mongodb的学习-3-在Mac上的安装配置
1.使用homebrew安装:
brew install mongodb
查看安装好的版本:
mongo --version
MongoDB shell version v3.6.4 git version: d0181a711f7e7f39e60b5aeb1dc7097bf6ae5856 OpenSSL version: OpenSSL 1.0.2o 27 Mar 2018 allocator: system modules: none build environment: distarch: x86_64 target_arch: x86_64
2.然后创建数据文件:
1)进入根目录
cd /
2)创建目录(-p是创建多个文件目录使用的参数)
mkdir -p /data/db
3)设置权限,并输入用户密码
首先使用ls -l先查看权限:
drwxr-xr-x 3 root wheel 96 4 27 2018 data
然后进行权限的更改(-R表示对目录进行递归操作,就是data目录下的子文件也设置该权限):
sudo chmod -R 777 /data
变为:
drwxrwxrwx 3 root wheel 96 4 27 2018 data
3.实现开机自启动
1)设置plist文件
userdeMacBook-Pro:~ user$ which mongod
/usr/local/bin/mongod
然后找到上面的mongod执行文件,右键-显示简介,可以得到该执行文件的原始位置,用来得到安装的mongodb的目录:
/usr/local/Cellar/mongodb/3.6.4/bin/mongod
然后来到/usr/local/Cellar/mongodb/3.6.4/目录下可以看见homebrew.mxcl.mongodb.plist文件:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>homebrew.mxcl.mongodb</string> <key>ProgramArguments</key> <array> <string>/usr/local/opt/mongodb/bin/mongod</string> <string>--config</string> <string>/usr/local/etc/mongod.conf</string> </array> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <false/> <key>WorkingDirectory</key> <string>/usr/local</string> <key>StandardErrorPath</key> <string>/usr/local/var/log/mongodb/output.log</string> <key>StandardOutPath</key> <string>/usr/local/var/log/mongodb/output.log</string> <key>HardResourceLimits</key> <dict> <key>NumberOfFiles</key> <integer>4096</integer> </dict> <key>SoftResourceLimits</key> <dict> <key>NumberOfFiles</key> <integer>4096</integer> </dict> </dict> </plist>
修改部分:
<key>Label</key> <string>mongodb</string> //改 <key>ProgramArguments</key> <array> <string>/usr/local/Cellar/mongodb/3.6.4/bin/mongod</string> //改 </array>
并修改文件名为mongodb.plist,然后将其复制到:
userdeMacBook-Pro:~ user$ cp mongodb.plist /Library/LaunchDaemons/ cp: /Library/LaunchDaemons/mongodb.plist: Permission denied userdeMacBook-Pro:~ user$ sudo cp mongodb.plist /Library/LaunchDaemons/ Password:
该文件所在位置为:
/Library/LaunchDaemons/mongodb.plist
⚠️该目录与~/Library/LaunchDaemons/和/System/Library/LaunchDaemons/是不同的
Launch
| 文件名 | 启动类型 |
|---|---|
| LaunchDaemons | 用户未登陆前就启动的服务(守护进程) |
| LaunchAgents | 用户登陆后启动的服务(守护进程) |
文件路径
/System/Library/?目录是存放Apple自己开发的软件/Library/?目录是系统管理员存放的第三方软件~/Library/?目录是用户自己存放的第三方软件
提示:由于mongod可执行文件是第三方软件,所以放到~/Library目录或者/Library/?目录,当然在这里我存放到了系统管理员存放的第三方软件。?可以是LaunchDaemons或者LaunchAgents。
2)启动服务
启动服务(这样以后你一开机,mongodb的服务器就打开了)
userdeMacBook-Pro:~ user$ sudo launchctl load -w /Library/LaunchDaemons/mongodb.plist
Password:
然后启动,但是会有一些警告:
userdeMacBook-Pro:~ user$ mongo MongoDB shell version v3.6.4 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.6.4 Server has startup warnings: 2018-11-30T11:28:36.449+0800 I CONTROL [initandlisten] 2018-11-30T11:28:36.449+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2018-11-30T11:28:36.449+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] ** WARNING: This server is bound to localhost. 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] ** Remote systems will be unable to connect to this server. 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] ** Start the server with --bind_ip <address> to specify which IP 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] ** addresses it should serve responses from, or with --bind_ip_all to 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] ** bind to all interfaces. If this behavior is desired, start the 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] ** server with --bind_ip 127.0.0.1 to disable this warning. 2018-11-30T11:28:36.450+0800 I CONTROL [initandlisten] >
