Externally Sourced Configuration File Values外部来源的配置文件值

~~On this page~~本页内容

~~Use the __rest Expansion Directive~~使用__rest扩展指令
~~Use the __exec Expansion Directive~~使用__exec扩展指令
~~Expansion Directives Reference~~扩展指令参考
~~Output the Configuration File with Resolved Expansion Directive Values~~使用解析的扩展指令值输出配置文件

New in version 4.2.在版本4.2中新增。

~~MongoDB supports using expansion directives in configuration files to load externally sourced values.~~ MongoDB支持在配置文件中使用扩展指令来加载外部来源的值。~~Expansion directives can load values for specific configuration file options or load the entire configuration file.~~ 扩展指令可以加载特定配置文件选项的值，也可以加载整个配置文件。~~Expansion directives help obscure confidential information like security certificates and passwords.~~扩展指令有助于隐藏安全证书和密码等机密信息。

storage:
  dbPath: "/var/lib/mongo"
systemLog:
  destination: file
  path: "/var/log/mongodb/mongod.log"
net:
  bindIp:
    __exec: "python /home/user/getIPAddresses.py"
    type: "string"
    trim: "whitespace"
    digest: 85fed8997aac3f558e779625f2e51b4d142dff11184308dc6aca06cff26ee9ad
    digest_key: 68656c6c30303030307365637265746d796f6c64667269656e64
  tls:
    mode: requireTLS
    certificateKeyFile: "/etc/tls/mongod.pem"
    certificateKeyFilePassword:
      __rest: "https://myrestserver.example.net/api/config/myCertKeyFilePassword"
      type: "string"
      digest: b08519162ba332985ac18204851949611ef73835ec99067b85723e10113f5c26
      digest_key: 6d795365637265744b65795374756666

~~If the configuration file includes the __rest expansion, on Linux/macOS, the read access to the configuration file must be limited to the user running the mongod/mongos process only.~~如果配置文件包含__rest扩展，在Linux/macOS上，对配置文件的读取权限必须仅限于运行mongod/mongos进程的用户。
~~If the configuration file includes the __exec expansion, on Linux/macOS, the write access to the configuration file must be limited to the user running the mongod/mongos process only.~~如果配置文件包含__exec扩展，则在Linux/macOS上，对配置文件的写入权限必须仅限于运行mongod/mongos进程的用户。

~~To use expansion directives, you must specify the --configExpand command-line option with the complete list of expansion directives used:~~要使用扩展指令，必须指定--configExpand命令行选项以及使用的扩展指令的完整列表：

mongod --config "/path/to/config/mongod.conf" --configExpand "rest,exec"

~~If you omit the --configExpand option or if you do not specify the complete list of expansion directives used in the configuration file, the mongod/mongos returns an error and terminates.~~ 如果忽略--configExpand选项，或者没有指定配置文件中使用的扩展指令的完整列表，mongod/mongos将返回错误并终止。~~You can only specify the --configExpand option on the command line.~~只能在命令行上指定--configExpand选项。

Use the `rest` Expansion Directive使用`rest`扩展指令

~~The __rest expansion directive loads configuration file values from a REST endpoint.~~ __rest扩展指令从REST端点加载配置文件值。~~__rest supports loading specific values in the configuration file or loading the entire configuration file.~~__rest支持在配置文件中加载特定值或加载整个配置文件。

~~The following configuration file uses the __rest expansion directive to load the setting net.tls.certificateKeyFilePassword value from an external REST endpoint:~~以下配置文件使用__rest扩展指令从外部REST端点加载设置net.tls.certificateKeyFilePassword值：

storage:
  dbPath: "/var/lib/mongo"
systemLog:
  destination: file
  path: "/var/log/mongodb/mongod.log"
net:
  bindIp: 192.51.100.24,127.0.0.1
  tls:
    mode: requireTLS
    certificateKeyFile: "/etc/tls/mongod.pem"
    certificateKeyFilePassword:
      __rest: "https://myrestserver.example.net/api/config/myCertKeyFilePassword"
      type: "string"

