mongodb之配置

前言

最新版本支持yaml格式的配置文件，只支持空格，不能使用tab

详细配置说明

#系统日志配置
systemLog:
    destination: file
    path: /var/log/mongodb/mongod.log
    logAppend: true
    #quiet模式运行，建议设置为false，方便排查错误
    quiet: false 
 
#进程管理
processManagement:
    #进程后台运行
    fork: true
    #进程pid文件
    pidFilePath: /var/log/mongodb/mongod.pid  
 
#网络配置
net:
    #监听端口
    port: 27017
    #监听网卡 多个使用英文逗号隔开
    bindIp: 127.0.0.1
    #最大并发连接数 默认65535
    maxIncomingConnections: 65535
    #验证客户端传过来的数据，文档嵌套多时，对性能会有些影响
    wireObjectCheck: true
    #是否启用ipv6，默认不启用
    ipv6: false
    unixDomainSocket:
        #是否启用socket监听 默认true
        enabled: true
        #socket保存目录，默认/tmp
        pathPrefix: /var/log/mongodb
        #socket文件权限，默认0700
        filePermissions: 0700
    http:
        #是否启用http服务，默认false，安全考虑线上环境要关闭
        enabled: false
        #是否启用http jsonp，默认false，即使http.enabled为false，只要此项为true，一样可以访问，安全考虑线上环境要关闭
        JSONPEnabled: false
        #是否启用rest api接口，默认false，安全考虑线上环境要关闭
        RESTInterfaceEnabled: false
    ssl:
        #type:string
        #是否启用加密
        #可选值1 disabled:禁用
        #可选值2 allowSSL:优先使用非加密，但是服务器支持加密
        #可选值3 preferSSL:优先使用加密，但是服务器也支持非加密
        #可选值4 requireSSL:只支持加密
 
        mode: disabled 
 
        #type:string
        #包含TLS/SSL certificate and key的文件路径
        #包含公钥和私钥
 
        PEMKeyFile: /var/log/mongodb/mongodb.pem
 
        #type:string
        #私钥加密时的密码
 
        PEMKeyPassword: password
 
        #type:string
        #The .pem file that contains the x.509 certificate-key file for membership authentication for the cluster or replica set.
        #不存在会使用PEMKeyFile
 
        clusterFile: /var/log/mongodb/cluster.pem
 
        #type:string
        #The password to de-crypt the x.509 certificate-key file specified with --sslClusterFile
 
        clusterPassword: password
 
        #type:string
        #The .pem file that contains the root certificate chain from the Certificate Authority.
 
        CAFile:  
 
        #type:string
        #The the .pem file that contains the Certificate Revocation List.
 
        CRLFile: 
 
        #type:boolean
        #Enable or disable the requirement for TLS/SSL certificate validation that CAFile enables
 
        allowConnectionsWithoutCertificates: true 
 
        #type:boolean
        #Enable or disable the validation checks for TLS/SSL certificates on other servers in the cluster and allows the use of invalid certificates.
 
        allowInvalidCertificates: false 
 
        #type:boolean
        #是否允许无效的域名，当为true时，mongod不检查证书里面域名的有效性，即使域名不匹配，mongod同样允许连接mongodb实例
 
        allowInvalidHostnames: false 
 
        #type:string
        #禁用加密协议版本，多个使用英文逗号隔开
        #可设置的值TLS1_0, TLS1_1, and TLS1_2
 
        disabledProtocols: 
 
        #type:string
        #Enable or disable the use of the FIPS mode of the installed OpenSSL library for the mongos or mongod.
 
        FIPSMode: false
    compression:
        #是否启用数据压缩
        compressors: snappy
 
#安全配置
security:
    #type:string
    #密钥路径，副本集和分片集群节点间授权时使用的密钥
    keyFile:
 
    #type:string
    #集群授权模式，默认keyFile，值列表：keyFile,sendKeyFile,sendX509,x509
    clusterAuthMode: keyFile 
 
    #type:string
    #是否开启数据库访问RBAC权限控制，默认：disabled，仅对mongod命令有效
    authorization: enabled 
 
    #type:boolean
    #Allows the mongod or mongos to accept and create authenticated and non-authenticated connections to and from other mongod and mongos instances in the deployment.
    transitionToAuth: false 
 
