MongoDB 副本集+分片 认证方式搭建
MongoDB 副本集+分片 认证方式搭建
参考资料:
https://www.cnblogs.com/ityouknow/p/7344005.html
https://jorwen-fang.iteye.com/blog/2031756
https://www.cnblogs.com/bjx2020/p/9350232.html
https://www.jb51.net/article/161315.htm
https://blog.51cto.com/beigai/1751381
环境规划:
服务器1:192.168.142.138 服务器1:192.168.142.139 服务器1:192.168.142.140
mongos:20000 mongos:20000 mongos:20000
config:21000 config:21000 config:21000
shard1:28001(主节点) shard1:28001(副本节点) shard1:28001(仲裁节点)
shard2:28002(仲裁节点) shard2:28002(主节点) shard2:28002(副本节点)
shard3:28003(副本节点) shard3:28003(仲裁节点) shard3:28003(主节点)
首先安装依赖包:
yum -y install ntp lrzsz nmap tree dos2unix nc vim zip unizp telnet dstat
#1. 关闭SElinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config grep SELINUX=disabled /etc/selinux/config setenforce 0 getenforce
#2. 关闭iptables
/etc/init.d/iptables stop # 执行两次,确保关闭。 /etc/init.d/iptables stop chkconfig iptables off
#3. 时间同步
echo "#time sync by oldboy at 2019-7-30" >>/var/spool/cron/root echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1' >>/var/spool/cron/root crontab -l
#4. 加大文件描述
cat >>/etc/security/limits.conf<<"EOF" # * soft nofile 20480 * hard nofile 65535 * soft nproc 20480 * hard nproc 65535 mongodb soft nofile 64000 mongodb hard nofile 64000 mongodb soft nproc 32000 mongodb hard nproc 32000 EOF tail -5 /etc/security/limits.conf echo "mongodb ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
#5. 内核优化
cp /etc/sysctl.conf /etc/sysctl.conf-$(date +%F).bak cat >> /etc/sysctl.conf << "EOF" net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65535 #net.ipv4.icmp_echo_ignore_all = 1 #禁ping,如果有nagios监控,这步可省去 # 以下参数是对iptables防火墙的优化,防火墙不开,会有提示,可以忽略不理。 net.nf_conntrack_max=25000000 net.netfilter.nf_conntrack_tcp_timeout_established=180 net.netfilter.nf_conntrack_tcp_timeout_time_wait=120 net.netfilter.nf_conntrack_tcp_timeout_close_wait=60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait=120 EOF /sbin/sysctl -p echo "sysctl set OK!!"
# 6、系统优化
echo "never" >/sys/kernel/mm/transparent_hugepage/enabled echo "never" >/sys/kernel/mm/transparent_hugepage/defrag cat >> /etc/rc.local <<"EOF" echo "never" > /sys/kernel/mm/transparent_hugepage/enabled echo "never" > /sys/kernel/mm/transparent_hugepage/defrag EOF
# 7、添加用户
useradd -d /data/mongodb mongodb echo "mongodbpwd" | passwd --stdin mongodb
# 8、修改主机配置
cat >>/etc/hosts<<EOF 192.168.142.138 mongodb1 192.168.142.139 mongodb2 192.168.142.140 mongodb3 EOF
# 9、下载安装
cd /opt/ wget http://downloads.mongodb.org/linux/mongodb-linux-x86_64-rhel62-v3.4-latest.tgz # 注意系统时间同步 /usr/sbin/ntpdate ntp1.aliyun.com tar -zxf mongodb-linux-x86_64-rhel62-v3.4-latest.tgz ln -s /opt/mongodb-linux-x86_64-rhel62-3.4.21-29-gaa313e18da/ /data/mongodb/mongodb chown -R mongodb.mongodb /opt/mongodb-linux-x86_64-rhel62-3.4.21-29-gaa313e18da/
# 10、创建相应的目录
su - mongodb #建立mongos及日志目录 mkdir -p /data/mongodb/mongos/log #建立config server 数据文件存放目录 mkdir -p /data/mongodb/config/data #建立config server 日志文件存放目录 mkdir -p /data/mongodb/config/log #建立shard1 数据文件存放目录 mkdir -p /data/mongodb/shard1/data #建立shard1 日志文件存放目录 mkdir -p /data/mongodb/shard1/log #建立shard2 数据文件存放目录 mkdir -p /data/mongodb/shard2/data #建立shard2 日志文件存放目录 mkdir -p /data/mongodb/shard2/log #建立shard3 数据文件存放目录 mkdir -p /data/mongodb/shard3/data #建立shard3 日志文件存放目录 mkdir -p /data/mongodb/shard3/log #秘钥目录文件 mkdir -p /data/mongodb/keys_file