~~File Permission~~文件权限

~~If the configuration file includes the __rest expansion, on Linux/macOS, the read access to the configuration file must be limited to the user running the mongod/mongos process only.~~如果配置文件包含__rest扩展，在Linux/macOS上，对配置文件的读取权限必须仅限于运行mongod/mongos进程的用户。

~~Expansion Parsing~~扩展分析

~~To parse the __rest blocks, start the mongod/mongos with the --configExpand "rest" option.~~要解析__rest块，请使用--configExpand "rest"选项启动mongod/mongos。

~~The mongod/mongos issues a GET request against specified URL.~~ mongod/mongos针对指定的URL发出GET请求。~~If successful, the mongod/mongos replaces the value of certificateKeyFilePassword with the returned value.~~ 如果成功，mongod/mongos将用返回的值替换certificateKeyFilePassword的值。~~If the URL fails to resolve or if the REST endpoint returns an invalid value, the mongod/mongos throws an error and terminates.~~如果URL解析失败或REST端点返回无效值，mongod/mongos将抛出错误并终止。

~~The following configuration file uses the __rest expansion directive to load the configuration file from an external REST endpoint.~~ 以下配置文件使用__rest扩展指令从外部REST端点加载配置文件。~~The expansion directive and its options must be the only values specified in the configuration file.~~扩展指令及其选项必须是配置文件中指定的唯一值。

__rest: "https://myrestserver.example.net/api/config/fullConfig"
type: "yaml"

~~File Permission~~文件权限

~~Expansion Parsing~~扩展分析

~~To parse the __rest blocks, start the mongod/mongos with the --configExpand "rest" option.~~要解析__rest块，请使用--configExpand "rest"选项启动mongod/mongos。

~~The mongod/mongos issues a GET request against the specified URL.~~ mongod/mongos针对指定的URL发出GET请求。~~If successful, the mongod/mongos parses the returned configuration yaml file and uses it during startup.~~ 如果成功，mongod/mongos将解析返回的配置yaml文件，并在启动期间使用它。~~If the URL fails to resolve or return a properly formatted yaml file, the mongod/mongos throws an error and terminates.~~如果URL未能解析或返回格式正确的yaml文件，mongod/mongos将抛出错误并终止。

~~Important~~重要

~~The value returned by the specified REST endpoint cannot include any additional expansion directives.~~ 指定的REST端点返回的值不能包含任何其他扩展指令。~~The mongod/mongos does not perform additional processing on the returned data and will terminate with an error code if the returned data includes additional expansion directives.~~mongod/mongos不会对返回的数据执行额外的处理，如果返回的数据包含额外的扩展指令，则会以错误代码终止。

Use the `exec` Expansion Directive使用`exec`扩展指令

~~The __exec expansion directive loads configuration file values from a shell or terminal command.~~ __exec扩展指令从shell或终端命令加载配置文件值。~~__exec supports loading specific values in the configuration file or loading the entire configuration file.~~__exec支持在配置文件中加载特定值或加载整个配置文件。

~~The following example configuration file uses the __exec expansion directive to to load the setting net.tls.certificateKeyFilePassword value from the output of a shell or terminal command:~~以下示例配置文件使用__exec扩展指令从shell或终端命令的输出中加载设置net.tls.certificateKeyFilePassword值：

storage:
  dbPath: "/var/lib/mongo"
systemLog:
  destination: file
  path: "/var/log/mongodb/mongod.log"
net:
  bindIp: 192.51.100.24,127.0.0.1
  tls:
    mode: requireTLS
    certificateKeyFile: "/etc/tls/mongod.pem"
    certificateKeyFilePassword:
      __exec: "python /home/myUserName/getPEMPassword.py"
      type: "string"

~~File Permission~~文件权限

~~If the configuration file includes the __exec expansion, on Linux/macOS, the write access to the configuration file must be limited to the user running the mongod/mongos process only.~~如果配置文件包含__exec扩展，则在Linux/macOS上，对配置文件的写入权限必须仅限于运行mongod/mongos进程的用户。

