Mongodb advanced 3: mongodb management and mongodb advanced management
Http://blog.csdn.net/stronglyh/article/details/46827141
Usually, there are many win development environments, but the production environment should be put on unix.
I. Command
There will be a lot of installation, there are a lot of information on the Internet, the following are some parameters
Quiet output
Port arg specifies the service port number. The default port is 27017.
Bind_ip arg bind Service IP address, bind 127.0.0.1, only local access, all local IP addresses by default
Logpath arg specifies the MongoDB log file. Note that the specified file is not a directory.
Logappend
Pidfilepath arg PID File full path. If no setting is set, no PID File exists.
The full path of the private key of the keyFile arg cluster, which is only valid for the Replica Set architecture.
UnixSocketPrefix arg UNIX domain socket replacement directory (/tmp by default)
Fork runs MongoDB as a daemon and creates server processes.
Auth enable verification
Cpu periodically displays CPU usage and iowait
Dbpath arg specifies the database path
Diaglog arg diaglog option 0 = off 1 = W 2 = R 3 = both 7 = W + some reads
Directoryperdb sets that each database will be saved in a separate directory
When the log option is enabled for journal, data operations will be written to the journal folder file.
JournalOptions arg enable log diagnostic options
Ipv6 enable IPv6 Option
Jsonp allows access through HTTP in the form of JSONP (with security impact)
The maximum number of simultaneous connections of maxConns arg is 2000 by default.
Noauth not enabled for verification
Nohttpinterface disables the http interface. Access from Port 27018 is disabled by default.
Noprealloc disable data file pre-allocation (often affecting performance)
Noscripting disables the Script Engine
Notablescan does not allow table Scanning
Nounixsocket disable Unix socket listening
Nssize arg (= 16) set the file size of the database. ns (MB)
After receiving the customer data, objcheck checks the validity.
Profile arg file parameter 0 = off 1 = slow, 2 = all
Quota limits the number of files in each database. The default value is 8.
QuotaFiles arg number of files allower per db, requires quota
Start simple rest API with rest
Repair fix all databases run repair on all dbs
Repairpath arg: directory of the files generated by the repository. The default directory name is dbpath.
Slowms arg (= 100) value of slow for profile and console log
Smallfiles use small default files
Syncdelay arg (= 60) the number of seconds in which data is written to the disk (0 = never, not recommended)
Sysinfo prints some diagnostic system information
Upgrade if you need to upgrade the database * Replicaton Parameter
Fastsync enables the slave database replication service. The database is a master database snapshot that allows you to quickly enable synchronization.
Autoresync automatically synchronizes much less data from the slave database and the master database,
OplogSize arg set the oplog size (MB) * Master/Slave Parameters
Master database mode
Slave database mode
Source arg slave database port number
Only arg specifies a single database copy
Slavedelay arg sets the delay time for synchronizing data from the slave database to the master database * Replica set (Replica set) Options:
ReplSet arg set replica set name * Sharding Option
Configsvr declares that this is the config service of a cluster. The default port is 27019, and the default directory is/data/configdb.
Shardsvr declares that this is a cluster shard. The default port is 27018.
NoMoveParanoia disable paranoid moveChunk Data Storage
Command:
Mongodb help Command help
Database-level help command db. help ()
Set-level help command db. users. help ()
View which databases are shown dbs
Create and switch database use aaa
Check the current database status db. stats ()
Obtain the current database set db. getCollectionNames ()
Get the current database name db. getName ()
Delete database db. dropDatebase ()
Add User db. addUser ("User Name", "password")
Delete username db. dropUser ("username ")
Terminate the database service process db. shutdownServer ()
Ii. User role management
2.1: Create an administrator
Users created by the user administrator can also create and assign roles. The user administrator can have any privileges in the database and can create a new user or administrator. Under normal circumstances, in the deployment of a MongoDB, you should create a user administrator as the first user, and then use all other users created by this user. To create the first user administrator, MongoDB provides the userAdmin and userAdminAnyDatabase roles, which support various user and role management operations. Use the minimum permission userAdmin or use userAdminAnyDatabase to grant all related privileges. Users with these two roles can grant unlimited privileges to themselves. Specifically, users with the userAdmin role can grant any privileges in their own databases. A user administrator with the userAdminAnyDatabase role can grant any privileges in the system. Follow these steps to create a user administrator and connect to the admin database:
Mongo -- port 27017 -- authenticationDatabase admin
Then create a system user:
Db. createUser ({user: "siteUserAdmin", pwd: "password", roles:
[{Role: "userAdminAnyDatabase", db: "admin"}]}
Finally, you can verify it:
Db. runCommand ({usersInfo: "manager", showPrivileges: true })
2.2: Add a user to a database
Use the createUser command to add a user to a database that you want the user to have the corresponding permissions. The following example shows how to grant the test read permission to the testUser database with the password 12345678.
