1.MongoDB的启动和停止
启动部分
:\mysoft\mongo\bin>mongod.exe --help
** NOTE: when using MongoDB 32 bit, you are limited to about 2 gigabytes of data
** see http://blog.mongodb.org/post/137788967/32-bit-limitations
** with --dur, the limit is lower
Allowed options:
General options:
-h [ --help ] show this usage information
--version show version information
-f [ --config ] arg configuration file specifying additional options
-v [ --verbose ] be more verbose (include multiple times for more
verbosity e.g. -vvvvv)
--quiet quieter output
--port arg specify port number
--bind_ip arg comma separated list of ip addresses to listen on - all
local ips by default
--maxConns arg max number of simultaneous connections
--logpath arg log file to send write to instead of stdout - has to be
a file, not directory
--logappend append to logpath instead of over-writing
--pidfilepath arg full path to pidfile (if not set, no pidfile is
created)
--keyFile arg private key for cluster authentication (only for
replica sets)
--auth run with security
--cpu periodically show cpu and iowait utilization
--dbpath arg directory for datafiles
--diaglog arg 0=off 1=W 2=R 3=both 7=W+some reads
--directoryperdb each database will be stored in a separate directory
--journal enable journaling
--journalOptions arg journal diagnostic options
--ipv6 enable IPv6 support (disabled by default)
--jsonp allow JSONP access via http (has security implications)
--noauth run without security
--nohttpinterface disable http interface
--noprealloc disable data file preallocation - will often hurt
performance
--noscripting disable scripting engine
--notablescan do not allow table scans
--nssize arg (=16) .ns file size (in MB) for new databases
--objcheck inspect client data for validity on receipt
--profile arg 0=off 1=slow, 2=all
--quota limits each database to a certain number of files (8
default)
--quotaFiles arg number of files allower per db, requires --quota
--rest turn on simple rest api
--repair run repair on all dbs
--repairpath arg root directory for repair files - defaults to dbpath
--slowms arg (=100) value of slow for profile and console log
--smallfiles use a smaller default file size
--syncdelay arg (=60) seconds between disk syncs (0=never, but not
recommended)
--sysinfo print some diagnostic system information
--upgrade upgrade db if needed
Windows Service Control Manager options:
--install install mongodb service
--remove remove mongodb service
--reinstall reinstall mongodb service (equivilant of mongod
--remove followed by mongod --install)
--serviceName arg windows service name
--serviceDisplayName arg windows service display name
--serviceDescription arg windows service description
--serviceUser arg user name service executes as
--servicePassword arg password used to authenticate serviceUser
Replication options:
--fastsync indicate that this instance is starting from a dbpath
snapshot of the repl peer
--autoresync automatically resync if slave data is stale
--oplogSize arg size limit (in MB) for op log
Master/slave options:
--master master mode
--slave slave mode
--source arg when slave: specify master as <server:port>
--only arg when slave: specify a single database to replicate
--slavedelay arg specify delay (in seconds) to be used when applying
