索引好处:加快索引相关的查询
坏处:增加磁盘空间消耗,降低写入性能
评判当前索引构建情况:
1. mongostat工具介绍
2. profile集合介绍
3. 日志介绍
4. explain分析
1. mongostat工具
mongostat:查看MongoDB运行状态程序。
使用:mongostat -h 127.0.0.1:12345
输出字段说明 --help
Fields
inserts - # of inserts per second (* means replicated op)
query - # of queries per second
update - # of updates per second
delete - # of deletes per second
getmore - # of get mores (cursor batch) per second
command - # of commands per second, on a slave its local|replicated
flushes - # of fsync flushes per second
mapped - amount of data mmaped (total data size) megabytes
vsize - virtual size of process in megabytes
res - resident size of process in megabytes
non-mapped - amount virtual memeory less mapped memory (only with --all)
faults - # of pages faults per sec
locked - name of and percent time for most locked database
idx miss - percent of btree page misses (sampled)
qr|qw - queue lengths for clients waiting (read|write)
ar|aw - active clients (read|write)
netIn - network traffic in - bytes
netOut - network traffic out - bytes
conn - number of open connections
set - replica set name
repl - replication type
PRI - primary (master)
SEC - secondary
REC - recovering
UNK - unknown
SLV - slave
b RTR - mongos process ("router")
详细说明参考(http://www.imooc.com/video/6443)
... ...
使用(两个窗口一个添加,一个监控)
添加:
1 2 3 | > use jeromeswitched to db jerome> for(i=0;i<100000;i++)db.jerome.insert({x:i}) |
查看当前系统情况
qr,我们比较关注的,读队列。qw写队列
如果idx miss,比较高存在隐患,可能要构建索引。
2. profile集合
1 2 3 4 5 6 7 8 9 10 11 12 | > db.getProfilingStatus() #查看profile设置{ "was" : 0, "slowms" : 100 }> db.setProfilingLevel(2) #设置级别{ "was" : 0, "slowms" : 100, "ok" : 1 }> db.getProfilingStatus(){ "was" : 2, "slowms" : 100 }> show tables #查看生成的集合jeromejerome_2locationsystem.indexessystem.profile |
was分为三个级别:0 1 2
0:关闭。
1:配合slowms,记录所有操作超过slowms的操作。
2:记录任何操作
查看(natural自然排序)
1 2 3 4 | > db.system.profile.find().sort({$naturl:-1}).limit(3){ "op" : "query", "ns" : "jerome.system.indexes", "query" : { "expireAfterSeconds" : { "$exists" : true } }, "ntoreturn" : 0, "ntoskip" : 0, "nscanned" : 11, "nscannedObjects" : 11, "keyUpdates" : 0, "numYield" : 0, "lockStats" : { "timeLockedMicros" : { "r" : NumberLong(206), "w" : NumberLong(0) }, "timeAcquiringMicros" : { "r" : NumberLong(4), "w" : NumberLong(7) } }, "nreturned" : 0, "responseLength" : 20, "millis" : 0, "execStats" : { "type" : "COLLSCAN", "works" : 13, "yields" : 0, "unyields" : 0, "invalidates" : 0, "advanced" : 0, "needTime" : 12, "needFetch" : 0, "isEOF" : 1, "docsTested" : 11, "children" : [ ] }, "ts" : ISODate("2015-06-06T09:12:23.021Z"), "client" : "0.0.0.0", "allUsers" : [ { "user" : "__system", "db" : "local" } ], "user" : "__system@local" }{ "op" : "command", "ns" : "jerome.$cmd", "command" : { "profile" : -1 }, "keyUpdates" : 0, "numYield" : 0, "lockStats" : { "timeLockedMicros" : { "r" : NumberLong(0), "w" : NumberLong(21) }, "timeAcquiringMicros" : { "r" : NumberLong(0), "w" : NumberLong(8) } }, "responseLength" : 58, "millis" : 0, "execStats" : { }, "ts" : ISODate("2015-06-06T09:12:23.051Z"), "client" : "127.0.0.1", "allUsers" : [ ], "user" : "" }{ "op" : "query", "ns" : "jerome.system.namespaces", "query" : { }, "ntoreturn" : 0, "ntoskip" : 0, "nscanned" : 16, "nscannedObjects" : 16, "keyUpdates" : 0, "numYield" : 0, "lockStats" : { "timeLockedMicros" : { "r" : NumberLong(235), "w" : NumberLong(0) }, "timeAcquiringMicros" : { "r" : NumberLong(7), "w" : NumberLong(7) } }, "nreturned" : 16, "responseLength" : 640, "millis" : 0, "execStats" : { "type" : "COLLSCAN", "works" : 18, "yields" : 0, "unyields" : 0, "invalidates" : 0, "advanced" : 16, "needTime" : 1, "needFetch" : 0, "isEOF" : 1, "docsTested" : 16, "children" : [ ] }, "ts" : ISODate("2015-06-06T09:12:34.167Z"), "client" : "127.0.0.1", "allUsers" : [ ], "user" : "" } |
里面参数详细说明(http://www.imooc.com/video/6445)
注意:生产环境一般不使用profile,因为会占据性能。
3. 日志
可以配置文件配置日志记录情况,v越多月详细。(mongod.conf)
4.explain分析
通过后面添加.explain(),可以看到查询的详细信息。
查询使用时间112,可以通过建立x索引优化。
mongoDB安全
1. MongoDB安全概览
2. 物理隔离与网络隔离
3. IP白名单隔离
4.用户名密码鉴权
MongoDB安全概览
1. 最安全的是物理隔离:不现实
2. 网络隔离其次
3. 防火墙再其次
4. 用户名密码在最后
MongoDB安全
1. auth开启
2. keyfile开启
1. auth开启
在配置文件里面配置
重启MongoDB,查看日志,可以看到
然后创建用户
1. 创建语法:createUser(2.6之前为addUser)
2. {user:"<name>",
pwd:"",
customData:{<any information>},
role:[{role:"",db:""}]}
3. 角色类型:内建类型(read,readWrite,dbAdmin,dbOwner,userAdmin)权限类型也可以自定义
使用
之前指定的数据库是test,所以只能操作test
指定的是只能read,没有write(提示么有权限)
MongoDB用户角色详解
1. 数据库角色(read,readWrite,dbAdmin,dbOwner,userAdmin)
2. 集群角色(clusterAdmin,clusterManager)
3. 备份角色(backup,restore...)
4. 其他特殊权限(DBAdminAnyDatabase)
除了这些,还有两个,一个是root,有所有的权限。一个是--**,一般这两个内置的role不会对外开放。
... ...