前言
最新版本支持yaml格式的配置文件,只支持空格,不能使用tab
详细配置说明
#系统日志配置
systemLog:
destination: file
path: /var/log/mongodb/mongod.log
logAppend: true
#quiet模式运行,建议设置为false,方便排查错误
quiet: false
#进程管理
processManagement:
#进程后台运行
fork: true
#进程pid文件
pidFilePath: /var/log/mongodb/mongod.pid
#网络配置
net:
#监听端口
port: 27017
#监听网卡 多个使用英文逗号隔开
bindIp: 127.0.0.1
#最大并发连接数 默认65535
maxIncomingConnections: 65535
#验证客户端传过来的数据,文档嵌套多时,对性能会有些影响
wireObjectCheck: true
#是否启用ipv6,默认不启用
ipv6: false
unixDomainSocket:
#是否启用socket监听 默认true
enabled: true
#socket保存目录,默认/tmp
pathPrefix: /var/log/mongodb
#socket文件权限,默认0700
filePermissions: 0700
http:
#是否启用http服务,默认false,安全考虑线上环境要关闭
enabled: false
#是否启用http jsonp,默认false,即使http.enabled为false,只要此项为true,一样可以访问,安全考虑线上环境要关闭
JSONPEnabled: false
#是否启用rest api接口,默认false,安全考虑线上环境要关闭
RESTInterfaceEnabled: false
ssl:
#type:string
#是否启用加密
#可选值1 disabled:禁用
#可选值2 allowSSL:优先使用非加密,但是服务器支持加密
#可选值3 preferSSL:优先使用加密,但是服务器也支持非加密
#可选值4 requireSSL:只支持加密
mode: disabled
#type:string
#包含TLS/SSL certificate and key的文件路径
#包含公钥和私钥
PEMKeyFile: /var/log/mongodb/mongodb.pem
#type:string
#私钥加密时的密码
PEMKeyPassword: password
#type:string
#The .pem file that contains the x.509 certificate-key file for membership authentication for the cluster or replica set.
#不存在会使用PEMKeyFile
clusterFile: /var/log/mongodb/cluster.pem
#type:string
#The password to de-crypt the x.509 certificate-key file specified with --sslClusterFile
clusterPassword: password
#type:string
#The .pem file that contains the root certificate chain from the Certificate Authority.
CAFile:
#type:string
#The the .pem file that contains the Certificate Revocation List.
CRLFile:
#type:boolean
#Enable or disable the requirement for TLS/SSL certificate validation that CAFile enables
allowConnectionsWithoutCertificates: true
#type:boolean
#Enable or disable the validation checks for TLS/SSL certificates on other servers in the cluster and allows the use of invalid certificates.
allowInvalidCertificates: false
#type:boolean
#是否允许无效的域名,当为true时,mongod不检查证书里面域名的有效性,即使域名不匹配,mongod同样允许连接mongodb实例
allowInvalidHostnames: false
#type:string
#禁用加密协议版本,多个使用英文逗号隔开
#可设置的值TLS1_0, TLS1_1, and TLS1_2
disabledProtocols:
#type:string
#Enable or disable the use of the FIPS mode of the installed OpenSSL library for the mongos or mongod.
FIPSMode: false
compression:
#是否启用数据压缩
compressors: snappy
#安全配置
security:
#type:string
#密钥路径,副本集和分片集群节点间授权时使用的密钥
keyFile:
#type:string
#集群授权模式,默认keyFile,值列表:keyFile,sendKeyFile,sendX509,x509
clusterAuthMode: keyFile
#type:string
#是否开启数据库访问RBAC权限控制,默认:disabled,仅对mongod命令有效
authorization: enabled
#type:boolean
#Allows the mongod or mongos to accept and create authenticated and non-authenticated connections to and from other mongod and mongos instances in the deployment.
