§2023-08-07
A mongos is the MongoDB Shard Router, responsible for routing client requests to the appropriate shards within a sharded cluster. It is not part of the MongoDB replica set architecture. You do not run it as a replicationSet.
You can run multiple mongos instances on separate server machines, and clients can choose which mongos instance to connect to. Each mongos instance acts as a shard router and handles client requests, directing them to the appropriate shard within the sharded cluster.
¶1. Setup orgpi5Arch.yushei.net:27991, as first mongos server
- /etc/mongos-27991.conf
# mongos-27991.conf
# mongos server
# for documentation of all options, see:
# https://www.mongodb.com/docs/manual/reference/program/mongos/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /opt/xfs/mongodb/log/mongos-27991.log
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
port: 27991
bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
tls:
mode: requireTLS
certificateKeyFile: /opt/xfs/mongodb/x.509/orgpi5arch.yushei.net.pem
CAFile: /opt/xfs/mongodb/x.509/mongoCA.crt
# security:
# authorization: enabled
# keyFile: /opt/xfs/mongodb/x.509/MuneTakaHomeKey # for replicaSet
# clusterAuthMode: x509
#operationProfiling:
# sharding:
# configDB: <configReplSetName>/cfg1.example.net:27019, cfg2.example.net:27019,..
sharding:
configDB: configServer/n2Mnjaro.yushei.net:27997,hc4Lunar.yushei.net:27997,orgpi5Jammy.yushei.net:27997
## Enterprise-Only Options
#auditLog:
#snmp:
¶ 2. /etc/systemd/system/Mongos-27991.service
[Unit]
Description=Mongos Server, port 27991,
Documentation=https://docs.mongodb.org/manual
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=infinity
User=mongodb
Group=mongodb
Environment="OPTIONS=-f /etc/mongos-27991.conf"
Environment="MONGODB_CONFIG_OVERRIDE_NOFORK=1"
ExecStart=/usr/local/bin/mongos $OPTIONS
RuntimeDirectory=mongodb
# file size
LimitFSIZE=infinity
# cpu time
LimitCPU=infinity
# virtual memory size
LimitAS=infinity
# open files
LimitNOFILE=64000
# processes/threads
LimitNPROC=64000
# locked memory
LimitMEMLOCK=infinity
# total threads (user+kernel)
TasksMax=infinity
TasksAccounting=false
# Recommended limits for mongod as specified in
# https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings
[Install]
WantedBy=multi-user.target
$ mongos --help
Options:
--networkMessageCompressors arg (=snappy,zstd,zlib)
Comma-separated list of compressors to
use for network messages
General options:
-h [ --help ] Show this usage information
--version Show version information
-f [ --config ] arg Configuration file specifying
additional options
--configExpand arg Process expansion directives in config
file (none, exec, rest)
--port arg Specify port number - 27017 by default
--ipv6 Enable IPv6 support (disabled by
default)
--listenBacklog arg (=4096) Set socket listen backlog size
--maxConns arg (=1000000) Max number of simultaneous connections
--pidfilepath arg Full path to pidfile (if not set, no
pidfile is created)
--timeZoneInfo arg Full path to time zone info directory,
e.g. /usr/share/zoneinfo
--nounixsocket Disable listening on unix sockets
--unixSocketPrefix arg Alternative directory for UNIX domain
sockets (defaults to /tmp)
--filePermissions arg Permissions to set on UNIX domain
socket file - 0700 by default
--fork Fork server process
-v [ --verbose ] [=arg(=v)] Be more verbose (include multiple times
for more verbosity e.g. -vvvvv)
--quiet Quieter output
--logpath arg Log file to send write to instead of
stdout - has to be a file, not
directory
--syslog Log to system's syslog facility instead
of file or stdout
--syslogFacility arg syslog facility used for mongodb syslog
message
--logappend Append to logpath instead of
over-writing
--logRotate arg Set the log rotation behavior
(rename|reopen)
--timeStampFormat arg Desired format for timestamps in log
messages. One of iso8601-utc or
iso8601-local
--setParameter arg Set a configurable parameter
--keyFile arg Private key for cluster authentication
--clusterAuthMode arg Authentication mode used for cluster
authentication. Alternatives are
(keyFile|sendKeyFile|sendX509|x509)
--bind_ip arg Comma separated list of ip addresses to
listen on - localhost by default
--bind_ip_all Bind to all ip addresses
--noauth Run without security
--transitionToAuth For rolling access control upgrade.
Attempt to authenticate over outgoing
connections and proceed regardless of
success. Accept incoming connections
with or without authentication.
--slowms arg (=100) Value of slow for profile and console
log
--slowOpSampleRate arg (=1) Fraction of slow ops to include in the
profile and console log
--profileFilter arg Query predicate to control which
operations are logged and profiled
AWS IAM Options:
--awsIamSessionToken arg AWS Session Token for temporary
credentials
TLS Options:
--tlsOnNormalPorts Use TLS on configured ports
--tlsMode arg Set the TLS operation mode
(disabled|allowTLS|preferTLS|requireTLS
)
--tlsCertificateKeyFile arg Certificate and key file for TLS.
Certificate is presented in response to
inbound connections always. Certificate
is also presented for outbound
connections if tlsClusterFile is not
specified.
--tlsCertificateKeyFilePassword arg Password to unlock key in the TLS
certificate key file
--tlsClusterFile arg Certificate and key file for internal
TLS authentication. Certificate is
presented on outbound connections if
specified.
--tlsClusterPassword arg Internal authentication key file
password
--tlsCAFile arg Certificate Authority file for TLS.
Used to verify remote certificates
presented in response to outbound
connections. Also used to verify remote
certificates from inbound connections
if tlsClusterCAFile is not specified.
--tlsClusterCAFile arg CA used for verifying remotes during
inbound connections
--tlsCRLFile arg Certificate Revocation List file for
TLS
--tlsDisabledProtocols arg Comma separated list of TLS protocols
to disable [TLS1_0,TLS1_1,TLS1_2,TLS1_3
]
--tlsAllowConnectionsWithoutCertificates
Allow client to connect without
presenting a certificate
--tlsAllowInvalidHostnames Allow server certificates to provide
non-matching hostnames
--tlsAllowInvalidCertificates Allow connections to servers with
invalid certificates
--tlsLogVersions arg Comma separated list of TLS protocols
to log on connect [TLS1_0,TLS1_1,TLS1_2
,TLS1_3]
--tlsClusterAuthX509ExtensionValue arg
If specified, clients who expect to be
regarded as cluster members must
present a valid X.509 certificate
containing an X.509 extension for OID
1.3.6.1.4.1.34601.2.1.2 which contains
the specified value.
--tlsClusterAuthX509Attributes arg If specified, clients performing X.509
authentication must present a
certificate with a subject name with
the exact attributes and values
provided in this config option to be
treated as peer cluster nodes.
Sharding options:
--configdb arg Connection string for communicating
with config servers: <config replset
name>/<host1:port>,<host2:port>,[...]
--localThreshold arg ping time (in ms) for a node to be
considered local (default 15ms)
--test just run unit tests
--noscripting Disable scripting engine