CentOS6.8部署MongoDB集群及支持auth认证
三个节点的副本集如下图所示:
实验目的:
配置MongoDB的3节点副本集
3个节点的副本集都要开启auth认证,并且开启认证后,能互相通信
第一步 - 准备环境
准备三个虚拟机,其中一个用作Primary,另外两个用作Secondary。如上图展示的那样
1 2 3 4 5 | 虚拟机信息如下: Primary:172.xx.xx.107 Secondary:172.xx.xx.105 和172.xx.xx.106 |
第二步 - yum安装Mongo
在/etc/yum.repos.d/目录下,创建一个mongodb.repo文件,指定MongoDB资源库即可。
使用 vim /etc/yum.repos.d/mongodb.repo命令,创建并打开文件mongodb.repo
1 2 3 4 5 6 7 8 9 10 11 | [mongodb-org-3.4]name=MongoDB Repositorybaseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/gpgcheck=1enabled=1gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc |
1 2 3 4 | ### 然后# yum repolist# yum install mongodb-org |
第三步 - 配置副本集
使用vim /etc/mongod.conf配置,每一台虚拟机上的Mongod配置文件。
在replication选项中添加oplogSizeMB 和 replSetName两个属性
1 2 3 4 5 6 7 | # vim /etc/mongod.confreplication: oplogSizeMB: 1024 replSetName: test |
查看mongod.conf文件配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | # cat /etc/mongod.conf# mongod.conf# for documentation of all options, see:# http://docs.mongodb.org/manual/reference/configuration-options/# where to write logging data.systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log# Where and how to store data.storage: dbPath: /var/lib/mongo journal: enabled: true# engine:# mmapv1:# wiredTiger:# how the process runsprocessManagement: fork: true # fork and run in background pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile# network interfacesnet: port: 27017 bindIp: 0.0.0.0 # Listen to local interface only, comment to listen on all interfaces.#security:#operationProfiling:replication: oplogSizeMB: 1024 replSetName: test#sharding:## Enterprise-Only Options#auditLog:#snmp: |
1 2 3 4 5 | 注意: 3台虚拟机,MongoDB配置文件mongod.conf中的replSetName名字要保持一致, 在本例中,replSetName的名字为test,这个名字可以随便取 |
第四步 - 启动
配置好副本集之后,通过mongod --config /etc/mongod.conf 命令启动三个虚拟机中的Mongo服务
1 2 3 4 | [root@dev04 mongodb]# mongod --config /etc/mongod.conf about to fork child process, waiting until server is ready for connections.forked process: 30799child process started successfully, parent exiting |
因为107端口的虚拟机安装的MongoDB要用作Primary节点,所以,我们可以使用mongo命令来连接
1 2 3 4 5 6 7 8 | [root@dev04 mongodb]# mongoMongoDB shell version v3.4.2connecting to: mongodb://127.0.0.1:27017MongoDB server version: 3.4.2### 使用use admin, 切换到时admin数据库> use adminswitched to db admin |
然后通过config配置设置副本集节点成员
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | config={_id:"test",members:[{_id:0,host:"172.xxx.xxx.107:27017"},{_id:1,host:"172.xxx.xxx.106:27017"},{_id:2,host:"172.xxx.xxx.105:27017"}]}注:_id:"test", test是副本集中取得名字。members中添加每个副本集Mongod的_id和host信息> config={_id:"test",members:[{_id:0,host:"172.xxx.xxx.107:27017"},{_id:1,host:"172.xxx.xxx.106:27017"},{_id:2,host:"172.xxx.xxx.105:27017"}]}{ "_id" : "test", "members" : [ { "_id" : 0, "host" : "172.xxx.xxx.107:27017" }, { "_id" : 1, "host" : "172.xxx.xxx.106:27017" }, { "_id" : 2, "host" : "172.xxx.xxx.105:27017" } ]}> |
然后,执行配置初始化,看到{ "ok" : 1 },则表明初始化成功
1 2 | > rs.initiate(config){ "ok" : 1 } |
使用rs.status()查看副本节点状态
