Database Manual / Self-Managed Deployments / Deploy and Manage Self-Managed Sharded Clusters / Administration

Convert a Self-Managed Replica Set to a Sharded Cluster将自管理副本集转换为分片群集

Sharded clusters partition data across multiple servers based on a shard key. A sharded cluster scales better than a replica set for deployments with large data sets and high throughput operations.分片集群基于分片键在多个服务器上对数据进行分区。对于具有大数据集和高吞吐量操作的部署,分片集群的扩展性优于副本集。

This tutorial converts a single three-member replica set to a sharded cluster with two shards. Each shard in the new cluster is an independent three-member replica set.本教程将单个三成员副本集转换为具有两个分片的分片集群。新集群中的每个分片都是一个独立的三成员副本集。

You can convert to a sharded cluster in the UI for deployments hosted in MongoDB Atlas.您可以在MongoDB Atlas中托管的部署的UI中转换为分片集群

About This Task关于此任务

  • Some steps in this tutorial cause downtime for your deployment. Individual steps note when downtime will occur.本教程中的某些步骤会导致部署停机。各个步骤记录停机时间。
  • This tutorial is for deployments that have authentication enabled.本教程适用于启用了身份验证的部署。
  • In this tutorial, you specify server settings with configuration files. Configuration files contain settings that are equivalent to the mongod and mongos command-line options.在本教程中,您将使用配置文件指定服务器设置。配置文件包含与mongodmongos命令行选项等效的设置。

  • The sharded cluster you deploy with this tutorial contains ten servers:您在本教程中部署的分片集群包含十台服务器:

    • One server for the mongos.为蒙古人提供一台服务器。
    • Three servers each for the two shards in the cluster (six servers in total).集群中的两个分片各有三台服务器(总共六台服务器)。
    • Three servers for the config server replica set.配置服务器副本集有三台服务器。

Server Architecture服务器架构

This tutorial uses the following servers:本教程使用以下服务器:

HostnamePortDescription描述
mongodb0.example.net27017Member of the initial data-bearing shard, rs0.初始数据承载分片rs0的成员。
mongodb1.example.net27017Member of the initial data-bearing shard, rs0.初始数据承载分片rs0的成员。
mongodb2.example.net27017Member of the initial data-bearing shard, rs0.初始数据承载分片rs0的成员。
mongodb3.example.net27018Member of the second data-bearing shard, rs1.第二个数据承载分片rs1的成员。
mongodb4.example.net27018Member of the second data-bearing shard, rs1.第二个数据承载分片rs1的成员。
mongodb5.example.net27018Member of the second data-bearing shard, rs1.第二个数据承载分片rs1的成员。
mongodb6.example.net27017The mongos, used to connect to the sharded cluster.mongos过去常常连接到分片集群。
mongodb7.example.net27019Member of the config server replica set.配置服务器副本集的成员。
mongodb8.example.net27019Member of the config server replica set.配置服务器副本集的成员。
mongodb9.example.net27019Member of the config server replica set.配置服务器副本集的成员。

The hostnames used in this tutorial are examples. Replace the hostnames used in the example commands with the hostnames used in your deployments.本教程中使用的主机名是示例。将示例命令中使用的主机名替换为部署中使用的服务器名。

Important

To avoid configuration updates due to IP address changes, use DNS hostnames instead of IP addresses. It is particularly important to use a DNS hostname instead of an IP address when configuring replica set members or sharded cluster members.为避免因IP地址更改而进行配置更新,请使用DNS主机名而不是IP地址。在配置副本集成员或分片集群成员时,使用DNS主机名而不是IP地址尤为重要。

Use hostnames instead of IP addresses to configure clusters across a split network horizon. Starting in MongoDB 5.0, nodes that are only configured with an IP address fail startup validation and do not start.使用主机名而不是IP地址来配置跨拆分网络范围的集群。从MongoDB 5.0开始,仅配置了IP地址的节点无法启动验证,也无法启动。

Before You Begin开始之前

Steps步骤

Note

Starting in MongoDB 8.0, you can only run certain commands on shards. If you attempt to connect directly to a shard and run an unsupported command, MongoDB returns an error:从MongoDB 8.0开始,您只能在分片上运行某些命令。如果您尝试直接连接到分片并运行不受支持的命令,MongoDB将返回错误:

"You are connecting to a sharded cluster improperly by connecting directly
to a shard. Please connect to the cluster via a router (mongos)."

To run a non-supported database command directly against a shard, you must either connect to mongos or have the maintenance-only directShardOperations role.要直接对分片运行不受支持的数据库命令,您必须连接到mongos或拥有仅负责维护的directShardOperations角色。

1

Get the Existing Users and Roles from the Replica Set从副本集中获取现有用户和角色

To get existing users and roles, run mongodump:要获取现有用户和角色,请运行mongodump

mongodump -d=admin --out=adminDump -u <adminUser> -p <password> --host <replicaSetURI> --dumpDbUsersAndRoles
2

Deploy the Config Server Replica Set部署配置服务器副本集

Deploy a three-member replica set for the config servers. In this example, the config servers use the following hosts:为配置服务器部署一个由三个成员组成的副本集。在此示例中,配置服务器使用以下主机:

  • mongodb7.example.net
  • mongodb8.example.net
  • mongodb9.example.net

  1. Configure the Config Servers配置配置服务器

    Configure a mongod instance on each config server host. Specify these options in the configuration file for each mongod instance:

    Option选项Value
    replication.replSetNameconfigReplSet
    sharding.clusterRoleconfigsvr
    net.bindIplocalhost, followed by any other hostnames on which the mongod should listen for client connections.
    replication:
      replSetName: configReplSet
    sharding:
      clusterRole: configsvr
    net:
      bindIp: localhost,<ipaddress>

    Include additional options as appropriate for your deployment.

  2. Start the Config Servers

    Deploy the mongod with your specified configuration:

    mongod --config <PATH_TO_CONFIG_FILE>

    The config servers use the default data directory /data/configdb and the default port 27019.

  3. Connect to one of the config servers.

    Use mongosh to connect to one of the config servers. For example:

    mongosh "mongodb://mongodb7.example.net:27019"

  4. Initiate the config server replica set.

    To initiate the replica set, run rs.initiate():

    rs.initiate( {
       _id: "configReplSet",
       configsvr: true,
       members: [
          { _id: 0, host: "mongodb7.example.net:27019" },
          { _id: 1, host: "mongodb8.example.net:27019" },
          { _id: 2, host: "mongodb9.example.net:27019" }
       ]
    } )

    The preceding command uses the localhost exception to perform administrative actions without authentication.

    Important

    Run rs.initiate() on only one mongod instance for the replica set.

3

Restore Existing Users and Roles to the New Config

Restore the existing users and roles you got when you ran mongodump.

mongorestore ./adminDump --nsInclude "admin.*" --host <configPrimaryURI>

The preceding command uses the localhost exception to perform administrative actions without authentication.

The output from running this command may be similar to:

0 document(s) restored successfully

This message does not indicate a problem. This output means that 0 documents other than the users and roles were restored.

4

Secure Config Server Replica Set

Reconfigure and restart the config server replica set.

  1. Reconfigure the Config Servers

    Select the tab for your authentication mechanism:

    Keyfile Authentication

    Restart a mongod instance on each of these hosts:

    • mongodb7.example.net
    • mongodb8.example.net
    • mongodb9.example.net

    Specify these options in the configuration file for each mongod instance:

    Option选项Value
    security.keyFileThe path to the key file used for your initial replica set.
    security:
       keyFile: <PATH_TO_KEYFILE>
    replication:
       replSetName: configReplSet
    sharding:
       clusterRole: configsvr
    net:
       bindIp: localhost,<ipaddress>

    Include additional options as appropriate for your deployment.

    X.509 Authentication

    Restart a mongod instance on each of these hosts:

    • mongodb7.example.net
    • mongodb8.example.net
    • mongodb9.example.net

    Specify these options in the configuration file for each mongod instance in addition to the options you already configured:

    Option选项Value
    security.clusterAuthModex509
    net.tls.moderequireTLS
    net.tls.certificateKeyFileThe absolute path to the .pem file that contains both the TLS certificate and key.
    net.tls.CAFileThe absolute path to the .pem file that contains the root certificate chain from the Certificate Authority.
    net.bindIp

    localhost, followed by any other hostnames on which the mongod should listen for client connections.