transitionToAuth: false
#type:boolean
#是否开启服端js执行,默认true,如果未开启$where,group,mapreduce都不能使用
javascriptEnabled: true
#type:boolean
#写日志之前是否编辑客户端日志数据,去除日志中的敏感数据,仅企业版支持
redactClientLogData: true
#key管理配置
security:
#type:boolean
#WiredTiger存储引擎是否启用加密,默认false,仅企业版支持
enableEncryption: false
#type:string
#加密模式,默认AES256-CBC,仅企业版支持
encryptionCipherMode: AES256-CBC
#type:string
#密钥文件路径,仅企业版支持
encryptionKeyFile: /var/log/mongodb/encKeyFile
#kmip key server,仅企业版支持
kmip:
#type:string
#Unique KMIP identifier for an existing key within the KMIP server.
keyIdentifier:
#type:boolean
#If true, rotate the master key and re-encrypt the internal keystore
rotateMasterKey: false
#type:string
#Hostname or IP address of key management solution running a KMIP server.
serverName:
#type:int
#Port number the KMIP server is listening on
port: 5696
#type:string
#String containing the path to the client certificate used for authenticating MongoDB to the KMIP server.
clientCertificateFile:
#type:string
#The password to decrypt the client certificate, used to authenticate MongoDB to the KMIP server.
clientCertificatePassword:
#type:string
#Path to CA File. Used for validating secure client connection to KMIP server.
serverCAFile:
#sasal配置
security:
sasl:
hostName: "" #A fully qualified server domain name for the purpose of configuring SASL and Kerberos authentication.
serviceName: "" #Registered name of the service using SASL.
saslauthdSocketPath: "" #The path to the UNIX domain socket file for saslauthd
#setParameter配置
setParameter:
enableLocalhostAuthBypass: false
#存储配置
storage:
#type:string
#数据库数据存储目录,默认/data/db
dbPath:
#type:boolean
#启动时是否尝试重建索引,默认true
indexBuildRetry: true
#type:string
#修复数据时使用的目录,默认是:A _tmp_repairDatabase_<num> directory under the dbPath
repairPath:
#journal日志
journal:
#type:boolean
#Enable or disable the durability journal to ensure data files remain valid and recoverable. Default: true on 64-bit systems, false on 32-bit systems
enabled: true
#type:int
#日志同步间隔,Values can range from 1 to 500 milliseconds.
commitIntervalMs: 100
#type:boolean
#是否开启一数据库一目录,默认是false
directoryPerDB: false
#type:int
#数据落地时间间隔,默认为60秒,不能设置为0,一般使用默认值即可
syncPeriodSecs: 60
#type:string
##存储引擎,默认wiredTiger,可选值 mmapv1,wiredTiger,inMemory
engine: wiredTiger
#mmapv1存储引擎配置
storage:
mmapv1:
#type:boolean
#默认true,Enables or disables the preallocation of data files.
preallocDataFiles: true
#type:int
#默认16M The default size for namespace files, which are files that end in .ns.
nsSize: 16
#配额
quota:
#type:boolean
#是否强制限制每个数据库数据文件数量限制,数量限制由maxFilesPerDB选项指定,默认为false
enforced: false
#type:int
#单个实例最大数据文件数量,需要先开启enforced配置,默认8
maxFilesPerDB: 8
#type:boolean
#小文件存储,默认为false,journal文件也会影响,适用场景:多数据库且数据量不大
smallFiles: false
journal:
#type:boolean
#journal调试标志,用于测试功能,一般情况下不使用,系统异常关机会影响数据的完整性
debugFlags: 0
#type:int
#version >= 3.2版本不建议使用
commitIntervalMs: 60
#wiredTiger存储引擎配置
storage:
wiredTiger:
engineConfig:
#type:float
#单个实例可用的数据缓存内存大小,version >= 3.4默认:50% of RAM minus 1 GB, or 256 MB. Values can range from 256MB to 10TB and can be a float.
