mongodb replicset 1.8.1 産品部署推薦:
1. 檔案系統加載時使用參數noatime
2. no vm pages
3. 推薦使用邏輯卷,檔案系統推薦ext4或xfs
4. 3個full nodes 或 2個full nodes+1個arbiter node (最好是奇數個實體伺服器,否則仲裁會有問題,例如兩台實體機,兩個mongod程序,互相網絡不通的話,任何一台都無法達到majority,是以都無法成為primary。那就是隻讀了.是以本例的實體伺服器隻有2台是不合理的。)
5. 推薦使用auth,
6. keyfile建議權限400
7. 推薦關閉http通路
8. 建議開啟journal , 注意,開啟journal後一個邏輯寫将産生最多4個實體寫
(1main,1journal,1local,1journal)
但是由于io是異步的,是以一般不會有4個實體寫這麼嚴重。
本例環境:
2個full nodes + 1個arbiter node
member1 : 192.168.175.67:5281
member2 : 192.168.175.70:5281
member3(arbiter only) : 192.168.175.70:5282
詳細配置:
1. 作業系統版本 red hat enterprise linux server release 5.6 (tikanga) 64位
2. sshd配置
vi /etc/ssh/sshd_config
pubkeyauthentication no
usedns no
3. ssh配置
vi /etc/ssh/ssh_config
gssapiauthentication no
4. root使用者 crontab配置
8 * * * * /usr/sbin/ntpdate asia.pool.ntp.org && /sbin/hwclock --systohc
1 * * * * /usr/local/bin/monitor_entry.sh disk
5. ntpd配置
vi /etc/sysconfig/ntpd
sync_hwclock=yes
6. rc.local配置
vi /etc/rc.local
sysctl -w net.ipv4.ip_conntrack_max=655360
sysctl -w net.ipv4.tcp_timestamps=0
7. 服務配置
chkconfig --level 35 cmirror off
chkconfig --level 35 rhnsd off
chkconfig --level 35 ricci off
8. 更新網卡驅動(rhel5.6不需要更新)
9. sysctl.conf配置
vi /etc/sysctl.conf
kernel.shmmni = 4096
kernel.sem = 50100 64128000 50100 1280
fs.file-max = 7672460
net.ipv4.ip_local_port_range = 9000 65000
net.core.rmem_default = 1048576
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.core.netdev_max_backlog = 10000
net.ipv4.ip_conntrack_max = 655360
fs.aio-max-nr = 1048576
net.ipv4.tcp_timestamps = 0
vm.overcommit_memory = 0
10. vi /etc/pam.d/login
session required pam_limits.so
11. vi /etc/security/limits.conf
* soft nofile 131072
* hard nofile 131072
* soft nproc 131072
* hard nproc 131072
* soft core unlimited
* hard core unlimited
* soft memlock 50000000
* hard memlock 50000000
12. 主機名配置
hostname db-192-168-175-67.sky-mobi.com.hz.sandun
vi /etc/sysconfig/network
hostname=db-192-168-175-67.sky-mobi.com.hz.sandun
13. vi /etc/resolv.conf
search sky-mobi.com.hz.sandun
nameserver 211.140.188.188
14. 主機名配置
vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.175.67 db-192-168-175-67.sky-mobi.com.hz.sandun db-192-168-175-67
192.168.175.70 db-192-168-175-70.sky-mobi.com.hz.sandun db-192-168-175-70
15. 密碼配置
passwd root
passwd mongo
16. mongo使用者profile
vi .bash_profile
export ps1="$user@`/bin/hostname -s`-> "
export mongo_home=/opt/mongo
export path=$mongo_home/bin:$path:.
