21.26 mongodb介绍
l官网www.mongodb.com, 当前最新版3.4
lC++编写,基于分布式的,属于NoSQL的一种
l在NoSQL中是最像关系型数据库的
lMongoDB 将数据存储为一个文档,数据结构由键值(key=>value)对组成。MongoDB 文档类似于 JSON 对象。字段值可以包含其他文档、数组及文档数组。
l关于JSON http://www.w3school.com.cn/json/index.asp
l因为基于分布式,所以很容易扩展
epel自带的mongodb版本为2.6,我们需要安装3.4版本
官方安装文档https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/
配置文件
cd /etc/yum.repos.d/
vim mongodb-org-3.4.repo [mongodb-org-3.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc 实例 [root@aminglinux-130 ~]# yum list |grep mongodb [root@aminglinux-130 ~]# cd /etc/yum.repos.d/ [root@aminglinux-130 yum.repos.d]# vim mongodb-org-3.4.repo [root@aminglinux-130 yum.repos.d]# yum list |grep mongodb//可以看到mongodb相关的rpm包 http://fedora.cs.nctu.edu.tw/epel/7/x86_64/repodata/c1ddcd6a3c6455e6d367639727ce3a67c45f2f91ae8621563d174d8a722eaf31-primary.xml.gz: [Errno 14] HTTP Error 404 - Not Found 正在尝试其它镜像。 To address this issue please refer to the below wiki article https://wiki.centos.org/yum-errors If above article doesn't help to resolve this issue please use https://bugs.centos.org/. http://my.fedora.ipserverone.com/epel/7/x86_64/repodata/de34af7e1d9f800981fa2af3a2cd888a3397d80ab50da8b91a4acee99512cdb7-updateinfo.xml.bz2: [Errno 14] HTTP Error 404 - Not Found 正在尝试其它镜像。 collectd-write_mongodb.x86_64 5.8.1-1.el7 epel mongodb.x86_64 2.6.12-6.el7 epel mongodb-org.x86_64 3.4.18-1.el7 mongodb-org-3.4 mongodb-org-mongos.x86_64 3.4.18-1.el7 mongodb-org-3.4 mongodb-org-server.x86_64 3.4.18-1.el7 mongodb-org-3.4 mongodb-org-shell.x86_64 3.4.18-1.el7 mongodb-org-3.4 mongodb-org-tools.x86_64 3.4.18-1.el7 mongodb-org-3.4 mongodb-server.x86_64 2.6.12-6.el7 epel mongodb-test.x86_64 2.6.12-6.el7 epel nodejs-mongodb.noarch 1.4.7-1.el7 epel php-mongodb.noarch 1.0.4-1.el7 epel php-pecl-mongodb.x86_64 1.1.10-1.el7 epel poco-mongodb.x86_64 1.6.1-3.el7 epel syslog-ng-mongodb.x86_64 3.5.6-3.el7 epel [root@aminglinux-130 yum.repos.d]# yum install -y mongodb-org 已加载插件:fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirror.bit.edu.cn 正在解决依赖关系 --> 正在检查事务 ---> 软件包 mongodb-org.x86_64.0.3.4.18-1.el7 将被 安装 --> 正在处理依赖关系 mongodb-org-tools = 3.4.18,它被软件包 mongodb-org-3.4.18-1.el7.x86_64 需要 --> 正在处理依赖关系 mongodb-org-shell = 3.4.18,它被软件包 mongodb-org-3.4.18-1.el7.x86_64 需要 --> 正在处理依赖关系 mongodb-org-server = 3.4.18,它被软件包 mongodb-org-3.4.18-1.el7.x86_64 需要 --> 正在处理依赖关系 mongodb-org-mongos = 3.4.18,它被软件包 mongodb-org-3.4.18-1.el7.x86_64 需要 --> 正在检查事务 ---> 软件包 mongodb-org-mongos.x86_64.0.3.4.18-1.el7 将被 安装 ---> 软件包 mongodb-org-server.x86_64.0.3.4.18-1.el7 将被 安装 ---> 软件包 mongodb-org-shell.x86_64.0.3.4.18-1.el7 将被 安装 ---> 软件包 mongodb-org-tools.x86_64.0.3.4.18-1.el7 将被 安装 已安装: mongodb-org.x86_64 0:3.4.18-1.el7 作为依赖被安装: mongodb-org-mongos.x86_64 0:3.4.18-1.el7 mongodb-org-server.x86_64 0:3.4.18-1.el7 mongodb-org-shell.x86_64 0:3.4.18-1.el7 mongodb-org-tools.x86_64 0:3.4.18-1.el7 完毕!
