为mongodb3.4.24复制分片集群添加密码验证和systemctl管理文件
为mongodb3.4.24复制分片集群添加密码验证和systemctl管理文件
常用操作示例:
# 删除库
mongos> show dbs
admin 0.000GB
config 0.001GB
testdb 0.004GB
mongos> use testdb
switched to db testdb
mongos> show tables
table1
# 删除表
mongos> db.table1.drop()
true
mongos> show tables;
# 删除库
mongos> db.dropDatabase()
{ "dropped" : "testdb", "ok" : 1 }
mongos> show dbs;
admin 0.000GB
config 0.001GB
# 创建集群管理员 # mongos> use admin # db.createUser( { user:"admin", pwd:"pass", roles:[{role:"clusterAdmin",db:"admin"},{role:"clusterManager",db:"admin"},{role:"clusterMonitor",db:"admin"}] } ) db.createUser( { user:"root", pwd:"pass", roles:[{role:"readWriteAnyDatabase",db:"admin"},{role:"dbAdminAnyDatabase",db:"admin"},{role:"userAdminAnyDatabase",db:"admin"}] } ) 可以给用户赋予所有权限 admin mongos> db.grantRolesToUser( "admin" , [ { role: "dbOwner", db: "admin" },{ "role": "clusterAdmin", "db": "admin" }, ... { "role": "userAdminAnyDatabase", "db": "admin" }, ... { "role": "dbAdminAnyDatabase", "db": "admin" }, ... { role: "root", db: "admin" } ] ... ... )
Read:允许用户读取指定数据库
readWrite:允许用户读写指定数据库
dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户
clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。
readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。
root:只在admin数据库中可用。超级账号,超级权限
设置集群的密码
# 生成密码文件
cd /usr/local/mongodb/conf/
# -base64 生成的字符串不能超过1226,所以使用512
openssl rand -base64 512 > onlineimagemongo.key
chmod 600 /usr/local/mongodb/conf/onlineimagemongo.key
# 将生成的密码文件传输到其他两个节点
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.108:/usr/local/mongodb/conf/
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.110:/usr/local/mongodb/conf/
# 设置权限
chown mongo.mongo /usr/local/mongodb/conf/onlineimagemongo.key
# 修改配置
vim /usr/local/mongodb/conf/config.conf
auth=true
keyFile = /usr/local/mongodb/conf/onlineimagemongo.key
# vim /usr/local/mongodb/conf/mongos.conf
mongos/shard1/shard2/shard3.conf 配置都需要添加文件验证
keyFile = /usr/local/mongodb/conf/onlineimagemongo.key
后期优化:
添加systemctl命令对mongo程序进行管理
# 配置服务器的配置
# vim /etc/systemd/system/mongoconfig.service [Unit] Description=mongodb After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/config.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/config.conf PrivateTmp=true [Install] WantedBy=multi-user.target
# 分片的管理命令
# 分片的管理命令 [root@eus-image-design-mongo02:/etc/systemd/system]# cat shard1.service [Unit] Description=mongodb shard1 After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard1.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard1.conf PrivateTmp=true [Install] WantedBy=multi-user.target [root@eus-image-design-mongo02:/etc/systemd/system]# cat shard2.service [Unit] Description=mongodb shard2 After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard2.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard2.conf PrivateTmp=true [Install] WantedBy=multi-user.target [root@eus-image-design-mongo02:/etc/systemd/system]# cat shard3.service [Unit] Description=mongodb shard3 After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard3.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard3.conf PrivateTmp=true [Install] WantedBy=multi-user.target
# 路由的管理命令
# 路由的管理命令 [root@eus-image-design-mongo02:/etc/systemd/system]# cat mongos.service [Unit] Description=Mongo Router Service After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongos -f /usr/local/mongodb/conf/mongos.conf Restart=on-failure [Install] WantedBy=multi-user.target
# 要对一个服务一次启动,否则会起不来,或者启动的时候出问题
systemctl start shard1
systemctl start shards
systemctl start mongos
出问题记得查看对应服务的日志,如shar1: /data/mongodb/shard1/log/
# 添加开机自启动
systemctl enable shard1
systemctl enable shard2
systemctl enable shard3
systemctl enable mongoconfig
systemctl enable mongos
[mongo@eus-image-design-mongo01:/usr/local/mongodb/conf]$ mongo --port 20000
MongoDB shell version v3.4.24
connecting to: mongodb://127.0.0.1:20000/
MongoDB server version: 3.4.24
mongos> use admin
switched to db admin
mongos> db.auth('admin','pass')
1
使用mongo官方的gui工具连接的串
mongodb://admin:pass@1.1.1.1:20000/admin
# 管理员用户添加相关账号
> use school
> db.createUser({
user:"school",
pwd:"school2019",
roles:[{
role:"dbAdmin",
db:"school"
},{
role:"readWrite",
db:"school"
}]
})
# 管理员账号才能进行分片和配置
use admin
mongos> db.runCommand({enablesharding:"school"});
{ "ok" : 1 }
mongos> db.runCommand({shardcollection:"school.user",key:{id:1}})
{ "collectionsharded" : "school.user", "ok" : 1 }
使用普通用户school登录,写入数据并查询状态
use school
mongos> for(i=1;i<=1000;i++){db.user.insert({"id":i,"name":"jack"+i})}
WriteResult({ "nInserted" : 1 })
mongos> show tables;
user
mongos> db.user.stats()