Linux下安装Mongodb
1.离线安装MongoDB
1.1 文档编写时的安装环境
操作系统:CentOS Linux release 7.5.1804 (Core)
虚拟机环境:内存 974M,磁盘 20G,CPU架构 x86_64
1.2 准备
安装版本:4.2.10
下载如下5个包,下载链接
mongodb-org-server-4.2.10-1.el7.x86_64.rpm
mongodb-org-shell-4.2.10-1.el7.x86_64.rpm
mongodb-org-mongos-4.2.10-1.el7.x86_64.rpm
mongodb-org-tools-4.2.10-1.el7.x86_64.rpm
mongodb-org-4.2.10-1.el7.x86_64.rpm
1.3 安装步骤
a. 将rpm的压缩包(mongodb4.2.10-rpm安装包.tar)上传至业务账号的根目录;
b. 解压缩文件mongodb4.2.10-rpm安装包.tar;
[hadoop@Master ~]$ tar -xvf mongodb4.2.10-rpm安装包.tar
c. 安装rpm包
[hadoop@Master ~]$ cd mongodb4.2.10-rpm [hadoop@Master mongodb4.2.10-rpm]$ sudo rpm -ivh mongodb-org-server-4.2.10-1.el7.x86_64.rpm [hadoop@Master mongodb4.2.10-rpm]$ sudo rpm -ivh mongodb-org-shell-4.2.10-1.el7.x86_64.rpm [hadoop@Master mongodb4.2.10-rpm]$ sudo rpm -ivh mongodb-org-mongos-4.2.10-1.el7.x86_64.rpm [hadoop@Master mongodb4.2.10-rpm]$ sudo rpm -ivh mongodb-org-tools-4.2.10-1.el7.x86_64.rpm [hadoop@Master mongodb4.2.10-rpm]$ sudo rpm -ivh mongodb-org-4.2.10-1.el7.x86_64.rpm
d.防止在线升级
[hadoop@Master mongodb4.2.10-rpm]$ sudo vi /etc/yum.conf
exclude=mongodb-org,mongodb-org-server,mongodb-org-shell,mongodb-org-mongos,mongodb-org-tools
1.4 配置mongdb
配置文件路径:/etc/mongod.conf
a.创建mongo数据及日志存放路径
[hadoop@Master /]$ sudo mkdir -p /data/mongo/data
[hadoop@Master /]$ sudo mkdir -p /data/mongo/log
b.修改几个重要默认配置
如:path,dbPath,pidFilePath,bindIp
systemLog: destination: file logAppend: true path: /data/mongo/log/mongod.log #日志存放路径 storage: dbPath: /data/mongo/data #数据存放路径 journal: enabled: true processManagement: fork: true # fork and run in background pidFilePath: /data/mongo/mongod.pid #pid文件路径 timeZoneInfo: /usr/share/zoneinfo net: port: 27017 bindIp: 0.0.0.0 #任何主机皆可以连接
1.5 启动关闭
[hadoop@Master ~]$ sudo mongod -f /etc/mongod.conf #启动 [hadoop@Master ~]$ sudo mongod -f /etc/mongod.conf --shutdown #关闭 [hadoop@Master ~]$ mongo #客户端连接mongo
1.6 配置ssl
https://download.csdn.net/download/weixin_38701683/12844156
1.6.1 生成证书
a. 查看是否安装openssl
[hadoop@Master ~]$ openssl version
b. 若没有安装请安装
c. 生成证书
参考文章 https://blog.csdn.net/Loiterer_Y/article/details/106709978
[root@Master ssl]# cd /etc/ssl/ #生成ca.pem [root@Master ssl]# openssl req -out ca.pem -new -x509 -days 3650 输入密码123456 #生成server.pem [root@Master ssl]# openssl genrsa -out server.key 2048 #生成服务器端私钥 [root@Master ssl]# openssl req -key server.key -new -out server.req #生成服务器端申请文件 [root@Master ssl]# openssl x509 -req -in server.req -CA ca.pem -CAkey privkey.pem -CAcreateserial -out server.crt -days 3650 #生成服务器端证书 [root@Master ssl]# cat server.key server.crt > server.pem #合并服务器端私钥和服务器端证书,生成server.pem [root@Master ssl]# openssl verify -CAfile ca.pem server.pem #校验服务器端pem文件 server.pem: OK #生成client.pem [root@Master ssl]# openssl genrsa -out client.key 2048 #生成客户端私钥 [root@Master ssl]# openssl req -key client.key -new -out client.req #生成客户端申请文件 [root@Master ssl]# openssl x509 -req -in client.req -CA ca.pem -CAkey privkey.pem -CAserial ca.srl -out client.crt -days 3650 #生成客户端证书 [root@Master ssl]# openssl x509 -req -in client.req -CA ca.pem -CAkey privkey.pem -CAserial ca.srl -out client.crt -days 3650 #合并客户端私钥和客户端证书,生成client.pem [root@Master ssl]# openssl verify -CAfile ca.pem client.pem #校验客户端pem文件 client.pem: OK
