背景與目標

在生產環境中，單節點的 MongoDB 一旦宕機會導致服務中斷。為了保證 高可用 和 數據一致性，我們使用 MongoDB 副本集（Replica Set） 配合 Keepalived + HAProxy 構建一個高可用架構，支持自動故障轉移，并在應用端通過虛擬 IP（VIP）實現透明訪問。

本文將介紹如何在三臺服務器上使用 Docker Compose 部署 MongoDB 7.0 副本集，并通過 Keepalived + HAProxy 提供高可用訪問入口，同時配置 Prometheus 監控指標采集。

---

📋 環境規劃

服務器信息

節點	主機名	IP地址	角色
1	domp-server-001	172.20.191.185	PRIMARY 節點
2	domp-server-002	172.20.191.186	SECONDARY 節點
3	domp-server-003	172.20.191.187	SECONDARY 節點

軟件版本

• MongoDB: 7.0
• Docker: >= 20.10
• Docker Compose: >= 1.29
• Keepalived & HAProxy: 自定義鏡像（基于生產優化）

---

部署步驟

1. 創建目錄結構

mkdir -p /data/mongodb/{data,logs,key}

2、生成 keyFile（三臺機器內容必須一致）

MongoDB 副本集認證需要一個共享的 keyFile，用于節點間安全通信。

openssl rand -base64 756 > /data/mongodb/key/mongodb-keyfile
chmod 400 /data/mongodb/key/mongodb-keyfile
chown 999:999 /data/mongodb/key/mongodb-keyfile

?	999:999 是 MongoDB 容器內的默認用戶 UID/GID。
?	將 /data/mongodb/key/mongodb-keyfile 拷貝到所有三臺機器相同路徑下。

3. 準備 Keepalived + HAProxy 配置

docker-compose-keepalived-haproxy.yml 內容

version: "3.9"services:keepalived:image: reg.deeplearning.cn/mmwei3/keepalived:latest-20250725container_name: keepalivedrestart: alwaysnetwork_mode: hostprivileged: truetty: trueenvironment:- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS- KOLLA_SERVICE_NAME=keepalivedvolumes:- /etc/kolla/keepalived/:/var/lib/kolla/config_files/:ro- /etc/localtime:/etc/localtime:ro- /lib/modules:/lib/modules:ro- haproxy_socket:/var/lib/kolla/haproxy/haproxy:image: reg.deeplearning.cn/mmwei3/haproxy:latest-20250725container_name: haproxyrestart: alwaysnetwork_mode: hostprivileged: truetty: trueenvironment:- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS- KOLLA_SERVICE_NAME=haproxyvolumes:- /etc/kolla/haproxy/:/var/lib/kolla/config_files/:ro- /etc/localtime:/etc/localtime:ro- haproxy_socket:/var/lib/kolla/haproxy/volumes:haproxy_socket:

說明
? Keepalived 用于提供 VIP（虛擬 IP）漂移，保證故障切換。
? HAProxy 負責將請求路由到 MongoDB 副本集的 PRIMARY 節點。

4、部署 MongoDB 副本集

docker-compose-mongo.yml（示例為 domp-server-001）：version: '3.8'services:mongo:image: reg.deeplearning.cn/mmwei3/mongo:7.0container_name: mongorestart: alwayshostname: domp-server-001ports:- 27017:27017volumes:- /data/mongodb/data:/data/db- /data/mongodb/logs:/var/log/mongodb- /data/mongodb/key/mongodb-keyfile:/etc/mongo-keyfile:rocommand: >mongod --replSet rs0--auth--keyFile /etc/mongo-keyfile--bind_ip_all--logpath /var/log/mongodb/mongod.log--logappendnetworks:- mongo_netnetworks:mongo_net:driver: bridge

另外兩臺機器只需修改 hostname 與數據路徑即可。

5. 初始化副本集

docker exec -it mongo mongosh

Mongo shell 中執行：

rs.initiate({_id: "rs0",members: [{ _id: 0, host: "172.20.191.185:27017" },{ _id: 1, host: "172.20.191.186:27017" },{ _id: 2, host: "172.20.191.187:27017" }]
})

6. 創建管理員賬戶

use admin
db.createUser({user: "admin",pwd: "<your_password_here>",roles: [ { role: "root", db: "admin" } ]
})
mongosh -u admin -p <your_password_here> --authenticationDatabase admin

7. 配置 Prometheus 監控

啟動 mongodb-exporter 容器：

docker run -d \--name mongodb_exporter \-p 9216:9216 \-e MONGODB_URI="mongodb://admin:<your_password_here>@172.20.191.185:27017/?replicaSet=rs0" \reg.deeplearning.cn/mmwei3/bitnami/mongodb-exporter:latest-20250718_x86 \--no-mongodb.direct-connect \--collector.dbstats \--collector.topmetrics \--collector.indexstats \--collector.collstats \--collector.replicasetstatus