    #type:boolean
    #是否开启服端js执行，默认true，如果未开启$where,group,mapreduce都不能使用
    javascriptEnabled: true 
 
    #type:boolean
    #写日志之前是否编辑客户端日志数据，去除日志中的敏感数据，仅企业版支持
    redactClientLogData: true 
 
#key管理配置
security:
    #type:boolean
    #WiredTiger存储引擎是否启用加密，默认false，仅企业版支持
    enableEncryption: false 
 
    #type:string
    #加密模式，默认AES256-CBC，仅企业版支持
    encryptionCipherMode: AES256-CBC 
 
    #type:string
    #密钥文件路径，仅企业版支持
    encryptionKeyFile: /var/log/mongodb/encKeyFile 
 
    #kmip key server，仅企业版支持
    kmip:
        #type:string
        #Unique KMIP identifier for an existing key within the KMIP server.
        keyIdentifier: 
 
        #type:boolean
        #If true, rotate the master key and re-encrypt the internal keystore
        rotateMasterKey: false 
 
        #type:string
        #Hostname or IP address of key management solution running a KMIP server.
        serverName: 
 
        #type:int
        #Port number the KMIP server is listening on
        port: 5696 
 
        #type:string
        #String containing the path to the client certificate used for authenticating MongoDB to the KMIP server.
        clientCertificateFile: 
 
        #type:string
        #The password to decrypt the client certificate, used to authenticate MongoDB to the KMIP server.
        clientCertificatePassword: 
 
        #type:string
        #Path to CA File. Used for validating secure client connection to KMIP server.
        serverCAFile: 
 
#sasal配置
security:
    sasl:
        hostName: "" #A fully qualified server domain name for the purpose of configuring SASL and Kerberos authentication.
        serviceName: "" #Registered name of the service using SASL.
        saslauthdSocketPath: "" #The path to the UNIX domain socket file for saslauthd
 
#setParameter配置
setParameter:
    enableLocalhostAuthBypass: false
 
#存储配置
storage:
    #type:string
    #数据库数据存储目录，默认/data/db
    dbPath:
 
    #type:boolean
    #启动时是否尝试重建索引，默认true
    indexBuildRetry: true 
 
    #type:string
    #修复数据时使用的目录，默认是：A _tmp_repairDatabase_<num> directory under the dbPath
    repairPath: 
 
    #journal日志
    journal:
        #type:boolean
        #Enable or disable the durability journal to ensure data files remain valid and recoverable. Default: true on 64-bit systems, false on 32-bit systems
        enabled: true 
 
        #type:int
        #日志同步间隔，Values can range from 1 to 500 milliseconds.
        commitIntervalMs: 100 
 
    #type:boolean
    #是否开启一数据库一目录，默认是false
    directoryPerDB: false 
 
    #type:int
    #数据落地时间间隔，默认为60秒，不能设置为0，一般使用默认值即可
    syncPeriodSecs: 60 
 
    #type:string
    ##存储引擎，默认wiredTiger，可选值 mmapv1,wiredTiger,inMemory
    engine: wiredTiger
 
#mmapv1存储引擎配置
storage:
    mmapv1:
        #type:boolean
        #默认true,Enables or disables the preallocation of data files.
        preallocDataFiles: true
 
        #type:int
        #默认16M The default size for namespace files, which are files that end in .ns.
        nsSize: 16 
 
        #配额
        quota:
            #type:boolean
            #是否强制限制每个数据库数据文件数量限制，数量限制由maxFilesPerDB选项指定，默认为false
            enforced: false 
 
            #type:int
            #单个实例最大数据文件数量，需要先开启enforced配置，默认8
            maxFilesPerDB: 8 
 
        #type:boolean
        #小文件存储，默认为false，journal文件也会影响，适用场景：多数据库且数据量不大
        smallFiles: false
        journal:
            #type:boolean
            #journal调试标志，用于测试功能，一般情况下不使用，系统异常关机会影响数据的完整性
            debugFlags: 0 
 
            #type:int
            #version >= 3.2版本不建议使用
            commitIntervalMs: 60 
 
#wiredTiger存储引擎配置
storage:
    wiredTiger:
        engineConfig:
            #type:float
            #单个实例可用的数据缓存内存大小，version >= 3.4默认：50% of RAM minus 1 GB, or 256 MB. Values can range from 256MB to 10TB and can be a float.
            cacheSizeGB: 0.25
 
            #type:string
            #WiredTiger journal数据压缩格式，默认snappy，可用的压缩类型: none, snappy, zlib
            journalCompressor: snappy 
 
            #type:boolean
            #索引文件分目录存储，默认false，version >= 3.0后版本可用
            directoryForIndexes: false
        collectionConfig:
            #type:string
            #块数据压缩格式，默认snappy，可用的压缩类型：none, snappy, zlib
            blockCompressor: snappy
        indexConfig:
            #type:boolean
            #是否开启索引prefix compression，默认true
            prefixCompression: true #是否开启索引prefix compression，默认true
 
#operationProfiling操作性能分析
operationProfiling:
    #type:int
    #慢查询时间单位毫秒，默认100，如果开启了profile，日志会保存到system.profile集合中
    slowOpThresholdMs: 100 
 
    #type:string
    #性能分析模式，开启会影响性能，谨慎操作。默认off.
    #可选值1：off: Off. No profiling.
    #可选值2： slowOp:On. Only includes slow operations.
    #可选值3： all:On. Includes all operations.
    mode: off
 
#replication复制配置
replication:
    #type:int
    #数字类型(单位M) replication op log 大小，64位系统默认为可用磁盘的5%
    oplogSizeMB: 512
 
    #type:string
    #所属replica set集群名称
    replSetName: 
 
    #type:string
    #The indexes that secondary members of a replica set load into memory before applying operations from the oplog. 默认all
    #可选值1 none:Secondaries do not load indexes into memory.
    #可选值2 all:Secondaries load all indexes related to an operation.
    #可选值3 _id_only:Secondaries load no additional indexes into memory beyond the already existing _id index.
    secondaryIndexPrefetch: all 
 
    #type:boolean
    #默认false version >= 3.2版本可用 Enables read concern level of "majority".
    enableMajorityReadConcern:false 
 
#分片配置
sharding:
    #type:string
    #分片集群中的担当的角色
    #可选值1 configsvr:配置svr
    #可选值2 shardsvr: 数据svr
    clusterRole: shardsvr
    #type:boolean
    #默认false
    #During chunk migration, a shard does not save documents migrated from the shard.
    archiveMovedChunks: false
 
#auditLog配置
#仅企业版支付
auditLog:
    #type:string
    #审计日志保存方式
    #可选值1 syslog:Output the audit events to syslog in JSON format.
    #可选值2 console:Output the audit events to stdout in JSON format.
    #可选值3 file:Output the audit events to the file specified in --auditPath in the format specified in --auditFormat.
    destination: syslog
    #type:string
    #日志格式
    #可选值1:JSON
    #可选值2:BSON
    format: JSON
    #type:string
    #日志文件路径，相对路经和绝对路径都支持
    path: path/audit.log
    #type:string representation of a document
    #The filter to limit the types of operations the audit system records.
    #内容格式：{ <field1>: <expression1>, ... }
    filter: {}
 
#snmp(简单网络管理协议)配置
snmp:
    #type:boolean
    #When snmp.subagent is true, SNMP runs as a subagent. For more information, see Monitor MongoDB With SNMP on Linux.
    subagent:false
    #type:boolean
    #When snmp.master is true, SNMP runs as a master. For more information, see Monitor MongoDB With SNMP on Linux.
    master:false
 
#Text Search配置
basisTech:
	#type:string
	#v3.2版本加入
	#仅企业版支持
	#Specify the path to the root directory of the Basis Technology Rosette Linguistics Platform installation to support additional languages for text search operations.
    rootDirectory:/path/
 
#mongos-only Options
replication:
    #type:integer
    #The ping time, in milliseconds, that mongos uses to determine which secondary replica set members to pass read operations from clients.
    #默认值为15毫秒
    localPingThresholdMs:15
sharding:
    #type:string
    #The configuration servers for the sharded cluster.
    #建议使用replica set
    #值格式:<configReplSetName>/cfg1.example.net:27017, cfg2.example.net:27017,...
    configDB:

　　

参考文档

【1】服务器配置文档

https://docs.mongodb.com/manual/reference/configuration-options/

【2】服务器参数

https://docs.mongodb.com/manual/reference/parameters/