1、下载所需版本
进入MongoDB官网下载页面,个人认为社区版能够满足需求
https://www.mongodb.com/download-center?jmp=nav#community
我的虚拟机装的是CentOS7,所以选择“Linux 64-bit legacy x64”,然后点击“All Version Binaries”,选择满足需求的版本;我下载的是“mongodb-linux-x86_64-3.4.10.tgz”;
2、启动前准备工作
2.1 使用“Bitvise SSH Client”或者“XShell”等工具,将下载好的安装包上传到Linux服务器上,我选择的路径是“/data2/”
2.2 解压缩并重命名,一定以root登录,否则没有权限,不能正确解压缩
[root@localhost data2]# cd /data2/
[root@localhost data2]# tar -zxvf mongodb-linux-x86_64-3.4.10.tgz
[root@localhost data2]# mv mongodb-linux-x86_64-3.4.10 mongodb-3.4.10
2.3 新建配置文件
[root@localhost data2]# mkdir conf/
[root@localhost data2]# cd /data2/conf/
[root@localhost conf]# vim mongodb.conf
配置文件内容
# 使用demon形式启动
fork = true
# 以27017端口启动,此端口为默认配置,可省略
port = 27017
# 日志不在终端输出而是进入log
quiet = true
# 数据目录配置
dbpath = /data2/mongodb
# 日志文件存放位置
logpath = /data2/mongodb/log/mongo.log
# 以追加方式记录日志
logappend = true
2.4 创建文件夹,用于存放数据以及日志;如果不创建好文件夹,mongodb启动时会报错并退出;
[root@localhost data2]# mkdir -p /data2/mongodb/log/
2.5 新建mongodb用户及mongodb用户组
[root@localhost data2]# groupadd mongodb
[root@localhost data2]# useradd mongodb -m -d /home/mongodb -g mongodb
2.6 把mongodb相关的文件夹都赋予mongodb用户所有权限
修改前
[root@localhost data2]# pwd
/data2
[root@localhost data2]# ll
total 84764
drwxr-xr-x. 2 root root 26 May 16 10:18 conf
drwxr-xr-x. 3 root root 17 May 16 10:21 mongodb
drwxr-xr-x. 3 root root 91 May 15 17:42 mongodb-3.4.10
-rw-r--r--. 1 root root 86794614 May 15 14:47 mongodb-linux-x86_64-3.4.10.tgz
修改命令
[root@localhost data2]# chown -R mongodb:mongodb /data2/conf
[root@localhost data2]# chown -R mongodb:mongodb /data2/mongodb
[root@localhost data2]# chown -R mongodb:mongodb /data2/mongodb-3.4.10
修改后
[root@localhost data2]# ll
total 84764
drwxr-xr-x. 2 mongodb mongodb 26 May 16 10:18 conf
drwxr-xr-x. 3 mongodb mongodb 17 May 16 10:21 mongodb
drwxr-xr-x. 3 mongodb mongodb 91 May 15 17:42 mongodb-3.4.10
-rw-r--r--. 1 root root 86794614 May 15 14:47 mongodb-linux-x86_64-3.4.10.tgz
3、不启用身份验证启动mongodb服务
在MongoDB部署中,首先要创建一个管理员用户,有两种方式:在启用身份验证之前或在启用验证身份之后,本例中在启用身份验证之前创建管理员用户,赋予最高权限;
3.1 启动服务
切换为mongodb用户,启动服务
[root@localhost data2]# su mongodb
[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 4264
child process started successfully, parent exiting
看到“successfully”字样证明启动成功;
3.2 查看日志文件 /data2/mongodb/log/mongo.log
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] MongoDB starting : pid=4264 port=27017 dbpath=/data2/mongodb 64-bit host=localhost.localdomain
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] db version v3.4.10
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] git version: 078f28920cb24de0dd479b5ea6c66c644f6326e9
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] allocator: tcmalloc
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] modules: none
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] build environment:
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] distarch: x86_64
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] target_arch: x86_64
2018-05-16T10:37:20.422+0800 I CONTROL [initandlisten] options: { config: "/data2/conf/mongodb.conf", net: { port: 27017 }, processManagement: { fork: true }, storage: { dbPath: "/data2/mongodb" }, systemLog: { destination: "file", logAppend: true, path: "/data2/mongodb/log/mongo.log", quiet: true } }
2018-05-16T10:37:20.439+0800 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=256M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.484+0800 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data2/mongodb/diagnostic.data'
2018-05-16T10:37:20.530+0800 I INDEX [initandlisten] build index on: admin.system.version properties: { v: 2, key: { version: 1 }, name: "incompatible_with_version_32", ns: "admin.system.version" }
2018-05-16T10:37:20.530+0800 I INDEX [initandlisten] building index using bulk method; build may temporarily use up to 500 megabytes of RAM
2018-05-16T10:37:20.531+0800 I INDEX [initandlisten] build index done. scanned 0 total records. 0 secs
2018-05-16T10:37:20.532+0800 I COMMAND [initandlisten] setting featureCompatibilityVersion to 3.4
2018-05-16T10:37:20.533+0800 I NETWORK [thread1] waiting for connections on port 27017
