1.环境准备:
* [ ] 系统centos7
* [ ] hosts1:172.16.168.131
* [ ] hosts2:172.16.168.128
* [ ] hosts3:172.16.168.151
2.下载mongodb最新的包:
```
wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-4.0.2.tgz
```
3.解压缩
```
tar -xf mongodb-linux-x86_64-4.0.2.tgz
mv mongodb-linux-x86_64-4.0.2 /usr/loca/mongodb
```
4.配置环境配置
```
cat >> /etc/profile.d/mongo.sh<<EOF
export PATH=/usr/local/mongodb/bin:\$PATH
EOF
chmod +x /etc/profile.d/mongo.sh
source /etc/profile.d/mongo.sh
```
5.创建配置文件
```
mkdir -pv /usr/local/mongodb/conf
mkdir -pv /usr/local/mongodb/conf/keyfile
mkdir -pv /data/mongodb/{log,db}
chown -R mongodb:mongodb /usr/local/mongodb
chown -R mongodb:mongodb /data/mongodb
#cat >> /usr/local/mongodb/conf/mongodb.conf<<EOF
#数据目录
dbpath=/data/mongodb/db
#日志路径
logpath=/data/mongodb/log/mongodb.log
#以追加的方式写日志
logappend=true
bind_ip=0.0.0.0
port=27017
#以守护进程启动
fork=true
#nohttpinterface=true
#以安装认证的方式运行
#auth=true
#副本集的名字
replSet=replset
#集群验证模式
#clusterAuthMode=keyFile
#KeyFile鉴权文件
#keyFile=/usr/local/mongodb/conf/keyfile/keyfile
EOF
```
6.启动mongodb
三台分别启动mongodb
```/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/mongodb.conf```
7.设置副本集
进入mongo
```
mongo
>config = {_id: 'replset', members: [{_id: 0, host: '172.16.168.131:27017'},{_id: 1, host: '172.16.168.128:27017'},{_id: 2, host:'172.16.168.131:27017'}]}
>rs.initiate(config)(初始化副本)
>rs.status()
>{
"set" : "replset",
"date" : ISODate("2018-09-03T12:40:34.633Z"),
"myState" : 1,
"term" : NumberLong(5),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"appliedOpTime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"durableOpTime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
}
},
"lastStableCheckpointTimestamp" : Timestamp(1535978401, 1),
"members" : [
{
"_id" : 0,
"name" : "192.168.11.243:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 8742,
"optime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDurable" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-09-03T12:40:31Z"),
"optimeDurableDate" : ISODate("2018-09-03T12:40:31Z"),
"lastHeartbeat" : ISODate("2018-09-03T12:40:33.801Z"),
"lastHeartbeatRecv" : ISODate("2018-09-03T12:40:34.104Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "192.168.11.245:27017",
"syncSourceHost" : "192.168.11.245:27017",
"syncSourceId" : 2,
"infoMessage" : "",
"configVersion" : 1
},
{
"_id" : 1,
"name" : "192.168.11.244:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 9721,
"optime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-09-03T12:40:31Z"),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"electionTime" : Timestamp(1535969609, 1),
"electionDate" : ISODate("2018-09-03T10:13:29Z"),
"configVersion" : 1,
"self" : true,
"lastHeartbeatMessage" : ""
},
{
"_id" : 2,
"name" : "192.168.11.245:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 9719,
"optime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDurable" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-09-03T12:40:31Z"),
"optimeDurableDate" : ISODate("2018-09-03T12:40:31Z"),
"lastHeartbeat" : ISODate("2018-09-03T12:40:33.769Z"),
"lastHeartbeatRecv" : ISODate("2018-09-03T12:40:33.896Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "192.168.11.244:27017",
"syncSourceHost" : "192.168.11.244:27017",
"syncSourceId" : 1,
"infoMessage" : "",
"configVersion" : 1
}
],
"ok" : 1,
"operationTime" : Timestamp(1535978431, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1535978431, 1),
"signature" : {
"hash" : BinData(0,"Sn6fHpWmPt3IZZk+8O52KP5tJ90="),
"keyId" : NumberLong("6596905552876404738")
}
}
}
```
出现上面的字段则可以说明成功了,PRIMARY字段代表主,SECONDARY字段代表从
进入各个实例可以看到命令提示符,
8.配置副本集的用户、密码
#创建副本集认证用户: admin
```
replset:PRIMARY> use admin
replset:PRIMARY> db.createUser({user:"admin", pwd:"O5uiRDdJ", roles:[{role: "userAdminAnyDatabase", db:"admin" }]})
```
#创建普通数据库mongo、用户mongo,并给予该库的所有权限
```
replset:PRIMARY> db.auth(“admin”,” O5uiRDdJ”)
replset:PRIMARY> use mongo
replset:PRIMARY> db.createuser({user:”mongo”,pwd:”mongo”,roles:[{role:”dbOwner”,db:”mongo”}]})
```
生产环境可以通过连接验证
```# mongo 192.168.11.244:27017/mongo –u mongo –p mongo```
9.配置副本集的KeyFile安全鉴权
创建副本集认证key文件,三个节点要用同一份keyfile文件
```
# openssl rand –base64 32 > keyfile
# chmod 600 keyfile
# cp keyfile /usr/local/mongdb/conf/keyfile/keyfile
```
关闭副本集:分别关闭每个节点mongodb
```
mongo
replset:PRIMARY> use admin
replset:PRIMARY> db.shutdownServer()
```
编辑配置文件,将认证打开
```
# vim /usr/local/mongodb/conf/mongodb.conf
#开启认证
auth=true
#开启集群验证模式
clusterAuthMode=keyFile
#KeyFile鉴权文件
keyFile=/usr/local/mongodb/conf/keyfile
```
重启副本集
```/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/mongodb.conf```
10.配置开机自启动
``` echo “/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/mongodb.conf” >> /etc/rc.local ```
测试将primary机器中断,会发现一台secondary自动提升为primary
replset:SECONDARY> rs.status()
{
* 附录
* 1、创建数据库的用户角色:
* role角色
* 数据库用户角色:read、readWrite;
* 数据库管理角色:dbAdmin、dbOwner、userAdmin;
* 集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
* 备份恢复角色:backup、restore;
* 所有数据库角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
* 超级用户角色:root
* 内部角色:__system
* 角色说明
* read:允许用户读取指定数据库
* readWrite:允许用户读写指定数据库
* dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
* userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户
* clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。
* readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
* readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
* userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
* dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。
* root:只在admin数据库中可用。超级账号,超级权限
* dbOwner: readWrite + dbAdmin + dbAdmin