~~Expansion Parsing~~扩展分析

~~To parse the __exec blocks, start the mongod/mongos with the --configExpand "exec" option.~~要解析__exec块，请使用--configExpand "exec"选项启动mongod/mongos。

~~The mongod/mongos attempts to execute the specified operation.~~ mongod/mongos尝试执行指定的操作。~~If the command executes successfully, the mongod/mongos replaces the value of certificateKeyFilePassword with the returned value.~~ 如果命令成功执行，mongod/mongos将用返回的值替换certificateKeyFilePassword的值。~~If the command fails or returns an invalid value for the configuration file setting, the mongod/mongos throws an error and terminates.~~如果命令失败或返回配置文件设置的无效值，mongod/mongos将抛出错误并终止。

~~The following example configuration file uses the __exec expansion directive to load the configuration file from the output of a shell or terminal command.~~ 以下示例配置文件使用__exec扩展指令从shell或终端命令的输出加载配置文件。~~The __exec expansion directive and its options must be the only values specified in the configuration file.~~__exec扩展指令及其选项必须是配置文件中指定的唯一值。

__exec: "python /home/myUserName/getFullConfig.py"
type: "yaml"

~~File Permission~~文件权限

~~Expansion Parsing~~扩展分析

~~To parse the __exec blocks, start the mongod/mongos with the --configExpand "rest" option.~~要解析__exec块，请使用--configExpand "rest"选项启动mongod/mongos。

~~If the command executes successfully, the mongod/mongos parses the returned configuration yaml file and uses it during startup.~~ 如果命令成功执行，mongod/mongos将解析返回的配置yaml文件，并在启动期间使用它。~~If the command fails or returns an invalid yaml file, the mongod/mongos throws an error and terminates.~~如果命令失败或返回无效的yaml文件，mongod/mongos将抛出错误并终止。

~~Important~~重要

~~The data returned by executing the specified __exec string cannot include any additional expansion directives.~~ 通过执行指定的__exec字符串返回的数据不能包含任何其他扩展指令。~~The mongod/mongos does not perform additional processing on the returned data and will terminate with an error code if the returned data includes additional expansion directives.~~mongod/mongos不会对返回的数据执行额外的处理，如果返回的数据包含额外的扩展指令，则会以错误代码终止。

Expansion Directives Reference扩展指令参考

__rest

~~The __rest expansion directive loads configuration file values from a REST endpoint.~~ __rest扩展指令从REST端点加载配置文件值。__rest ~~supports loading specific values in the configuration file or loading the entire configuration file.~~ 支持在配置文件中加载特定值或加载整个配置文件。~~The mongod/mongos then starts using the externally sourced values as part of its configuration.~~mongod/mongos然后开始使用外部来源的值作为其配置的一部分。

~~The __rest expansion directive has the following syntax:~~__rest扩展指令具有以下语法：

~~To specify a REST endpoint for a specific configuration file setting or settings:~~要为特定配置文件设置指定REST端点，请执行以下操作：

<some configuration file setting>:
  __rest: "<string>"
  type: "string"
  trim: "none|whitespace"
  digest: "<string>"
  digest_key: "<string>"

~~To specify a REST endpoint for the entire configuration file:~~要为整个配置文件指定REST端点，请执行以下操作：
```
__rest: "<string>"
type: "yaml"
trim: "none|whitespace"
```
~~If specifying the entire configuration file via REST endpoint, the expansion directive and its options must be the only values specified in the configuration file.~~如果通过REST端点指定整个配置文件，则扩展指令及其选项必须是配置文件中指定的唯一值。