# 11、配置文件编写
# Config server配置 # 需要在 su - mongodb cat >/data/mongodb/config/mongo.conf <<"EOF" dbpath=/data/mongodb/config/data/ logpath=/data/mongodb/config/log/config.log logappend=true #打开web监控 httpinterface=true rest=true maxConns=20000 bind_ip=0.0.0.0 port=21000 fork=true configsvr=true replSet=cfgrps #auth=true #keyFile=/data/mongodb/keys_file/keyfile.key EOF
# shard1
# 需要在 su - mongodb cat > /data/mongodb/shard1/shard1.conf <<"EOF" dbpath=/data/mongodb/shard1/data logpath=/data/mongodb/shard1/log/shard1.log logappend=true #打开web监控 httpinterface=true rest=true maxConns=20000 bind_ip=0.0.0.0 port=28001 fork=true replSet=shard1 shardsvr=true journal=false #auth=true #keyFile=/data/mongodb/keys_file/keyfile.key EOF
# shard2
# 需要在 su - mongodb cat > /data/mongodb/shard2/shard2.conf <<"EOF" dbpath=/data/mongodb/shard2/data logpath=/data/mongodb/shard2/log/shard2.log logappend=true #打开web监控 httpinterface=true rest=true maxConns=20000 bind_ip=0.0.0.0 port=28002 fork=true replSet=shard2 shardsvr=true journal=false #auth=true #keyFile=/data/mongodb/keys_file/keyfile.key EOF
# shard3
# 需要在 su - mongodb cat > /data/mongodb/shard3/shard3.conf <<"EOF" dbpath=/data/mongodb/shard3/data logpath=/data/mongodb/shard3/log/shard3.log logappend=true #打开web监控 httpinterface=true rest=true maxConns=20000 bind_ip=0.0.0.0 port=28003 fork=true replSet=shard3 shardsvr=true journal=false #auth=true #keyFile=/data/mongodb/keys_file/keyfile.key EOF
# mongos
# 需要在 su - mongodb cat >/data/mongodb/mongos/mongos.conf <<"EOF" logpath=/data/mongodb/mongos/log/mongos.log logappend=true #打开web监控 httpinterface=true #rest=true maxConns=20000 port=20000 fork=true configdb=cfgrps/192.168.142.138:21000,192.168.142.139:21000,192.168.142.140:21000 #keyFile=/data/mongodb/keys_file/keyfile.key EOF
# 12、生产key认证文件
echo "DliTNL0mHEeGk8QPxtlH" >/data/mongodb/keys_file/keyfile.key #设置文件的权限为400,不然服务无法启动 chmod 400 /data/mongodb/keys_file/keyfile.key
注意:上面配置文件,我是先把密码认证等注释掉了,方便先启动,后创建用户,启用认证。
#三、集群初始化
# 启动 config server 服务
cat >>/data/mongodb/.bashrc<<"EOF" alias mongo_config_start_21000="numactl --interleave=all /data/mongodb/mongodb/bin/mongod -f /data/mongodb/config/mongo.conf" alias mongo_config_login_21000="/data/mongodb/mongodb/bin/mongo --port 21000 --host 127.0.0.1" EOF source ~/.bash_profile
# 登录第一台 192.168.142.138
/data/mongodb/mongodb/bin/mongo --port 21000 --host 192.168.142.138 use admin config={_id:"cfgrps",configsvr:true,members:[{_id:0,host:"192.168.142.138:21000"},{_id:1,host:"192.168.142.139:21000"},{_id:2,host:"192.168.142.140:21000"}]} rs.initiate(config)
# 启动shard1
# 启动shard1 cat >>/data/mongodb/.bashrc<<"EOF" alias mongo_shard1_start_28001="numactl --interleave=all /data/mongodb/mongodb/bin/mongod -f /data/mongodb/shard1/shard1.conf" alias mongo_shard1_login_28001="/data/mongodb/mongodb/bin/mongo --port 21000 --host 127.0.0.1" alias mongo_shard2_start_28002="numactl --interleave=all /data/mongodb/mongodb/bin/mongod -f /data/mongodb/shard2/shard2.conf" alias mongo_shard2_login_28002="/data/mongodb/mongodb/bin/mongo --port 21000 --host 127.0.0.1" alias mongo_shard3_start_28003="numactl --interleave=all /data/mongodb/mongodb/bin/mongod -f /data/mongodb/shard3/shard3.conf" alias mongo_shard3_login_28003="/data/mongodb/mongodb/bin/mongo --port 21000 --host 127.0.0.1" EOF source ~/.bash_profile
# 登录第一台shard1 192.168.142.138
/data/mongodb/mongodb/bin/mongo --port 28001 --host 192.168.142.138
