为mongodb3.4.24复制分片集群添加密码验证和systemctl管理文件

为mongodb3.4.24复制分片集群添加密码验证和systemctl管理文件

 

常用操作示例:
# 删除库
mongos> show dbs
admin   0.000GB
config  0.001GB
testdb  0.004GB
mongos> use testdb
switched to db testdb
mongos> show tables
table1
# 删除表
mongos> db.table1.drop()
true
mongos> show tables;
# 删除库
mongos> db.dropDatabase()
{ "dropped" : "testdb", "ok" : 1 }
mongos> show dbs;
admin   0.000GB
config  0.001GB

 

# 创建集群管理员
# mongos> use admin
# 
db.createUser(
    {
        user:"admin",
        pwd:"pass",
        roles:[{role:"clusterAdmin",db:"admin"},{role:"clusterManager",db:"admin"},{role:"clusterMonitor",db:"admin"}]
    }
)


db.createUser(

{
    user:"root",
    pwd:"pass",
    roles:[{role:"readWriteAnyDatabase",db:"admin"},{role:"dbAdminAnyDatabase",db:"admin"},{role:"userAdminAnyDatabase",db:"admin"}]
    }

)


可以给用户赋予所有权限 admin
mongos> db.grantRolesToUser( "admin" , [ { role: "dbOwner", db: "admin" },{ "role": "clusterAdmin", "db": "admin" },
... { "role": "userAdminAnyDatabase", "db": "admin" },
... { "role": "dbAdminAnyDatabase", "db": "admin" },
... { role: "root", db: "admin" } ]
... 
... )

Read:允许用户读取指定数据库
readWrite:允许用户读写指定数据库
dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户
clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。
readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。
root:只在admin数据库中可用。超级账号,超级权限

 

设置集群的密码

# 生成密码文件
cd /usr/local/mongodb/conf/
# -base64 生成的字符串不能超过1226,所以使用512
openssl rand -base64 512 > onlineimagemongo.key
chmod 600 /usr/local/mongodb/conf/onlineimagemongo.key

# 将生成的密码文件传输到其他两个节点
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.108:/usr/local/mongodb/conf/
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.110:/usr/local/mongodb/conf/

 

# 设置权限
chown mongo.mongo /usr/local/mongodb/conf/onlineimagemongo.key

# 修改配置
vim /usr/local/mongodb/conf/config.conf

auth=true
keyFile = /usr/local/mongodb/conf/onlineimagemongo.key


# vim /usr/local/mongodb/conf/mongos.conf

mongos/shard1/shard2/shard3.conf 配置都需要添加文件验证

keyFile = /usr/local/mongodb/conf/onlineimagemongo.key

 

后期优化:
添加systemctl命令对mongo程序进行管理

# 配置服务器的配置

 

# vim /etc/systemd/system/mongoconfig.service 
[Unit]
Description=mongodb
After=network.target remote-fs.target nss-lookup.target

[Service]  
Type=forking
User=mongo
Group=mongo
ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/config.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/config.conf
PrivateTmp=true

[Install]
WantedBy=multi-user.target

# 分片的管理命令

# 分片的管理命令
[root@eus-image-design-mongo02:/etc/systemd/system]# cat shard1.service 
[Unit]
Description=mongodb shard1
After=network.target remote-fs.target nss-lookup.target

[Service]  
Type=forking
User=mongo
Group=mongo
ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard1.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard1.conf
PrivateTmp=true

[Install]
WantedBy=multi-user.target


[root@eus-image-design-mongo02:/etc/systemd/system]# cat shard2.service 
[Unit]
Description=mongodb shard2
After=network.target remote-fs.target nss-lookup.target

[Service]  
Type=forking
User=mongo
Group=mongo
ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard2.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard2.conf
PrivateTmp=true

[Install]
WantedBy=multi-user.target


[root@eus-image-design-mongo02:/etc/systemd/system]# cat shard3.service 
[Unit]
Description=mongodb shard3
After=network.target remote-fs.target nss-lookup.target

[Service]  
Type=forking
User=mongo
Group=mongo
ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/shard3.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/shard3.conf
PrivateTmp=true

[Install]
WantedBy=multi-user.target

# 路由的管理命令

# 路由的管理命令
[root@eus-image-design-mongo02:/etc/systemd/system]# cat mongos.service 
[Unit]
Description=Mongo Router Service
After=network.target remote-fs.target nss-lookup.target

[Service]  
Type=forking
User=mongo
Group=mongo
ExecStart=/usr/local/mongodb/bin/mongos -f /usr/local/mongodb/conf/mongos.conf
Restart=on-failure

[Install]
WantedBy=multi-user.target

# 要对一个服务一次启动,否则会起不来,或者启动的时候出问题
systemctl start shard1
systemctl start shards
systemctl start mongos

出问题记得查看对应服务的日志,如shar1: /data/mongodb/shard1/log/

# 添加开机自启动
systemctl enable shard1
systemctl enable shard2
systemctl enable shard3
systemctl enable mongoconfig
systemctl enable mongos


[mongo@eus-image-design-mongo01:/usr/local/mongodb/conf]$ mongo --port 20000
MongoDB shell version v3.4.24
connecting to: mongodb://127.0.0.1:20000/
MongoDB server version: 3.4.24
mongos> use admin
switched to db admin
mongos> db.auth('admin','pass')
1

使用mongo官方的gui工具连接的串
mongodb://admin:pass@1.1.1.1:20000/admin

# 管理员用户添加相关账号


> use school
> db.createUser({
    user:"school",
    pwd:"school2019",
    roles:[{
        role:"dbAdmin",
        db:"school"
    },{
        role:"readWrite",
        db:"school"
    }]
})

# 管理员账号才能进行分片和配置
use admin
mongos> db.runCommand({enablesharding:"school"});
{ "ok" : 1 }
mongos> db.runCommand({shardcollection:"school.user",key:{id:1}})
{ "collectionsharded" : "school.user", "ok" : 1 }


使用普通用户school登录,写入数据并查询状态
use school
mongos> for(i=1;i<=1000;i++){db.user.insert({"id":i,"name":"jack"+i})}
WriteResult({ "nInserted" : 1 })
mongos> show tables;
user
mongos> db.user.stats()

posted @ 2020-08-07 22:19  reblue520  阅读(305)  评论(0编辑  收藏  举报