3.3 本地启动客户端连接mongodb服务器,默认连接test数据库
[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongo
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
Server has startup warnings:
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
> db
test
3.4 远程连接mongodb服务器,默认连接test数据库;在linux服务器上使用ifconfig命令查看服务器IP地址;
C:\Users\LZ>mongo --host 192.168.0.133:27017
MongoDB shell version v3.4.10
connecting to: mongodb://192.168.0.133:27017/
MongoDB server version: 3.4.10
Server has startup warnings:
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-05-16T10:37:20.476+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-05-16T10:37:20.477+0800 I CONTROL [initandlisten]
> db
test
3.5 如果出现本地可连接,但远程连接不上的情况,一般是防火墙的问题;如果运行一下命令没有返回,则表明没有开放27017端口;
[root@localhost data2]# iptables -L -n | grep 27017
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:27017 ctstate NEW
开启27017端口,并重新加载防火墙配置;
[root@localhost data2]# firewall-cmd --zone=public --add-port=27017/tcp --permanent
success
[root@localhost data2]# firewall-cmd --reload
success
4、添加MongoDB用户,并启用身份验证和授权
4.1 创建管理用户
切换到admin数据库,两种方式都可以,下面是上面的语法糖
> db = db.getSiblingDB('admin')
admin
> use admin
switched to db admin
> db.createUser({user:"admin",pwd:"admin",roles:["userAdminAnyDatabase"]})
Successfully added user: { "user" : "admin", "roles" : [ "userAdminAnyDatabase" ] }
4.2 增加身份验证配置,重启mongodb服务
[root@localhost data2]# vim /data2/conf/mongodb.conf
在最后一行添加
# 开启身份验证
auth = true
关闭mongod服务并重启
[root@localhost data2]# ps -ef | grep mongod
root 4227 3963 0 10:37 pts/0 00:00:00 su mongodb
mongodb 4228 4227 0 10:37 pts/0 00:00:00 bash
mongodb 4264 1 0 10:37 ? 00:00:10 /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
root 5424 4621 0 11:43 pts/0 00:00:00 grep --color=auto mongod
[root@localhost data2]# kill -2 4264
[root@localhost data2]# ps -ef | grep mongod
root 4227 3963 0 10:37 pts/0 00:00:00 su mongodb
mongodb 4228 4227 0 10:37 pts/0 00:00:00 bash
root 5427 4621 0 11:44 pts/0 00:00:00 grep --color=auto mongod
[root@localhost data2]# su mongodb
[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongod -f /data2/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 5663
child process started successfully, parent exiting
4.2 创建普通用户并启用授权
重新连接数据库,并使用刚刚创建的管理用户进行身份验证
[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongo
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
> use admin
switched to db admin
> db.auth("admin","admin")
1
切换到普通用户Daniel对应的数据库order,并创建新用户Daniel以及分配对order数据库的读取访问权限,再创建新用户John以及分配对order数据库的读取写入访问权限
> use order
switched to db order
> db.createUser({user:"Daniel",pwd:"daniel",roles:["read"]})
Successfully added user: { "user" : "Daniel", "roles" : [ "read" ] }
> db.createUser({user:"John",pwd:"john",roles:["readWrite"]})
Successfully added user: { "user" : "John", "roles" : [ "readWrite" ] }
> db
order
> show users
{
"_id" : "order.Daniel",
"user" : "Daniel",
"db" : "order",
"roles" : [
{
"role" : "read",
"db" : "order"
}
]
}
{
"_id" : "order.John",
"user" : "John",
"db" : "order",
"roles" : [
{
"role" : "readWrite",
"db" : "order"
}
]
}
4.3 验证用户权限
连接到新的mongo控制台,使用John登录到order数据库,运行写入/读取命令
[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongo -u John -p john order
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017/order
MongoDB server version: 3.4.10
> db
order
> db.detail.insert({"name":"123"})
WriteResult({ "nInserted" : 1 })
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }
连接到新的mongo控制台,使用Daniel登录到order数据库,运行写入/读取命令
[mongodb@localhost data2]$ /data2/mongodb-3.4.10/bin/mongo -u Daniel -p daniel order
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017/order
MongoDB server version: 3.4.10
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }
> db.detail.insert({"name":"345"})
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on order to execute command { insert: \"detail\", documents: [ { _id: ObjectId('5afbbd3bb6d9de4029eb49ea'), name: \"345\" } ], ordered: true }"
}
})
> db.detail.find()
{ "_id" : ObjectId("5afbbb6cae43af368138e819"), "name" : "123" }
John有写入读取权限,而Daniel只有读取权限,没有写入权限;