為mongodb3.4.24複製分片叢集新增密碼驗證和systemctl管理檔案
為mongodb3.4.24複製分片叢集新增密碼驗證和systemctl管理檔案
常用操作示例:
# 刪除庫
mongos> show dbs
admin 0.000GB
config 0.001GB
testdb 0.004GB
mongos> use testdb
switched to db testdb
mongos> show tables
table1
# 刪除表
mongos> db.table1.drop()
true
mongos> show tables;
# 刪除庫
mongos> db.dropDatabase()
{ "dropped" : "testdb", "ok" : 1 }
admin 0.000GB
config 0.001GB
# 建立叢集管理員 # mongos> use admin # db.createUser( { user:"admin", pwd:"pass", roles:[{role:"clusterAdmin",db:"admin"},{role:"clusterManager",db:"admin"},{role:"clusterMonitor",db:"admin"}] } ) db.createUser( { user:"root", pwd:"pass", roles:[{role:"readWriteAnyDatabase",db:"admin"},{role:"dbAdminAnyDatabase",db:"admin"},{role:"userAdminAnyDatabase",db:"admin"}] } ) 可以給使用者賦予所有許可權 admin mongos> db.grantRolesToUser( "admin" , [ { role: "dbOwner", db: "admin" },{ "role": "clusterAdmin", "db": "admin" }, ... {"role": "userAdminAnyDatabase", "db": "admin" }, ... { "role": "dbAdminAnyDatabase", "db": "admin" }, ... { role: "root", db: "admin" } ] ... ... )
Read:允許使用者讀取指定資料庫
readWrite:允許使用者讀寫指定資料庫
dbAdmin:允許使用者在指定資料庫中執行管理函式,如索引建立、刪除,檢視統計或訪問system.profile
userAdmin:允許使用者向system.users集合寫入,可以找指定資料庫裡建立、刪除和管理使用者
clusterAdmin:只在admin資料庫中可用,賦予使用者所有分片和複製集相關函式的管理許可權。
readAnyDatabase:只在admin資料庫中可用,賦予使用者所有資料庫的讀許可權
readWriteAnyDatabase:只在admin資料庫中可用,賦予使用者所有資料庫的讀寫許可權
userAdminAnyDatabase:只在admin資料庫中可用,賦予使用者所有資料庫的userAdmin許可權
dbAdminAnyDatabase:只在admin資料庫中可用,賦予使用者所有資料庫的dbAdmin許可權。
root:只在admin資料庫中可用。超級賬號,超級許可權
設定叢集的密碼
# 生成密碼檔案
cd /usr/local/mongodb/conf/
# -base64 生成的字串不能超過1226,所以使用512
openssl rand -base64 512 > onlineimagemongo.key
chmod 600 /usr/local/mongodb/conf/onlineimagemongo.key
# 將生成的密碼檔案傳輸到其他兩個節點
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.108:/usr/local/mongodb/conf/
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.110:/usr/local/mongodb/conf/
# 設定許可權
chown mongo.mongo /usr/local/mongodb/conf/onlineimagemongo.key
# 修改配置
vim /usr/local/mongodb/conf/config.conf
auth=true
keyFile = /usr/local/mongodb/conf/onlineimagemongo.key
# vim /usr/local/mongodb/conf/mongos.conf
mongos/shard1/shard2/shard3.conf 配置都需要新增檔案驗證
keyFile = /usr/local/mongodb/conf/onlineimagemongo.key
後期優化:
新增systemctl命令對mongo程式進行管理
# 配置伺服器的配置
# vim /etc/systemd/system/mongoconfig.service [Unit] Description=mongodb After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/config.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/config.conf PrivateTmp=true [Install] WantedBy=multi-user.target
# 分片的管理命令
# 分片的管理命令 [root@eus-image-design-mongo02:/etc/systemd/system]# cat shard1.service [Unit] Description=mongodb shard1 After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard1.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard1.conf PrivateTmp=true [Install] WantedBy=multi-user.target [root@eus-image-design-mongo02:/etc/systemd/system]# cat shard2.service [Unit] Description=mongodb shard2 After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard2.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard2.conf PrivateTmp=true [Install] WantedBy=multi-user.target [root@eus-image-design-mongo02:/etc/systemd/system]# cat shard3.service [Unit] Description=mongodb shard3 After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard3.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard3.conf PrivateTmp=true [Install] WantedBy=multi-user.target
# 路由的管理命令
# 路由的管理命令 [root@eus-image-design-mongo02:/etc/systemd/system]# cat mongos.service [Unit] Description=Mongo Router Service After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongos -f /usr/local/mongodb/conf/mongos.conf Restart=on-failure [Install] WantedBy=multi-user.target
# 要對一個服務一次啟動,否則會起不來,或者啟動的時候出問題
systemctl start shard1
systemctl start shards
systemctl start mongos
出問題記得檢視對應服務的日誌,如shar1: /data/mongodb/shard1/log/
# 新增開機自啟動
systemctl enable shard1
systemctl enable shard2
systemctl enable shard3
systemctl enable mongoconfig
systemctl enable mongos
[mongo@eus-image-design-mongo01:/usr/local/mongodb/conf]$ mongo --port 20000
MongoDB shell version v3.4.24
connecting to: mongodb://127.0.0.1:20000/
MongoDB server version: 3.4.24
mongos> use admin
switched to db admin
mongos> db.auth('admin','pass')
1
使用mongo官方的gui工具連線的串
mongodb://admin:[email protected]:20000/admin
# 管理員使用者新增相關賬號
> use school
> db.createUser({
user:"school",
pwd:"school2019",
roles:[{
role:"dbAdmin",
db:"school"
},{
role:"readWrite",
db:"school"
}]
})
# 管理員賬號才能進行分片和配置
use admin
mongos> db.runCommand({enablesharding:"school"});
{ "ok" : 1 }
mongos> db.runCommand({shardcollection:"school.user",key:{id:1}})
{ "collectionsharded" : "school.user", "ok" : 1 }
使用普通使用者school登入,寫入資料並查詢狀態
use school
mongos> for(i=1;i<=1000;i++){db.user.insert({"id":i,"name":"jack"+i})}
WriteResult({ "nInserted" : 1 })
mongos> show tables;
user
mongos> db.user.stats()