1. 程式人生 > >mongo 副本集+密碼認證

mongo 副本集+密碼認證

mongo

Jdk8部署

  1. 文檔說明

    1. 編寫目的

本文檔編寫目的是為了安裝mongoMongodb用戶認證


    1. 適用範圍

本文檔完成後 適用Mongodb3.0以上版本適用


    1. 配置準備

Mongodb 3.4


    1. 服務器準備


本文檔中操作是對內網1臺服務器部署,操作系統使用的是CentOS release 6.5 (Final)

各個節點及描述如下表所示:

節點

IP

描述

服務器

192.168.21.212/24

安裝mongodb


    1. 軟件準備


本文檔安裝的大多數軟件使用源代碼編譯安裝,主要用的文件有如下:

Mongodb3.4

下載mongodb3.2版本登錄mongo官網下載,網址如下:

https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel62-3.4.4.tgz


  1. Mongodb3.4安裝

    1. 192.168.21.212服務端安裝

安裝內容:jdk8


    1. 下載mongodb3.4.4


解壓jdk8

tar zxf /mongodb-linux-x86_64-rhel62-3.4.4.tgz

拷貝3 mongo 用於副本集安裝使用

mv mongodb-linux-x86_64-rhel62-3.4.4 mongo3.2

cp mongo3.2 mongo3.3 –R

cp monog3.2 mongo3.4 –R

配置mongodb副本集環境,分別進入3mongodb建立 3個文件夾 config logs sharding

Cd mongo3.2

Mkdir config logs sharding

Cd mongo3.2

Mkdir config logs sharding

Cd mongo3.3

Mkdir confing logs sharding


    1. 啟動mongodb參數


第一次啟動mongo不加標紅的參數,標紅參數用於用戶認證使用

1, /home/telehealth/software/mongodb3.2/bin/mongod -shardsvr -replSet shard1 --port 4001 --dbpath=/home/telehealth/software/mongodb3.2/sharding/ --storageEngine wiredTiger --logpath=/home/telehealth/software/mongodb3.2/logs/shard1.log --logappend --fork

--keyFile=/home/telehealth/software/mongodb3.2/mongodb-keyfile

2, /home/telehealth/software/mongodb3.3/bin/mongod -shardsvr -replSet shard1 --port 4002 --dbpath=/home/telehealth/software/mongodb3.3/sharding/ --storageEngine wiredTiger --logpath=/home/telehealth/software/mongodb3.3/logs/shard1.log --logappend --fork --keyFile=/home/telehealth/software/mongodb3.3/mongodb-keyfile

  1. /home/telehealth/software/mongodb3.4/bin/mongod -shardsvr -replSet shard1 --port 4003 --dbpath=/home/telehealth/software/mongodb3.4/sharding/ --storageEngine wiredTiger --logpath=/home/telehealth/software/mongodb3.4/logs/shard1.log --logappend --fork --keyFile=/home/telehealth/software/mongodb3.4/mongodb-keyfile

進入mongodb,進行副本集配置

/home/telehealth/software/mongodb3.4/bin/mongo 127.0.0.1:4001

config = {_id: ‘shard1‘, members:[ {_id: 0, host: ‘192.168.21.212:4001‘}, {_id: 1, host: ‘192.168.21.212:4002‘}, {_id: 2, host: ‘192.168.21.212:4003‘}]};

初始化副本集

rs.initiate(config);

退出Mongo並重新進入查看副本集狀態

shard1:SECONDARY> rs.conf()

{

"_id" : "shard1",

"version" : 1,

"protocolVersion" : NumberLong(1),

"members" : [

{

"_id" : 0,

"host" : "10.0.1.161:4001",

"arbiterOnly" : false,

"buildIndexes" : true,

"hidden" : false,

"priority" : 1,

"tags" : {

},

"slaveDelay" : NumberLong(0),

"votes" : 1

},

{

"_id" : 1,

"host" : "10.0.1.161:4002",

"arbiterOnly" : false,

"buildIndexes" : true,

"hidden" : false,

"priority" : 1,

"tags" : {

},

"slaveDelay" : NumberLong(0),

"votes" : 1

},

{

"_id" : 2,

"host" : "10.0.1.161:4003",

"arbiterOnly" : false,

"buildIndexes" : true,

"hidden" : false,

"priority" : 1,

"tags" : {

},

"slaveDelay" : NumberLong(0),

"votes" : 1

}

],

"settings" : {

"chainingAllowed" : true,

"heartbeatIntervalMillis" : 2000,

"heartbeatTimeoutSecs" : 10,

"electionTimeoutMillis" : 10000,

"catchUpTimeoutMillis" : 2000,

"getLastErrorModes" : {

},

"getLastErrorDefaults" : {

"w" : 1,

"wtimeout" : 0

},

"replicaSetId" : ObjectId("5926c65e692eca7af2692ac1")

}

}

shard1:SECONDARY>

配置成功

  1. Mongodb用戶認證

進入mongo3.2

認證用戶

> use admin

switched to db admin

> db.createUser(

... {

... user: "dba",

... pwd: "dba",

... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

... }

... )

添加dba用戶密碼dba 認證dbname admin

roles:指定用戶的角色,可以用一個空數組給新用戶設定空角色;在roles字段,可以指定內置角色和用戶定義的角色。role裏的角色可以選:

Built-In Roles(內置角色):

1. 數據庫用戶角色:readreadWrite;

2. 數據庫管理角色:dbAdmindbOwneruserAdmin

3. 集群管理角色:clusterAdminclusterManagerclusterMonitorhostManager

4. 備份恢復角色:backuprestore

5. 所有數據庫角色:readAnyDatabasereadWriteAnyDatabaseuserAdminAnyDatabasedbAdminAnyDatabase

6. 超級用戶角色:root

// 這裏還有幾個角色間接或直接提供了系統超級用戶的訪問(dbOwner userAdminuserAdminAnyDatabase

7. 內部角色:__system

具體角色:

Read:允許用戶讀取指定數據庫

readWrite:允許用戶讀寫指定數據庫

dbAdmin:允許用戶在指定數據庫中執行管理函數,如索引創建、刪除,查看統計或訪問system.profile

userAdmin:允許用戶向system.users集合寫入,可以找指定數據庫裏創建、刪除和管理用戶

clusterAdmin:只在admin數據庫中可用,賦予用戶所有分片和復制集相關函數的管理權限。

readAnyDatabase:只在admin數據庫中可用,賦予用戶所有數據庫的讀權限

readWriteAnyDatabase:只在admin數據庫中可用,賦予用戶所有數據庫的讀寫權限

userAdminAnyDatabase:只在admin數據庫中可用,賦予用戶所有數據庫的userAdmin權限

dbAdminAnyDatabase:只在admin數據庫中可用,賦予用戶所有數據庫的dbAdmin權限。

root:只在admin數據庫中可用。超級賬號,超級權限

關閉副本集 把所有mongodb kill掉,生成mongo-key文件

Cd mongo3.2

openssl rand -base64 100 >/home/telehealth/software/mongodb3.2/mongodb-keyfile

chmod 600 mongodb-keyfile

生成秘鑰文件後把文件拷貝到mongodb3.3 mongo3.4

Cp monodb-keyfile /home/telehealth/software/mongodb3.3

Cp monodb-keyfile /home/telehealth/software/mongodb3.4

啟動mongo

/home/telehealth/software/mongodb3.2/bin/mongod -shardsvr -replSet shard1 --port 4001 --dbpath=/home/telehealth/software/mongodb3.2/sharding/ --storageEngine wiredTiger --logpath=/home/telehealth/software/mongodb3.2/logs/shard1.log --logappend --fork --keyFile=/home/telehealth/software/mongodb3.2/mongodb-keyfile

/home/telehealth/software/mongodb3.3/bin/mongod -shardsvr -replSet shard1 --port 4002 --dbpath=/home/telehealth/software/mongodb3.3/sharding/ --storageEngine wiredTiger --logpath=/home/telehealth/software/mongodb3.3/logs/shard1.log --logappend --fork --keyFile=/home/telehealth/software/mongodb3.3/mongodb-keyfile

/home/telehealth/software/mongodb3.4/bin/mongod -shardsvr -replSet shard1 --port 4003 --dbpath=/home/telehealth/software/mongodb3.4/sharding/ --storageEngine wiredTiger --logpath=/home/telehealth/software/mongodb3.4/logs/shard1.log --logappend --fork --keyFile=/home/telehealth/software/mongodb3.4/mongodb-keyfile

驗證Mongodb登錄

/home/telehealth/software/mongodb3.2/bin/mongo 127.0.0.1:4001 -u dba -p dba

技術分享

配置成功


本文出自 “學習linux” 博客,請務必保留此出處http://10265013.blog.51cto.com/10255013/1953429

mongo 副本集+密碼認證