Linux下單節點MongoDB安裝配置
1、下載所需版本
進入MongoDB官網下載頁面,個人認為社群版能夠滿足需求
我的虛擬機器裝的是CentOS7,所以選擇“Linux 64-bit legacy x64”,然後點選“All Version Binaries”,選擇滿足需求的版本;我下載的是“mongodb-linux-x86_64-3.4.10.tgz”;
2、啟動前準備工作
2.1 使用“Bitvise SSH Client”或者“XShell”等工具,將下載好的安裝包上傳到Linux伺服器上,我選擇的路徑是“/data2/”
2.2 解壓縮並重命名,一定以root登入,否則沒有許可權,不能正確解壓縮
[[email protected] data2]# cd /data2/
[[email protected] data2]# tar -zxvf mongodb-linux-x86_64-3.4.10.tgz
[[email protected] data2]# mv mongodb-linux-x86_64-3.4.10 mongodb-3.4.10
2.3 新建配置檔案
[[email protected] data2]# mkdir conf/ [[email protected] data2]# cd /data2/conf/ [[email protected] conf]# vim mongodb.conf
配置檔案內容
# 使用demon形式啟動
fork = true
# 以27017埠啟動,此埠為預設配置,可省略
port = 27017
# 日誌不在終端輸出而是進入log
quiet = true
# 資料目錄配置
dbpath = /data2/mongodb
# 日誌檔案存放位置
logpath = /data2/mongodb/log/mongo.log
# 以追加方式記錄日誌
logappend = true
2.4 建立資料夾,用於存放資料以及日誌;如果不建立好資料夾,mongodb啟動時會報錯並退出;
[[email protected] data2]# mkdir -p /data2/mongodb/log/
2.5 新建mongodb使用者及mongodb使用者組
[[email protected] data2]# groupadd mongodb
[[email protected] data2]# useradd mongodb -m -d /home/mongodb -g mongodb
2.6 把mongodb相關的資料夾都賦予mongodb使用者所有許可權
修改前
[[email protected] data2]# pwd
/data2
[[email protected] data2]# ll
total 84764
drwxr-xr-x. 2 root root 26 May 16 10:18 conf
drwxr-xr-x. 3 root root 17 May 16 10:21 mongodb
drwxr-xr-x. 3 root root 91 May 15 17:42 mongodb-3.4.10
-rw-r--r--. 1 root root 86794614 May 15 14:47 mongodb-linux-x86_64-3.4.10.tgz
修改命令
[[email protected] data2]# chown -R mongodb:mongodb /data2/conf
[[email protected] data2]# chown -R mongodb:mongodb /data2/mongodb
[[email protected] data2]# chown -R mongodb:mongodb /data2/mongodb-3.4.10
修改後
[[email protected] data2]# ll
total 84764
drwxr-xr-x. 2 mongodb mongodb 26 May 16 10:18 conf
drwxr-xr-x. 3 mongodb mongodb 17 May 16 10:21 mongodb
drwxr-xr-x. 3 mongodb mongodb 91 May 15 17:42 mongodb-3.4.10
-rw-r--r--. 1 root root 86794614 May 15 14:47 mongodb-linux-x86_64-3.4.10.tgz
3、不啟用身份驗證啟動mongodb服務
在MongoDB部署中,首先要建立一個管理員使用者,有兩種方式:在啟用身份驗證之前或在啟用驗證身份之後,本例中在啟用身份驗證之前建立管理員使用者,賦予最高許可權;
3.1 啟動服務
切換為mongodb使用者,啟動服務
[[email protected] data2]# su mongodb
[[email protected] data2]$ /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 4264
child process started successfully, parent exiting
看到“successfully”字樣證明啟動成功;3.2 檢視日誌檔案 /data2/mongodb/log/mongo.log
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] MongoDB starting : pid=4264 port=27017 dbpath=/data2/mongodb 64-bit host=localhost.localdomain
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] db version v3.4.10
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] git version: 078f28920cb24de0dd479b5ea6c66c644f6326e9
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] allocator: tcmalloc
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] modules: none
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] build environment:
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] distarch: x86_64
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] target_arch: x86_64
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] options: { config: "/data2/conf/mongodb.conf", net: { port: 27017 }, processManagement: { fork: true }, storage: { dbPath: "/data2/mongodb" }, systemLog: { destination: "file", logAppend: true, path: "/data2/mongodb/log/mongo.log", quiet: true } }
2018-05-16T10:37:20.439+0800 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=256M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.484+0800 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data2/mongodb/diagnostic.data'
2018-05-16T10:37:20.530+0800 I INDEX [initandlisten] build index on: admin.system.version properties: { v: 2, key: { version: 1 }, name: "incompatible_with_version_32", ns: "admin.system.version" }
2018-05-16T10:37:20.530+0800 I INDEX [initandlisten] building index using bulk method; build may temporarily use up to 500 megabytes of RAM
2018-05-16T10:37:20.531+0800 I INDEX [initandlisten] build index done. scanned 0 total records. 0 secs