__rest ~~takes the following fields:~~采用以下字段：

~~Field~~字段	~~Type~~类型	~~Description~~描述
`__rest`	string	Required ~~The URL against which the `mongod`/`mongos` issues a `GET` request to retrieve the externally sourced value.~~`mongod`/`mongos`发出GET请求以检索外部来源值的URL。 For non-localhost `REST` endpoints (e.g. a `REST` endpoint hosted on a remote server), `__rest` requires encrypted (`https://`) URLs where both the host machine and the remote server support TLS 1.1 or later.对于非本地主机REST端点（例如远程服务器上托管的`REST`端点），`__rest`需要加密（`https://`）URL，其中主机和远程服务器都支持TLS 1.1或更高版本。 ~~If the `REST` endpoint specified in the URL requires authentication, encode credentials into the URL with the standard RFC 3986 User Information format.~~如果URL中指定的REST端点需要身份验证，请使用标准RFC 3986用户信息格式将凭据编码到URL中。 ~~For localhost `REST` endpoints (e.g. a `REST` endpoint listening on the host machine), `__rest` allows unencrypted (`http://`) URLs.~~对于本地主机`REST`端点（例如，在主机上侦听的REST端点），`__rest`允许未加密的（http://）URL。 ~~Important~~重要 ~~The value returned by the specified `REST` endpoint cannot include any additional expansion directives.~~ 指定的`REST`端点返回的值不能包含任何其他扩展指令。~~The `mongod`/`mongos` does not perform additional processing on the returned data and will terminate with an error code if the returned data includes additional expansion directives.~~`mongod`/`mongos`不会对返回的数据执行额外的处理，如果返回的数据包含额外的扩展指令，则会以错误代码终止。
`type`	string	~~Optional.~~ 可选。~~Controls how `__rest` parses the returned value from the specified URL.~~控制`__rest`如何解析来自指定URL的返回值。 ~~Possible values are:~~可能的值包括： `string` (Default) ~~Directs `__rest` to parse the returned data as a literal string.~~ 指示`__rest`将返回的数据解析为文本字符串。~~If specifying `string`, the entire `__rest` block and supporting options must be nested under the field for which you are loading externally sourced values.~~如果指定字符串，则整个`__rest`块和支持选项必须嵌套在要为其加载外部源值的字段下。 `yaml` ~~Directs `__rest` to parse the returned data as a `yaml` formatted file.~~ 指示`__rest`将返回的数据解析为`yaml`格式的文件。~~If specifying `yaml`, the `__rest` block must be the only content in the configuration file.~~ 如果指定`yaml`，`__rest`块必须是配置文件中的唯一内容。~~The `mongod`/`mongos` replaces the configuration file contents with the `yaml` retrieved from the REST resource.~~`mongod`/`mongos`用从`REST`资源检索的`yaml`替换配置文件内容。
`trim`	string	~~Optional.~~ 可选。~~Specify `whitespace` to direct `__rest` to trim any leading or trailing whitespace, specifically occurrences of `" "`, `"\r"`, `"\n"`, `"\t"`, `"\v"`, and `"\f"`.~~ 指定`whitespace`以指示`__rest`修剪任何前导或尾随空白，特别是出现`" "`、`"\r"`、`"\n"`、`"\t"`、`"\v"`和`"\f"`。~~Defaults to `none`, or no trimming.~~ 默认为`none`或“无修剪”。
`digest`	string	~~Optional.~~ 可选。~~The SHA-256 digest of the expansion result.~~扩展结果的SHA-256摘要。 ~~If specified, you must also specify the digest_key.~~如果指定，还必须指定digest_key。
`digest_key`	string	~~Optional.~~ 可选。~~The hexadecimal string representation of the secret used to calculate the SHA-256 digest.~~用于计算SHA-256摘要的秘密的十六进制字符串表示。 ~~If specified, you must also specify the digest.~~如果指定，还必须指定摘要。

~~Note~~注意

~~If the configuration file includes the __rest expansion, on Linux/macOS, the read access to the configuration file must be limited to the user running the mongod/mongos process only.~~如果配置文件包含__rest扩展，在Linux/macOS上，对配置文件的读取权限必须仅限于运行mongod/mongos进程的用户。
~~To enable parsing of the __rest expansion directive, start the mongod/mongos with the --configExpand "rest" option.~~要启用__rest扩展指令的解析，请使用--configExpand "rest"选项启动mongod/mongos。

