1.環境準備:
* [ ] 系統centos7
* [ ] hosts1:172.16.168.131
* [ ] hosts2:172.16.168.128
* [ ] hosts3:172.16.168.151
2.下載mongodb最新的包:
```
wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-4.0.2.tgz
```
3.解壓縮
```
tar -xf mongodb-linux-x86_64-4.0.2.tgz
mv mongodb-linux-x86_64-4.0.2 /usr/loca/mongodb
```
4.配置環境配置
```
cat >> /etc/profile.d/mongo.sh<<EOF
export PATH=/usr/local/mongodb/bin:\$PATH
EOF
chmod +x /etc/profile.d/mongo.sh
source /etc/profile.d/mongo.sh
```
5.創建配置文件
```
mkdir -pv /usr/local/mongodb/conf
mkdir -pv /usr/local/mongodb/conf/keyfile
mkdir -pv /data/mongodb/{log,db}
chown -R mongodb:mongodb /usr/local/mongodb
chown -R mongodb:mongodb /data/mongodb
#cat >> /usr/local/mongodb/conf/mongodb.conf<<EOF
#數據目錄
dbpath=/data/mongodb/db
#日志路徑
logpath=/data/mongodb/log/mongodb.log
#以追加的方式寫日志
logappend=true
bind_ip=0.0.0.0
port=27017
#以守護進程啟動
fork=true
#nohttpinterface=true
#以安裝認證的方式運行
#auth=true
#副本集的名字
replSet=replset
#集群驗證模式
#clusterAuthMode=keyFile
#KeyFile鑒權文件
#keyFile=/usr/local/mongodb/conf/keyfile/keyfile
EOF
```
6.啟動mongodb
三臺分別啟動mongodb
```/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/mongodb.conf```
7.設置副本集
進入mongo
```
mongo
>config = {_id: 'replset', members: [{_id: 0, host: '172.16.168.131:27017'},{_id: 1, host: '172.16.168.128:27017'},{_id: 2, host:'172.16.168.131:27017'}]}
>rs.initiate(config)(初始化副本)
>rs.status()
>{
"set" : "replset",
"date" : ISODate("2018-09-03T12:40:34.633Z"),
"myState" : 1,
"term" : NumberLong(5),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"appliedOpTime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"durableOpTime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
}
},
"lastStableCheckpointTimestamp" : Timestamp(1535978401, 1),
"members" : [
{
"_id" : 0,
"name" : "192.168.11.243:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 8742,
"optime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDurable" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-09-03T12:40:31Z"),
"optimeDurableDate" : ISODate("2018-09-03T12:40:31Z"),
"lastHeartbeat" : ISODate("2018-09-03T12:40:33.801Z"),
"lastHeartbeatRecv" : ISODate("2018-09-03T12:40:34.104Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "192.168.11.245:27017",
"syncSourceHost" : "192.168.11.245:27017",
"syncSourceId" : 2,
"infoMessage" : "",
"configVersion" : 1
},
{
"_id" : 1,
"name" : "192.168.11.244:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 9721,
"optime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-09-03T12:40:31Z"),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"electionTime" : Timestamp(1535969609, 1),
"electionDate" : ISODate("2018-09-03T10:13:29Z"),
"configVersion" : 1,
"self" : true,
"lastHeartbeatMessage" : ""
},
{
"_id" : 2,
"name" : "192.168.11.245:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 9719,
"optime" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDurable" : {
"ts" : Timestamp(1535978431, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-09-03T12:40:31Z"),
"optimeDurableDate" : ISODate("2018-09-03T12:40:31Z"),
"lastHeartbeat" : ISODate("2018-09-03T12:40:33.769Z"),
"lastHeartbeatRecv" : ISODate("2018-09-03T12:40:33.896Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "192.168.11.244:27017",
"syncSourceHost" : "192.168.11.244:27017",
"syncSourceId" : 1,
"infoMessage" : "",
"configVersion" : 1
}
],
"ok" : 1,
"operationTime" : Timestamp(1535978431, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1535978431, 1),
"signature" : {
"hash" : BinData(0,"Sn6fHpWmPt3IZZk+8O52KP5tJ90="),
"keyId" : NumberLong("6596905552876404738")
}
}
}
```
出現上面的字段則可以說明成功了,PRIMARY字段代表主,SECONDARY字段代表從
進入各個實例可以看到命令提示符,
8.配置副本集的用戶、密碼
#創建副本集認證用戶: admin
```
replset:PRIMARY> use admin
replset:PRIMARY> db.createUser({user:"admin", pwd:"O5uiRDdJ", roles:[{role: "userAdminAnyDatabase", db:"admin" }]})
```
#創建普通數據庫mongo、用戶mongo,并給予該庫的所有權限
```
replset:PRIMARY> db.auth(“admin”,” O5uiRDdJ”)
replset:PRIMARY> use mongo
replset:PRIMARY> db.createuser({user:”mongo”,pwd:”mongo”,roles:[{role:”dbOwner”,db:”mongo”}]})
```
生產環境可以通過連接驗證
```# mongo 192.168.11.244:27017/mongo –u mongo –p mongo```
9.配置副本集的KeyFile安全鑒權
創建副本集認證key文件,三個節點要用同一份keyfile文件
```
# openssl rand –base64 32 > keyfile
# chmod 600 keyfile
# cp keyfile /usr/local/mongdb/conf/keyfile/keyfile
```
關閉副本集:分別關閉每個節點mongodb
```
mongo
replset:PRIMARY> use admin
replset:PRIMARY> db.shutdownServer()
```
編輯配置文件,將認證打開
```
# vim /usr/local/mongodb/conf/mongodb.conf
#開啟認證
auth=true
#開啟集群驗證模式
clusterAuthMode=keyFile
#KeyFile鑒權文件
keyFile=/usr/local/mongodb/conf/keyfile
```
重啟副本集
```/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/mongodb.conf```
10.配置開機自啟動
``` echo “/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/mongodb.conf” >> /etc/rc.local ```
測試將primary機器中斷,會發現一臺secondary自動提升為primary
replset:SECONDARY> rs.status()
{
* 附錄
* 1、創建數據庫的用戶角色:
* role角色
* 數據庫用戶角色:read、readWrite;
* 數據庫管理角色:dbAdmin、dbOwner、userAdmin;
* 集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
* 備份恢復角色:backup、restore;
* 所有數據庫角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
* 超級用戶角色:root
* 內部角色:__system
* 角色說明
* read:允許用戶讀取指定數據庫
* readWrite:允許用戶讀寫指定數據庫
* dbAdmin:允許用戶在指定數據庫中執行管理函數,如索引創建、刪除,查看統計或訪問system.profile
* userAdmin:允許用戶向system.users集合寫入,可以找指定數據庫里創建、刪除和管理用戶
* clusterAdmin:只在admin數據庫中可用,賦予用戶所有分片和復制集相關函數的管理權限。
* readAnyDatabase:只在admin數據庫中可用,賦予用戶所有數據庫的讀權限
* readWriteAnyDatabase:只在admin數據庫中可用,賦予用戶所有數據庫的讀寫權限
* userAdminAnyDatabase:只在admin數據庫中可用,賦予用戶所有數據庫的userAdmin權限
* dbAdminAnyDatabase:只在admin數據庫中可用,賦予用戶所有數據庫的dbAdmin權限。
* root:只在admin數據庫中可用。超級賬號,超級權限
* dbOwner: readWrite + dbAdmin + dbAdmin