2018-05-16T10:37:20.532+0800 I COMMAND [initandlisten] setting featureCompatibilityVersion to 3.4
2018-05-16T10:37:20.533+0800 I NETWORK [thread1] waiting for connections on port 27017
3.3 本地啟動客戶端連線mongodb伺服器,預設連線test資料庫
[[email protected] data2]$ /data2/mongodb-3.4.10/bin/mongo
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
Server has startup warnings:
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
> db
test
3.4 遠端連線mongodb伺服器,預設連線test資料庫;在linux伺服器上使用ifconfig命令檢視伺服器IP地址;
C:\Users\LZ>mongo --host 192.168.0.133:27017
MongoDB shell version v3.4.10
connecting to: mongodb://192.168.0.133:27017/
MongoDB server version: 3.4.10
Server has startup warnings:
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
> db
test
3.5 如果出現本地可連線,但遠端連線不上的情況,一般是防火牆的問題;如果執行一下命令沒有返回,則表明沒有開放27017埠;
[[email protected] data2]# iptables -L -n | grep 27017
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:27017 ctstate NEW
開啟27017埠,並重新載入防火牆配置;
[[email protected] data2]# firewall-cmd --zone=public --add-port=27017/tcp --permanent
success
[[email protected] data2]# firewall-cmd --reload
success
4、新增MongoDB使用者,並啟用身份驗證和授權
4.1 建立管理使用者
切換到admin資料庫,兩種方式都可以,下面是上面的語法糖
> db = db.getSiblingDB('admin')
admin
> use admin
switched to db admin
> db.createUser({user:"admin",pwd:"admin",roles:["userAdminAnyDatabase"]})
Successfully added user: { "user" : "admin", "roles" : [ "userAdminAnyDatabase" ] }
4.2 增加身份驗證配置,重啟mongodb服務
[[email protected] data2]# vim /data2/conf/mongodb.conf
在最後一行新增
# 開啟身份驗證
auth = true
關閉mongod服務並重啟
[[email protected] data2]# ps -ef | grep mongod
root 4227 3963 0 10:37 pts/0 00:00:00 su mongodb
mongodb 4228 4227 0 10:37 pts/0 00:00:00 bash
mongodb 4264 1 0 10:37 ? 00:00:10 /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
root 5424 4621 0 11:43 pts/0 00:00:00 grep --color=auto mongod
[[email protected] data2]# kill -2 4264
[[email protected] data2]# ps -ef | grep mongod
root 4227 3963 0 10:37 pts/0 00:00:00 su mongodb
mongodb 4228 4227 0 10:37 pts/0 00:00:00 bash
root 5427 4621 0 11:44 pts/0 00:00:00 grep --color=auto mongod
[[email protected] data2]# su mongodb
[[email protected] data2]$ /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 5663
child process started successfully, parent exiting
4.2 建立普通使用者並啟用授權
重新連線資料庫,並使用剛剛建立的管理使用者進行身份驗證
[[email protected] data2]$ /data2/mongodb-3.4.10/bin/mongo
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
> use admin
switched to db admin
> db.auth("admin","admin")
1
切換到普通使用者Daniel對應的資料庫order,並建立新使用者Daniel以及分配對order資料庫的讀取訪問許可權,再建立新使用者John以及分配對order資料庫的讀取寫入訪問許可權
> use order
switched to db order
> db.createUser({user:"Daniel",pwd:"daniel",roles:["read"]})
Successfully added user: { "user" : "Daniel", "roles" : [ "read" ] }
> db.createUser({user:"John",pwd:"john",roles:["readWrite"]})
Successfully added user: { "user" : "John", "roles" : [ "readWrite" ] }
> db
order
> show users
{
"_id" : "order.Daniel",
"user" : "Daniel",
"db" : "order",
"roles" : [
{
"role" : "read",
"db" : "order"
}
]
}
{
"_id" : "order.John",
"user" : "John",
"db" : "order",
"roles" : [
{
"role" : "readWrite",
"db" : "order"
}
]
}
4.3 驗證使用者許可權
連線到新的mongo控制檯,使用John登入到order資料庫,執行寫入/讀取命令
[[email protected] data2]$ /data2/mongodb-3.4.10/bin/mongo -u John -p john order
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017/order
MongoDB server version: 3.4.10
> db
order
> db.detail.insert({"name":"123"})
WriteResult({ "nInserted" : 1 })
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }
連線到新的mongo控制檯,使用Daniel登入到order資料庫,執行寫入/讀取命令
[[email protected] data2]$ /data2/mongodb-3.4.10/bin/mongo -u Daniel -p daniel order
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017/order
MongoDB server version: 3.4.10
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }
> db.detail.insert({"name":"345"})
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on order to execute command { insert: \"detail\", documents: [ { _id: ObjectId('5afbbd3bb6d9de4029eb49ea'), name: \"345\" } ], ordered: true }"
}
})
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }
John有寫入讀取許可權,而Daniel只有讀取許可權,沒有寫入許可權;