    WARNING: Before you bind your instance to a publicly-accessible IP address, you must secure your cluster from unauthorized access. For a complete list of security recommendations, see Security Checklist for Self-Managed Deployments. At minimum, consider enabling authentication and hardening network infrastructure.

    sharding:
       clusterRole: configsvr
    replication:
       replSetName: configReplSet
    security:
       clusterAuthMode: x509
    net:
       tls:
          mode: requireTLS
          certificateKeyFile: <FILE_WITH_COMBINED_CERT_AND_KEY>
          CAFile: <CA_FILE>
       bindIp: localhost,<ipaddress>

    Include additional options as appropriate for your deployment, such as net.tls.certificateKeyFilePassword if your TLS certificate-key file is encrypted with a password.

  2. Restart MongoDB

    Restart the mongod with your specified configuration:

    mongod --config <PATH_TO_CONFIG_FILE> --shutdown
    mongod --config <PATH_TO_CONFIG_FILE>
5

Deploy the mongos

The mongos provides the interface between the client applications and the sharded cluster.

  1. Create a configuration file for the mongos.

    Keyfile Authentication

    Specify these options in your mongos configuration file:

    Option选项Value
    sharding.configDBconfigReplSet, followed by a slash / and at least one of the config server hostnames and ports.
    security.keyFileThe path to the key file used for your initial replica set.
    net.bindIplocalhost, followed by any other hostnames on which the mongos should listen for client connections.
    sharding:
       configDB: configReplSet/mongodb7.example.net:27019,mongodb8.example.net:27019,mongodb9.example.net:27019
    security:
       keyFile: <PATH_TO_KEYFILE>
    net:
       bindIp: localhost,<ipaddress>

    Include additional options as appropriate for your deployment.

    X.509 Authentication

    Specify these options in your mongos configuration file:

    Option选项Value
    sharding.configDBconfigReplSet, followed by a slash / and at least one of the config server hostnames and ports.
    security.clusterAuthModex509
    net.tls.moderequireTLS
    net.tls.certificateKeyFileThe absolute path to the .pem file that contains both the TLS certificate and key.
    net.tls.CAFileThe absolute path to the .pem file that contains the root certificate chain from the Certificate Authority.
    net.bindIplocalhost, followed by any other hostnames on which the mongos should listen for client connections.
    sharding:
       configDB: configReplSet/mongodb7.example.net:27019,mongodb8.example.net:27019,mongodb9.example.net:27019
    security:
       clusterAuthMode: x509
    net:
       tls:
          mode: requireTLS
          certificateKeyFile: <FILE_WITH_COMBINED_CERT_AND_KEY>
          CAFile: <CA_FILE>
       bindIp: localhost,<ipaddress>

    Include any additional options appropriate for your deployment.

  2. Deploy the mongos.

    Deploy the mongos with your specified configuration:

    mongos --config <PATH_TO_CONFIG_FILE>
6

Restart the Initial Replica Set as a Shard

In this example, your initial replica set is a three-member replica set. This step updates the initial replica set so that it can be added as a shard to your sharded cluster.

The replica set runs on these hosts:

  • mongodb0.example.net:27017
  • mongodb1.example.net:27017
  • mongodb2.example.net:27017

For sharded clusters, you must set the role for each mongod instance in the shard to shardsvr. To specify the server role, set the sharding.clusterRole setting in the mongod configuration file.

Note

The default port for mongod instances with the shardsvr role is 27018. To use a different port, specify the net.port setting.

  1. Connect to a member of your initial replica set.

    Use mongosh to connect to one of the members of your initial replica set.

    Keyfile Authentication
    mongosh "mongodb://<username>@mongodb0.example.net:27017"
    X.509 Authentication

    If your deployment uses X.509 authentication, specify these mongosh options:

    For example:例如:

    mongosh "mongodb://<username>@mongodb0.example.net:27017" --tls --tlsCAFile <CA_FILE> --tlsCertificateKeyFile <filename>

  2. Determine the replica set's primary and secondaries.

    Run rs.status() to determine the primary and secondaries:

    rs.status()

    In the command output, the replSetGetStatus.members[n].stateStr field indicates which member is the primary and which members are secondaries.