use admin;
config = { _id:"shard1",members:[ {_id:0,host:"192.168.142.138:28001"}, {_id:1,host:"192.168.142.139:28001"},{_id:2,host:"192.168.142.140:28001",arbiterOnly:true}] }
rs.initiate(config)
# 登录第二台shard2 192.168.142.139
/data/mongodb/mongodb/bin/mongo --port 28002 --host 192.168.142.139 use admin; config = { _id:"shard2",members:[ {_id:0,host:"192.168.142.138:28002",arbiterOnly:true}, {_id:1,host:"192.168.142.139:28002"},{_id:2,host:"192.168.142.140:28002"}] } rs.initiate(config)
# 登录第三台shard3 192.168.142.140
/data/mongodb/mongodb/bin/mongo --port 28003 --host 192.168.142.140 use admin; config = { _id:"shard3",members:[ {_id:0,host:"192.168.142.138:28003"}, {_id:1,host:"192.168.142.139:28003",arbiterOnly:true},{_id:2,host:"192.168.142.140:28003"}] } rs.initiate(config)
# 登录主节点, 添加存储集群的管理账号
/data/mongodb/mongodb/bin/mongo --port 28001 --host 192.168.142.139 /data/mongodb/mongodb/bin/mongo --port 28002 --host 192.168.142.140 /data/mongodb/mongodb/bin/mongo --port 28003 --host 192.168.142.140 use admin db.createUser({user: "root",pwd: "123456",roles: [ { role: "root", db: "admin" } ]})
# 启动mongos 服务
cat >>/data/mongodb/.bashrc<<"EOF" alias mongos_start_20000="numactl --interleave=all /data/mongodb/mongodb/bin/mongos -f /data/mongodb/mongos/mongos.conf" alias mongos_login_20000="/data/mongodb/mongodb/bin/mongo --port 20000 --host 127.0.0.1" EOF source ~/.bash_profile numactl --interleave=all /data/mongodb/mongodb/bin/mongos -f /data/mongodb/mongos/mongos.conf
# 添加config server的管理账号,登录任意一个mongos节点
/data/mongodb/mongodb/bin/mongo --port 20000 --host 127.0.0.1 use admin db.createUser({user: "root",pwd: "123456",roles: [ { role: "root", db: "admin" } ]})
# 登录mongos,添加分片
/data/mongodb/mongodb/bin/mongo --port 20000 --host 127.0.0.1 use admin db.auth('root','123456') #添加分片 sh.addShard('shard1/192.168.142.138:28001,192.168.142.139:28001,192.168.142.140:28001') sh.addShard('shard2/192.168.142.138:28002,192.168.142.139:28002,192.168.142.140:28002') sh.addShard('shard3/192.168.142.138:28003,192.168.142.139:28003,192.168.142.140:28003') #查看分片状态 sh.status()
# 关闭所有服务
for i in `ps -ef| grep -Ei 'bin/mongod|bin/mongos'|grep -v 'grep'| awk '{print $2}'`; do kill -9 $i; done
# 启用认证文件认证方式,修改配置文件,去掉如下注释
#auth=true #keyFile=/data/mongodb/keys_file/keyfile.key sed -i 's/#auth=true/auth=true/' /data/mongodb/config/mongo.conf sed -i 's/#keyFile=/keyFile=/' /data/mongodb/config/mongo.conf sed -i 's/#auth=true/auth=true/' /data/mongodb/shard1/shard1.conf sed -i 's/#keyFile=/keyFile=/' /data/mongodb/shard1/shard1.conf sed -i 's/#auth=true/auth=true/' /data/mongodb/shard2/shard2.conf sed -i 's/#keyFile=/keyFile=/' /data/mongodb/shard2/shard2.conf sed -i 's/#auth=true/auth=true/' /data/mongodb/shard3/shard3.conf sed -i 's/#keyFile=/keyFile=/' /data/mongodb/shard3/shard3.conf # sed -i '/auth=true/d' /data/mongodb/mongos/mongos.conf sed -i 's/#keyFile=/keyFile=/' /data/mongodb/mongos/mongos.conf # 服务异常重启,需要删除lock文件 # find /data/mongodb/*/ -name *.lock | xargs rm -f "{}" \;
mongo_config_start_21000
mongo_shard1_start_28001
mongo_shard2_start_28002
mongo_shard3_start_28003
mongos_start_20000
# 查看服务进程
ps -ef|grep mongodb/bin|grep -v 'grep'