Use test
Db. createUser ({
User: "testUser ",
Pwd: "12345678 ",
Roles :[
{Role: "read", db: "test "},
]
}
)
2.3: Set Super Users
Create a Super User with the same permissions as creating a user administrator.
Use admin
Db. createUser (
{
User: "superuser ",
Pwd: "12345678 ",
Roles: ["root"]
}
)
2.4: Create a role
Create a user role and use the createRole command. Each role can grant some system privileges through privileges and some database management permissions through roles. The writeConcern parameter ensures the reliability of write operations.
Use admin
Db. createRole (
{
Role: "myClusterwideAdmin ",
Privileges:
[
{Resource: {cluster: true}, actions: ["addShard"]},
{Resource: {db: "config", collection: ""}, actions: ["find", "update", "insert"]},
{Resource: {db: "users", collection: "usersCollection"}, actions: ["update"]},
{Resource: {db: "", collection: "}, actions: [" find "]}
],
Roles:
[
{Role: "read", db: "admin "}
],
WriteConcern: {w: "majority", wtimeout: 5000}
}
)
)
2.5: assign a role
The user assigns a role using the grantRolesToUser command. Users can be assigned various management permissions for each database.
Use admin
Db. grantRolesToUser (
"AccountAdmin01 ",
[
{
Role: "readWrite", db: "products"
},
{
Role: "readAnyDatabase", db: "admin"
}
]
)
2.6: Verify User Permissions
Verify that your role uses the getRole command.
Use admin
Db. getUser ("accountUser01 ")
Db. getRole ("siteRole01", {showPrivileges: true })
2.7: Modify user access permissions
Modify the user's access permission revokeRolesFromUser command.
Use admin
Db. grantRolesToUser (
"AccountUser01 ",
[
{Role: "read", db: "records "}
]
)
Db. revokeRolesFromUser (
"AccountUser01 ",
[
{Role: "readWrite", db: "accounts "}
]
)
2.8: change user name and password
Modify the user's password changeUserPassword command.
Db. changeUserPassword ("reporting", "SOh3TbYhxuLiW8ypJPxmt1oOfL ")
Iii. Access Control Security
3.1: mongodb provides authorization and authentication for each database. Mongodb authenticates and authorizes users at the database level. Mongodb stores user credencollection in the system. users collection. authentication is disabled by default and can be set through auth and keyFile configuration options. For Mongodb Enterprise Edition, you can use kerberos for authentication.
In a database, you can only authenticate one user. If you authenticate the second user, the first user will be abandoned.
Mongodb requires role-based authorization. Each authorized user is saved in system. users. to assign a role to the user, you must have a user with a management role in the database. If not, you must create one.
By default, MongoDB considers the running environment to be secure without database security and authentication. In such a configuration environment, the only thing to ensure is that only trusted machines can connect to the MongoDB port. If you use a dedicated database server, the simplest way is to make it completely inaccessible from the external, bind_ip to the MongDB service. You can specify a port -- port.
Using MongoDB in an untrusted environment involves how to make MongoDB run in safe mode. MongoDB uses the -- auth and -- keyfile parameters to enable the security mode to support authentication and simple coarse-grained access control.
3.2: Use a key file
If you want to use the key file, specify the keyfile option when mongod starts. Generally, use openssl to generate a keyfile:
Openssl rand-base64 741-out/var/lib/mongodb/keyfile0
Chmod 600/var/lib/mongodb/keyfile0
Note: If the keyfile content is specified, MongoDB skips the spaces in the keyfile. For example, echo "test sets">/var/lib/mongodb/keyfile0
Mongod -- keyfile/var/lib/mongodb/keyfile0 -- fork
3.3: How to Use administrator Authentication
For administrator authentication, you must first create an administrator user. The previous section describes how to create an administrator and how to manage permissions and passwords. You can use the -- auth parameter to start MongoDB with an administrator or startup user.