  3. Restart the secondaries with the --shardsvr option.

    Warning

    This step requires some downtime for applications connected to the replica set secondaries.

    Keyfile Authentication

    1. Connect to a secondary.

      Use mongosh to connect to one of the secondaries.

      mongosh "mongodb://<username>@<host>:<port>"

    2. Shut down the secondary.

      Run the following commands:

      use admin
      db.shutdownServer()

    3. Edit the secondary's configuration file.

      In the secondary's configuration file, set sharding.clusterRole to shardsvr:

      security:
         keyFile: <PATH_TO_KEYFILE>
      replication:
        replSetName: rs0
      sharding:
         clusterRole: shardsvr
      net:
         port: 27017
         bindIp: localhost,<ipaddress>

      Include additional options as appropriate for your deployment.

    4. Restart the secondary as a shard server.

      Run the following command on the host containing the secondary:

      mongod --config <PATH_TO_CONFIG_FILE>
    5. Repeat the shut down and restart steps for the other secondary.
    X.509 Authentication

    1. Connect to a secondary.

      Use mongosh to connect to one of the secondaries.

      If your deployment uses X.509 authentication, specify these mongosh options:

      mongosh "mongodb://<username>@<host>:<port>" --tls --tlsCAFile <CA_FILE> --tlsCertificateKeyFile <filename>

    2. Shut down the secondary.

      Run the following commands:

      use admin
      db.shutdownServer()

    3. Edit the secondary's configuration file.

      In the secondary's configuration file, set sharding.clusterRole to shardsvr:

      replication:
         replSetName: rs0
      sharding:
         clusterRole: shardsvr
      security:
         clusterAuthMode: x509
      net:
         port: 27017
         tls:
            mode: requireTLS
            certificateKeyFile: <FILE_WITH_COMBINED_CERT_AND_KEY>
            CAFile: <CA_FILE>
         bindIp: localhost,<ipaddress>

      Include additional options as appropriate for your deployment, such as net.tls.certificateKeyFilePassword if your TLS certificate-key file is encrypted with a password.

    4. Restart the secondary as a shard server.

      Run the following command on the host containing the secondary:

      mongod --config <PATH_TO_CONFIG_FILE>
    5. Repeat the shut down and restart steps for the other secondary.
7

Restart the primary with the --shardsvr option.

Warning

This step requires some downtime for applications connected to the primary of the replica set.

Keyfile Authentication

  1. Connect to the primary.

    Use mongosh to connect to the primary:

    mongosh "mongodb://<username>@<host>:<port>"

  2. Step down the primary.

    Run the following command:

    rs.stepDown()

  3. Verify that the step down is complete.

    Run rs.status() to confirm that the member you are connected to has stepped down and is now a secondary:

    rs.status()

  4. Shut down the former primary.

    Run the following commands:

    use admin
    db.shutdownServer()

    Wait for the shutdown to complete.

  5. Edit the primary's configuration file.

    In the primary's configuration file, set sharding.clusterRole to shardsvr:

    security:
       keyFile: <PATH_TO_KEYFILE>
    replication:
       replSetName: rs0
    sharding:
       clusterRole: shardsvr
    net:
       port: 27017
       bindIp: localhost,<ipaddress>

    Include additional options as appropriate for your deployment.

  6. Restart the primary as a shard server.

    Run the following command on the host containing the primary:

    mongod --config <PATH_TO_CONFIG_FILE>
X.509 Authentication

  1. Connect to the primary.

    Use mongosh to connect to one of the secondaries.

    If your deployment uses X.509 authentication, specify these mongosh options:

    If your deployment uses X.509 authentication, specify these mongosh options:

    mongosh "mongodb://<username>@<host>:<port>" --tls --tlsCAFile <CA_FILE> --tlsCertificateKeyFile <filename>

  2. Step down the primary.

    Run the following command:

    rs.stepDown()

  3. Verify that the step down is complete.

    Run rs.status() to confirm that the member you are connected to has stepped down and is now a secondary:

    rs.status()

  4. Shut down the former primary.

    Run the following commands:

    use admin
    db.shutdownServer()

    Wait for the shutdown to complete.