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | test:PRIMARY> rs.status() { "set" : "test", "date" : ISODate("2017-02-17T01:30:53.128Z"), "myState" : 1, "term" : NumberLong(1), "heartbeatIntervalMillis" : NumberLong(2000), "optimes" : { "lastCommittedOpTime" : { "ts" : Timestamp(1487295047, 1), "t" : NumberLong(1) }, "appliedOpTime" : { "ts" : Timestamp(1487295047, 1), "t" : NumberLong(1) }, "durableOpTime" : { "ts" : Timestamp(1487295047, 1), "t" : NumberLong(1) } }, "members" : [ { "_id" : 0, "name" : "172.xxx.xxx.107:27017", "health" : 1, "state" : 1, "stateStr" : "PRIMARY", "uptime" : 693, "optime" : { "ts" : Timestamp(1487295047, 1), "t" : NumberLong(1) }, "optimeDate" : ISODate("2017-02-17T01:30:47Z"), "infoMessage" : "could not find member to sync from", "electionTime" : Timestamp(1487294966, 1), "electionDate" : ISODate("2017-02-17T01:29:26Z"), "configVersion" : 1, "self" : true }, { "_id" : 1, "name" : "172.xxx.xxx.106:27017", "health" : 1, "state" : 2, "stateStr" : "SECONDARY", "uptime" : 96, "optime" : { "ts" : Timestamp(1487295047, 1), "t" : NumberLong(1) }, "optimeDurable" : { "ts" : Timestamp(1487295047, 1), "t" : NumberLong(1) }, "optimeDate" : ISODate("2017-02-17T01:30:47Z"), "optimeDurableDate" : ISODate("2017-02-17T01:30:47Z"), "lastHeartbeat" : ISODate("2017-02-17T01:30:52.708Z"), "lastHeartbeatRecv" : ISODate("2017-02-17T01:30:51.674Z"), "pingMs" : NumberLong(0), "syncingTo" : "172.xxx.xxx.107:27017", "configVersion" : 1 }, { "_id" : 2, "name" : "172.xxx.xxx.105:27017", "health" : 1, "state" : 2, "stateStr" : "SECONDARY", "uptime" : 96, "optime" : { "ts" : Timestamp(1487295047, 1), "t" : NumberLong(1) }, "optimeDurable" : { "ts" : Timestamp(1487295047, 1), "t" : NumberLong(1) }, "optimeDate" : ISODate("2017-02-17T01:30:47Z"), "optimeDurableDate" : ISODate("2017-02-17T01:30:47Z"), "lastHeartbeat" : ISODate("2017-02-17T01:30:52.708Z"), "lastHeartbeatRecv" : ISODate("2017-02-17T01:30:51.745Z"), "pingMs" : NumberLong(0), "syncingTo" : "172.xxx.xxx.106:27017", "configVersion" : 1 } ], "ok" : 1test:PRIMARY> |
第五步:副本集的认证
副本集总体思路是用户名、密码和keyfile文件,keyfile需要各个副本集服务启动时加载而且要是同一文件,然后在操作库是需要用户名、密码
KeyFile文件必须满足条件:
- 至少6个字符,小于1024字节
- 认证时候不考虑文件中空白字符
- 连接到副本集的成员和mongos进成的keyfile文件内容必须一样
- 必须是base64编码,但是不能有等号
- 文件权限必须是x00,也就是说,不能分配任何权限给group成员和other成员
1 2 | ### 在107节点生成Keyfile[root@localhost ~]# openssl rand -base64 90 > /usr/local/mongodb/keyfiletest |
1 2 3 | ### 然后该文件scp到105、106上面scp /usr/local/mongodb/keyfile root@172.xxx.xxx.105[106]:/usr/local/mongodb/ |
1 2 3 4 5 | ### 修改配置文件<br><br># vim /etc/mongod.confsecurity: keyFile: /usr/local/mongodb/keyfiletest authorization: enabled |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | # cat /etc/mongod.conf# mongod.conf# for documentation of all options, see:# http://docs.mongodb.org/manual/reference/configuration-options/# where to write logging data.systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log# Where and how to store data.storage: dbPath: /var/lib/mongo journal: enabled: true# engine:# mmapv1:# wiredTiger:# how the process runsprocessManagement: fork: true # fork and run in background pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile# network interfacesnet: port: 27017 bindIp: 0.0.0.0 # Listen to local interface only, comment to listen on all interfaces.security: keyFile: /usr/local/mongodb/keyfiletest authorization: enabled#operationProfiling:replication: oplogSizeMB: 1024 replSetName: test#sharding:## Enterprise-Only Options#auditLog:#snmp: |
重启mongod服务,认证OK
转载及借鉴博客地址:
https://my.oschina.net/wangmengjun/blog/840997?from=timeline&isappinstalled=0
http://www.cnblogs.com/xiaoit/p/4522218.html
http://www.cnblogs.com/libingql/archive/2011/06/09/2076440.html
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· Vue3状态管理终极指南:Pinia保姆级教程