Mongod -- auth
If administrator authentication is enabled through the configuration file, you only need to change the auth setting to true.
Mongod/etc/mongod. conf -- fork
4. Copy data files
How to copy
By copying data files, you can back up and restore the database. This method is simple and clear.
Follow these steps:
1. Lock the database or shut down the database.
2. copy the data file to the corresponding directory.
3. Unlock the database or restart the database.
Note: If you only need to copy the database named test, you can copy all test.
4.1: how to lock the database
To prevent problems caused by changes in data files during backup, use the following command to lock the database:
Db. fsyncLock ()
This command disables all writes and writes dirty pages to the disk to ensure that data does not change. At this time, write operations will wait in the memory until the database is unlocked.
4.2: Copy data files
Create a target directory for copying data files:
Mkdir/usr/backup
To copy data files, we are familiar with the cp command. You must enter the following command before proceeding to the next section:
Cp-R/var/lib/mongodb/*/usr/backup # You need to back up the directory to ensure that the directory already exists.
Make sure that the backup directory capacity is large enough. If a file is missing, the backup may fail. If you back up data to other media, you can directly specify a directory. In linux, the/mnt directory is generally the Device directory, where external devices are generally located.
4.3: how to unlock a database
After the data file is copied, you can use the following command to unlock the database and restore the normal running status of the database:
Db. fsyncUnlock ()
Call db. fsyncUnlock () and db. the fsyncLock () command should not close the shell, because if you enable authentication or disconnect the link, it may not be connected, and you need to restart mongod, these commands will all become invalid.
4.4: how to restore the database
The database must be restored when a problem occurs. You can use the following command to restore the database by using the copied file:
Cp-R/usr/backup/*/var/lib/mongodb/
Note: before restoration, make sure that mongod is not running and/var/lib/mongodb/is empty. Linux uses rm-rf to delete directories. Make sure that the cp command is successfully executed before deletion. After the restoration is complete, restart mongod. Run the following command to start mongod:
Mongod-f/etc/mongod. conf -- fork -- nojournal
V. Tool Methods
5.1: Basic mongodump operations
You can use the following options to back up data using mongodump:
-Help: View help information.
-V [-- verbose] shows more debugging information.
-Version: displays the command version.
-H [-- host] IP address of the host where the arg mongodb database is located.
-Port arg the port used when mongodb is started. You can also use the-host: port format to directly specify the host and port.
-Whether ipv6 supports IPv6.
-U [-- username] arg specifies the login user name.
-P [-- password] arg specifies the logon password.
-Dbpath arg directly accesses the mongod database file in the specified path over the mongod server. To use this parameter, You need to lock the specified data directory. Therefore, you must first disable the mongod service that uses this directory.
-Directoryperdb if the dbpath directory is specified, each db is saved to a separate folder.
-Journal enable journaling
-D [-- db] the database to be backed up by arg.
-C [-- collection] the collection of arg backup preparation.
-O [-- out] the directory in which the exported data will be saved. For example, if the parameter is "-", it will be displayed directly on the console.
-Q [-- query] arg json query
-Oplog Use oplog for point-in-time snapshotting
-Repair tries to repair the damaged database.
-ForceTableScan: Force table scan.
5.2: Basic mongorestore operations
Use the following options to restore mongodump through mongorestore:
-Help: View help information.
-V [-- verbose] shows more debugging information.
-Version: displays the command version.
-H [-- host] IP address of the host where the arg mongodb database is located.
-Port arg the port used when mongodb is started. You can also use the-host hostname: port format to directly specify the host and port.
-Whether ipv6 supports IPv6.
-U [-- username] arg specifies the login user name.
-P [-- password] arg specifies the logon password.
-Dbpath arg directly accesses the mongod database file in the specified path over the mongod server. To use this parameter, You need to lock the given data directory, so you cannot use the directory currently in use by the mongod service.
