分片¶
On this page
分片是存储了集群一部分数据的 mongod 或者 replica set.所有分片存储了集群的全部数据.
通常来讲,每个分片都是一个复制集.复制集为每个分片的数据提供了冗余和高可靠性.
MongoDB以 每个集合 为单位使用分片,你 必须 通过 mongos 访问开启了分片的集合,如果直接连接到某个分片,你只能看到集合的部分数据.每个分片上的数据并没有特定的顺序.MongoDB并不保证两个连续的数据块会分布在同一个分片上.
Performing queries on a single shard only returns a subset of data. Connect to the mongos to perform cluster level operations, including read or write operations.
重要
MongoDB does not guarantee that any two contiguous chunks reside on a single shard.
Primary Shard¶
每个数据库都有一个”主分片” [#overloaded-primary-term]_ 用来存储这个数据库中所有未开启分片的集合的数据.
The mongos selects the primary shard when creating a new database by picking the shard in the cluster that has the least amount of data. mongos uses the totalSize field returned by the listDatabase command as a part of the selection criteria.
To change the primary shard for a database, use the movePrimary command. The process of migrating the primary shard may take significant time to complete, and you should not access the collections associated to the database until it completes. Depending on the amount of data being migrated, the migration may affect overall cluster operations. Consider the impact to cluster operations and network load before attempting to change the primary shard.
集群状态¶
Use the sh.status() method in the mongo shell to see an overview of the cluster. This reports includes which shard is primary for the database and the chunk distribution across the shards. See sh.status() method for more details.
Sharded Cluster Security¶
Use Internal Authentication to enforce intra-cluster security and prevent unauthorized cluster components from accessing the cluster. You must start each mongod in the cluster with the appropriate security settings in order to enforce internal authentication.
See Deploy Sharded Cluster with Keyfile Access Control for a tutorial on deploying a secured sharded cluster.
Shard Local Users¶
Each shard supports Role-Based Access Control (RBAC) for restricting unauthorized access to shard data and operations. Start each mongod in the replica set with the --auth option to enforce RBAC. Alternatively, enforcing Internal Authentication for intra-cluster security also enables user access controls via RBAC.
Each shard has its own shard-local users. These users cannot be used on other shards, nor can they be used for connecting to the cluster via a mongos.
See Enable Auth for a tutorial on enabling adding users to an RBAC-enabled MongoDB deployment.