之前在homebrew.mxcl.mongodb.plist文件的ProgramArguments部署中删掉了内容:
<string>--config</string> <string>/usr/local/etc/mongod.conf</string>
/usr/local/etc/mongod.conf文件内容为,一部分内容与警告是符合的:
systemLog: destination: file path: /usr/local/var/log/mongodb/mongo.log logAppend: true storage: dbPath: /usr/local/var/mongodb 改为/data/db net: bindIp: 127.0.0.1
将这个部署放回mongodb.plist文件,然后关闭服务,开启服务
然后再运行mongo,可见错误少了一些
Server has startup warnings: 2018-11-30T14:23:34.231+0800 I CONTROL [initandlisten] 2018-11-30T14:23:34.231+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2018-11-30T14:23:34.231+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2018-11-30T14:23:34.231+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2018-11-30T14:23:34.231+0800 I CONTROL [initandlisten]
解决办法就是在mongod.conf上添加:
security: authorization: enabled javascriptEnabled: true setParameter: enableLocalhostAuthBypass: true authenticationMechanisms: SCRAM-SHA-1
更多详细的内容可以看https://www.jianshu.com/p/f9f1454f251f
然后关闭再开启服务,运行,就不再有错误了:
userdeMacBook-Pro:~ user$ mongo MongoDB shell version v3.6.4 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.6.4 >
关闭服务
sudo launchctl unload -w /Library/LaunchDaemons/mongodb.plist
如果你关闭了服务,再访问mongo时,返回:
userdeMacBook-Pro:~ user$ mongo
MongoDB shell version v3.6.4 connecting to: mongodb://127.0.0.1:27017 2018-11-30T11:38:41.753+0800 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: Connection refused 2018-11-30T11:38:41.760+0800 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed : connect@src/mongo/shell/mongo.js:251:13 @(connect):1:6 exception: connect failed
4.
当然你也可以不用使用上面的开机自启动,可以自己使用mongodb来配置服务器并打开
但是这个时候我们运行mongod去开启服务器时,出现了问题:
2018-11-30T15:03:31.081+0800 E STORAGE [initandlisten] WiredTiger error (13) [1543561411:81460][1401:0x1188695c0], file:WiredTiger.wt, connection: /data/db/WiredTiger.turtle: handle-open: open: Permission denied
2018-11-30T15:05:52.154+0800 E STORAGE [initandlisten] WiredTiger error (13) [1543561552:154095][1402:0x1196205c0], file:WiredTiger.wt, connection: /data/db/WiredTiger.turtle: handle-open: open: Permission denied
可以看出来是这两个文件的权限问题,然后去查看:
userdeMacBook-Pro:db user$ ls -l
total 696
-rwxrwxrwx 1 root wheel 48 4 27 2018 WiredTiger
-rwxrwxrwx 1 root wheel 21 4 27 2018 WiredTiger.lock
-rw------- 1 root wheel 1069 11 30 14:55 WiredTiger.turtle
-rwxrwxrwx 1 root wheel 45056 11 30 14:55 WiredTiger.wt
进行更改,当然,在运行一遍sudo chmod -R 777 /data也行:
userdeMacBook-Pro:db user$ sudo chmod -R 777 ./WiredTiger.turtle
Password:
userdeMacBook-Pro:db user$ sudo chmod -R 777 ./WiredTigerLAS.wt
再运行就成功了:
这时候跟之前一样有警告信息,解决
1)
2018-11-30T15:26:24.360+0800 I CONTROL [initandlisten] ** WARNING: This server is bound to localhost. 2018-11-30T15:26:24.360+0800 I CONTROL [initandlisten] ** Remote systems will be unable to connect to this server. 2018-11-30T15:26:24.360+0800 I CONTROL [initandlisten] ** Start the server with --bind_ip <address> to specify which IP 2018-11-30T15:26:24.360+0800 I CONTROL [initandlisten] ** addresses it should serve responses from, or with --bind_ip_all to 2018-11-30T15:26:24.360+0800 I CONTROL [initandlisten] ** bind to all interfaces. If this behavior is desired, start the 2018-11-30T15:26:24.360+0800 I CONTROL [initandlisten] ** server with --bind_ip 127.0.0.1 to disable this warning.
