Docs HomeMongoDB Manual

Shards分片

On this page本页内容

A shard contains a subset of sharded data for a sharded cluster. 分片包含一个分片集群的分片数据的子集。Together, the cluster's shards hold the entire data set for the cluster.集群的分片一起保存集群的整个数据集。

As of MongoDB 3.6, shards must be deployed as a replica set to provide redundancy and high availability.从MongoDB 3.6开始,分片必须作为副本集进行部署,以提供冗余和高可用性。

Warning

Typically, do not perform operations directly on a shard because they might cause data corruption or data loss.通常,不要直接在分片上执行操作,因为它们可能会导致数据损坏或数据丢失。 Users, clients, or applications should only directly connect to a shard to perform local administrative or maintenance operations.用户、客户端或应用程序只应直接连接到分片以执行本地管理或维护操作。

Performing queries on a single shard only returns a subset of data. 对单个分片执行查询只返回数据的子集。Connect to the mongos to perform cluster level operations, including read or write operations.连接到mongos以执行集群级操作,包括读取或写入操作。

Important

MongoDB does not guarantee that any two contiguous chunks reside on a single shard.MongoDB并不保证任何两个连续的区块都位于一个分片上。

Primary ShardPrimary分片

Each database in a sharded cluster has a primary shard that holds all the un-sharded collections for that database. 分片集群中的每个数据库都有一个Primary分片,用于保存该数据库的所有未分片集合。Each database has its own primary shard. The primary shard has no relation to the primary in a replica set.每个数据库都有自己的Primary分片。Primary分片与副本集中的primary没有关系。

The mongos selects the primary shard when creating a new database by picking the shard in the cluster that has the least amount of data. mongos在创建新数据库时,通过在集群中挑选数据量最少的分片来选择主分片。mongos uses the totalSize field returned by the listDatabases command as a part of the selection criteria.mongos使用listDatabases命令返回的totalSize字段作为选择条件的一部分。

Diagram of a primary shard. A primary shard contains non-sharded collections as well as chunks of documents from sharded collections. Shard A is the primary shard.

To change the primary shard for a database, use the movePrimary command. 要更改数据库的主分片,请使用movePrimary命令。The process of migrating the primary shard may take significant time to complete, and you should not access the collections associated to the database until it completes. 迁移主分片的过程可能需要相当长的时间才能完成,并且在完成之前不应该访问与数据库相关联的集合。Depending on the amount of data being migrated, the migration may affect overall cluster operations. 根据迁移的数据量,迁移可能会影响整个集群操作。Consider the impact to cluster operations and network load before attempting to change the primary shard.在尝试更改主分片之前,请考虑对集群操作和网络负载的影响。

When you deploy a new sharded cluster with shards that were previously used as replica sets, all existing databases continue to reside on their original replica sets. 当您使用以前用作副本集的分片部署新的分片集群时,所有现有数据库都将继续驻留在其原始副本集上。Databases created subsequently may reside on any shard in the cluster.随后创建的数据库可以驻留在集群中的任何分片上。

Shard Status分片状态

Use the sh.status() method in mongosh to see an overview of the cluster. 使用mongosh中的sh.status()方法可以查看集群的概述。This reports includes which shard is primary for the database and the chunk distribution across the shards. 该报告包括哪个分片是数据库的主要分片,以及分片之间的区块分布。See sh.status() method for more details.有关更多详细信息,请参阅sh.status()方法。

Sharded Cluster Security分片集群安全

Use Internal/Membership Authentication to enforce intra-cluster security and prevent unauthorized cluster components from accessing the cluster. 使用内部/成员身份验证来加强集群内的安全性,并防止未经授权的集群组件访问集群。You must start each mongod in the cluster with the appropriate security settings in order to enforce internal authentication.您必须使用适当的安全设置启动集群中的每个mongod,以便强制执行内部身份验证。

Starting in MongoDB 5.3, SCRAM-SHA-1 cannot be used for intra-cluster authentication. 从MongoDB 5.3开始,SCRAM-SHA-1不能用于集群内身份验证。Only SCRAM-SHA-256 is supported.仅支持SCRAM-SHA-256

In previous MongoDB versions, SCRAM-SHA-1 and SCRAM-SHA-256 can both be used for intra-cluster authentication, even if SCRAM is not explicitly enabled.在以前的MongoDB版本中,SCRAM-SHA-1和SCRAM-SHA-256都可以用于集群内身份验证,即使SCRAM没有明确启用。

See Deploy Sharded Cluster with Keyfile Authentication for a tutorial on deploying a secured sharded cluster.有关部署安全分片集群的教程,请参阅使用键文件身份验证部署分片集群

Shard Local Users共享本地用户

Each shard supports Role-Based Access Control (RBAC) for restricting unauthorized access to shard data and operations. 每个分片都支持基于角色的访问控制(RBAC),以限制对分片数据和操作的未经授权的访问。Start each mongod in the replica set with the --auth option to enforce RBAC. 使用--auth选项启动副本集中的每个mongod以强制执行RBAC。Alternatively, enforcing Internal/Membership Authentication for intra-cluster security also enables user access controls via RBAC.或者,为集群内安全性实施内部/成员身份验证也可以通过RBAC实现用户访问控制。

Starting in MongoDB 5.3, SCRAM-SHA-1 cannot be used for intra-cluster authentication. 从MongoDB 5.3开始,SCRAM-SHA-1不能用于集群内身份验证。Only SCRAM-SHA-256 is supported.仅支持SCRAM-SHA-256

In previous MongoDB versions, SCRAM-SHA-1 and SCRAM-SHA-256 can both be used for intra-cluster authentication, even if SCRAM is not explicitly enabled.在以前的MongoDB版本中,SCRAM-SHA-1和SCRAM-SHA-256都可以用于集群内身份验证,即使SCRAM没有明确启用。

Each shard has its own shard-local users. 每个分片都有自己的分片本地用户。These users cannot be used on other shards, nor can they be used for connecting to the cluster via a mongos.这些用户不能在其他分片上使用,也不能用于通过mongos连接到集群。

See Enable Access Control for a tutorial on enabling adding users to an RBAC-enabled MongoDB deployment.请参阅启用访问控制以获取有关启用向启用RBAC的MongoDB部署添加用户的教程。