~~For examples, see Use the __rest Expansion Directive.~~例如，请参阅使用__rest扩展指令。

__exec

~~The __exec expansion directive loads configuration file values from the output of a shell or terminal command.~~ __exec扩展指令从shell或终端命令的输出中加载配置文件值。__exec ~~supports loading specific values in the configuration file or loading the entire configuration file.~~ 支持在配置文件中加载特定值或加载整个配置文件。 ~~The mongod/mongos then starts using the externally sourced values as part of its configuration.~~mongod/mongos然后开始使用外部来源的值作为其配置的一部分。

~~The __exec expansion directive has the following syntax:~~__exec扩展指令具有以下语法：

~~To specify a shell or terminal command for a specific configuration file setting or settings:~~要为特定配置文件设置指定shell或终端命令，请执行以下操作：
```
<some configuration file setting>:
  __exec: "<string>"
  type: "string"
  trim: "none|whitespace"
```
~~To specify a a shell or terminal command for the entire configuration file:~~要为整个配置文件指定shell或终端命令，请执行以下操作：
```
__exec: "<string>"
type: "yaml"
trim: "none|whitespace"
```
~~If specifying the entire configuration file via a terminal or shell command, the expansion directive and its options must be the only values specified in the configuration file.~~如果通过终端或shell命令指定整个配置文件，则扩展指令及其选项必须是配置文件中指定的唯一值。

__exec ~~takes the following fields:~~采用以下字段：

~~Field~~字段	~~Type~~类型	~~Description~~描述
`__exec`	string	~~Required.~~ 必需。~~The string which the `mongod`/`mongos` executes on the terminal or shell to retrieve the externally sourced value.~~`mongod`/`mongos`在终端或shell上执行以检索外部源值的字符串。 ~~On Linux and OSX hosts, execution is handled via POSIX `popen()`.~~ 在Linux和OSX主机上，通过POSIX `popen()`处理执行。~~On Windows hosts, execution is handled via the process control API.~~ 在Windows主机上，通过进程控制API处理执行。`__exec` ~~opens a read-only pipe as the same user that started the `mongod` or `mongos`.~~与启动`mongod`或`mongos`的同一用户打开只读管道。 ~~Important~~重要 ~~The data returned by executing the specified command cannot include any additional expansion directives.~~执行指定命令返回的数据不能包含任何其他扩展指令。 ~~The `mongod`/`mongos` does not perform additional processing on the returned data and will terminate with an error code if the returned data includes additional expansion directives.~~`mongod`/`mongos`不会对返回的数据执行额外的处理，如果返回的数据包含额外的扩展指令，则会以错误代码终止。
`type`	string	~~Optional.~~ 可选。~~Controls how `__exec` parses the value returned by the executed command.~~控制`__exec`如何解析执行的命令返回的值。 ~~Possible values are:~~可能的值包括： `string` (Default ) ~~Directs `__exec` to parse the returned data as a literal string.~~ 指示`__exec`将返回的数据解析为文本字符串。~~If specifying `string`, the entire `__exec` block and supporting options must be nested under the field for which you are loading externally sourced values.~~如果指定`string`，则整个`__exec`块和支持选项必须嵌套在要为其加载外部源值的字段下。 `yaml` ~~Directs `__exec` to parse the returned data as a `yaml` formatted file.~~ 指示`__exec`将返回的数据解析为`yaml`格式的文件。~~If specifying `yaml`, the `__exec` block must be the only content in the configuration file.~~ 如果指定`yaml`，`__exec`块必须是配置文件中的唯一内容。~~The `mongod`/`mongos` replaces the configuration file contents with the `yaml` retrieved from the executed command.~~`mongod`/`mongos`用从执行的命令中检索的`yaml`替换配置文件内容。
`trim`	string	~~Optional.~~ 可选。~~Specify `whitespace` to direct `__exec` to trim any leading or trailing whitespace, specifically occurrences of `" "`, `"\r"`, `"\n"`, `"\t"`, `"\v"`, and `"\f"`.~~ 指定`whitespace`以指示`__exec`修剪任何前导或尾随空白，特别是出现`" "`、`"\r"`、`"\n"`、`"\t"`、`"\v"`和`"\f"`。~~Defaults to `none`, or no trimming.~~ 指定`whitespace`以指示`__exec`修剪任何前导或尾随空白，特别是出现`" "`、`"\r"`、`"\n"`、`"\t"`、`"\v"`和`"\f"`。默认为`none`或“无修剪”。
`digest`	string	~~Optional.~~ 可选。~~The SHA-256 digest of the expansion result.~~扩展结果的SHA-256摘要。 ~~If specified, you must also specify the digest_key~~如果指定，还必须指定digest_key
`digest_key`	string	~~Optional.~~ 可选。~~The hexadecimal string representation of the secret used to calculate the SHA-256 digest.~~用于计算SHA-256摘要的秘密的十六进制字符串表示。 ~~If specified, you must also specify the digest~~如果指定，还必须指定摘要

