Why is it so important to choose the right shard key for sharding?

1.	Why is it so important to choose the right shard key for sharding?
Answer» There are a few key differences while setting authentication on the sharded cluster. To set up authentication we should connect to mongos instead of mongod. Also, clients who want to authenticate to the sharded cluster MUST do from mongos. Ensure sharded cluster has at least two mongos instances available as it requires restarting each mongos in the cluster. If the sharded cluster has only one mongos instance, this results in downtime during the period that the mongos is offline. Generate keyfile from any method of your choice. Copy the keyfile to each server hosting the sharded cluster members. Ensure that the user running the mongod or mongos instances is the owner of the file and can access the keyfile. From mongos create a user with admin clusterAdmin and userAdmin role on the admin database. db.createUser({ user: "admin", pwd: "<password>", roles: [ { role: "clusterAdmin", db: "admin" }, { role: "userAdmin", db: "admin" }]}); Change current mongos configuration with keyfile authentication ENABLED file. security: transitionToAuth: true keyFile: <path-to-keyfile> The new configuration file should contain all of the configuration settings previously used by the mongos as well as the new security settings. Now restart all mongos one at a time starting with a new configuration file. Now change the configuration file to enable keyfile authentication for all members of the config database. FIRST, all secondary nodes should be updated. For updating PRIMARY force, a failover, change primary to secondary and then update the configuration file., Now we will create the shard-local administrator for each shard. In a sharded cluster that enforces authentication, each shard replica set should have its own shard-local administrator. we cannot use a shard-local administrator for one shard to access another shard or the sharded cluster. Connect to the primary member of each shard replica set and create a user with the db.createUser() method. db.createUser({ user: "admin1", pwd: "<password>", roles: [ { role: "clusterAdmin", db: "admin" }, { role: "userAdmin", db: "admin" }]}); This user can be used for maintenance activities on individual shards. Now change the configuration file to enable keyfile authentication for all shards. First, all secondary nodes should be updated. For updating primary force, a failover, change primary to secondary and then update the configuration file.

Answer»

There are a few key differences while setting authentication on the sharded cluster. To set up authentication we should connect to mongos instead of mongod. Also, clients who want to authenticate to the sharded cluster MUST do from mongos.

Ensure sharded cluster has at least two mongos instances available as it requires restarting each mongos in the cluster. If the sharded cluster has only one mongos instance, this results in downtime during the period that the mongos is offline.

Generate keyfile from any method of your choice. Copy the keyfile to each server hosting the sharded cluster members. Ensure that the user running the mongod or mongos instances is the owner of the file and can access the keyfile.
From mongos create a user with admin clusterAdmin and userAdmin role on the admin database.

db.createUser({ user: "admin", pwd: "<password>", roles: [ { role: "clusterAdmin", db: "admin" }, { role: "userAdmin", db: "admin" }]});

Change current mongos configuration with keyfile authentication ENABLED file.

security:

transitionToAuth: true keyFile: <path-to-keyfile>

The new configuration file should contain all of the configuration settings previously used by the mongos as well as the new security settings.

Now restart all mongos one at a time starting with a new configuration file.
Now change the configuration file to enable keyfile authentication for all members of the config database. FIRST, all secondary nodes should be updated. For updating PRIMARY force, a failover, change primary to secondary and then update the configuration file.,
Now we will create the shard-local administrator for each shard. In a sharded cluster that enforces authentication, each shard replica set should have its own shard-local administrator. we cannot use a shard-local administrator for one shard to access another shard or the sharded cluster.

Connect to the primary member of each shard replica set and create a user with the db.createUser() method.

db.createUser({ user: "admin1", pwd: "<password>", roles: [ { role: "clusterAdmin", db: "admin" }, { role: "userAdmin", db: "admin" }]});

This user can be used for maintenance activities on individual shards.

Now change the configuration file to enable keyfile authentication for all shards. First, all secondary nodes should be updated. For updating primary force, a failover, change primary to secondary and then update the configuration file.

Why is it so important to choose the right shard key for sharding?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment