索引构建情况分析、mongoDB安全(四)
2015-06-07 15:01
621 查看
索引好处:加快索引相关的查询
坏处:增加磁盘空间消耗,降低写入性能
评判当前索引构建情况:
1. mongostat工具介绍
2. profile集合介绍
3. 日志介绍
4. explain分析
使用:mongostat -h 127.0.0.1:12345
输出字段说明 --help
Fields
inserts - # of inserts per second (* means replicated op)
query - # of queries per second
update - # of updates per second
delete - # of deletes per second
getmore - # of get mores (cursor batch) per second
command - # of commands per second,on a slave its local|replicated
flushes - # of fsync flushes per second
mapped - amount of data mmaped (total data size) megabytes
vsize - virtual size of process in megabytes
res - resident size of process in megabytes
non-mapped - amount virtual memeory less mapped memory (only with --all)
faults - # of pages faults per sec
locked - name of and percent time for most locked database
idx miss - percent of btree page misses (sampled)
qr|qw - queue lengths for clients waiting (read|write)
ar|aw - active clients (read|write)
netIn - network traffic in - bytes
netOut - network traffic out - bytes
conn - number of open connections
set - replica set name
repl - replication type
PRI - primary (master)
SEC - secondary
REC - recovering
UNK - unknown
SLV - slave
b RTR - mongos process ("router")
详细说明参考(http://www.imooc.com/video/6443)
... ...
使用(两个窗口一个添加,一个监控)
添加:
查看当前系统情况
qr,我们比较关注的,读队列。qw写队列
如果idx miss,比较高存在隐患,可能要构建索引。
was分为三个级别:0 1 2
0:关闭。
1:配合slowms,记录所有操作超过slowms的操作。
2:记录任何操作
查看(natural自然排序)
里面参数详细说明(http://www.imooc.com/video/6445)
注意:生产环境一般不使用profile,因为会占据性能。
通过后面添加.explain(),可以看到查询的详细信息。
查询使用时间112,可以通过建立x索引优化。
2. 物理隔离与网络隔离
3. IP白名单隔离
4.用户名密码鉴权
MongoDB安全概览
1. 最安全的是物理隔离:不现实
2. 网络隔离其次
3. 防火墙再其次
4. 用户名密码在最后
MongoDB安全
1. auth开启
2. keyfile开启
1. auth开启
在配置文件里面配置
重启MongoDB,查看日志,可以看到
然后创建用户
1. 创建语法:createUser(2.6之前为addUser)
2. {user:"<name>",
pwd:"",
customData:{<any information>},
role:[{role:"",db:""}]}
3. 角色类型:内建类型(read,readWrite,dbAdmin,dbOwner,userAdmin)权限类型也可以自定义
使用
之前指定的数据库是test,所以只能操作test
指定的是只能read,没有write(提示么有权限)
MongoDB用户角色详解
1. 数据库角色(read,readWrite,dbAdmin,dbOwner,userAdmin)
2. 集群角色(clusterAdmin,clusterManager)
3. 备份角色(backup,restore...)
4. 其他特殊权限(DBAdminAnyDatabase)
除了这些,还有两个,一个是root,有所有的权限。一个是--**,一般这两个内置的role不会对外开放。
... ...
坏处:增加磁盘空间消耗,降低写入性能
评判当前索引构建情况:
1. mongostat工具介绍
2. profile集合介绍
3. 日志介绍
4. explain分析
1. mongostat工具
mongostat:查看MongoDB运行状态程序。使用:mongostat -h 127.0.0.1:12345
输出字段说明 --help
Fields
inserts - # of inserts per second (* means replicated op)
query - # of queries per second
update - # of updates per second
delete - # of deletes per second
getmore - # of get mores (cursor batch) per second
command - # of commands per second,on a slave its local|replicated
flushes - # of fsync flushes per second
mapped - amount of data mmaped (total data size) megabytes
vsize - virtual size of process in megabytes
res - resident size of process in megabytes
non-mapped - amount virtual memeory less mapped memory (only with --all)
faults - # of pages faults per sec
locked - name of and percent time for most locked database
idx miss - percent of btree page misses (sampled)
qr|qw - queue lengths for clients waiting (read|write)
ar|aw - active clients (read|write)
netIn - network traffic in - bytes
netOut - network traffic out - bytes
conn - number of open connections
set - replica set name
repl - replication type
PRI - primary (master)
SEC - secondary
REC - recovering
UNK - unknown
SLV - slave
b RTR - mongos process ("router")
详细说明参考(http://www.imooc.com/video/6443)
... ...
使用(两个窗口一个添加,一个监控)
添加:
1 2 3 | >use jerome switched to db jerome > for (i=0;i<100000;i++)db.jerome.insert({x:i}) |
qr,我们比较关注的,读队列。qw写队列
如果idx miss,比较高存在隐患,可能要构建索引。
2. profile集合
1 2 3 4 5 6 7 8 9 10 11 12 | >db.getProfilingStatus() #查看profile设置 { "was" :0, "slowms" :100 } >db.setProfilingLevel(2) #设置级别 { "was" :0, "slowms" :100, "ok" :1 } >db.getProfilingStatus() { "was" :2, "slowms" :100 } >show tables #查看生成的集合 jerome jerome_2 location system.indexes system.profile |
0:关闭。
1:配合slowms,记录所有操作超过slowms的操作。
2:记录任何操作
查看(natural自然排序)
1 2 3 4 | >db.system.profile. find (). sort ({$naturl:-1}).limit(3) { "op" : "query" , "ns" : "jerome.system.indexes" , "query" :{ "expireAfterSeconds" :{ "$exists" : true } }, "ntoreturn" :0, "ntoskip" :0, "nscanned" :11, "nscannedObjects" :11, "keyUpdates" :0, "numYield" :0, "lockStats" :{ "timeLockedMicros" :{ "r" :NumberLong(206), "w" :NumberLong(0) }, "timeAcquiringMicros" :{ "r" :NumberLong(4), "w" :NumberLong(7) } }, "nreturned" :0, "responseLength" :20, "millis" :0, "execStats" :{ "type" : "COLLSCAN" , "works" :13, "yields" :0, "unyields" :0, "invalidates" :0, "advanced" :0, "needTime" :12, "needFetch" :0, "isEOF" :1, "docsTested" :11, "children" :[ ] }, "ts" :ISODate( "2015-06-06T09:12:23.021Z" ), "client" : "0.0.0.0" , "allUsers" :[ { "user" : "__system" , "db" : "local" } ], "user" : "__system@local" } { "op" : "command" , "ns" : "jerome.$cmd" , "command" :{ "profile" :-1 }, "keyUpdates" :0, "numYield" :0, "lockStats" :{ "timeLockedMicros" :{ "r" :NumberLong(0), "w" :NumberLong(21) }, "timeAcquiringMicros" :{ "r" :NumberLong(0), "w" :NumberLong(8) } }, "responseLength" :58, "millis" :0, "execStats" :{}, "ts" :ISODate( "2015-06-06T09:12:23.051Z" ), "client" : "127.0.0.1" , "allUsers" :[ ], "user" : "" } { "op" : "query" , "ns" : "jerome.system.namespaces" , "query" :{}, "ntoreturn" :0, "ntoskip" :0, "nscanned" :16, "nscannedObjects" :16, "keyUpdates" :0, "numYield" :0, "lockStats" :{ "timeLockedMicros" :{ "r" :NumberLong(235), "w" :NumberLong(0) }, "timeAcquiringMicros" :{ "r" :NumberLong(7), "w" :NumberLong(7) } }, "nreturned" :16, "responseLength" :640, "millis" :0, "execStats" :{ "type" : "COLLSCAN" , "works" :18, "yields" :0, "unyields" :0, "invalidates" :0, "advanced" :16, "needTime" :1, "needFetch" :0, "isEOF" :1, "docsTested" :16, "children" :[ ] }, "ts" :ISODate( "2015-06-06T09:12:34.167Z" ), "client" : "127.0.0.1" , "allUsers" :[ ], "user" : "" } |
注意:生产环境一般不使用profile,因为会占据性能。
3. 日志
可以配置文件配置日志记录情况,v越多月详细。(mongod.conf)4.explain分析
通过后面添加.explain(),可以看到查询的详细信息。
查询使用时间112,可以通过建立x索引优化。
mongoDB安全
1. MongoDB安全概览2. 物理隔离与网络隔离
3. IP白名单隔离
4.用户名密码鉴权
MongoDB安全概览
1. 最安全的是物理隔离:不现实
2. 网络隔离其次
3. 防火墙再其次
4. 用户名密码在最后
MongoDB安全
1. auth开启
2. keyfile开启
1. auth开启
在配置文件里面配置
重启MongoDB,查看日志,可以看到
然后创建用户
1. 创建语法:createUser(2.6之前为addUser)
2. {user:"<name>",
pwd:"",
customData:{<any information>},
role:[{role:"",db:""}]}
3. 角色类型:内建类型(read,readWrite,dbAdmin,dbOwner,userAdmin)权限类型也可以自定义
使用
之前指定的数据库是test,所以只能操作test
指定的是只能read,没有write(提示么有权限)
MongoDB用户角色详解
1. 数据库角色(read,readWrite,dbAdmin,dbOwner,userAdmin)
2. 集群角色(clusterAdmin,clusterManager)
3. 备份角色(backup,restore...)
4. 其他特殊权限(DBAdminAnyDatabase)
除了这些,还有两个,一个是root,有所有的权限。一个是--**,一般这两个内置的role不会对外开放。
... ...
相关文章推荐
- 索引构建情况分析、mongoDB安全(四)
- Node.JS + MongoDB技术浅谈
- Node.JS + MongoDB技术浅谈
- MongoDB查询、索引和聚合
- MongoDB的监控首选:mongostat
- MongoDb、Mongodb php扩展 安装步骤及相关知识
- MongoDB数据库更新和删除文档
- mongoDB常见的查询索引(三)
- mongoDB常见的查询索引(三)
- MongoDB查询语句简要分析
- 解决mongodb的安装mongod命令不是内部或外部命令
- 解决mongodb的安装mongod命令不是内部或外部命令
- MongoDB Windows环境安装及配置
- MongoDB Windows环境安装及配置
- mongodb操作
- MongoDB获得短暂的
- mongoDB数据库验证登陆及问题
- php 操作 mongodb
- mongodb备份与恢复
- MongoDB数据库基本用法