21.28 连接mongodb
systemctl start mongod //启动服务
[root@aminglinux-130 yum.repos.d]# systemctl start mongod
在本机可以直接运行命令mongo进入到mongodb shell中
MongoDB shell version v3.4.18 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.18 Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user Server has startup warnings: 2018-11-19T16:58:05.058+0800 I CONTROL [initandlisten] 2018-11-19T16:58:05.058+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2018-11-19T16:58:05.058+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2018-11-19T16:58:05.058+0800 I CONTROL [initandlisten] 2018-11-19T16:58:05.058+0800 I CONTROL [initandlisten] 2018-11-19T16:58:05.058+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2018-11-19T16:58:05.058+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2018-11-19T16:58:05.058+0800 I CONTROL [initandlisten] >
如果mongodb监听端口并不是默认的27017,则在连接的时候需要加--port 选项,例如
mongo --port 27018
连接远程mongodb,需要加--host,例如
mongo --host 127.0.0.1
如果设置了验证,则在连接的时候需要带用户名和密码
mongo -uusername -ppasswd --authenticationDatabase db //这个和MySQL挺像
指定ip和端口
21.29 mongodb用户管理
use admin//需要切换到admin库
db.createUser( { user: "admin", customData: {description: "superuser"}, pwd: "admin122", roles: [ { role: "root", db: "admin" } ] } )
user指定用户,customData为说明字段,可以省略,pwd为密码,roles指定用户的角色,db指定库名
use admin //切换到admin库
db.system.users.find() //列出所有用户,需要切换到admin库
show users //查看当前库下所有的用户
db.dropUser('admin') //删除用户
若要用户生效,还需要编辑启动脚本vim /usr/lib/systemd/system/mongod.service,在OPTIONS=后面增--auth
重启服务systemctl restart mongod
mongo -u "admin" -p "admin122" --authenticationDatabase "admin"
use db1
db.createUser( { user: "test1", pwd: "123aaa", roles: [ { role: "readWrite", db: "db1" }, {role: "read", db: "db2" } ] } )
test1用户对db1库读写,对db2库只读。
之所以先use db1,表示用户在 db1 库中创建,就一定要db1库验证身份,即用户的信息跟随随数据库。比如上述 test1虽然有 db2 库的读取权限,但是一定要先在db1库进行身份验证,直接访问会提示验证失败。
use db2
db.auth("test1", "123aaa")
用户角色:
Read:允许用户读取指定数据库
readWrite:允许用户读写指定数据库
dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户
clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。
readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。
root:只在admin数据库中可用。超级账号,超级权限
db.version() //查看版本
use userdb //如果库存在就切换,不存在就创建
show dbs //查看库,此时userdb并没有出现,这是因为该库是空的,还没有任何集合,只需要创建一个集合就能看到了
db.createCollection('clo1') //创建集合clo1,在当前库下面创建
db.dropDatabase() //删除当前库,要想删除某个库,必须切换到那个库下
db.stats() //查看当前库的信息
db.serverStatus() //查看mongodb服务器的状态
实例
1.
> use admin
switched to db admin
2.
