mongodb4.2主从(副本集附仲裁节点)部署带认证模式
环境:
OS:CentOS 7
DB:4.2.9
机器角色:
192.168.1.169:29001 主
192.168.1.170:29002 从
192.168.1.170:29003 仲裁节点
1.下载相应的版本
https://www.mongodb.com/download-center/community
我这里下载的是mongodb-linux-x86_64-rhel70-4.2.9.tgz
---------------------------------------安装部署---------------------------------------
1.创建安装目录
192.168.1.169:29001对应的安装目录
[root@test services]# mkdir -p /usr/local/services
[root@test services]# mkdir -p /home/middle/mongodb/data
[root@test services]# mkdir -p /home/middle/mongodb/log
[root@test services]# mkdir -p /home/middle/mongodb/key
[root@test services]# mkdir -p /home/middle/mongodb/conf
[root@test services]# mkdir -p /home/middle/mongodb/run
192.168.1.170:29002对应的安装目录
[root@test services]# mkdir -p /usr/local/services
[root@test services]# mkdir -p /home/middle/mongodb/data
[root@test services]# mkdir -p /home/middle/mongodb/log
[root@test services]# mkdir -p /home/middle/mongodb/key
[root@test services]# mkdir -p /home/middle/mongodb/conf
[root@test services]# mkdir -p /home/middle/mongodb/run
192.168.1.170:29003 仲裁节点对应的安装目录
[root@test services]# mkdir -p /usr/local/services
[root@test services]# mkdir -p /home/middle/mongodb_arbiter/data
[root@test services]# mkdir -p /home/middle/mongodb_arbiter/log
[root@test services]# mkdir -p /home/middle/mongodb_arbiter/key
[root@test services]# mkdir -p /home/middle/mongodb_arbiter/conf
[root@test services]# mkdir -p /home/middle/mongodb_arbiter/run
2.安装数据库
192.168.1.169:29001 安装
[root@test soft]# tar -xvf mongodb-linux-x86_64-rhel70-4.2.9.tgz
[root@test soft]# mv mongodb-linux-x86_64-rhel70-4.2.9 /usr/local/services/mongodb
192.168.1.170:29002 安装
[root@test soft]# tar -xvf mongodb-linux-x86_64-rhel70-4.2.9.tgz
[root@test soft]# mv mongodb-linux-x86_64-rhel70-4.2.9 /usr/local/services/mongodb
192.168.1.170:29003 安装
[root@test soft]# tar -xvf mongodb-linux-x86_64-rhel70-4.2.9.tgz
[root@test soft]# mv mongodb-linux-x86_64-rhel70-4.2.9 /usr/local/services/mongodb_arbiter
3.产生秘钥验证
在其中一个机器上创建秘钥文件,我这里是在192.168.1.169:29001
[root@test key]# cd /home/middle/mongodb/key
[root@test key]# openssl rand -base64 741 >>keyfile
[root@test key]# chmod 700 keyfile
加个keyfile拷贝到另外的两个节点相应的目录
scp keyfile root@192.168.1.170:/home/middle/mongodb/key/
scp keyfile root@192.168.1.170:/home/middle/mongodb_arbiter/key/
4.生成日志文件
192.168.1.169:29001
[root@test key]#echo>/home/middle/mongodb/log/mongodb.log
192.168.1.170:29002
[root@test key]#echo>/home/middle/mongodb/log/mongodb.log
192.168.1.170:29003
[root@test key]#echo>/home/middle/mongodb_arbiter/log/mongodb.log
5.创建配置文件mongo.cnf
##主节点的配置参数
port=29001
fork=true
dbpath=/home/middle/mongodb/data
logpath=/home/middle/mongodb/log/mongodb.log
pidfilepath=/home/middle/mongodb/run/29001.pid
logappend=true
shardsvr=true
replSet=repltest
bind_ip=192.168.1.169,127.0.0.1
oplogSize=10000 ##默认单位是MB
logRotate=reopen
##keyFile=/home/middle/mongodb/key/keyfile
##auth=true
##从节点的配置参数
port=29002
fork=true
dbpath=/home/middle/mongodb/data
logpath=/home/middle/mongodb/log/mongodb.log
pidfilepath=/home/middle/mongodb/run/29002.pid
logappend=true
shardsvr=true
replSet=repltest
bind_ip=192.168.1.170,127.0.0.1
oplogSize=10000
noprealloc=true
logRotate=reopen
##keyFile=/home/middle/mongodb/key/keyfile
##auth=true
##仲裁节点的配置参数
port=29003
fork=true
dbpath=/home/middle/mongodb_arbiter/data
logpath=/home/middle/mongodb/log/mongodb.log
pidfilepath=/home/middle/mongodb_arbiter/run/29003.pid
logappend=true
shardsvr=true
replSet=repltest
bind_ip=192.168.1.170,127.0.0.1
oplogSize=10000
noprealloc=true
logRotate=reopen
##keyFile=/home/middle/mongodb_arbiter/key/keyfile
##auth=true
这里keyFile和auth先注释,因为等部署完初始化完集群后再启用
5.启动
主节点启动:
192.168.1.169:29001
[root@test key]# /usr/local/services/mongodb/bin/mongod -f /home/middle/mongodb/conf/mongo.cnf
从节点启动:
192.168.1.170:29003
[root@test key]# /usr/local/services/mongodb/bin/mongod -f /home/middle/mongodb/conf/mongo.cnf
仲裁节点启动:
192.168.1.170:29003
[root@test key]# /usr/local/services/mongodb_arbiter/bin/mongod -f /home/middle/mongodb_arbiter/conf/mongo.cnf
