MongoDB警告信息

MongoDB警告信息:
1. WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 
2. WARNING: Access control is not enabled for the database. 
3. WARNING: /sys/kernel/mm/transparent_hugepage/enabled is ‘always’. 
4. WARNING: /sys/kernel/mm/transparent_hugepage/defrag is ‘always’.

报这个错是因为我的虚拟环境使用的是EXT4文件系统,官方不建议,但不影响使用

在Linux上运行MongoDB时,官方建议使用Linux内核版本2.6.36或更高版本,使用XFS或EXT4文件系统。 如果可能,最好使用XFS,因为它通常与MongoDB表现更好。

使用WiredTiger存储引擎,强烈建议使用XFS,以避免在使用EXT4与WiredTiger时可能发生的性能问题。

使用MMAPv1存储引擎,MongoDB在使用它们之前预先分配其数据库文件,并经常创建大文件。 因此,官方建议使用XFS或EXT4文件系统。 如果可能,请使用XFS,因为它通常与MongoDB表现更好。

2.WARNING: Access control is not enabled for the database.(数据库未启用访问控制)

报这个错是因为MongoDB需要有一个安全库来开启数据库访问控制

在MongoDB部署上启用访问控制会强制执行身份验证,要求用户识别自己。当访问启用了访问控制的MongoDB部署时,用户只能执行由其角色确定的操作。

  • 不使用访问控制模式开启mongdb

 

root@localhost ~]# mongod --dbpath /var/lib/mongo
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten] MongoDB starting : pid=2421 port=27017 dbpath=/var/lib/mongo 64-bit host=localhost.localdomain
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten] db version v3.4.9
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten] git version: 876ebee8c7dd0e2d992f36a848ff4dc50ee6603e
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten] allocator: tcmalloc
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten] modules: none
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten] build environment:
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten]     distmod: rhel70
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten]     distarch: x86_64
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten]     target_arch: x86_64
2017-09-27T03:06:14.853+0800 I CONTROL  [initandlisten] options: { storage: { dbPath: "/var/lib/mongo" } }
2017-09-27T03:06:14.971+0800 I -        [initandlisten] Detected data files in /var/lib/mongo created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-09-27T03:06:14.971+0800 I STORAGE  [initandlisten] 
2017-09-27T03:06:14.971+0800 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2017-09-27T03:06:14.971+0800 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2017-09-27T03:06:14.971+0800 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=1455M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.634+0800 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongo/diagnostic.data'
2017-09-27T03:06:16.635+0800 I NETWORK  [thread1] waiting for connections on port 27017
2017-09-27T03:06:33.704+0800 I NETWORK  [thread1] connection accepted from 127.0.0.1:34808 #1 (1 connection now open)
2017-09-27T03:06:33.705+0800 I NETWORK  [conn1] received client metadata from 127.0.0.1:34808 conn1: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.9" }, os: { type: "Linux", name: "CentOS Linux release 7.3.1611 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-514.26.2.el7.x86_64" } }
2017-09-27T03:07:15.311+0800 I COMMAND  [conn1] command admin.system.users appName: "MongoDB Shell" command: insert { insert: "system.users", documents: [ { _id: "admin.myUserAdmin", user: "myUserAdmin", db: "admin", credentials: { SCRAM-SHA-1: { iterationCount: 10000, salt: "pUdmLObMsG3wKU7MZDFU1g==", storedKey: "wlCaAzPOS+u7CUqzMKxeZB+DFkE=", serverKey: "KwP12FF1ASziFPVstN8mLrPLg+A=" } }, roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } ] } ninserted:1 keysInserted:1 numYields:0 reslen:44 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 3 } } } protocol:op_query 145ms
2017-09-27T03:07:15.311+0800 I COMMAND  [conn1] command admin.$cmd appName: "MongoDB Shell" command: createUser { createUser: "myUserAdmin", pwd: "xxx", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 600000.0 } } numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 3 } } } protocol:op_command 202ms

 

  • 连接到instance
[root@localhost ~]# mongo
MongoDB shell version v3.4.9
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.9
Server has startup warnings: 
2017-09-27T03:06:14.971+0800 I STORAGE  [initandlisten] 
2017-09-27T03:06:14.971+0800 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2017-09-27T03:06:14.971+0800 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-09-27T03:06:16.364+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] 
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-09-27T03:06:16.365+0800 I CONTROL  [initandlisten] 
> 

 

  • 在admin数据库中创建administrator 用户
> use admin
switched to db admin
> db.createUser(
...   {
...     user: "myUserAdmin",
...     pwd: "abc123",
...     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
...   }
... )
Successfully added user: {
    "user" : "myUserAdmin",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}
> exit
bye

 

  • 重启Mongodb
使用Ctrl+c退出原mongod

q^H
^C2017-09-27T03:07:25.685+0800 I CONTROL  [signalProcessingThread] got signal 2 (Interrupt), will terminate after current cmd ends
2017-09-27T03:07:25.685+0800 I NETWORK  [signalProcessingThread] shutdown: going to close listening sockets...
2017-09-27T03:07:25.685+0800 I NETWORK  [signalProcessingThread] closing listening socket: 6
2017-09-27T03:07:25.685+0800 I NETWORK  [signalProcessingThread] closing listening socket: 7
2017-09-27T03:07:25.685+0800 I NETWORK  [signalProcessingThread] removing socket file: /tmp/mongodb-27017.sock
2017-09-27T03:07:25.685+0800 I NETWORK  [signalProcessingThread] shutdown: going to flush diaglog...
2017-09-27T03:07:25.685+0800 I FTDC     [signalProcessingThread] Shutting down full-time diagnostic data capture
2017-09-27T03:07:25.687+0800 I STORAGE  [signalProcessingThread] WiredTigerKVEngine shutting down
2017-09-27T03:07:25.770+0800 I STORAGE  [signalProcessingThread] shutdown: removing fs lock...
2017-09-27T03:07:25.770+0800 I CONTROL  [signalProcessingThread] now exiting
2017-09-27T03:07:25.770+0800 I CONTROL  [signalProcessingThread] shutting down with code:0

 

  • 开启访问控制启动Mongod
[root@localhost ~]# mongod --auth --dbpath /var/lib/mongo
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten] MongoDB starting : pid=2508 port=27017 dbpath=/var/lib/mongo 64-bit host=localhost.localdomain
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten] db version v3.4.9
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten] git version: 876ebee8c7dd0e2d992f36a848ff4dc50ee6603e
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten] allocator: tcmalloc
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten] modules: none
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten] build environment:
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten]     distmod: rhel70
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten]     distarch: x86_64
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten]     target_arch: x86_64
2017-09-27T03:07:40.034+0800 I CONTROL  [initandlisten] options: { security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongo" } }
2017-09-27T03:07:40.054+0800 I -        [initandlisten] Detected data files in /var/lib/mongo created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-09-27T03:07:40.054+0800 I STORAGE  [initandlisten] 
2017-09-27T03:07:40.054+0800 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2017-09-27T03:07:40.054+0800 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2017-09-27T03:07:40.054+0800 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=1455M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] 
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] 
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] 
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-09-27T03:07:40.420+0800 I CONTROL  [initandlisten] 
2017-09-27T03:07:40.422+0800 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongo/diagnostic.data'
2017-09-27T03:07:40.422+0800 I NETWORK  [thread1] waiting for connections on port 27017
2017-09-27T03:08:07.458+0800 I NETWORK  [thread1] connection accepted from 127.0.0.1:34810 #1 (1 connection now open)
2017-09-27T03:08:07.458+0800 I NETWORK  [conn1] received client metadata from 127.0.0.1:34810 conn1: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.9" }, os: { type: "Linux", name: "CentOS Linux release 7.3.1611 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-514.26.2.el7.x86_64" } }
2017-09-27T03:08:07.477+0800 I ACCESS   [conn1] Successfully authenticated as principal myUserAdmin on admin
2017-09-27T03:08:07.478+0800 I ACCESS   [conn1] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" }
2017-09-27T03:08:07.665+0800 I ACCESS   [conn1] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
2017-09-27T03:08:26.104+0800 I -        [conn1] end connection 127.0.0.1:34810 (1 connection now open)
2017-09-27T03:08:29.697+0800 I NETWORK  [thread1] connection accepted from 127.0.0.1:34812 #2 (1 connection now open)
2017-09-27T03:08:29.697+0800 I NETWORK  [conn2] received client metadata from 127.0.0.1:34812 conn2: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.9" }, os: { type: "Linux", name: "CentOS Linux release 7.3.1611 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-514.26.2.el7.x86_64" } }
2017-09-27T03:08:29.713+0800 I ACCESS   [conn2] Successfully authenticated as principal myTester on test
2017-09-27T03:08:29.714+0800 I ACCESS   [conn2] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" }
2017-09-27T03:08:29.715+0800 I ACCESS   [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }

 

  • 刚刚新建的用户myUserAdmin连接数据
[root@localhost ~]# mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
MongoDB shell version v3.4.9
connecting to: mongodb://127.0.0.1:27017/
MongoDB server version: 3.4.9
>
创建新数据库test并在其中创建用户myTester

> use test
switched to db test
> db.createUser(
...   {
...     user: "myTester",
...     pwd: "xyz123",
...     roles: [ { role: "readWrite", db: "test" },
...              { role: "read", db: "reporting" } ]
...   }
... )
Successfully added user: {
    "user" : "myTester",
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "test"
        },
        {
            "role" : "read",
            "db" : "reporting"
        }
    ]
}
> exit
bye
  • 使用新建的myTester用户连接数据库
[root@localhost ~]# mongo --port 27017 -u "myTester" -p "xyz123" --authenticationDatabase "test"
MongoDB shell version v3.4.9
connecting to: mongodb://127.0.0.1:27017/
MongoDB server version: 3.4.9

 

3.WARNING: /sys/kernel/mm/transparent_hugepage/enabled is ‘always’.与4.WARNING: /sys/kernel/mm/transparent_hugepage/defrag is ‘always’.

这两个问题是CentOS7特有的,因为从CentOS7版本开始会默认启用Transparent Huge Pages(THP) 
Transparent Huge Pages(THP)本意是用来提升内存性能,但某些数据库厂商还是建议直接关闭THP(比如说Oracle、MariaDB、MongoDB等),否则可能会导致性能出现下降。

  • 查看THP状态
[root@localhost ~]#  cat /sys/kernel/mm/transparent_hugepage/defrag
[always] madvise never
[root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/enabled
[always] madvise never
  • 修改系统配置
[root@localhost ~]# vim /etc/rc.d/rc.local

#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.

touch /var/lock/subsys/local

if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
 echo never > /sys/kernel/mm/transparent_hugepage/enabled
 fi
 if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
 echo never > /sys/kernel/mm/transparent_hugepage/defrag
 fi


[root@localhost ~]# chmod +x /etc/rc.d/rc.local
  • 重启虚拟机
[root@localhost ~]# shutdown -r
  • 再次查看THP状态
[root@localhost ~]#  cat /sys/kernel/mm/transparent_hugepage/defrag
always madvise [never]
[root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/enabled
always madvise [never]

已经改为了禁用THP

  • 启动mongod
[root@localhost ~]# mongod --auth --dbpath /var/lib/mongo
2017-09-27T03:40:50.174+0800 I CONTROL  [initandlisten] MongoDB starting : pid=2381 port=27017 dbpath=/var/lib/mongo 64-bit host=localhost.localdomain
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten] db version v3.4.9
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten] git version: 876ebee8c7dd0e2d992f36a848ff4dc50ee6603e
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten] allocator: tcmalloc
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten] modules: none
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten] build environment:
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten]     distmod: rhel70
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten]     distarch: x86_64
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten]     target_arch: x86_64
2017-09-27T03:40:50.175+0800 I CONTROL  [initandlisten] options: { security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongo" } }
2017-09-27T03:40:50.195+0800 I -        [initandlisten] Detected data files in /var/lib/mongo created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-09-27T03:40:50.195+0800 I STORAGE  [initandlisten] 
2017-09-27T03:40:50.195+0800 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2017-09-27T03:40:50.195+0800 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2017-09-27T03:40:50.195+0800 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=1455M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-09-27T03:40:50.689+0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-09-27T03:40:50.689+0800 I CONTROL  [initandlisten] 
2017-09-27T03:40:50.692+0800 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongo/diagnostic.data'
2017-09-27T03:40:50.693+0800 I NETWORK  [thread1] waiting for connections on port 27017
  • 进入数据库
[root@localhost ~]# mongo
MongoDB shell version v3.4.9
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.9
> 

 

posted @ 2018-04-12 11:33  弍月关  阅读(4193)  评论(0编辑  收藏  举报