master ops to slave
Replica set options:
--replSet arg arg is <setname>[/<optionalseedhostlist>]
Sharding options:
--configsvr declare this is a config db of a cluster; default port
27019; default dir /data/configdb
--shardsvr declare this is a shard db of a cluster; default port
27018
--noMoveParanoia turn off paranoid saving of data for moveChunk. this
is on by default for now, but default will switch
停止方式有多种,可以以杀死进程的方式,也可以使用如下的命令
>use admin
>db.shutdownServer();
2.监控
2.1使用WEB管理接接口,在浏览器中输入http://ip:28017(默认的端口)
2.2使用serverStatus命令
> db.runCommand({"serverStatus":1})
{
"host" : "mongo_server",
"version" : "1.8.5",
"process" : "mongod",
"uptime" : 29336,
"uptimeEstimate" : 29130,
"localTime" : ISODate("2012-06-01T09:14:55.863Z"),
"globalLock" : {//表示全局写入锁占用了服务器多少时间
"totalTime" : 29336506453,
"lockTime" : 646417,
"ratio" : 0.000022034559603599163,
"currentQueue" : {
"total" : 0,
"readers" : 0,
"writers" : 0
},
"activeClients" : {
"total" : 0,
"readers" : 0,
"writers" : 0
}
},
"mem" : {//包含了服务器内存映射了多少数据,服务器进程的虚拟内存和常驻内存的占情况单位为MB
"bits" : 32,
"resident" : 15,
"virtual" : 72,
"supported" : true,
"mapped" : 32
},
"connections" : {
"current" : 1,
"available" : 19999
},
"extra_info" : {
"note" : "fields vary by platform"
},
"indexCounters" : {/表示B树在磁盘检索和内存检索的次数,如果这个比值开始上升就要考虑添加内存了
"note" : "not supported on this platform"
},
"backgroundFlushing" : {//表示后台做了多少次fsync以及用了多少时间
"flushes" : 488,
"total_ms" : 4850,
"average_ms" : 9.938524590163935,
"last_ms" : 12,
"last_finished" : ISODate("2012-06-01T09:14:00.629Z")
},
"cursors" : {
"totalOpen" : 0,
"clientCursors_size" : 0,
"timedOut" : 0
},
"network" : {
"bytesIn" : 10681,
"bytesOut" : 38570,
"numRequests" : 97
},
"opcounters" : {
"insert" : 30,
"query" : 17,
"update" : 0,
"delete" : 2,
"getmore" : 0,
"command" : 51
},
"asserts" : {//统计了断言的次数
"regular" : 0,
"warning" : 0,
"msg" : 0,
"user" : 0,
"rollovers" : 0
},
"writeBacksQueued" : false,
"ok" : 1
}
也可以使用http的方式获得此Json数据
2.3使用mongostat
它采用了实时计数。
2.4第三方插件
如Nagios、Munin、Ganglia、Cacti。
3.安全和认证
可以使用--auth启动数据库这样就需要验证,但在添加之前至少先创建一个管理员。
> db
test
> db.addUser("test_root","root")
{
"user" : "test_root",
"readOnly" : false,
"pwd" : "34070e45e4dfae82a29b99492394677d"
}
> db.addUser("read_only","1234",true)//指定为只读用户
{
"user" : "read_only",
"readOnly" : true,
"pwd" : "999ead64210fea33bfcff18fa5d5e5e2"
}
> db.auth("test_root","root") //鉴权
> db.system.users.find()//查看所有的用户,用户存储在system.users集合中
{ "_id" : ObjectId("4fc88f839e2a3bef89321b6a"), "user" : "test_root", "readOnly"
: false, "pwd" : "34070e45e4dfae82a29b99492394677d" }
{ "_id" : ObjectId("4fc88fb29e2a3bef89321b6b"), "user" : "read_only", "readOnly"
: true, "pwd" : "999ead64210fea33bfcff18fa5d5e5e2" }
>
4.其他安全策略
建议将MongoDB服务器布置在防火墙后或者布置在只有应用服务器能访问的网络中
如:只能从本机应用服务器访问可以运行“mongod --bindip localhost”
可以使用--nohttpinter-face 将HTTP的管理接口关闭。
使用--noscripting完全禁止服务端JavaScript的执行。
5.备份和修复
1.备份数据库文件,将数据库存储文件备份即可,此情况下要关闭服务器。
2.使用mongodump和mongorestore
C:\mongodb\bin>mongodump.exe --help
options:
--help produce help message
-v [ --verbose ] be more verbose (include multiple times for more
verbosity e.g. -vvvvv)
-h [ --host ] arg mongo host to connect to ( <set name>/s1,s2 for
sets)
--port arg server port. Can also use --host hostname:port
--ipv6 enable IPv6 support (disabled by default)