umask 022
alias rm='rm -i'
alias ll='ls -lh'
17. 下載下傳解壓最新的穩定版
wget mongodb-linux-x86_64-1.8.1.tar
tar -xvf mongodb-linux-x86_64-1.8.1.tar
mv mongodb-linux-x86_64-1.8.1 /opt/mongo
chown -r mongo:mongo /opt/mongo
18. 建立日志目錄
mkdir /var/log/mongo
chown -r mongo:mongo /var/log/mongo
19. 建立資料檔案目錄和配置檔案目錄
mkdir -p /opt/mongodata/conf
chown -r mongo:mongo /opt/mongodata
19.1 192.168.175.70上需要多建立一個arbiter的資料目錄和配置檔案目錄
mkdir -p /database/mongodb/data1/mongodata/conf
chown -r mongo:mongo /database/mongodb/data1/mongodata
20. 配置密鑰檔案:
1.8.1版本開始增加了replicaset的auth支援,但是replicaset的member之間通訊認證需要用到keyfile,確定所有的member伺服器上都有一個同樣的keyfile,確定權限是400的.類似一個密鑰檔案.
member1 :
echo "this is a key file created by digoal zhou at 20110518 used to auth by replica set members each other" > /opt/mongodata/conf/keyfile
chmod 400 /opt/mongodata/conf/keyfile
member2 :
member3 :
echo "this is a key file created by digoal zhou at 20110518 used to auth by replica set members each other" > /database/mongodb/data1/mongodata/conf/keyfile
chmod 400 /database/mongodb/data1/mongodata/conf/keyfile
20.1 配置啟動檔案:
member1 & member2 :
vi /opt/mongodata/conf/mongod.conf
vi /database/mongodb/data1/mongodata/conf/mongod.conf
logpath=/var/log/mongo/mongod5281.log
logappend=true
fork = true
port = 5281
dbpath=/opt/mongodata
auth = true
nohttpinterface = true
nssize = 128
directoryperdb = true
maxconns = 1500
oplogsize = 10240
keyfile=/opt/mongodata/conf/keyfile
journal=true
profile=1
slowms=100
replset=blss
logpath=/var/log/mongo/mongod5282.log
port = 5282
dbpath=/database/mongodb/data1/mongodata
keyfile=/database/mongodb/data1/mongodata/conf/keyfile
21. 啟動所有節點并初始化replicaset
member1 & member2
mongod -f /opt/mongodata/conf/mongod.conf
mongod -f /database/mongodb/data1/mongodata/conf/mongod.conf
# 初始化(隻需要連到一個節點操作)
db.runcommand({replsetinitiate : {
_id : "blss",
members: [
{
_id : 0,
host : "192.168.175.67:5281" ,
arbiteronly : false
}
,
_id : 1,
host : "192.168.175.70:5281" ,
_id : 2,
host : "192.168.175.70:5282" ,
arbiteronly : true
]
}})
# 等待local初始完成(確定所有節點都正常),添加使用者
blss:primary> rs.status()
{
"set" : "blss",
"date" : isodate("2011-05-17t10:22:47z"),
"mystate" : 1,
"members" : [
{
"_id" : 0,
"name" : "192.168.175.67:5281",
"health" : 1,
"state" : 1,
"statestr" : "primary",
"optime" : {
"t" : 1305625603000,
"i" : 1
},
"optimedate" : isodate("2011-05-17t09:46:43z"),
"self" : true
},
"_id" : 1,
"name" : "192.168.175.70:5281",
"state" : 2,
"statestr" : "secondary",
"uptime" : 2990,
"lastheartbeat" : isodate("2011-05-17t10:22:46z")
"_id" : 2,
"name" : "192.168.175.70:5282",
"state" : 7,
"statestr" : "arbiter",
"uptime" : 2994,
"t" : 0,
"i" : 0
"optimedate" : isodate("1970-01-01t00:00:00z"),
}
],
"ok" : 1
}
# 狀态正常,建立使用者
mongo 127.0.0.1:5281/admin
db.adduser("xxx","xxxxx");
db.auth("xxx","xxxxx");
# 新增業庫blss務使用者
use digoal
db.adduser("digoal","fdigoal-")
22. 檢視日志
23. 其他管理指令
rs.?