-Directoryperdb if the dbpath directory is specified, each db is in a separate folder.
-Journal enable journaling
-D [-- db] the database to be restored by arg.
-C [-- collection] The set where arg is to be restored.
-Verify the data object before the objcheck is restored.
-If filter arg is selected, restore it.
-OplogReplay replay oplog for point-in-time restore.
-Delete All sets before the drop fix.
-KeepIndexVersion: Forced table scan.
Here we need to know two commands, the first is to verify whether the write is successful:
Db. runCommand ({"getLastError": 1, "j": true })
This command is mainly used to solve some important data needs to know whether the data has been written to the disk.
The other is to set the time interval for the database to submit data to the log:
Db. adminCommand ({"setParameter": 1, "journalCommitInterval": 30 })
The interval that can be set for setParameter is 2 ms to 500 ms. The higher the system overhead at the end of the interval.
5.3: backup when the database is not running
When the database is not running, it is very convenient to back up the database by using mongodump. For example, run the following command:
Mongodump -- dbpath/var/lib/mongodb/-- out/usr/backup
5.4: recovery when the database is not running
It is also easy to recover when the database is not running. You can use mongorestore to recover the database. You can not only recover the entire database, but also recover a database. For example, you can use the following command to restore the test database to the running system.
Mongorestore -- dbpath/usr/backup/-- journal/var/lib/mongodb/test
5.5: how to back up data remotely
When the network permits, mongodump can remotely connect to the database for backup. For example, the following backup operation is performed by specifying the host address, port, user name, password, and backup directory.
Mongodump -- host www. ***. com -- port 3017 -- username user -- password pass -- out/usr/backup/mongodump-2013-10-24
5.6: how to restore through remote connection
The corresponding mongodump tool can be used to remotely link the backup database, or mongorestore can be used for restoration. For example, the following recovery operations are performed by specifying the host address, port, user name, password, and backup directory.
Mongorestore -- host www. ***. com -- port 3017 -- username user -- password pass/usr/backup/mongodump-2013-10-24
5.7: How to Use oplog for backup
You can back up a snapshot-type database by setting a real-time backup point for the Operation Log oplog. The advantage of doing so is that if we use mongodump for backup operations, if there are operations such as database deletion, our mongodump backup has backed up the database, the backups we obtain will be different from the actual database, and this database does not actually exist.
Mongodump is not a snapshot backup. The system may continue to perform operations during the backup process. Oplog settings avoid this situation, but the premise of using oplog is that mongod uses the -- replSet option during startup. In essence, the replication function is used, and we will be more clear about replication later.
5.8: How to Use oplog for recovery
It corresponds to mongodump using oplog for backup, and mongorestore can also use oplog to restore the database.
6. accidental shutdown and repair
6.1: general processing program
After an unexpected shutdown, MongoDB usually has two options for restoration:
1. Restore the source file directly.
2. Keep the original file before shutdown and check the file before restoration.
In the second case, the recovery process is:
1. Restore the database
2. Confirm database Conditions
3. Delete lock files
4. Restore the database
5. normal startup and running
If you follow the first method, skip steps 1 and 2.
6.2: fix and retain the original database
Run the following command to restore the database and back up the original database to the/usr/backup directory. In this way, the original database files are not damaged.
Mongod -- dbpath/var/lib/mongodb -- repair -- repairpath/usr/backup
6.3: how to confirm database Conditions
Run the following command to run the recovered database. Then, you can check the status of the database and the operation execution status before the accident, such as whether the data insertion is complete and the data in the current table, to determine whether the database has been completely repaired.
Mongod -- dbpath/usr/backup
6.4: delete lock files
Based on the database running status, we can delete the lock file if the database is normal. If the database is abnormal, the corresponding processing is required. If logs are used, they are restored Based on logs, and if replication is used, the specific problems need to be analyzed.
Rm/var/lib/mongodb/mongod. lock
6.5: Restore the database
Use the following command to fix the database. Then, the database uses a new file instead of the old one.
Mongod -- dbpath/usr/backup -- repair
6.6: the database is started normally.
After the above steps, we can start the database normally.
Mongod -- dbpath/var/lib/mongodb
Thanks huizhi Network: http://hubwiz.com/
Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.