docker安装mongodb_4.4.6副本集(支持arm64和amd64)
mongodb优化
https://www.cnblogs.com/swordfall/p/10427150.html
https://blog.csdn.net/Felix_CB/article/details/86296890
1、部暑mongo
| 主机 | IP | 备注 |
|---|---|---|
| mongo1 | 192.168.11.192 | 主 |
| mongo2 | 192.168.11.193 | 从 |
| mongo3 | 192.168.11.194 | 仲裁 |
mkdir /data/mongo/{data,etc,log} -p
echo "TT13424dfddddfff3f3r432fddDDg34" > /data/mongo/keyfile
chown -R 999.999 /data/mongo/{data,etc,log,keyfile}
chmod 600 /data/mongo/keyfile
cat > /data/mongo/etc/mongod.conf << 'EOF'
storage:
dbPath: /data/mongo/data
journal:
enabled: true
commitIntervalMs: 100
directoryPerDB: true
syncPeriodSecs: 60
engine: wiredTiger
wiredTiger:
engineConfig:
cacheSizeGB: 2
systemLog:
destination: file
logAppend: true
path: /data/mongo/log/mongo.log
logRotate: rename
timeStampFormat: iso8601-local
net:
port: 27017
bindIp: 0.0.0.0
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#审计功能只有企业版本才有
#auditLog:
# destination: file
# format: JSON
# path: /data/mongo/log/auditLog/audit.json
# filter: '{ atype:{ $in: ["authCheck","createCollection","createDatabase"] },"param.ns":{$nin:[ "admin.system.version"]},"param.command":{$nin:[ "isMaster","ismaster","saslStart","saslContinue","listCollections","listDatabases","listIndexes","collStats","find","getlasterror","buildinfo","getLastError","aggregate"] } }'
#setParameter: { auditAuthorizationSuccess: true }
replication:
replSetName: "rs0"
oplogSizeMB: 2000
security:
keyFile: "/data/mongo/keyfile"
clusterAuthMode: "keyFile"
authorization: "enabled"
EOF
cat > /data/mongo/start.sh << 'EOF'
docker run -d \
--ulimit memlock=-1:-1 \
--restart=always \
--network host \
--name mongo \
-v /data/mongo:/data/mongo \
-v /etc/localtime:/etc/localtime \
mongo:4.4.6 \
mongod -f /data/mongo/etc/mongod.conf
EOF
#启动mongo
bash /data/mongo/start.sh
#初始化mongo副本集
cat > /data/mongo/etc/init_mongo_set.js << 'EOF'
rs.initiate( {
_id : "rs0",
members: [
{ _id: 0, host: "192.168.11.192:27017" },
{ _id: 1, host: "192.168.11.193:27017" },
{ _id: 2, host: "192.168.11.194:27017",arbiterOnly:true }
]
});
EOF
docker exec -i mongo mongo < /data/mongo/etc/init_mongo_set.js
cat > /data/mongo/etc/init_mongo_user.js << 'EOF'
if (rs.isMaster().ismaster != 1) {
quit();
}
conn = new Mongo("127.0.0.1:27017");
db = conn.getDB("admin");
db.createUser(
{
user: "admin",
pwd: "Mongo123456",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" , {role: 'root', db: 'admin'}]
}
);
db.auth("admin","Mongo123456");
db.getSiblingDB("admin").createUser({
user: "mongodb_exporter",
pwd: "Mongodb2O21",
roles: [
{ role: "clusterMonitor", db: "admin" },
{ role: "read", db: "local" }
]
});
db = conn.getDB("test");
db.createUser(
{
user: "xbzeng",
pwd: "Mongo123456",
roles: [ { role: "readWrite", db: "test" } ]
}
);
EOF
#初始化用户
docker exec -i mongo mongo < /data/mongo/etc/init_mongo_user.js
docker exec -i mongo mongo <<'EOF'
use admin
db.auth('admin','Mongo123456')
rs.status()
EOF
mongo_express
mkdir -p /data/mongo_express
cat > /data/mongo_express/start.sh << 'EOF'
docker run -d \
--restart=always \
--name mongodb_express \
-p 11081:8081 \
-e ME_CONFIG_OPTIONS_EDITORTHEME="ambiance" \
-e ME_CONFIG_MONGODB_SERVER="192.168.11.192,192.168.11.193" \
-e ME_CONFIG_MONGODB_PORT="27017" \
-e ME_CONFIG_BASICAUTH_USERNAME="mongo" \
-e ME_CONFIG_BASICAUTH_PASSWORD="mongo@123" \
-e ME_CONFIG_MONGODB_ADMINUSERNAME='admin' \
-e ME_CONFIG_MONGODB_ADMINPASSWORD='Mongo123456' \
-e ME_CONFIG_SITE_BASEURL='/' \
