索引构建情况分析、mongoDB安全（四）

索引好处：加快索引相关的查询
坏处：增加磁盘空间消耗，降低写入性能

评判当前索引构建情况：
1. mongostat工具介绍
2. profile集合介绍
3. 日志介绍
4. explain分析

1. mongostat工具

mongostat：查看MongoDB运行状态程序。
使用：mongostat -h 127.0.0.1:12345

输出字段说明 --help
Fields
inserts - # of inserts per second (* means replicated op)
query - # of queries per second
update - # of updates per second
delete - # of deletes per second
getmore - # of get mores (cursor batch) per second
command - # of commands per second,on a slave its local|replicated
flushes - # of fsync flushes per second
mapped - amount of data mmaped (total data size) megabytes
vsize - virtual size of process in megabytes
res - resident size of process in megabytes
non-mapped - amount virtual memeory less mapped memory (only with --all)
faults - # of pages faults per sec
locked - name of and percent time for most locked database
idx miss - percent of btree page misses (sampled)
qr|qw - queue lengths for clients waiting (read|write)
ar|aw - active clients (read|write)
netIn - network traffic in - bytes
netOut - network traffic out - bytes
conn - number of open connections
set - replica set name
repl - replication type
PRI - primary (master)
SEC - secondary
REC - recovering
UNK - unknown
SLV - slave
b RTR - mongos process ("router")
详细说明参考（http://www.imooc.com/video/6443）
... ...

使用（两个窗口一个添加，一个监控）
添加：

1 2 3

>use jerome switched to db jerome > for (i=0;i<100000;i++)db.jerome.insert({x:i})

查看当前系统情况



qr，我们比较关注的，读队列。qw写队列
如果idx miss，比较高存在隐患，可能要构建索引。

2. profile集合

1 2 3 4 5 6 7 8 9 10 11 12

>db.getProfilingStatus() #查看profile设置 { "was" :0, "slowms" :100 } >db.setProfilingLevel(2) #设置级别 { "was" :0, "slowms" :100, "ok" :1 } >db.getProfilingStatus() { "was" :2, "slowms" :100 } >show tables #查看生成的集合 jerome jerome_2 location system.indexes system.profile

was分为三个级别：0 1 2
0：关闭。
1：配合slowms，记录所有操作超过slowms的操作。
2：记录任何操作

查看（natural自然排序）

1 2 3 4

>db.system.profile. find (). sort ({$naturl:-1}).limit(3) { "op" : "query" , "ns" : "jerome.system.indexes" , "query" :{ "expireAfterSeconds" :{ "$exists" : true } }, "ntoreturn" :0, "ntoskip" :0, "nscanned" :11, "nscannedObjects" :11, "keyUpdates" :0, "numYield" :0, "lockStats" :{ "timeLockedMicros" :{ "r" :NumberLong(206), "w" :NumberLong(0) }, "timeAcquiringMicros" :{ "r" :NumberLong(4), "w" :NumberLong(7) } }, "nreturned" :0, "responseLength" :20, "millis" :0, "execStats" :{ "type" : "COLLSCAN" , "works" :13, "yields" :0, "unyields" :0, "invalidates" :0, "advanced" :0, "needTime" :12, "needFetch" :0, "isEOF" :1, "docsTested" :11, "children" :[ ] }, "ts" :ISODate( "2015-06-06T09:12:23.021Z" ), "client" : "0.0.0.0" , "allUsers" :[ { "user" : "__system" , "db" : "local" } ], "user" : "__system@local" } { "op" : "command" , "ns" : "jerome.$cmd" , "command" :{ "profile" :-1 }, "keyUpdates" :0, "numYield" :0, "lockStats" :{ "timeLockedMicros" :{ "r" :NumberLong(0), "w" :NumberLong(21) }, "timeAcquiringMicros" :{ "r" :NumberLong(0), "w" :NumberLong(8) } }, "responseLength" :58, "millis" :0, "execStats" :{}, "ts" :ISODate( "2015-06-06T09:12:23.051Z" ), "client" : "127.0.0.1" , "allUsers" :[ ], "user" : "" } { "op" : "query" , "ns" : "jerome.system.namespaces" , "query" :{}, "ntoreturn" :0, "ntoskip" :0, "nscanned" :16, "nscannedObjects" :16, "keyUpdates" :0, "numYield" :0, "lockStats" :{ "timeLockedMicros" :{ "r" :NumberLong(235), "w" :NumberLong(0) }, "timeAcquiringMicros" :{ "r" :NumberLong(7), "w" :NumberLong(7) } }, "nreturned" :16, "responseLength" :640, "millis" :0, "execStats" :{ "type" : "COLLSCAN" , "works" :18, "yields" :0, "unyields" :0, "invalidates" :0, "advanced" :16, "needTime" :1, "needFetch" :0, "isEOF" :1, "docsTested" :16, "children" :[ ] }, "ts" :ISODate( "2015-06-06T09:12:34.167Z" ), "client" : "127.0.0.1" , "allUsers" :[ ], "user" : "" }

里面参数详细说明（http://www.imooc.com/video/6445）

注意：生产环境一般不使用profile，因为会占据性能。

3. 日志

可以配置文件配置日志记录情况，v越多月详细。(mongod.conf)

4.explain分析

通过后面添加.explain()，可以看到查询的详细信息。
查询使用时间112,可以通过建立x索引优化。

mongoDB安全

1. MongoDB安全概览
2. 物理隔离与网络隔离
3. IP白名单隔离
4.用户名密码鉴权
MongoDB安全概览
1. 最安全的是物理隔离：不现实
2. 网络隔离其次
3. 防火墙再其次
4. 用户名密码在最后

MongoDB安全
1. auth开启
2. keyfile开启
1. auth开启

在配置文件里面配置



重启MongoDB，查看日志，可以看到



然后创建用户
1. 创建语法：createUser(2.6之前为addUser)
2. ｛user:"<name>",
pwd:"",
customData:{<any information>},
role:[{role:"",db:""}]｝
3. 角色类型：内建类型（read，readWrite，dbAdmin，dbOwner，userAdmin）权限类型也可以自定义



使用



之前指定的数据库是test，所以只能操作test



指定的是只能read，没有write（提示么有权限）



MongoDB用户角色详解
1. 数据库角色（read，readWrite，dbAdmin，dbOwner，userAdmin）
2. 集群角色（clusterAdmin，clusterManager）
3. 备份角色（backup，restore...）
4. 其他特殊权限（DBAdminAnyDatabase）
除了这些，还有两个，一个是root，有所有的权限。一个是--**，一般这两个内置的role不会对外开放。



... ...