centos7环境下安装mongodb3.4.24主从复制集群并设置密码
centos7环境下安装mongodb3.4.24主从复制集群并设置密码
1.安装mongodb
添加运行mongodb的用户mongo,避免直接使用root带来安全隐患
groupadd -g 1608 mongo
useradd -u 1608 -g mongo mongo
#下载源码包
wget http://downloads.mongodb.org/linux/mongodb-linux-x86_64-rhel70-3.4.24.tgz
#解压源码包
tar -xf mongodb-linux-x86_64-rhel70-3.4.24.tgz -C /usr/local/
#准备mongodb 配置文件
mkdir /data/mongodb/{data,logs} -p
mkdir /usr/local/mongodb/conf
2.部署 master 节点
# vim /usr/local/mongodb/conf/mongod.conf
#端口号 port=27017 bind_ip=172.16.0.233 #数据目录 dbpath=/data/mongodb/data # 从节点同步日志大小,类似mysql 的 binlog 20G oplogSize=20480 #日志目录 logpath=/data/mongodb/logs/mongodb.log #日志文件追加 logappend=true #如果设置为 true, 同步到 journal (在提交到数据库前写入到实体中). 应用于 safe=true journal=true #以守护进程的方式运行MongoDB,创建服务器进程 fork=true #内存分配 wiredTigerCacheSizeGB=4 #auth=true #为master 节点 master=true
3.部署 slave 节点
#准备mongodb 配置文件
mkdir /data/mongodb/{data,logs} -p
# vim /usr/local/mongodb/conf/mongod.conf
port=27017 bind_ip=172.16.0.234 dbpath=/data/mongodb/data logpath=/data/mongodb/logs/mongodb.log oplogSize=20480 logappend=true journal=true fork=true wiredTigerCacheSizeGB=4 source=172.16.0.233:27017 #指定主节点 #auth=true slave=true #从节点 autoresync=true
4.使用systemctl管理服务
chown -R mongo.mongo /usr/local/mongodb/ chown -R mongo.mongo /usr/local/mongodb-linux-x86_64-rhel70-3.4.24 chown -R mongo.mongo /data/mongodb
# vim /etc/systemd/system/mongodb.service
[Unit] Description=mongodb After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/mongod.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/mongod.conf PrivateTmp=true [Install] WantedBy=multi-user.target
# 启动服务
systemctl start mongodb
systemctl enable mongodb
# 查看日志是否正常
tail -f /data/mongodb/logs/mongodb.log
5.检查同步情况
> db.printReplicationInfo()
检查主从配置是否正常
mongo --host 172.16.0.233 --port 27017
# 从库连接 [root@eus_influenex_es02:/etc/systemd/system]# mongo --host 172.16.0.234 --port 27017 MongoDB shell version v3.4.24 connecting to: mongodb://172.16.0.234:27017/ MongoDB server version: 3.4.24 Server has startup warnings: 2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] 2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] > > > > db.printReplicationInfo() this is a slave, printing slave replication info. source: 172.16.0.233:27017 syncedTo: Fri Jul 16 2021 15:59:23 GMT+0800 (CST) 2 secs (0 hrs) behind the freshest member (no primary available at the moment)
6.设置admin管理员账号信息
use admin db.createUser( { user:"admin", pwd:"pass", roles:[{role:"clusterAdmin",db:"admin"},{role:"clusterManager",db:"admin"},{role:"clusterMonitor",db:"admin"}] } )
7.开启设置鉴权
# 生成密码文件
cd /usr/local/mongodb/conf/
# -base64 生成的字符串不能超过1226,所以使用512
openssl rand -base64 512 > onlineimagemongo.key chmod 600 /usr/local/mongodb/conf/onlineimagemongo.key
# 将生成的密码文件传输到slave节点
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.108:/usr/local/mongodb/conf/
# 设置权限
chown mongo.mongo /usr/local/mongodb/conf/onlineimagemongo.key
# 修改配置
vim /usr/local/mongodb/conf/mongod.conf
auth=true keyFile = /usr/local/mongodb/conf/onlineimagemongo.key
# 重启数据库让鉴权配置生效
systemctl restart mongodb