  5. Edit the primary's configuration file.

    In the primary's configuration file, set sharding.clusterRole to shardsvr:

    replication:
       replSetName: rs0
    sharding:
       clusterRole: shardsvr
    security:
       clusterAuthMode: x509
    net:
       port: 27017
       tls:
          mode: requireTLS
          certificateKeyFile: <FILE_WITH_COMBINED_CERT_AND_KEY>
          CAFile: <CA_FILE>
       bindIp: localhost,<ipaddress>

    Include additional options as appropriate for your deployment, such as net.tls.certificateKeyFilePassword if your TLS certificate-key file is encrypted with a password.

  6. Restart the primary as a shard server.

    Run the following command on the host containing the primary:

    mongod --config <PATH_TO_CONFIG_FILE>
8

Add the Initial Replica Set as a Shard

After you convert the initial replica set (rs0) to a shard, add it to the sharded cluster.

  1. Connect to the mongos as your cluster's administrative user.

    The mongos instance is running on host mongodb6.example.net.

    Keyfile Authentication

    To connect mongosh to the mongos, run the following command:

    mongosh "mongodb://admin01@mongodb6.example.net:27017"
    X.509 Authentication

    If your deployment uses X.509 authentication, specify these mongosh options:

    If your deployment uses X.509 authentication, specify these mongosh options:

    mongosh "mongodb://admin01@mongodb6.example.net:27017" --tls --tlsCAFile <CA_FILE> --tlsCertificateKeyFile <filename>

    This command authenticates you as the admin01 user you created on the sharded cluster. After you enter the command, enter your user's password.

  2. Add the shard.

    To add a shard to the cluster, run the sh.addShard() method:

    sh.addShard( "rs0/mongodb0.example.net:27017,mongodb1.example.net:27017,mongodb2.example.net:27017" )
9

Update Your Application Connection String

After you add the first shard to your cluster, update the connection string used by your applications to the connection string for your sharded cluster. Then, restart your applications.

Warning

Once the new shard is active, mongosh and other clients must always connect to the mongos instance. Do not connect directly to the mongod instances. If your clients connect to shards directly, you may create data or metadata inconsistencies.

10

Deploy a Second Replica Set

Deploy a new replica set called rs1. The members of replica set rs1 are on the following hosts:

  • mongodb3.example.net
  • mongodb4.example.net
  • mongodb5.example.net

  1. Start each member of the replica set.

    Keyfile Authentication

    For each mongod instance in the replica set, create a configuration file with these options:

    Option选项Value
    security.keyFileThe path to the key file used for your initial replica set.
    replication.replSetNamers1
    sharding.clusterRoleshardsvr
    net.bindIplocalhost, followed by any other hostnames on which the mongod should listen for client connections.
    security:
       keyFile: <PATH_TO_KEYFILE>
    replication:
       replSetName: rs1
    sharding:
       clusterRole: shardsvr
    net:
       bindIp: localhost,<ipaddress>

    Include additional options as appropriate for your deployment.

    X.509 Authentication

    For each member, start a mongod with the following options:

    Option选项Value
    replication.replSetNamers1
    sharding.clusterRoleshardsvr
    security.clusterAuthModex509
    net.tls.moderequireTLS
    net.tls.certificateKeyFileThe absolute path to the .pem file that contains both the TLS certificate and key.
    net.tls.CAFileThe absolute path to the .pem file that contains the root certificate chain from the Certificate Authority.
    net.bindIplocalhost, followed by any other hostnames on which the mongod should listen for client connections.
    replication:
       replSetName: rs1
    sharding:
       clusterRole: shardsvr
    security:
       clusterAuthMode: x509
    net:
       tls:
          mode: requireTLS
          certificateKeyFile: <FILE_WITH_COMBINED_CERT_AND_KEY>
          CAFile: <CA_FILE>
       bindIp: localhost,<ipaddress>

    Deploy the mongod with your specified configuration:

    mongod --config <PATH_TO_CONFIG_FILE>

    Note

    When you specify the --shardsvr option for a mongod instance, the instance runs on port 27018 by default.

