MongoDB警告信息
MongoDB警告信息:
1. WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2. WARNING: Access control is not enabled for the database.
3. WARNING: /sys/kernel/mm/transparent_hugepage/enabled is ‘always’.
4. WARNING: /sys/kernel/mm/transparent_hugepage/defrag is ‘always’.
1.WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine(强烈建议使用带WiredTiger存储引擎的XFS文件系统)
报这个错是因为我的虚拟环境使用的是EXT4文件系统,官方不建议,但不影响使用
在Linux上运行MongoDB时,官方建议使用Linux内核版本2.6.36或更高版本,使用XFS或EXT4文件系统。 如果可能,最好使用XFS,因为它通常与MongoDB表现更好。
使用WiredTiger存储引擎,强烈建议使用XFS,以避免在使用EXT4与WiredTiger时可能发生的性能问题。
使用MMAPv1存储引擎,MongoDB在使用它们之前预先分配其数据库文件,并经常创建大文件。 因此,官方建议使用XFS或EXT4文件系统。 如果可能,请使用XFS,因为它通常与MongoDB表现更好。
2.WARNING: Access control is not enabled for the database.(数据库未启用访问控制)
报这个错是因为MongoDB需要有一个安全库来开启数据库访问控制
在MongoDB部署上启用访问控制会强制执行身份验证,要求用户识别自己。当访问启用了访问控制的MongoDB部署时,用户只能执行由其角色确定的操作。
- 不使用访问控制模式开启mongdb
root@localhost ~]# mongod --dbpath /var/lib/mongo 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] MongoDB starting : pid=2421 port=27017 dbpath=/var/lib/mongo 64-bit host=localhost.localdomain 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] db version v3.4.9 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] git version: 876ebee8c7dd0e2d992f36a848ff4dc50ee6603e 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] allocator: tcmalloc 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] modules: none 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] build environment: 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] distmod: rhel70 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] distarch: x86_64 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] target_arch: x86_64 2017-09-27T03:06:14.853+0800 I CONTROL [initandlisten] options: { storage: { dbPath: "/var/lib/mongo" } } 2017-09-27T03:06:14.971+0800 I - [initandlisten] Detected data files in /var/lib/mongo created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'. 2017-09-27T03:06:14.971+0800 I STORAGE [initandlisten] 2017-09-27T03:06:14.971+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 2017-09-27T03:06:14.971+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem 2017-09-27T03:06:14.971+0800 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1455M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0), 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.634+0800 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongo/diagnostic.data' 2017-09-27T03:06:16.635+0800 I NETWORK [thread1] waiting for connections on port 27017 2017-09-27T03:06:33.704+0800 I NETWORK [thread1] connection accepted from 127.0.0.1:34808 #1 (1 connection now open) 2017-09-27T03:06:33.705+0800 I NETWORK [conn1] received client metadata from 127.0.0.1:34808 conn1: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.9" }, os: { type: "Linux", name: "CentOS Linux release 7.3.1611 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-514.26.2.el7.x86_64" } } 2017-09-27T03:07:15.311+0800 I COMMAND [conn1] command admin.system.users appName: "MongoDB Shell" command: insert { insert: "system.users", documents: [ { _id: "admin.myUserAdmin", user: "myUserAdmin", db: "admin", credentials: { SCRAM-SHA-1: { iterationCount: 10000, salt: "pUdmLObMsG3wKU7MZDFU1g==", storedKey: "wlCaAzPOS+u7CUqzMKxeZB+DFkE=", serverKey: "KwP12FF1ASziFPVstN8mLrPLg+A=" } }, roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } ] } ninserted:1 keysInserted:1 numYields:0 reslen:44 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 3 } } } protocol:op_query 145ms 2017-09-27T03:07:15.311+0800 I COMMAND [conn1] command admin.$cmd appName: "MongoDB Shell" command: createUser { createUser: "myUserAdmin", pwd: "xxx", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 600000.0 } } numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 3 } } } protocol:op_command 202ms
- 连接到instance
[root@localhost ~]# mongo MongoDB shell version v3.4.9 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.9 Server has startup warnings: 2017-09-27T03:06:14.971+0800 I STORAGE [initandlisten] 2017-09-27T03:06:14.971+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 2017-09-27T03:06:14.971+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2017-09-27T03:06:16.364+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-09-27T03:06:16.365+0800 I CONTROL [initandlisten] >
- 在admin数据库中创建administrator 用户