6.初始化副本集
[root@localhost bin]# /usr/local/services/mongodb/bin/mongo 192.168.1.169:29001
use admin
config={_id:'repltest',members:[{_id:0,host:'192.168.1.169:29001'},{_id:1,host:'192.168.1.170:29002'},{_id:2,host:'192.168.1.170:29003', arbiterOnly:true}]}
rs.initiate(config)
到这里要是不需要带认证的副本集的化,就配置完成了,下面的部署我们继续配置带认证的
7.创建用户
在主节点上(我这里是节点1)上创建管理员账号test
[root@localhost bin]# /usr/local/services/mongodb/bin/mongo 192.168.1.169:29001
use admin
db.createUser({user:"test",pwd:"test",roles:["root"]}); --创建用户
db.auth("test","test123"); --设置用户登陆权限,密码一定要和创建用户时输入的密码相同
show users; --查看创建的用户
登录另外的两个节点,查看是否完成同步
[root@localhost bin]# /usr/local/services/mongodb/bin/mongo 192.168.1.170:29002
repltest:SECONDARY> use admin;
switched to db admin
repltest:SECONDARY> rs.slaveOk()
repltest:SECONDARY> show users;
repltest:SECONDARY> show users;show users;
{
"_id" : "admin.yeemiao",
"userId" : UUID("58744f4d-3568-410f-b9a8-d9992b135ed3"),
"user" : "yeemiao",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
仲裁节点是不存放数据的:
[root@localhost bin]# /usr/local/services/mongodb/bin/mongo 192.168.1.170:29003
repltest:ARBITER> use admin;
repltest:ARBITER> show users;
repltest:ARBITER>
8.关闭集群启用认证参数
采用localhost登录进行关闭数据库,每个节点操作一致,可以先停掉从库和仲裁节点再停主库
注意关闭顺序:
A:先关闭从节点、仲裁节点。或者先关闭仲裁节点,最后关闭从节点。则:主节点自动变为从节点
B:先关闭主节点,则从节点自动变为主节点,在仲裁节点关闭之前,新主节点不能关闭
[root@localhost bin]# /usr/local/services/mongodb/bin/mongo localhost:29002
repltest:ARBITER> use admin
switched to db admin
repltest:ARBITER> db.shutdownServer()
[root@localhost bin]# /usr/local/services/mongodb/bin/mongo localhost:29003
repltest:SECONDARY> use admin
repltest:SECONDARY> db.shutdownServer()
[root@pxc03 bin]# /usr/local/services/mongodb/bin/mongo localhost:29001
repltest:SECONDARY> use admin
repltest:SECONDARY> db.shutdownServer()
可以查看各进程是否存在
[root@localhost log]# ps -ef|grep mongo
9.修改配置文件启用认证
分别修改3个节点的配置文件,将之前注释的两行,启用
keyFile=/opt/mongodb3015/key/keyfile
auth = true
10.再次启动数据库
主节点启动:
192.168.1.169:29001
[root@test key]# /usr/local/services/mongodb/bin/mongod -f /home/middle/mongodb/conf/mongo.cnf
从节点启动:
192.168.1.170:29003
[root@test key]# /usr/local/services/mongodb/bin/mongod -f /home/middle/mongodb/conf/mongo.cnf
仲裁节点启动:
192.168.1.170:29003
[root@test key]# /usr/local/services/mongodb_arbiter/bin/mongod -f /home/middle/mongodb_arbiter/conf/mongo.cnf
登陆主库:
[root@test key]#/usr/local/services/mongodb/bin/mongo 192.168.1.169:29001
MongoDB shell version v4.2.9
connecting to: mongodb://192.168.1.169:29001/test?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("22b30c26-4edf-4312-bb2c-9e56cf5c5ecb") }
MongoDB server version: 4.2.9
repltest:PRIMARY> show databasesshow databases
repltest:PRIMARY> show dbsshow dbs
这时发现没有任何的输出的
repltest:PRIMARY> use admin
switched to db admin
repltest:PRIMARY> db.auth("test","test123");
1
repltest:PRIMARY> show databases;
admin 0.000GB
config 0.000GB
local 0.000GB
repltest:PRIMARY>
登陆从数据库
[root@test key]#/usr/local/services/mongodb/bin/mongo 192.168.1.170:29002
repltest:SECONDARY> rs.slaveOk()
repltest:SECONDARY> use admin
switched to db admin
repltest:SECONDARY> db.auth("test","test123");
1
repltest:SECONDARY> show databases;
admin 0.000GB
config 0.000GB
local 0.000GB
登陆仲裁节点
[root@test key]#/usr/local/services/mongodb/bin/mongo 192.168.1.170:29003
repltest:ARBITER> use admin
switched to db admin
repltest:ARBITER> db.auth("test","test123");
Error: Authentication failed.
0
登陆仲裁节点,仲裁节点是不存放数据库的,所以无法执行如下命令
12.创建普通账号,并写入记录
[root@test key]#/usr/local/services/mongodb/bin/mongo 192.168.1.169:29001
repltest:PRIMARY> use admin
switched to db admin
repltest:PRIMARY> db.auth("test","test123");
repltest:PRIMARY>use db_zhibo
repltest:PRIMARY>db.createUser({user:'threedev',pwd:'threedev123',roles:[{role:'dbOwner',db:'db_zhibo'}]})
重新退出使用threedev登陆
repltest:PRIMARY>use db_zhibo
repltest:PRIMARY>db.auth("threedev","threedev123")
repltest:PRIMARY>db.tb_test02.insert( {"name":"yiibai tutorials"})
repltest:PRIMARY> db.tb_test02.find();db.tb_test02.find();