cacheSizeGB: 0.25
#type:string
#WiredTiger journal数据压缩格式,默认snappy,可用的压缩类型: none, snappy, zlib
journalCompressor: snappy
#type:boolean
#索引文件分目录存储,默认false,version >= 3.0后版本可用
directoryForIndexes: false
collectionConfig:
#type:string
#块数据压缩格式,默认snappy,可用的压缩类型:none, snappy, zlib
blockCompressor: snappy
indexConfig:
#type:boolean
#是否开启索引prefix compression,默认true
prefixCompression: true #是否开启索引prefix compression,默认true
#operationProfiling操作性能分析
operationProfiling:
#type:int
#慢查询时间单位毫秒,默认100,如果开启了profile,日志会保存到system.profile集合中
slowOpThresholdMs: 100
#type:string
#性能分析模式,开启会影响性能,谨慎操作。默认off.
#可选值1:off: Off. No profiling.
#可选值2: slowOp:On. Only includes slow operations.
#可选值3: all:On. Includes all operations.
mode: off
#replication复制配置
replication:
#type:int
#数字类型(单位M) replication op log 大小,64位系统默认为可用磁盘的5%
oplogSizeMB: 512
#type:string
#所属replica set集群名称
replSetName:
#type:string
#The indexes that secondary members of a replica set load into memory before applying operations from the oplog. 默认all
#可选值1 none:Secondaries do not load indexes into memory.
#可选值2 all:Secondaries load all indexes related to an operation.
#可选值3 _id_only:Secondaries load no additional indexes into memory beyond the already existing _id index.
secondaryIndexPrefetch: all
#type:boolean
#默认false version >= 3.2版本可用 Enables read concern level of "majority".
enableMajorityReadConcern:false
#分片配置
sharding:
#type:string
#分片集群中的担当的角色
#可选值1 configsvr:配置svr
#可选值2 shardsvr: 数据svr
clusterRole: shardsvr
#type:boolean
#默认false
#During chunk migration, a shard does not save documents migrated from the shard.
archiveMovedChunks: false
#auditLog配置
#仅企业版支付
auditLog:
#type:string
#审计日志保存方式
#可选值1 syslog:Output the audit events to syslog in JSON format.
#可选值2 console:Output the audit events to stdout in JSON format.
#可选值3 file:Output the audit events to the file specified in --auditPath in the format specified in --auditFormat.
destination: syslog
#type:string
#日志格式
#可选值1:JSON
#可选值2:BSON
format: JSON
#type:string
#日志文件路径,相对路经和绝对路径都支持
path: path/audit.log
#type:string representation of a document
#The filter to limit the types of operations the audit system records.
#内容格式:{ <field1>: <expression1>, ... }
filter: {}
#snmp(简单网络管理协议)配置
snmp:
#type:boolean
#When snmp.subagent is true, SNMP runs as a subagent. For more information, see Monitor MongoDB With SNMP on Linux.
subagent:false
#type:boolean
#When snmp.master is true, SNMP runs as a master. For more information, see Monitor MongoDB With SNMP on Linux.
master:false
#Text Search配置
basisTech:
#type:string
#v3.2版本加入
#仅企业版支持
#Specify the path to the root directory of the Basis Technology Rosette Linguistics Platform installation to support additional languages for text search operations.
rootDirectory:/path/
#mongos-only Options
replication:
#type:integer
#The ping time, in milliseconds, that mongos uses to determine which secondary replica set members to pass read operations from clients.
#默认值为15毫秒
localPingThresholdMs:15
sharding:
#type:string
#The configuration servers for the sharded cluster.
#建议使用replica set
#值格式:<configReplSetName>/cfg1.example.net:27017, cfg2.example.net:27017,...
configDB:
参考文档
【1】服务器配置文档
https://docs.mongodb.com/manual/reference/configuration-options/
【2】服务器参数
https://docs.mongodb.com/manual/reference/parameters/
