centos7 mongodb 4.2 复制集+开启auth

机器规划:

192.168.1.23 主节点
192.168.1.24 从节点
192.168.1.25 仲裁节点, 不存储数据

下载安装

首先下载安装包:https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.2/x86_64/RPMS/mongodb-org-server-4.2.8-1.el7.x86_64.rpm

三台机器都执行安装命令

rpm -ivh mongodb-org-server-4.2.8-1.el7.x86_64.rpm
systemctl enable mongod

复制集配置

配置文件位于

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# Where and how to store data.
storage:
  dbPath: /opt/mongo_data
  journal:
    enabled: true
#  engine:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfo

# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.

#security:
#  authorization: enabled
#  keyFile: /opt/mongo_data/mongo.key

#operationProfiling:

#replication:
replication:
  replSetName: testrs

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:

默认配置里面要改动几个地方

# 数据存储路径
storage:
  dbPath: /opt/mongo_data

# 机器需要局域网访问,需要绑定0.0.0.0
net:
  port: 27017
  bindIp: 0.0.0.0  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.  

# 需要账户密码登录,而且复制集之间通过key鉴权
#security:
#  authorization: enabled
#  keyFile: /opt/mongo_data/mongo.key

#operationProfiling:

# 复制集名称
replication:
  replSetName: testrs

key生成
在一台机器生成key,设置key与目录权限

openssl rand -base64 753 >  /opt/mongo_data/mongo.key
chmod 600 /opt/mongo_data/mongo.key
chown -R mongod:mongod  /opt/mongo_data/

复制key到另外两台机器,同样设置key和目录权限

三台机器通过systemctl start mongod启动服务器,这个时候三台机器都可以访问,需要配置复制集信息

配置复制集

mongo client登录其中一台,执行

cfg={ _id:"testrs", members:[ {_id:0,host:'192.168.1.23:27017',priority:2}, {_id:1,host:'192.168.1.24:27017',priority:1}, {_id:2,host:'192.168.1.25:27017',arbiterOnly:true}] };

rs.initiate(cfg) # 初始化复制集
rs.status()  # 查看副本状态

创建授权用户

创建用户, 可以注意到,上面的security配置默认是没有打开的,因为还没有用户。这一步目标是创建admin用户
mongo client登录192.168.1.23 机器

use admin
db.createUser({user: "admin",pwd:"***",roles:[{role:"root",db:"admin"}]})

打开授权配置

security:
  authorization: enabled
  keyFile: /opt/mongo_data/mongo.key

重启mongod即可

你可能感兴趣的:(db)