一、容灾级别¶
| 级别 | 方式 | RPO | RTO |
|---|---|---|---|
| L0 | 无备源中心,没有灾难恢复能力,只在本地进行数据备份 | 24小时 | 4小时+ |
| L1 | 本地备份+异地保存,本地将关键数据备份,然后送到异地保存。灾难发生后,按预定数据恢复程序恢复系统和数据。 | 24小时+ | 8小时+ |
| L2 | 双中心主备模式,在异地建立一个热备份点,通过网络进行数备份。当出现灾难时,备份站点接替主站点的业务,维护业务连续性 | 秒级 | 数分钟到半小时 |
| L3 | 双中心双活,在相隔较远的地方分别建立两个数据中心,进行相互数据备份。当某个数据中心发生灾难时,另一个数据中心接替其工作任务。 | 秒级 | 秒级 |
| L4 | 双中心双活 + 异地热备 = 两地三中心,在同城分别建立两个数据中心,进行相互数据备份。当该城市的2个中心同时不可用(地震/大面积停电/网络等),快速切换到异地 | 秒级 | 分钟级 |
二、MongoDB 两地三中心集群实现¶
三、两地三中心规划及实施¶
3.1 准备虚拟机及数据库实例¶
1、规划
10.0.0.51
- primary:10.0.0.51:10001
- s1:10.0.0.51:10002
10.0.0.52
- s3:10.0.0.52:10003
- s4:10.0.0.52:10004
10.0.0.53
- s5:10.0.53:10005
2、准备实例
配置文件 -db01
su - mongod
mkdir -p /mongodb/10001/conf /mongodb/10001/data /mongodb/10001/log
mkdir -p /mongodb/10002/conf /mongodb/10002/data /mongodb/10002/log
cat > /mongodb/10001/conf/mongod.conf <<EOF
systemLog:
destination: file
path: /mongodb/10001/log/mongodb.log
logAppend: true
storage:
journal:
enabled: true
dbPath: /mongodb/10001/data
directoryPerDB: true
#engine: wiredTiger
wiredTiger:
engineConfig:
cacheSizeGB: 0.5
directoryForIndexes: true
collectionConfig:
blockCompressor: zlib
indexConfig:
prefixCompression: true
processManagement:
fork: true
net:
port: 10001
bindIp: 10.0.0.51,127.0.0.1
replication:
oplogSizeMB: 2048
replSetName: my_repl
EOF
cp /mongodb/10001/conf/mongod.conf /mongodb/10002/conf/
sed 's#10001#10002#g' /mongodb/10002/conf/mongod.conf -i
mongod -f /mongodb/10001/conf/mongod.conf
mongod -f /mongodb/10002/conf/mongod.conf
配置文件 -db02
su - mongod
mkdir -p /mongodb/10003/conf /mongodb/10003/data /mongodb/10003/log
mkdir -p /mongodb/10004/conf /mongodb/10004/data /mongodb/10004/log
cat > /mongodb/10003/conf/mongod.conf <<EOF
systemLog:
destination: file
path: /mongodb/10003/log/mongodb.log
logAppend: true
storage:
journal:
enabled: true
dbPath: /mongodb/10003/data
directoryPerDB: true
#engine: wiredTiger
wiredTiger:
engineConfig:
cacheSizeGB: 0.5
directoryForIndexes: true
collectionConfig:
blockCompressor: zlib
indexConfig:
prefixCompression: true
processManagement:
fork: true
net:
port: 10003
bindIp: 10.0.0.52,127.0.0.1
replication:
oplogSizeMB: 2048
replSetName: my_repl
EOF
cp /mongodb/10003/conf/mongod.conf /mongodb/10004/conf/
sed 's#10003#10004#g' /mongodb/10004/conf/mongod.conf -i
mongod -f /mongodb/10003/conf/mongod.conf
mongod -f /mongodb/10004/conf/mongod.conf
配置文件 -db03
su - mongod
mkdir -p /mongodb/10005/conf /mongodb/10005/data /mongodb/10005/log
cat > /mongodb/10005/conf/mongod.conf <<EOF
systemLog:
destination: file
path: /mongodb/10005/log/mongodb.log
logAppend: true
storage:
journal:
enabled: true
dbPath: /mongodb/10005/data
directoryPerDB: true
#engine: wiredTiger
wiredTiger:
engineConfig:
cacheSizeGB: 0.5
directoryForIndexes: true
collectionConfig:
blockCompressor: zlib
indexConfig:
prefixCompression: true
processManagement:
fork: true
net:
port: 10005
bindIp: 10.0.53,127.0.0.1
replication:
oplogSizeMB: 2048
replSetName: my_repl
EOF
mongod -f /mongodb/10005/conf/mongod.conf
初始化副本集 member信息
config = {
_id: 'my_repl',
members: [
{ _id: 0, host: '10.0.0.51:10001' },
{ _id: 1, host: '10.0.0.51:10002' },
{ _id: 2, host: '10.0.0.52:10003' },
{ _id: 3, host: '10.0.0.52:10004' },
{ _id: 4, host: '10.0.0.53:10005' }
]
}
rs.initiate(config)
3.2 两地三中心定制化配置¶
cfg = rs.conf()
cfg.members[1].priority = 20
cfg.members[2].priority = 10
cfg.members[3].priority = 10
rs.reconfig(cfg)
3.3 复制集安全加固¶
# db01
openssl rand -base64 756 > /mongodb/10001/conf/keyfile
cp -a /mongodb/10001/conf/keyfile /mongodb/10002/conf
chmod 600 /mongodb/10001/conf/keyfile /mongodb/10002/conf/keyfile
scp /mongodb/10001/conf/keyfile 10.0.0.52:/mongodb/10003/conf
scp /mongodb/10001/conf/keyfile 10.0.0.52:/mongodb/10004/conf
scp /mongodb/10001/conf/keyfile 10.0.53:/mongodb/10005/conf
每个节点开启验证:
cat >> /mongodb/10001/conf/mongod.conf<<EOF
security:
keyFile: /mongodb/10001/conf/keyfile
EOF
cat >>/mongodb/10002/conf/mongod.conf<<EOF
security:
keyFile: /mongodb/10002/conf/keyfile
EOF
cat >> /mongodb/10003/conf/mongod.conf <<EOF
security:
keyFile: /mongodb/10003/conf/keyfile
EOF
cat >> /mongodb/10004/conf/mongod.conf <<EOF
security:
keyFile: /mongodb/10004/conf/keyfile
EOF
cat >> /mongodb/10005/conf/mongod.conf <<EOF
security:
keyFile: /mongodb/10005/conf/keyfile
EOF
use admin
db.shutdownServer()
+++++
Shut down each mongod in the replica set, starting with the secondaries. Continue until all members of the replica set are offline, including any arbiters. The primary must be the last member shut down to avoid potential rollbacks.
+++++
启动所有节点,在主节点添加用户:
use admin
db.createUser(
{
user: "root",
pwd: "root123",
roles: [ { role: "root", db: "admin" } ]
}
)