> use admin switched to db admin > db.createUser( ... { ... user: "myUserAdmin", ... pwd: "abc123", ... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] ... } ... ) Successfully added user: { "user" : "myUserAdmin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] } > exit bye
- 重启Mongodb
使用Ctrl+c退出原mongod q^H ^C2017-09-27T03:07:25.685+0800 I CONTROL [signalProcessingThread] got signal 2 (Interrupt), will terminate after current cmd ends 2017-09-27T03:07:25.685+0800 I NETWORK [signalProcessingThread] shutdown: going to close listening sockets... 2017-09-27T03:07:25.685+0800 I NETWORK [signalProcessingThread] closing listening socket: 6 2017-09-27T03:07:25.685+0800 I NETWORK [signalProcessingThread] closing listening socket: 7 2017-09-27T03:07:25.685+0800 I NETWORK [signalProcessingThread] removing socket file: /tmp/mongodb-27017.sock 2017-09-27T03:07:25.685+0800 I NETWORK [signalProcessingThread] shutdown: going to flush diaglog... 2017-09-27T03:07:25.685+0800 I FTDC [signalProcessingThread] Shutting down full-time diagnostic data capture 2017-09-27T03:07:25.687+0800 I STORAGE [signalProcessingThread] WiredTigerKVEngine shutting down 2017-09-27T03:07:25.770+0800 I STORAGE [signalProcessingThread] shutdown: removing fs lock... 2017-09-27T03:07:25.770+0800 I CONTROL [signalProcessingThread] now exiting 2017-09-27T03:07:25.770+0800 I CONTROL [signalProcessingThread] shutting down with code:0
- 开启访问控制启动Mongod
[root@localhost ~]# mongod --auth --dbpath /var/lib/mongo 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] MongoDB starting : pid=2508 port=27017 dbpath=/var/lib/mongo 64-bit host=localhost.localdomain 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] db version v3.4.9 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] git version: 876ebee8c7dd0e2d992f36a848ff4dc50ee6603e 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] allocator: tcmalloc 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] modules: none 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] build environment: 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] distmod: rhel70 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] distarch: x86_64 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] target_arch: x86_64 2017-09-27T03:07:40.034+0800 I CONTROL [initandlisten] options: { security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongo" } } 2017-09-27T03:07:40.054+0800 I - [initandlisten] Detected data files in /var/lib/mongo created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'. 2017-09-27T03:07:40.054+0800 I STORAGE [initandlisten] 2017-09-27T03:07:40.054+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 2017-09-27T03:07:40.054+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem 2017-09-27T03:07:40.054+0800 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1455M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0), 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-09-27T03:07:40.420+0800 I CONTROL [initandlisten] 2017-09-27T03:07:40.422+0800 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongo/diagnostic.data' 2017-09-27T03:07:40.422+0800 I NETWORK [thread1] waiting for connections on port 27017 2017-09-27T03:08:07.458+0800 I NETWORK [thread1] connection accepted from 127.0.0.1:34810 #1 (1 connection now open) 2017-09-27T03:08:07.458+0800 I NETWORK [conn1] received client metadata from 127.0.0.1:34810 conn1: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.9" }, os: { type: "Linux", name: "CentOS Linux release 7.3.1611 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-514.26.2.el7.x86_64" } } 2017-09-27T03:08:07.477+0800 I ACCESS [conn1] Successfully authenticated as principal myUserAdmin on admin 2017-09-27T03:08:07.478+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" } 2017-09-27T03:08:07.665+0800 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 } 2017-09-27T03:08:26.104+0800 I - [conn1] end connection 127.0.0.1:34810 (1 connection now open) 2017-09-27T03:08:29.697+0800 I NETWORK [thread1] connection accepted from 127.0.0.1:34812 #2 (1 connection now open) 2017-09-27T03:08:29.697+0800 I NETWORK [conn2] received client metadata from 127.0.0.1:34812 conn2: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.9" }, os: { type: "Linux", name: "CentOS Linux release 7.3.1611 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-514.26.2.el7.x86_64" } } 2017-09-27T03:08:29.713+0800 I ACCESS [conn2] Successfully authenticated as principal myTester on test 2017-09-27T03:08:29.714+0800 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" } 2017-09-27T03:08:29.715+0800 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