# 启用认证后,登录mongos
[mongodb@mongodb1 ~]$ mongos_login_20000 MongoDB shell version v3.4.21-29-gaa313e18da connecting to: mongodb://127.0.0.1:20000/ MongoDB server version: 3.4.21-29-gaa313e18da mongos> show dbs 2019-07-31T13:42:28.568+0800 E QUERY [thread1] Error: listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }", "code" : 13, "codeName" : "Unauthorized" } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1 shellHelper.show@src/mongo/shell/utils.js:814:19 shellHelper@src/mongo/shell/utils.js:704:15 @(shellhelp2):1:1 mongos> use admin switched to db admin mongos> db.auth('root','123456'); 1 mongos> # 或者直接登录 /data/mongodb/mongodb/bin/mongo -u root -p "123456" --port 20000 --host 127.0.0.1 --authenticationDatabase admin mongodb_test
# 创建数据库、集合并记载分片数据
use admin db.runCommand({"enablesharding":"mongodb_test"}) db.runCommand({"shardcollection":"mongodb_test.results","key":{user_id:"hashed"}}) use mongodb_test db.results.ensureIndex({user_id:"hashed"}, {background: true}) for (var i=1;i<=1000000;i++) db.results.insert({"ip" : "192.168.100.254","g_roup": "gateway","mac" :"oc:eg:23:7d:2b:8g","address" :"jiuxianqiaohanhaiguoji113","user_id" : i,"name" :"user10000000","title" :"system","database" :"mongodb","telphone" :NumberLong("13012017201"),"mail" :"enu@163.com.com","os" :"win10","company" : "zjfound"})
# 登录其中一个shard1
mongo --port 28003 shard3:PRIMARY> use admin; shard3:PRIMARY> show dbs; admin 0.000GB local 0.002GB mongodb_test 0.004GB shard3:PRIMARY> db.results.findOne(); { "_id" : ObjectId("5d412cf4e475bc17f0657a57"), "ip" : "192.168.100.254", "g_roup" : "gateway", "mac" : "oc:eg:23:7d:2b:8g", "address" : "jiuxianqiaohanhaiguoji113", "user_id" : 1, "name" : "user10000000", "title" : "system", "database" : "mongodb", "telphone" : NumberLong("13012017201"), "mail" : "enu@163.com.com", "os" : "win10", "company" : "zjfound" } shard3:PRIMARY>
# 交付业务方
#登录任意一个mongos节点
use admin db.auth('root','123456') #切到业务数据库 use mongodb_test #建立读写账号 db.createUser({user: "mongodb_test_rw",pwd: "123456",roles: [{ role: "readWrite", db: "mongodb_test" },{ role: "dbOwner", db: "mongodb_test" }]})
#建立只读账号(根据业务需求确认是否需要)
db.createUser({user: "mongodb_test_r",pwd: "123456",roles: [ { role: "read", db: "mongodb_test" } ]})
# 交付开发人员信息
连接地址:192.168.142.138:20000, 192.168.142.139:20000, 192.168.142.140:20000 库名:mongodb_test 账号:mongodb_test_rw 密码:123456
# 后期开启分片方法(另一种)
/* #指定testdb分片生效 db.runCommand( { enablesharding :"testdb"}); #指定数据库里需要分片的集合和片键 db.runCommand( { shardcollection : "testdb.table1",key : {id: 1} } ) */
#指定需要分片的数据库
mongos> sh.enableSharding("yw_db")
#在yw_db数据库的users集合中创建了name和age为升序的片键
mongos> sh.shardCollection("yw_db.users",{name:1,age:1})
# 查看分片状态
sh.status()
# 附录:iptables添加
iptables -I INPUT -s 192.168.142.0/24 -i eth0 -p tcp -m tcp --dport 20000 -j ACCEPT iptables -I INPUT -s 192.168.142.0/24 -i eth0 -p tcp -m tcp --dport 21000 -j ACCEPT iptables -I INPUT -s 192.168.142.0/24 -i eth0 -p tcp -m tcp --dport 28001 -j ACCEPT iptables -I INPUT -s 192.168.142.0/24 -i eth0 -p tcp -m tcp --dport 28002 -j ACCEPT iptables -I INPUT -s 192.168.142.0/24 -i eth0 -p tcp -m tcp --dport 28003 -j ACCEPT service iptables save service iptables reload
# 导入数据
mongoimport -u root -p '123456' --port 20000 --authenticationDatabase admin --db mongodb_test --collection fudao_course_log --type csv --headerline --ignoreBlanks --file fudao_course_log.csv