1.6.2 配置mongod.conf
#添加如下配置 net: tls: mode: requireTLS certificateKeyFile: /etc/ssl/server.pem certificateKeyFilePassword: 123456 CAFile: /etc/ssl/ca.pem allowConnectionsWithoutCertificates: true
1.6.3 mongo客户端连接
参考链接 https://www.mongodb.com/docs/v4.2/tutorial/configure-ssl-clients/
[root@Master ssl]# mongo --tls --host 192.168.44.130 -tlsCAFile /etc/ssl/ca.pem --tlsCertificateKeyFile /etc/ssl/client.pem
1.6.4 java驱动连接
参考文章 https://blog.csdn.net/loiterer_y/article/details/106716918
代码 https://gitee.com/idensir/CommonDemo/tree/master/MongoDBDemo
a.将ca.pem入库
#keytool为jdk安装自带的工具 [root@Master ssl]# keytool -import -keystore cacerts -file ca.pem -storepass 123456
b.在linux服务器上将client.pem需转化为pkcs12格式
[root@Master ssl]# openssl pkcs12 -export -out mongodb.pkcs12 -in client.pem
c.将cacerts,mongodb.pkcs12拷贝到客户端
d.maven引入依赖
<!-- 新驱动 -->
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-sync</artifactId>
<version>3.12.7</version>
</dependency>
<!-- 旧驱动 -->
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-legacy</artifactId>
<version>3.12.7</version>
</dependency>
<!-- MongoTemplate需要的依赖 -->
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-mongodb</artifactId>
<version>2.2.10.RELEASE</version>
</dependency>
e.旧版驱动连接
import com.mongodb.MongoClient; import com.mongodb.MongoClientURI; public class OldDriverConnector { public static void main(String[] args) { System.setProperty("javax.net.ssl.trustStore", "e://cacerts"); System.setProperty("javax.net.ssl.trustStorePassword", "123456"); // 配置信任证书 System.setProperty("javax.net.ssl.keyStore", "e://mongodb.pkcs12"); System.setProperty("javax.net.ssl.keyStorePassword", "123456"); // 连接mongo数据库 MongoClientURI uri = new MongoClientURI("mongodb://192.168.44.130:27017/?serverSelectionTimeoutMS=1000&ssl=true" + "&sslinvalidhostnameallowed=true"); MongoClient client = new MongoClient(uri); //注意引入的包为旧驱动中的包 // 获取mongo数据库中的库名 System.out.println(client.listDatabaseNames().first()); } }
f.新版驱动连接
import com.mongodb.client.MongoClient; import com.mongodb.client.MongoClients; import org.springframework.data.mongodb.core.MongoTemplate; import java.util.List; public class NewDriverConnector { public static void main(String[] args) { System.setProperty("javax.net.ssl.trustStore", "e://cacerts"); System.setProperty("javax.net.ssl.trustStorePassword", "123456"); // 配置信任证书 System.setProperty("javax.net.ssl.keyStore", "e://mongodb.pkcs12"); System.setProperty("javax.net.ssl.keyStorePassword", "123456"); //注意引入的包为就版驱动包中的类 MongoClient mongoClient = MongoClients.create("mongodb://192.168.44.130:27017/?serverSelectionTimeoutMS=10000&ssl=true" + "&sslinvalidhostnameallowed=true"); System.out.println(mongoClient.listDatabaseNames().first()); MongoTemplate template = new MongoTemplate(mongoClient, "test"); // template.insert(new Person("aaa", 11, "女")); List<Person> all = template.findAll(Person.class); for (Person person : all) { System.out.println(person.toString()); } } }
1.6.5 Navicat连接
a.设置连接
b.将生成的ca.pem,client.pem拷贝到客户端,并设置ssl
————————————————
版权声明:本文为CSDN博主「还之简」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/wuyindengliu/article/details/122364733