-v /etc/localtime:/etc/localtime \
mongo-express:0.54
EOF
#启动mongo-express
bash /data/mongo_express/start.sh
慢查询
#切换到超级帐号
db.auth('root','Mongo123456');
#查看当前的操作
db.currentOp();
#切换到test库下
use test;
#查看mongodb慢日志是否开起
db.getProfilingStatus();
#开启慢日志,设置超过100毫秒的操作为慢操作
db.setProfilingLevel(1,100);
#查看慢日志内容
db.system.profile.find().sort({$natural:-1})
###直接执行
docker exec -i mongo mongo <<'EOF'
use admin;
db.auth('admin','Mongo123456');
db.currentOp();
use test;
db.getProfilingStatus();
db.setProfilingLevel(1,100);
EOF
#查看慢日志内容
db.system.profile.find().sort({$natural:-1})
索引
#创建索引
db.person.createIndex({cid: 1}, {unique:true}, {background: true})
db.person.createIndex({open: 1, close: 1}, {background: true})
db.person.createIndex({createtime: 1})
db.person.createIndex({phone: 1})
#查看集合索引
db.person.getIndexes()
#查询分析
db.person.find({username: 'user1234'}).explain()
参考:https://www.jb51.net/article/78111.htm
备份:
mkdir -p /data/mongo_backup
cat > /data/mongo_backup/backup.sh << 'EOF'
#!/bin/bash
targetpath='/data/mongo_backup/data' #备份的路径
sourcepath="docker run -i -v $targetpath:$targetpath --rm mongo:4.4.6 mongodump "
nowtime=$(date +%Y-%m-%d-%H)
replicationname=rs0 #副本集名
port='27017' #端口
ip1='192.168.11.192'
ip2='192.168.11.193'
ip3='192.168.11.194'
admin_read=admin
password='Mongo123456'
echo "============== start backup ${nowtime} =============="
start()
{
$sourcepath -h "$replicationname/$ip1:$port,$ip2:$port,$ip3:$port" -u $admin_read -p $password --oplog --gzip -o $targetpath/$nowtime --authenticationDatabase admin
}
execute()
{
start
if [ $? -eq 0 ]
then
echo "back successfully!"
else
echo "back failure!"
fi
}
if [ ! -d "${targetpath}/${nowtime}/" ]
then
mkdir ${targetpath}/${nowtime} -p
chmod 777 ${targetpath}/${nowtime}
fi
execute
echo "============== back end ${nowtime} =============="
echo "============== start zip ${nowtime} =============="
zip -r ${targetpath}/${nowtime}.zip ${targetpath}/${nowtime}
rm -rf ${targetpath}/${nowtime}
echo "============== zip end ${nowtime} =============="
echo "============== start delete seven days ago back ${nowtime} =============="
find ${targetpath} -type f -mtime +7 -name "*.zip" -exec rm -rf {} \;
echo "============== delete end ${nowtime} =============="
EOF
#crontab自动备份
echo -e '#mongodb备份\n0 4 * * * bash /data/mongo_backup/backup.sh' >> /var/spool/cron/root
恢复:
cat > /data/mongo_backup/restore.sh << 'EOF'
#!/bin/bash
targetpath='/data/mongo_backup/data' #备份的路径
sourcepath="docker run -i -v $targetpath:$targetpath --rm mongo:4.4.6 mongorestore "
nowtime=$(date +%Y-%m-%d-%H)
replicationname=rs0 #副本集名
port='27017' #端口
ip1='192.168.11.192'
ip2='192.168.11.193'
ip3='192.168.11.194'
admin_read=admin
password='Mongo123456'
$sourcepath -h "$replicationname/$ip1:$port,$ip2:$port,$ip3:$port" -u $admin_read -p $password --authenticationDatabase=admin --oplogReplay --gzip $targetpath/$nowtime ##$targetpath/$nowtime是备份文件的具体目录和名称
EOF
附录:
1、创建数据库的用户角色:
role角色
数据库用户角色:read、readWrite;
数据库管理角色:dbAdmin、dbOwner、userAdmin;
集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
备份恢复角色:backup、restore;
所有数据库角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
超级用户角色:root
内部角色:__system
2、角色说明
read:允许用户读取指定数据库
readWrite:允许用户读写指定数据库
dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户
clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。
readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。
root:只在admin数据库中可用。超级账号,超级权限
dbOwner: readWrite + dbAdmin + dbAdmin