For optimal performance in terms of the storage layer, use disks backed by RAID-10. RAID-5 and RAID-6 do not typically provide sufficient performance to support a MongoDB deployment.

Avoid RAID-0 with MongoDB deployments. While RAID-0 provides good write performance, it also provides limited availability and can lead to reduced performance on read operations, particularly when using Amazon’s EBS volumes.


#mongodb #mongo #disk #raid #SSD

How to detect unused indexes on MongoDB collections?

db.your_collection.aggregate([{$indexStats:{}}]).pretty()

ops displays operations per second on a specific index. If ops is very low compared to other indexes you can drop the index.

#mongodb #mongo #index #unused_indexes

If you have a dedicated server only for MongoDB database I would I highly recommend to set block size as mongo suggested for their engines.


For the WiredTiger storage engine:

Set the readahead setting to 0 regardless of storage media type (spinning, SSD, etc.).

Setting a higher readahead benefits sequential I/O operations. However, since MongoDB disk access patterns are generally random, setting a higher readahead provides limited benefit or performance degradation. As such, for most workloads, a readahead of 0 provides optimal MongoDB performance.

In general, set the readahead setting to 0 unless testing shows a measurable, repeatable, and reliable benefit in a higher readahead value. MongoDB Professional Support can provide advice and guidance on non-zero readahead configurations.


For the MMAPv1 storage engine:

Ensure that readahead settings for the block devices that store the database files are appropriate. For random access use patterns, set low readahead values. A readahead of 32 (16 kB) often works well.

For a standard block device, you can run sudo blockdev --report to get the readahead settings and sudo blockdev --setra <value> <device> to change the readahead settings. Refer to your specific operating system manual for more information.


#mongodb #mongo #ra #readahead #mmapv1 #wiredtiger

#mongodb #mongo #ACID #transactions #mongoDBv4

In MongoDB it is suggested to turn atime to off. atime is set by Linux on each file accessed by applications. It is reported repeatedly that turning it off will improve disk performance on that partition.

To run off atime you need to set noatime on the partition you are placing mongoDB database files. Open /etc/fstab and look for your desired partition (mine is `/var`):

/dev/mapper/mongo--vg-var /var            xfs     defaults        0       2

Add noatime after defaults:

/dev/mapper/mongo--vg-var /var            xfs     defaults,noatime        0       2

Yours may be a little bit different. Now reboot your server using reboot --reboot.


Now you can check it by mount -l whether noatime is set or not:

/dev/mapper/mongo--vg-var on /var type xfs (rw,noatime,attr2,inode64,logbsize=256k,sunit=512,swidth=1024,noquota)

In the next post we test this using touch command in Linux.

#mongodb #mongo #noatime #atime #xfs #linux #fstab #mount

We deployed a server for MongoDB due to the slowness we talked before. The new deployment of MongoDB with server customization was 250 Times faster than before! And 6 Times smaller than the previous database size!

#mongodb #mongo #dba

Have you seen that when you want to query from MongoDB in shell it just prints the last 10 records and prompts to enter it in order to see more? Well in MongoDB shell you can issue the below command to say how many records to return:

DBQuery.shellBatchSize = 3000

If you enter the above command in MongoDB shell and use find to query a collection that has more than 3000 documents, 3000 documents will be returned at once.

#mongodb #mongo #shellBatchSize #limit

Now to make you MongoDB client connection secure just pass ssl=True:

# test_mongodb_ssl.py
 client = pymongo.MongoClient('example.com', ssl=True)

When you run this script check your mongoDB logs (usually in /var/log/mongodb/mongod.log`). The thing you should take into account is that when you pass `ssl=True parameter to MongoClient you just should see the below log (ip addresses wil vary):

I NETWORK  [listener] connection accepted from 172.15.141.162:50761 #49 (39 connections now open)
 I NETWORK  [conn49] end connection 172.15.141.162:50761 (38 connections now open)

Now remove ssl=True from MongoClient or pass ssl=False. If you now run your test script, you would see something like below in mongod.log:

I NETWORK  [listener] connection accepted from 172.15.141.162:50762 #50 (39 connections now open)
 I NETWORK  [conn50] SSL mode is set to 'preferred' and connection 50 to 172.15.141.162:50762 is not using SSL.

It says that SSL mode in mongo config is set to preferSSL and your new connection to mongo is not using it.

YOU NEED TO BE CAUTIOUS that we have created our SSL ourselves and it is vulnerable to man in the middle attack. For production usage purchase you SSL/TLS certifcate.

#mongodb #mongo #ssl #pymongo

https://medium.com/mongoaudit/how-to-enable-tls-ssl-on-mongodb-d973a92cefa6

#database #mongodb #mongo #tls #ssl #lets_encrypt

If you have followed our MongoDB SSL configuration, you should by now know that we can generate SSL certificate using lets encrypt. I have used dehydrated that fully matches with cloud flare.

To make the procedure automatic I have created a sample shell script that after automatic renewal will also renew the PEM files for MongoDB

#! /bin/bash

echo 'Binding new mongo private key PEM file and Cert PEM file...'
cat /etc/dehydrated/certs/mongo.example.com/privkey.pem /etc/dehydrated/certs/mongo.example.com/cert.pem > /etc/ssl/mongo.pem
echo 'Saved the new file in /etc/ssl/mongo.pem'

sudo touch /etc/ssl/ca.pem
sudo chmod 777 /etc/ssl/ca.pem
echo 'truncate ca.pem file and generate a new in /etc/ssl/ca.pem...'
sudo truncate -s 0 /etc/ssl/ca.pem
echo 'generate a ca.pem file using opessl by input -> /etc/ssl/ca.crt'
sudo openssl x509 -in /etc/ssl/ca.crt -out /etc/ssl/ca.pem -outform PEM
echo 'ca.pem is generated successfully in /etc/ssl'

echo 'append the chain.pem content to newly created ca.pem in /etc/ssl/ca.pem'
sudo cat /etc/dehydrated/certs/mongo.example.com/chain.pem >> /etc/ssl/ca.pem
echo 'done!'

#mongodb #mongo #ssl #pem #openssl #lets_encrypt