB versions: 4.0.0, 4.0.1, 4.0.2, 3.6.0.
sharding Options
sharding:
clusterRole:
archiveMovedChunks:
sharding.clusterRole
Type: string
The role that the mongod instance has in the sharded cluster. Set this setting to one of the following:
mongod实例在分片群集中的角色。
Value Description
Configsvr Start this instance as a config server. The instance starts on port 27019 by default.
Shardsvr Start this instance as a shard. The instance starts on port 27018 by default.
sharding.archiveMovedChunks
Type: boolean
Changed in version 3.2: Starting in 3.2, MongoDB uses false as the default.
During chunk migration, a shard does not save documents migrated from the shard.
在块迁移期间,分片不会保存从分片迁移的文档。
auditLog Options
auditLog:
destination:
format:
path:
filter:
auditLog.destination
Type: string
New in version 2.6.
When set, auditLog.destination enables auditing and specifies where mongos or mongod sends all audit events.
设置后,auditLog.destination启用审计并指定mongos或mongod发送所有审计事件的位置。
auditLog.destination can have one of the following values:
Value Description
syslog Output the audit events to syslog in JSON format. Not available on Windows. Audit messages have a syslog severity level of info and a facility level of user.
以JSON格式将审计事件输出到syslog。在Windows上不可用。审计消息具有syslog严重性级别的信息和用户的设施级别。
The syslog message limit can result in the truncation of audit messages. The auditing system will neither detect the truncation nor error upon its occurrence
系统日志消息限制可能导致审计消息被截断。审计系统既不会检测到截断,也不会发生错误。.
console Output the audit events to stdout in JSON format.
File Output the audit events to the file specified in auditLog.path in the format specified inauditLog.format.
Available only in MongoDB Enterprise and MongoDB Atlas.
auditLog.format
Type: string
New in version 2.6.
The format of the output file for auditing if destination is file. The auditLog.format option can have one of the following values:
Value Description
JSON Output the audit events in JSON format to the file specified in auditLog.path.
BSON Output the audit events in BSON binary format to the file specified in auditLog.path.
Printing audit events to a file in JSON format degrades server performance more than printing to a file in BSON format.
将审核事件打印为JSON格式的文件会比以BSON格式打印到文件更影响性能。
NOTE
Available only in MongoDB Enterprise and MongoDB Atlas.
auditLog.path
Type: string
New in version 2.6.
The output file for auditing if destination has value of file. The auditLog.path option can take either a full path name or a relative path name.
如果destination具有file值,则用于审计的输出文件。 auditLog.path选项可以采用完整路径名或相对路径名。
NOTE
Available only in MongoDB Enterprise and MongoDB Atlas.
auditLog.filter
Type: string representation of a document
New in version 2.6.
The filter to limit the types of operations the audit system records. The option takes a string representation of a query document of the form:
{
The
To specify an audit filter, enclose the filter document in single quotes to pass the document as a string.
要指定审核筛选器,请将筛选器文档括在单引号中以将文档作为字符串传递
To specify the audit filter in a configuration file, you must use the YAML format of the configuration file.
要在配置文件中指定审核筛选器,必须使用配置文件的YAML格式。
NOTE
Available only in MongoDB Enterprise and MongoDB Atlas.
snmp Options
snmp:
subagent:
master:
略
mongos-only Options
Changed in version 3.4: MongoDB 3.4 removes sharding.chunkSize and sharding.autoSplit settings.
replication:
localPingThresholdMs:
sharding:
configDB:
replication.localPingThresholdMs
Type: integer
Default: 15
The ping time, in milliseconds, that mongos uses to determine which secondary replica set members to pass read operations from clients. The default value of 15 corresponds to the default value in all of the client drivers.
ping时间,单位:毫秒,mongos用来判定将客户端read请求发给哪个secondary。仅对mongos有效。默认值为15,和客户端driver中的默认值一样。
When mongos receives a request that permits reads to secondary members, the mongos will:
- Find the member of the set with the lowest ping time.
- Construct a list of replica set members that is within a ping time of 15 milliseconds of the nearest suitable member of the set.
- If you specify a value for the replication.localPingThresholdMs option, mongos will construct the list of replica members that are within the latency allowed by this value.
- Select a member to read from at random from this list.
当mongos接收到客户端read请求,它将:
找出复制集中ping值最小的member。
将延迟值被此值允许的members,构建一个列表
从列表中随机选择一个member。
The ping time used for a member compared by the replication.localPingThresholdMs setting is a moving average of recent ping times, calculated at most every 10 seconds. As a result, some queries may reach members above the threshold until the mongos recalculates the average.
ping值是动态值,每10秒计算一次。mongos将客户端请求转发给延迟较小(与此值相比)的某个secondary节点
See the Read Preference for Replica Sets section of the read preference documentation for more information.
sharding.configDB
Type: string
Changed in version 3.2.
The configuration servers for the sharded cluster.
指定分片集群中的配置服务器。
Starting in MongoDB 3.2, config servers for sharded clusters can be deployed as a replica set. The replica set config servers must run the WiredTiger storage engine. MongoDB 3.2 deprecates the use of three mirrored mongod instances for config servers.
从MongoDB 3.2开始,可以将分片群集的配置服务器部署为副本集。副本集配置服务器必须运行WiredTiger存储引擎。 MongoDB 3.2不赞成为配置服务器使用三个镜像mongod实例
Specify the config server replica set name and the hostname and port of at least one of the members of the config server replica set.
sharding:
configDB:
The mongos instances for the sharded cluster must specify the same config server replica set name but can specify hostname and port of different members of the replica set.
分片群集的mongos实例必须指定相同的配置服务器副本集名称,但可以指定副本集的不同成员的主机名和端口。