解决-添加--bind_ip 127.0.0.1:
userdeMBP:~ user$ mongod --bind_ip 127.0.0.1
2)WARNING: soft rlimits too low. Number of files is 256, should be at least 10
userdeMBP:test-sequelize user$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files (-n) 256 pipe size (512 bytes, -p) 1 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 1418 virtual memory (kbytes, -v) unlimited
更改:
userdeMBP:test-sequelize user$ ulimit -n 1024 userdeMBP:test-sequelize user$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 1 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 1418 virtual memory (kbytes, -v) unlimited
3)WARNING: Access control is not enabled for the database.
首先开启访问控制(--auth)
当然,你要现在没有开启访问控制时进行用户的添加:
这样就创建好一个超级管理员用户,创建全局用户或者超级用户,需要在MongoDB的admin数据库中创建(在其他库也可以创建,但是没有该角色功能)
重启mongod进程后:
mongod --auth --bind_ip 127.0.0.1
接下来做一下权限的验证:
userdeMBP:~ user$ mongo MongoDB shell version v3.6.4 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.6.4 > show dbs 2018-11-30T16:11:13.704+0800 E QUERY [thread1] Error: listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, $db: \"admin\" }", "code" : 13, "codeName" : "Unauthorized" } :
可见不能直接操作了
测试之前添加的用户:
> use admin switched to db admin > show dbs 2018-11-30T16:12:00.963+0800 E QUERY [thread1] Error: listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, $db: \"admin\" }", "code" : 13, "codeName" : "Unauthorized" } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 Mongo.prototype.getDBs@src/mongo/shell/mongo.js:65:1 shellHelper.show@src/mongo/shell/utils.js:820:19 shellHelper@src/mongo/shell/utils.js:710:15 @(shellhelp2):1:1 > db.auth('user','user') Error: Authentication failed. 0 > use test switched to db test > show dbs 2018-11-30T16:13:59.639+0800 E QUERY [thread1] Error: listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, $db: \"admin\" }", "code" : 13, "codeName" : "Unauthorized" } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 Mongo.prototype.getDBs@src/mongo/shell/mongo.js:65:1 shellHelper.show@src/mongo/shell/utils.js:820:19 shellHelper@src/mongo/shell/utils.js:710:15 @(shellhelp2):1:1 > db.auth('user','user') 1 > show dbs admin 0.000GB config 0.000GB local 0.000GB >
⚠️:这里admin数据库没能成功认证用户的原因是我上面生成用户的时候忘记进入admin数据库了,所以其实生成出来的用户是test数据库的,但是大家大概知道这个意思即可
MongoDB数据库的用户权限控制权限还是比较多的,有系统自带的,已经定义好的角色,也可以自己定义角色权限,需要根据业务需要进行权限分配:
自带角色的说明(一般内置的角色基本上就可以满足生产环境需求了):
https://docs.mongodb.org/manual/core/security-built-in-roles/
用户自行定义角色的说明:
https://docs.mongodb.org/manual/core/security-user-defined-roles/
用户管理配置的说明
https://docs.mongodb.org/manual/reference/method/#user-management-methods