-u [ --username ] arg username
-p [ --password ] arg password
--dbpath arg directly access mongod database files in the given
path, instead of connecting to a mongod server -
needs to lock the data directory, so cannot be used
if a mongod is currently accessing the same path
--directoryperdb if dbpath specified, each db is in a separate
directory
-d [ --db ] arg database to use
-c [ --collection ] arg collection to use (some commands)
-o [ --out ] arg (=dump) output directory or "-" for stdout
-q [ --query ] arg json query
--oplog Use oplog for point-in-time snapshotting
--repair try to recover a crashed database
C:\mongodb\bin>mongorestore.exe --help
usage: mongorestore.exe [options] [directory or filename to restore from]
options:
--help produce help message
-v [ --verbose ] be more verbose (include multiple times for more
verbosity e.g. -vvvvv)
-h [ --host ] arg mongo host to connect to ( <set name>/s1,s2 for sets)
--port arg server port. Can also use --host hostname:port
--ipv6 enable IPv6 support (disabled by default)
-u [ --username ] arg username
-p [ --password ] arg password
--dbpath arg directly access mongod database files in the given
path, instead of connecting to a mongod server -
needs to lock the data directory, so cannot be used
if a mongod is currently accessing the same path
--directoryperdb if dbpath specified, each db is in a separate
directory
-d [ --db ] arg database to use
-c [ --collection ] arg collection to use (some commands)
--objcheck validate object before inserting
--filter arg filter to apply before inserting
--drop drop each collection before import
--oplogReplay replay oplog for point-in-time restore
示例
C:\mongodb\bin>mongodump.exe -d blog -o ../backup
connected to: 127.0.0.1
DATABASE: blog to ../backup/blog
blog.users to ../backup/blog/users.bson
10 objects
blog.system.indexes to ../backup/blog/system.indexes.bson
2 objects
blog.result.txt to ../backup/blog/result.txt.bson
5 objects
C:\mongodb\bin>mongorestore.exe -d test --drop ../backup/blog
connected to: 127.0.0.1
Fri Jun 01 23:41:03 ../backup/blog/result.txt.bson
Fri Jun 01 23:41:03 going into namespace [test.result.txt]
Fri Jun 01 23:41:03 dropping
Fri Jun 01 23:41:03 5 objects found
Fri Jun 01 23:41:03 ../backup/blog/users.bson
Fri Jun 01 23:41:03 going into namespace [test.users]
Fri Jun 01 23:41:03 dropping
Fri Jun 01 23:41:03 10 objects found
Fri Jun 01 23:41:03 ../backup/blog/system.indexes.bson
Fri Jun 01 23:41:03 going into namespace [test.system.indexes]
Fri Jun 01 23:41:03 dropping
Fri Jun 01 23:41:03 { name: "_id_", ns: "test.users", key: { _id: 1 }, v: 0 }
Fri Jun 01 23:41:03 { name: "_id_", ns: "test.result.txt", key: { _id: 1 }, v: 0
}
Fri Jun 01 23:41:03 2 objects found
3.fsync和锁
虽然用mongodump和mongorestore能不停机备份,但是我们却失去了获取实时数据视图的能力。MongDB的fsync命令能在MongoDB运行时复制数据目录还不回损毁数据。
fsync命令会强制服务器将所有缓冲区写入磁盘,还可以选择上锁阻止对数据库进一步写入,直至释放锁为止。写入锁是让fsync在备份时发挥作用的关键。下面的例子展示了如何在shell中操作,强制执行了fsync并获得了写入锁。
> db.runCommand({"fsync":1,"lock":1})
{
"info" : "now locked against writes, use db.$cmd.sys.unlock.findOne() to
unlock",
"ok" : 1
}
备份好了就要解锁
> db.$cmd.sys.unlock.findOne();
{ "ok" : 1, "info" : "unlock requested" }
> db.currentOp()
{ "inprog" : [ ] }
6.修复
1.mongod --repair
2,db.repairDatabase()