~~Note~~注意

~~If the configuration file includes the __exec expansion, on Linux/macOS, the write access to the configuration file must be limited to the user running the mongod/mongos process only.~~如果配置文件包含__exec扩展，则在Linux/macOS上，对配置文件的写入权限必须仅限于运行mongod/mongos进程的用户。
~~To enable parsing of the __exec expansion directives, start the mongod/mongos with the --configExpand "exec" option.~~要启用__exec扩展指令的解析，请使用--configExpand "exec"选项启动mongod/mongos。

~~For examples, see Use the __exec Expansion Directive.~~例如，请参阅使用__exec扩展指令。

Output the Configuration File with Resolved Expansion Directive Values使用解析的扩展指令值输出配置文件

~~You can test the final output of a configuration file that specifies one or more expansion directives by starting the mongod/mongos with the --outputConfig option.~~ 通过使用--outputConfig选项启动mongod/mongos，可以测试指定一个或多个扩展指令的配置文件的最终输出。~~A mongod/mongos started with --outputConfig outputs the resolved YAML configuration document to stdout and halts.~~ 以--outputConfig开头的mongod/mongos将解析的YAML配置文档输出到stdout并停止。~~If any expansion directive specified in the configuration file returns additional expansion directives, the mongod/mongos throws an error and terminates.~~如果配置文件中指定的任何扩展指令返回其他扩展指令，mongod/mongos将抛出错误并终止。

~~Warning~~警告

~~The --outputConfig option returns the resolved values for any field using an expansion directive.~~ --outputConfig选项使用扩展指令返回任何字段的解析值。~~This includes any private or sensitive information previously obscured by using an external source for the configuration option.~~这包括以前使用外部源配置选项而隐藏的任何私人或敏感信息。

~~For example, the following configuration file mongod.conf contains a __rest expansion directive:~~例如，以下配置文件mongod.conf包含__rest扩展指令：

storage:
  dbPath: "/var/lib/mongo"
systemLog:
  destination: file
  path: "/var/log/mongodb/mongod.log"
net:
  port:
    __rest: "https://mongoconf.example.net:8080/record/1"
    type: string

~~The string recorded at the specified URL is 20128~~记录在指定URL的字符串为20128

~~Start the mongod with the --configExpand "rest" and --outputConfig options:~~使用--configExpand "rest"和--outputConfig选项启动mongod：

mongod -f mongod.conf --configExpand rest --outputConfig

~~The mongod outputs the following to stdout before terminating:~~mongod在终止前向stdout输出以下内容：

config: mongod.conf
storage:
  dbPath: "/var/lib/mongo"
systemLog:
  destination: file
  path: "/var/log/mongodb/mongod.log"
net:
  port: 20128
outputConfig: true

← Configuration File Options Convert Command-Line Options to YAML →

Externally Sourced Configuration File Values外部来源的配置文件值

Use the __rest Expansion Directive使用__rest扩展指令

Use the __exec Expansion Directive使用__exec扩展指令

Expansion Directives Reference扩展指令参考

Output the Configuration File with Resolved Expansion Directive Values使用解析的扩展指令值输出配置文件

Use the `rest` Expansion Directive使用`rest`扩展指令

Use the `exec` Expansion Directive使用`exec`扩展指令