8、驗證集群狀態

root@domp-server-001:/# mongosh -u admin -p <your_password_here> --authenticationDatabase admin
Current Mongosh Log ID: 688b0eb4c0d8fffe6989b03c
Connecting to:          mongodb://<credentials>@127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&authSource=admin&appName=mongosh+2.5.6
Using MongoDB:          7.0.22
Using Mongosh:          2.5.6For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/------The server generated these startup warnings when booting2025-07-31T06:29:54.168+00:00: You are running on a NUMA machine. We suggest launching mongod like this to avoid performance problems: numactl --interleave=all mongod [other options]2025-07-31T06:29:54.169+00:00: vm.max_map_count is too low
------rs0 [direct: primary] test>rs0 [direct: primary] test> rs.status()
{set: 'rs0',date: ISODate('2025-07-31T06:35:54.773Z'),myState: 1,term: Long('1'),syncSourceHost: '',syncSourceId: -1,heartbeatIntervalMillis: Long('2000'),majorityVoteCount: 2,writeMajorityCount: 2,votingMembersCount: 3,writableVotingMembersCount: 3,optimes: {lastCommittedOpTime: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },lastCommittedWallTime: ISODate('2025-07-31T06:35:44.926Z'),readConcernMajorityOpTime: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },appliedOpTime: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },durableOpTime: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },lastAppliedWallTime: ISODate('2025-07-31T06:35:44.926Z'),lastDurableWallTime: ISODate('2025-07-31T06:35:44.926Z')},lastStableRecoveryTimestamp: Timestamp({ t: 1753943704, i: 1 }),electionCandidateMetrics: {lastElectionReason: 'electionTimeout',lastElectionDate: ISODate('2025-07-31T06:33:24.905Z'),electionTerm: Long('1'),lastCommittedOpTimeAtElection: { ts: Timestamp({ t: 1753943594, i: 1 }), t: Long('-1') },lastSeenOpTimeAtElection: { ts: Timestamp({ t: 1753943594, i: 1 }), t: Long('-1') },numVotesNeeded: 2,priorityAtElection: 1,electionTimeoutMillis: Long('10000'),numCatchUpOps: Long('0'),newTermStartDate: ISODate('2025-07-31T06:33:24.919Z'),wMajorityWriteAvailabilityDate: ISODate('2025-07-31T06:33:25.423Z')},members: [{_id: 0,name: '172.20.191.185:27017',health: 1,state: 1,stateStr: 'PRIMARY',uptime: 361,optime: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },optimeDate: ISODate('2025-07-31T06:35:44.000Z'),lastAppliedWallTime: ISODate('2025-07-31T06:35:44.926Z'),lastDurableWallTime: ISODate('2025-07-31T06:35:44.926Z'),syncSourceHost: '',syncSourceId: -1,infoMessage: '',electionTime: Timestamp({ t: 1753943604, i: 1 }),electionDate: ISODate('2025-07-31T06:33:24.000Z'),configVersion: 1,configTerm: 1,self: true,lastHeartbeatMessage: ''},{_id: 1,name: '172.20.191.186:27017',health: 1,state: 2,stateStr: 'SECONDARY',uptime: 160,optime: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },optimeDurable: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },optimeDate: ISODate('2025-07-31T06:35:44.000Z'),optimeDurableDate: ISODate('2025-07-31T06:35:44.000Z'),lastAppliedWallTime: ISODate('2025-07-31T06:35:44.926Z'),lastDurableWallTime: ISODate('2025-07-31T06:35:44.926Z'),lastHeartbeat: ISODate('2025-07-31T06:35:52.910Z'),lastHeartbeatRecv: ISODate('2025-07-31T06:35:53.911Z'),pingMs: Long('0'),lastHeartbeatMessage: '',syncSourceHost: '172.20.191.185:27017',syncSourceId: 0,infoMessage: '',configVersion: 1,configTerm: 1},{_id: 2,name: '172.20.191.187:27017',health: 1,state: 2,stateStr: 'SECONDARY',uptime: 160,optime: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },optimeDurable: { ts: Timestamp({ t: 1753943744, i: 1 }), t: Long('1') },optimeDate: ISODate('2025-07-31T06:35:44.000Z'),optimeDurableDate: ISODate('2025-07-31T06:35:44.000Z'),lastAppliedWallTime: ISODate('2025-07-31T06:35:44.926Z'),lastDurableWallTime: ISODate('2025-07-31T06:35:44.926Z'),lastHeartbeat: ISODate('2025-07-31T06:35:52.910Z'),lastHeartbeatRecv: ISODate('2025-07-31T06:35:53.910Z'),pingMs: Long('0'),lastHeartbeatMessage: '',syncSourceHost: '172.20.191.185:27017',syncSourceId: 0,infoMessage: '',configVersion: 1,configTerm: 1}],ok: 1,'$clusterTime': {clusterTime: Timestamp({ t: 1753943744, i: 1 }),signature: {hash: Binary.createFromBase64('egpXegnGy7N0DNK8cxpAjSX2y7o=', 0),keyId: Long('7533130418208374789')}},operationTime: Timestamp({ t: 1753943744, i: 1 })
}
rs0 [direct: primary] test>db.isMaster()
# 返回當前節點是 PRIMARY 還是 SECONDARY。#手動切換 PRIMARY
rs.stepDown()
#當前 PRIMARY 會主動下臺，觸發選舉新 PRIMARY。# 添加新節點到副本集
rs.add("new_host:27017")
# 將新節點加入副本集。# 從副本集中移除節點
rs.remove("host_to_remove:27017")# 查看當前配置
rs.conf()# 檢查復制延遲
rs.printSlaveReplicationInfo()
# 顯示 SECONDARY 節點復制延遲信息。# 備份數據（使用 mongodump）mongodump --host <primary_host> --port 27017 -u admin -p <password> --authenticationDatabase admin --out /backup/path/# 恢復數據（使用 mongorestore）mongorestore --host <host> --port 27017 -u admin -p <password> --authenticationDatabase admin /backup/path/