Fork me on GitHub

mongodb之配置

前言

最新版本支持yaml格式的配置文件,只支持空格,不能使用tab

 

详细配置说明

 

#系统日志配置
systemLog:
    destination: file
    path: /var/log/mongodb/mongod.log
    logAppend: true
    #quiet模式运行,建议设置为false,方便排查错误
    quiet: false 

#进程管理
processManagement:
    #进程后台运行
    fork: true 
    #进程pid文件 
    pidFilePath: /var/log/mongodb/mongod.pid  

#网络配置
net:
    #监听端口
    port: 27017 
    #监听网卡 多个使用英文逗号隔开
    bindIp: 127.0.0.1 
    #最大并发连接数 默认65535
    maxIncomingConnections: 65535
    #验证客户端传过来的数据,文档嵌套多时,对性能会有些影响
    wireObjectCheck: true 
    #是否启用ipv6,默认不启用
    ipv6: false 
    unixDomainSocket:
        #是否启用socket监听 默认true
        enabled: true 
        #socket保存目录,默认/tmp
        pathPrefix: /var/log/mongodb
        #socket文件权限,默认0700
        filePermissions: 0700 
    http:
        #是否启用http服务,默认false,安全考虑线上环境要关闭
        enabled: false 
        #是否启用http jsonp,默认false,即使http.enabled为false,只要此项为true,一样可以访问,安全考虑线上环境要关闭
        JSONPEnabled: false 
        #是否启用rest api接口,默认false,安全考虑线上环境要关闭
        RESTInterfaceEnabled: false 
    ssl:
        #type:string
        #是否启用加密
        #可选值1 disabled:禁用
        #可选值2 allowSSL:优先使用非加密,但是服务器支持加密
        #可选值3 preferSSL:优先使用加密,但是服务器也支持非加密
        #可选值4 requireSSL:只支持加密

        mode: disabled 

        #type:string
        #包含TLS/SSL certificate and key的文件路径
        #包含公钥和私钥

        PEMKeyFile: /var/log/mongodb/mongodb.pem

        #type:string
        #私钥加密时的密码

        PEMKeyPassword: password

        #type:string
        #The .pem file that contains the x.509 certificate-key file for membership authentication for the cluster or replica set.
        #不存在会使用PEMKeyFile

        clusterFile: /var/log/mongodb/cluster.pem

        #type:string
        #The password to de-crypt the x.509 certificate-key file specified with --sslClusterFile

        clusterPassword: password

        #type:string
        #The .pem file that contains the root certificate chain from the Certificate Authority.

        CAFile:  

        #type:string
        #The the .pem file that contains the Certificate Revocation List.

        CRLFile: 

        #type:boolean
        #Enable or disable the requirement for TLS/SSL certificate validation that CAFile enables

        allowConnectionsWithoutCertificates: true 

        #type:boolean
        #Enable or disable the validation checks for TLS/SSL certificates on other servers in the cluster and allows the use of invalid certificates.

        allowInvalidCertificates: false 

        #type:boolean
        #是否允许无效的域名,当为true时,mongod不检查证书里面域名的有效性,即使域名不匹配,mongod同样允许连接mongodb实例

        allowInvalidHostnames: false 

        #type:string
        #禁用加密协议版本,多个使用英文逗号隔开
        #可设置的值TLS1_0, TLS1_1, and TLS1_2

        disabledProtocols: 

        #type:string
        #Enable or disable the use of the FIPS mode of the installed OpenSSL library for the mongos or mongod.

        FIPSMode: false 
    compression:
        #是否启用数据压缩
        compressors: snappy

#安全配置
security:
    #type:string
    #密钥路径,副本集和分片集群节点间授权时使用的密钥
    keyFile:

    #type:string 
    #集群授权模式,默认keyFile,值列表:keyFile,sendKeyFile,sendX509,x509
    clusterAuthMode: keyFile 

    #type:string
    #是否开启数据库访问RBAC权限控制,默认:disabled,仅对mongod命令有效
    authorization: enabled 

    #type:boolean
    #Allows the mongod or mongos to accept and create authenticated and non-authenticated connections to and from other mongod and mongos instances in the deployment.
    transitionToAuth: false 

    #type:boolean
    #是否开启服端js执行,默认true,如果未开启$where,group,mapreduce都不能使用
    javascriptEnabled: true 

    #type:boolean
    #写日志之前是否编辑客户端日志数据,去除日志中的敏感数据,仅企业版支持
    redactClientLogData: true 

#key管理配置
security:
    #type:boolean
    #WiredTiger存储引擎是否启用加密,默认false,仅企业版支持
    enableEncryption: false 

    #type:string
    #加密模式,默认AES256-CBC,仅企业版支持
    encryptionCipherMode: AES256-CBC 

    #type:string
    #密钥文件路径,仅企业版支持
    encryptionKeyFile: /var/log/mongodb/encKeyFile 

    #kmip key server,仅企业版支持
    kmip: 
        #type:string
        #Unique KMIP identifier for an existing key within the KMIP server.
        keyIdentifier: 

        #type:boolean
        #If true, rotate the master key and re-encrypt the internal keystore
        rotateMasterKey: false 

        #type:string
        #Hostname or IP address of key management solution running a KMIP server.
        serverName: 

        #type:int
        #Port number the KMIP server is listening on
        port: 5696 

        #type:string
        #String containing the path to the client certificate used for authenticating MongoDB to the KMIP server.
        clientCertificateFile: 

        #type:string
        #The password to decrypt the client certificate, used to authenticate MongoDB to the KMIP server.
        clientCertificatePassword: 

        #type:string
        #Path to CA File. Used for validating secure client connection to KMIP server.
        serverCAFile: 

#sasal配置
security:
    sasl:
        hostName: "" #A fully qualified server domain name for the purpose of configuring SASL and Kerberos authentication. 
        serviceName: "" #Registered name of the service using SASL. 
        saslauthdSocketPath: "" #The path to the UNIX domain socket file for saslauthd

#setParameter配置
setParameter:
    enableLocalhostAuthBypass: false

#存储配置
storage:
    #type:string
    #数据库数据存储目录,默认/data/db
    dbPath:

    #type:boolean
    #启动时是否尝试重建索引,默认true
    indexBuildRetry: true 

    #type:string
    #修复数据时使用的目录,默认是:A _tmp_repairDatabase_<num> directory under the dbPath
    repairPath: 

    #journal日志
    journal: 
        #type:boolean
        #Enable or disable the durability journal to ensure data files remain valid and recoverable. Default: true on 64-bit systems, false on 32-bit systems
        enabled: true 

        #type:int
        #日志同步间隔,Values can range from 1 to 500 milliseconds.
        commitIntervalMs: 100 

    #type:boolean
    #是否开启一数据库一目录,默认是false
    directoryPerDB: false 

    #type:int
    #数据落地时间间隔,默认为60秒,不能设置为0,一般使用默认值即可
    syncPeriodSecs: 60 

    #type:string
    ##存储引擎,默认wiredTiger,可选值 mmapv1,wiredTiger,inMemory
    engine: wiredTiger

#mmapv1存储引擎配置
storage:
    mmapv1:
        #type:boolean
        #默认true,Enables or disables the preallocation of data files. 
        preallocDataFiles: true

        #type:int
        #默认16M The default size for namespace files, which are files that end in .ns. 
        nsSize: 16 

        #配额 
        quota: 
            #type:boolean
            #是否强制限制每个数据库数据文件数量限制,数量限制由maxFilesPerDB选项指定,默认为false
            enforced: false 

            #type:int
            #单个实例最大数据文件数量,需要先开启enforced配置,默认8
            maxFilesPerDB: 8 

        #type:boolean
        #小文件存储,默认为false,journal文件也会影响,适用场景:多数据库且数据量不大
        smallFiles: false 
        journal:
            #type:boolean
            #journal调试标志,用于测试功能,一般情况下不使用,系统异常关机会影响数据的完整性
            debugFlags: 0 

            #type:int
            #version >= 3.2版本不建议使用
            commitIntervalMs: 60 

#wiredTiger存储引擎配置
storage:
    wiredTiger:
        engineConfig:
            #type:float
            #单个实例可用的数据缓存内存大小,version >= 3.4默认:50% of RAM minus 1 GB, or 256 MB. Values can range from 256MB to 10TB and can be a float.
            cacheSizeGB: 0.25

            #type:string
            #WiredTiger journal数据压缩格式,默认snappy,可用的压缩类型: none, snappy, zlib
            journalCompressor: snappy 

            #type:boolean
            #索引文件分目录存储,默认false,version >= 3.0后版本可用
            directoryForIndexes: false 
        collectionConfig:
            #type:string
            #块数据压缩格式,默认snappy,可用的压缩类型:none, snappy, zlib
            blockCompressor: snappy
        indexConfig:
            #type:boolean
            #是否开启索引prefix compression,默认true
            prefixCompression: true #是否开启索引prefix compression,默认true

#operationProfiling操作性能分析
operationProfiling:
    #type:int
    #慢查询时间单位毫秒,默认100,如果开启了profile,日志会保存到system.profile集合中
    slowOpThresholdMs: 100 

    #type:string
    #性能分析模式,开启会影响性能,谨慎操作。默认off.
    #可选值1:off: Off. No profiling.
    #可选值2: slowOp:On. Only includes slow operations.
    #可选值3: all:On. Includes all operations.
    mode: off

#replication复制配置
replication:
    #type:int
    #数字类型(单位M) replication op log 大小,64位系统默认为可用磁盘的5%
    oplogSizeMB: 512

    #type:string
    #所属replica set集群名称
    replSetName: 

    #type:string
    #The indexes that secondary members of a replica set load into memory before applying operations from the oplog. 默认all
    #可选值1 none:Secondaries do not load indexes into memory.
    #可选值2 all:Secondaries load all indexes related to an operation.
    #可选值3 _id_only:Secondaries load no additional indexes into memory beyond the already existing _id index.
    secondaryIndexPrefetch: all 

    #type:boolean
    #默认false version >= 3.2版本可用 Enables read concern level of "majority".
    enableMajorityReadConcern:false 

#分片配置
sharding:
    #type:string
    #分片集群中的担当的角色
    #可选值1 configsvr:配置svr
    #可选值2 shardsvr: 数据svr
    clusterRole: shardsvr
    #type:boolean
    #默认false
    #During chunk migration, a shard does not save documents migrated from the shard.
    archiveMovedChunks: false

#auditLog配置
#仅企业版支付
auditLog:
    #type:string
    #审计日志保存方式
    #可选值1 syslog:Output the audit events to syslog in JSON format. 
    #可选值2 console:Output the audit events to stdout in JSON format.
    #可选值3 file:Output the audit events to the file specified in --auditPath in the format specified in --auditFormat.
    destination: syslog
    #type:string
    #日志格式
    #可选值1:JSON
    #可选值2:BSON
    format: JSON
    #type:string
    #日志文件路径,相对路经和绝对路径都支持
    path: path/audit.log
    #type:string representation of a document
    #The filter to limit the types of operations the audit system records.
    #内容格式:{ <field1>: <expression1>, ... }
    filter: {}

#snmp(简单网络管理协议)配置
snmp:
    #type:boolean
    #When snmp.subagent is true, SNMP runs as a subagent. For more information, see Monitor MongoDB With SNMP on Linux.
    subagent:false
    #type:boolean
    #When snmp.master is true, SNMP runs as a master. For more information, see Monitor MongoDB With SNMP on Linux.
    master:false

#Text Search配置
basisTech:
	#type:string
	#v3.2版本加入
	#仅企业版支持
	#Specify the path to the root directory of the Basis Technology Rosette Linguistics Platform installation to support additional languages for text search operations.
    rootDirectory:/path/

#mongos-only Options
replication:
    #type:integer
    #The ping time, in milliseconds, that mongos uses to determine which secondary replica set members to pass read operations from clients. 
    #默认值为15毫秒
    localPingThresholdMs:15
sharding:
    #type:string
    #The configuration servers for the sharded cluster.
    #建议使用replica set
    #值格式:<configReplSetName>/cfg1.example.net:27017, cfg2.example.net:27017,...
    configDB: 

  

参考文档

【1】服务器配置文档

https://docs.mongodb.com/manual/reference/configuration-options/

【2】服务器参数

https://docs.mongodb.com/manual/reference/parameters/

posted @ 2017-11-30 13:31  huan&ping  阅读(441)  评论(0编辑  收藏  举报