- 刚刚新建的用户myUserAdmin连接数据
[root@localhost ~]# mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin" MongoDB shell version v3.4.9 connecting to: mongodb://127.0.0.1:27017/ MongoDB server version: 3.4.9 >
创建新数据库test并在其中创建用户myTester > use test switched to db test > db.createUser( ... { ... user: "myTester", ... pwd: "xyz123", ... roles: [ { role: "readWrite", db: "test" }, ... { role: "read", db: "reporting" } ] ... } ... ) Successfully added user: { "user" : "myTester", "roles" : [ { "role" : "readWrite", "db" : "test" }, { "role" : "read", "db" : "reporting" } ] } > exit bye
- 使用新建的myTester用户连接数据库
[root@localhost ~]# mongo --port 27017 -u "myTester" -p "xyz123" --authenticationDatabase "test" MongoDB shell version v3.4.9 connecting to: mongodb://127.0.0.1:27017/ MongoDB server version: 3.4.9
3.WARNING: /sys/kernel/mm/transparent_hugepage/enabled is ‘always’.与4.WARNING: /sys/kernel/mm/transparent_hugepage/defrag is ‘always’.
这两个问题是CentOS7特有的,因为从CentOS7版本开始会默认启用Transparent Huge Pages(THP)
Transparent Huge Pages(THP)本意是用来提升内存性能,但某些数据库厂商还是建议直接关闭THP(比如说Oracle、MariaDB、MongoDB等),否则可能会导致性能出现下降。
- 查看THP状态
[root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/defrag [always] madvise never [root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/enabled [always] madvise never
- 修改系统配置
[root@localhost ~]# vim /etc/rc.d/rc.local #!/bin/bash # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is highly advisable to create own systemd services or udev rules # to run scripts during boot instead of using this file. # # In contrast to previous versions due to parallel execution during boot # this script will NOT be run after all other services. # # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure # that this script will be executed during boot. touch /var/lock/subsys/local if test -f /sys/kernel/mm/transparent_hugepage/enabled; then echo never > /sys/kernel/mm/transparent_hugepage/enabled fi if test -f /sys/kernel/mm/transparent_hugepage/defrag; then echo never > /sys/kernel/mm/transparent_hugepage/defrag fi [root@localhost ~]# chmod +x /etc/rc.d/rc.local
- 重启虚拟机
[root@localhost ~]# shutdown -r
- 再次查看THP状态
[root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/defrag always madvise [never] [root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/enabled always madvise [never]
已经改为了禁用THP
- 启动mongod
[root@localhost ~]# mongod --auth --dbpath /var/lib/mongo 2017-09-27T03:40:50.174+0800 I CONTROL [initandlisten] MongoDB starting : pid=2381 port=27017 dbpath=/var/lib/mongo 64-bit host=localhost.localdomain 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] db version v3.4.9 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] git version: 876ebee8c7dd0e2d992f36a848ff4dc50ee6603e 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] allocator: tcmalloc 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] modules: none 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] build environment: 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] distmod: rhel70 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] distarch: x86_64 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] target_arch: x86_64 2017-09-27T03:40:50.175+0800 I CONTROL [initandlisten] options: { security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongo" } } 2017-09-27T03:40:50.195+0800 I - [initandlisten] Detected data files in /var/lib/mongo created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'. 2017-09-27T03:40:50.195+0800 I STORAGE [initandlisten] 2017-09-27T03:40:50.195+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 2017-09-27T03:40:50.195+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem 2017-09-27T03:40:50.195+0800 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1455M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0), 2017-09-27T03:40:50.689+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2017-09-27T03:40:50.689+0800 I CONTROL [initandlisten] 2017-09-27T03:40:50.692+0800 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongo/diagnostic.data' 2017-09-27T03:40:50.693+0800 I NETWORK [thread1] waiting for connections on port 27017
- 进入数据库
[root@localhost ~]# mongo MongoDB shell version v3.4.9 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.9 >