  2. Start each member of the replica set.

  3. Connect to a replica set member.

    Use mongosh to connect to one of the replica set members. For example:

    mongosh "mongodb://mongodb3.example.net:27018"
    X.509 Authentication
    mongosh "mongodb://mongodb3.example.net:27018" --tls --tlsCAFile <CA_FILE> --tlsCertificateKeyFile <filename>

  4. Initiate the replica set.

    In mongosh, run the rs.initiate() method to initiate a replica set that contains the current member:

    rs.initiate( {
       _id : "rs1",
       members: [
           { _id: 0, host: "mongodb3.example.net:27018" },
           { _id: 1, host: "mongodb4.example.net:27018" },
           { _id: 2, host: "mongodb5.example.net:27018" }
       ]
    } )

    The preceding command requires the localhost exception to perform administrative actions without authentication.

    Important

    Run rs.initiate() on only one mongod instance for the replica set.

  5. Add an administrative user for the replica set.

    After you deploy the replica set, use the localhost exception to create the replica set's first user.

    1. Determine the replica set primary.

      To determine the primary, run rs.status():

      rs.status()

      In the command output, the replSetGetStatus.members[n].stateStr field indicates which member is the primary.

    2. Connect to the replica set primary.

      Connect to the replica set primary with mongosh. For example, if the primary is mongodb4.example.net, run this command:

      mongosh "mongodb://mongodb4.example.net:27018"

    3. Create an administrative user.

      Run the following db.createUser() method to create a user named rs1Admin with the userAdmin role:

      use admin

      db.createUser(
         {
            user: "rs1Admin",
            pwd: passwordPrompt(),
            roles: [
               { role: "userAdmin", db: "admin" }
            ]
         }
      )

      After you run the command, the database prompts you to enter a password for the rs1Admin user.

11

Add the Second Replica Set to the Cluster as a Shard

Add the new replica set, rs1, to the sharded cluster.

  1. Connect mongosh to the mongos.

    Run the following command from the command line to connect to the mongos instance running on host mongodb6.example.net:

    Keyfile Authentication
    mongosh "mongodb://admin01@mongodb6.example.net:27017/admin"
    X.509 Authentication
    mongosh "mongodb://admin01@mongodb6.example.net:27017/admin" --tls --tlsCAFile <CA_FILE> --tlsCertificateKeyFile <filename>

    This command authenticates you as the admin01 user you created on the sharded cluster. After you enter the command, enter your user's password.

  2. Add the second shard.

    After you connect to the mongos, add the replica set rs1 as a shard to the cluster with the sh.addShard() method:

    sh.addShard( "rs1/mongodb3.example.net:27018,mongodb4.example.net:27018,mongodb5.example.net:27018" )
12

Shard a Collection

The final step of the procedure is to shard a collection in the sharded cluster.

  1. Determine the shard key.

    Determine the shard key for the collection. The shard key indicates how MongoDB distributes the documents between shards. Good shard keys:

    • Have values that are evenly distributed among all documents.
    • Group documents that are often accessed at the same time into contiguous chunks.
    • Allow for effective distribution of activity among shards.

    For more information, see Choose a Shard Key.

    This procedure uses the number field as the shard key for the test_collection collection.

  2. Create an index on the shard key.

    Before you shard a non-empty collection, create an index on the shard key:

    use test
    db.test_collection.createIndex( { "number" : 1 } )

  3. Shard the collection.

    In the test database, shard the test_collection. Specify number as the shard key.

    sh.shardCollection( "test.test_collection", { "number" : 1 } )

    The next time that the balancer runs, it redistributes chunks of documents between shards. As clients insert additional documents into this collection, the mongos routes the documents to the appropriate shard.

    When the balancer redistributes chunks, it may negatively impact your application's performance. To minimize performance impact, you can specify when the balancer runs so it does not run during peak hours. 当平衡器重新分配块时,可能会对应用程序的性能产生负面影响。为了尽量减少对性能的影响,您可以指定平衡器何时运行,这样它就不会在高峰时段运行。To learn more, see Schedule the Balancing Window.要了解更多信息,请参阅计划平衡窗口

Learn More了解更多

For more sharding tutorials and procedures, see these pages:有关更多分片教程和过程,请参阅以下页面: