Linux下单节点MongoDB安装配置

1、下载所需版本

进入MongoDB官网下载页面,个人认为社区版能够满足需求

https://www.mongodb.com/download-center?jmp=nav#community

我的虚拟机装的是CentOS7,所以选择“Linux 64-bit legacy x64”,然后点击“All Version Binaries”,选择满足需求的版本;我下载的是“mongodb-linux-x86_64-3.4.10.tgz”;

Linux下单节点MongoDB安装配置_第1张图片

2、启动前准备工作

2.1 使用“Bitvise SSH Client”或者“XShell”等工具,将下载好的安装包上传到Linux服务器上,我选择的路径是“/data2/”

2.2 解压缩并重命名,一定以root登录,否则没有权限,不能正确解压缩

[root@localhost data2]# cd /data2/
[root@localhost data2]# tar -zxvf mongodb-linux-x86_64-3.4.10.tgz
[root@localhost data2]# mv mongodb-linux-x86_64-3.4.10 mongodb-3.4.10

2.3 新建配置文件

[root@localhost data2]# mkdir conf/
[root@localhost data2]# cd /data2/conf/
[root@localhost conf]# vim mongodb.conf

配置文件内容

# 使用demon形式启动
fork = true
# 以27017端口启动,此端口为默认配置,可省略
port = 27017
# 日志不在终端输出而是进入log
quiet = true
# 数据目录配置
dbpath = /data2/mongodb
# 日志文件存放位置
logpath = /data2/mongodb/log/mongo.log
# 以追加方式记录日志
logappend = true

2.4 创建文件夹,用于存放数据以及日志;如果不创建好文件夹,mongodb启动时会报错并退出;

[root@localhost data2]# mkdir -p /data2/mongodb/log/

2.5 新建mongodb用户及mongodb用户组

[root@localhost data2]# groupadd mongodb
[root@localhost data2]# useradd mongodb -m -d /home/mongodb -g mongodb

2.6 把mongodb相关的文件夹都赋予mongodb用户所有权限

修改前

[root@localhost data2]# pwd
/data2
[root@localhost data2]# ll
total 84764
drwxr-xr-x. 2 root root       26 May 16 10:18 conf
drwxr-xr-x. 3 root root       17 May 16 10:21 mongodb
drwxr-xr-x. 3 root root       91 May 15 17:42 mongodb-3.4.10
-rw-r--r--. 1 root root 86794614 May 15 14:47 mongodb-linux-x86_64-3.4.10.tgz

修改命令

[root@localhost data2]# chown -R mongodb:mongodb /data2/conf
[root@localhost data2]# chown -R mongodb:mongodb /data2/mongodb
[root@localhost data2]# chown -R mongodb:mongodb /data2/mongodb-3.4.10

修改后

[root@localhost data2]# ll
total 84764
drwxr-xr-x. 2 mongodb mongodb       26 May 16 10:18 conf
drwxr-xr-x. 3 mongodb mongodb       17 May 16 10:21 mongodb
drwxr-xr-x. 3 mongodb mongodb       91 May 15 17:42 mongodb-3.4.10
-rw-r--r--. 1 root    root    86794614 May 15 14:47 mongodb-linux-x86_64-3.4.10.tgz

3、不启用身份验证启动mongodb服务

在MongoDB部署中,首先要创建一个管理员用户,有两种方式:在启用身份验证之前或在启用验证身份之后,本例中在启用身份验证之前创建管理员用户,赋予最高权限;

3.1 启动服务

切换为mongodb用户,启动服务

[root@localhost data2]# su mongodb
[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 4264
child process started successfully, parent exiting
看到“successfully”字样证明启动成功;

3.2 查看日志文件 /data2/mongodb/log/mongo.log

2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten] MongoDB starting : pid=4264 port=27017 dbpath=/data2/mongodb 64-bit host=localhost.localdomain
2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten] db version v3.4.10
2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten] git version: 078f28920cb24de0dd479b5ea6c66c644f6326e9
2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten] allocator: tcmalloc
2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten] modules: none
2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten] build environment:
2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten]     distarch: x86_64
2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten]     target_arch: x86_64
2018-05-16T10:37:20.422+0800 I CONTROL  [initandlisten] options: { config: "/data2/conf/mongodb.conf", net: { port: 27017 }, processManagement: { fork: true }, storage: { dbPath: "/data2/mongodb" }, systemLog: { destination: "file", logAppend: true, path: "/data2/mongodb/log/mongo.log", quiet: true } }
2018-05-16T10:37:20.439+0800 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=256M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten] 
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten] 
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] 
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] 
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] 
2018-05-16T10:37:20.484+0800 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/data2/mongodb/diagnostic.data'
2018-05-16T10:37:20.530+0800 I INDEX    [initandlisten] build index on: admin.system.version properties: { v: 2, key: { version: 1 }, name: "incompatible_with_version_32", ns: "admin.system.version" }
2018-05-16T10:37:20.530+0800 I INDEX    [initandlisten] 	 building index using bulk method; build may temporarily use up to 500 megabytes of RAM
2018-05-16T10:37:20.531+0800 I INDEX    [initandlisten] build index done.  scanned 0 total records. 0 secs
2018-05-16T10:37:20.532+0800 I COMMAND  [initandlisten] setting featureCompatibilityVersion to 3.4
2018-05-16T10:37:20.533+0800 I NETWORK  [thread1] waiting for connections on port 27017

3.3 本地启动客户端连接mongodb服务器,默认连接test数据库

[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongo
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
        http://docs.mongodb.org/
Questions? Try the support group
        http://groups.google.com/group/mongodb-user
Server has startup warnings:
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten]
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten]
> db
test

3.4 远程连接mongodb服务器,默认连接test数据库;在linux服务器上使用ifconfig命令查看服务器IP地址;

C:\Users\LZ>mongo --host 192.168.0.133:27017
MongoDB shell version v3.4.10
connecting to: mongodb://192.168.0.133:27017/
MongoDB server version: 3.4.10
Server has startup warnings:
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten]
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL  [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL  [initandlisten]
> db
test

3.5 如果出现本地可连接,但远程连接不上的情况,一般是防火墙的问题;如果运行一下命令没有返回,则表明没有开放27017端口;

[root@localhost data2]# iptables -L -n | grep 27017
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:27017 ctstate NEW

开启27017端口,并重新加载防火墙配置;

[root@localhost data2]# firewall-cmd --zone=public --add-port=27017/tcp --permanent
success
[root@localhost data2]# firewall-cmd --reload
success

4、添加MongoDB用户,并启用身份验证和授权

4.1 创建管理用户

切换到admin数据库,两种方式都可以,下面是上面的语法糖

> db = db.getSiblingDB('admin')
admin
> use admin
switched to db admin
> db.createUser({user:"admin",pwd:"admin",roles:["userAdminAnyDatabase"]})
Successfully added user: { "user" : "admin", "roles" : [ "userAdminAnyDatabase" ] }

4.2 增加身份验证配置,重启mongodb服务

[root@localhost data2]# vim /data2/conf/mongodb.conf

在最后一行添加

# 开启身份验证
auth = true

关闭mongod服务并重启

[root@localhost data2]# ps -ef | grep mongod
root       4227   3963  0 10:37 pts/0    00:00:00 su mongodb
mongodb    4228   4227  0 10:37 pts/0    00:00:00 bash
mongodb    4264      1  0 10:37 ?        00:00:10 /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
root       5424   4621  0 11:43 pts/0    00:00:00 grep --color=auto mongod
[root@localhost data2]# kill -2 4264
[root@localhost data2]# ps -ef | grep mongod
root       4227   3963  0 10:37 pts/0    00:00:00 su mongodb
mongodb    4228   4227  0 10:37 pts/0    00:00:00 bash
root       5427   4621  0 11:44 pts/0    00:00:00 grep --color=auto mongod
[root@localhost data2]# su mongodb
[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 5663
child process started successfully, parent exiting

4.2 创建普通用户并启用授权

重新连接数据库,并使用刚刚创建的管理用户进行身份验证

[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongo
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
> use admin
switched to db admin
> db.auth("admin","admin")
1

切换到普通用户Daniel对应的数据库order,并创建新用户Daniel以及分配对order数据库的读取访问权限,再创建新用户John以及分配对order数据库的读取写入访问权限

> use order
switched to db order
> db.createUser({user:"Daniel",pwd:"daniel",roles:["read"]})
Successfully added user: { "user" : "Daniel", "roles" : [ "read" ] }
> db.createUser({user:"John",pwd:"john",roles:["readWrite"]})
Successfully added user: { "user" : "John", "roles" : [ "readWrite" ] }
> db
order
> show users
{
        "_id" : "order.Daniel",
        "user" : "Daniel",
        "db" : "order",
        "roles" : [
                {
                        "role" : "read",
                        "db" : "order"
                }
        ]
}
{
        "_id" : "order.John",
        "user" : "John",
        "db" : "order",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "order"
                }
        ]
}

4.3 验证用户权限

连接到新的mongo控制台,使用John登录到order数据库,运行写入/读取命令

[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongo -u John -p john order
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017/order
MongoDB server version: 3.4.10
> db
order
> db.detail.insert({"name":"123"})
WriteResult({ "nInserted" : 1 })
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }

连接到新的mongo控制台,使用Daniel登录到order数据库,运行写入/读取命令

[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongo -u Daniel -p daniel order
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017/order
MongoDB server version: 3.4.10
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }
> db.detail.insert({"name":"345"})
WriteResult({
        "writeError" : {
                "code" : 13,
                "errmsg" : "not authorized on order to execute command { insert: \"detail\", documents: [ { _id: ObjectId('5afbbd3bb6d9de4029eb49ea'), name: \"345\" } ], ordered: true }"
        }
})
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }
John有写入读取权限,而Daniel只有读取权限,没有写入权限;

你可能感兴趣的:(Linux,MongoDB)