24. 切換,自動
25. 連接配接到replica sets環境的驅動配置
connecting drivers to replica sets :
ideally a mongodb driver can connect to a cluster of servers which represent a , and automatically find the right set member with which replica set to communicate. failover should be automatic too. the general steps are:
1. the user, when opening the connection, specifies host[:port] for one or more members of the set. not all members need be specified -- in fact the exact members of the set might change over time. this list for the connect call is the . seed list
2. the driver then connects to all servers on the seed list, perhaps in parallel to minimize connect time. send an ismaster command to each server.
3. when the server is in replset mode, it will return a field with all members of the set that are potentially eligible to serve data. the hosts client should cache this information. ideally this refreshes too, as the set's config could change over time.
4. choose a server with which to communicate.
if ismaster == true, that server is primary for the set. this server can be used for writes and immediately consistent reads.
if secondary == true, that server is not primary, but is available for eventually consistent reads. in this case, you can use the field to see which server the master should be. primary
4. if an error occurs with the current connection, find the new primary and resume use there.
26. 配置iptables
27. 配置監控
others:
關于java連接配接mongodb replica set的一個例子 :
now that we have a replica set, it's time to use it with the java driver. first, we can connect to the replica set. we can connect to any instance, the driver will fecth the list of other instances and other informations like who is the master. but, it's a good practice to have a list of several nodes to connect to, so if one node we connect to is down, we can fetch the nodes list from the other:
string url = "192.168.175.67:5281,192.168.175.70:5281";
arraylist<serveraddress> addr = new arraylist<serveraddress>();
for (string s: url.split(",")) {
addr.add(new serveraddress(s));
mongo mongo = new mongo(addr);
控制是否要把read請求發給slave
then, you can use the driver normally. by default, it will send all the requests, reads and writes, to the master. bit you can configure the driver to send only writes to the master, the reads will be dispatched on the slaves. and it's only one line of code to do this:
mongo.slaveok();
28. 擴容和去除節點測試
去掉192.168.175.70:5282 member
增加192.168.175.71:5281 member
1. 首先把192.168.175.71:5281配置好,mongod起來
2. 去掉192.168.175.70:5282
連接配接到主節點
mongo 127.0.0.1:5281/admin
db.auth("digoal","pwd")
blss:primary> rs.conf()
"_id" : "blss",
"version" : 1,
"host" : "192.168.175.67:5281"
"host" : "192.168.175.70:5281"
"host" : "192.168.175.70:5282",
"arbiteronly" : true
]
blss:primary> rs.remove("192.168.175.70:5282")
完成後會斷開重連
fri may 20 09:29:06 trying reconnect to 127.0.0.1:5281
fri may 20 09:29:06 reconnect 127.0.0.1:5281 ok
是以需要重新認證
blss:primary> db.auth("digoal","pwd")
blss:primary> rs.conf()
"version" : 2,
等待192.168.175.71:5281 member節點起來後
blss:primary> rs.add({"_id" : 2,"host" : "192.168.175.71:5281"})
fri may 20 09:31:44 trying reconnect to 127.0.0.1:5281
fri may 20 09:31:44 reconnect 127.0.0.1:5281 ok
blss:primary> rs.conf()
"version" : 3,
"host" : "192.168.175.71:5281"
blss:primary> rs.status()
"date" : isodate("2011-05-20t01:32:56z"),
"t" : 1305855176000,
"i" : 507
"optimedate" : isodate("2011-05-20t01:32:56z"),
"uptime" : 70,
"t" : 1305855174000,
"i" : 817
"optimedate" : isodate("2011-05-20t01:32:54z"),
"lastheartbeat" : isodate("2011-05-20t01:32:54z")
"name" : "192.168.175.71:5281",
"state" : 3,
"statestr" : "recovering",
"uptime" : 66,
由于資料量較大,recovering可能需要很長時間.
1.8.1支援從secondary同步,是以對主節點壓力不大.
![MongoDB:資料庫角色權限1. 了解Admin資料庫2. 角色與權限3. 建立角色[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)