> db.createUser( { user: "admin", customData: {description: "superuser"}, pwd: "admin122", roles: [ { role: "root", db: "admin" } ] } )
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "9eVHm48Uc6kJec8Hhf6ftw==", "storedKey" : "IFHqHwqCyMmSoEWFub5GnADAyEA=", "serverKey" : "0kAXTFvABomd7LZ5hodfUtEkZkQ=" } }, "customData" : { "description" : "superuser" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
3.> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "9eVHm48Uc6kJec8Hhf6ftw==", "storedKey" : "IFHqHwqCyMmSoEWFub5GnADAyEA=", "serverKey" : "0kAXTFvABomd7LZ5hodfUtEkZkQ=" } }, "customData" : { "description" : "superuser" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
4.
> show users
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"customData" : {
"description" : "superuser"
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
5.
> db.createUser({user:"axin",pwd:"123aaa",roles:[{role:"read",db:"testdb"}]})#先创建一个用户
2019-06-23T17:08:21.115+0800 E QUERY [thread1] Error: couldn't add user: User "" already exists : @(shell):1:1
>show users创建axin之后,再查看一下。下面就是axin用户
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"customData" : {
"description" : "superuser"
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
{
"_id" : "admin.axin",
"user" : "axin",
"db" : "admin",
"roles" : [
{
"role" : "read",
"db" : "testdb"
}
]
}
> use testdb #我们切换testdb库,如果不存在就会被创建,并且进入
switched to db testdb
> show users #这个时候无论我们show users还是db.system.users.find()都查不到,因为要切换到admin库下
> db.system.users.find()
> use admin
switched to db admin
> show users #切换到admin下才可以查看用户
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"customData" : {
"description" : "superuser"
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
{
"_id" : "admin.axin",
"user" : "axin",
"db" : "admin",
"roles" : [
{
"role" : "read",
"db" : "testdb"
}
]
}
> db.system.users.find() #切换到admin库下就可以了
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "mltRQCPHnmDXCFkAXt8azg==", "storedKey" : "swemuRJYBzpQzxiEC7z/50+The4=", "serverKey" : "mkZY5906BQIFCmql6ywB3UpyZT8=" } }, "customData" : { "description" : "superuser" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "admin.axin", "user" : "axin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "PA8GrBDY4ytmQLL1uJoLeg==", "storedKey" : "ScfoJ+6rVtHm7HDwZRwzVRk0yqY=", "serverKey" : "D3jNPKu6Ak5tVlR28CgiGU4y0pQ=" } }, "roles" : [ { "role" : "read", "db" : "testdb" } ] }
6.
[root@axinlinux-01 ~]# vim /usr/lib/systemd/system/mongod.service
[Service] User=mongod Group=mongod Environment="OPTIONS=--auth -f /etc/mongod.conf" #在“OPTIONS=后面加上--auth
[root@axinlinux-01 ~]# systemctl restart mongod #因为我们改了脚本所以要先reload一下
Warning: mongod.service changed on disk. Run 'systemctl daemon-reload' to reload units.
[root@axinlinux-01 ~]# systemctl daemon-reload
[root@axinlinux-01 ~]# systemctl restart mongod
[root@axinlinux-01 ~]# ps aux |grep mongod #我们看这个启动的命令多了--auth。只有加了--auth才能用新建的用户名和密码登录
mongod 2358 4.2 2.0 972816 38316 ? Sl 22:46 0:02 /usr/bin/mongod --auth -f /etc/mongod.conf
[root@axinlinux-01 ~]# mongo -host 127.0.0.1 -port 27017 #我们再来来登录
MongoDB shell version v3.4.18 connecting to: mongodb://127.0.0.1:27017/ MongoDB server version: 3.4.18
> show users #会有error,就是因为没有授权
2018-11-16T22:50:07.055+0800 E QUERY [thread1] Error: not authorized on test to execute command { usersInfo: 1.0 } :
[root@axinlinux-01 ~]# mongo -u "admin" -p "admin122" --authenticationDatabase "admin" #授权,登录
> use admin
switched to db admin
> show users #就可以查看了
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"customData" : {
"description" : "superuser"
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
{
"_id" : "admin.axin",
"user" : "axin",
"db" : "admin",
"roles" : [
{
"role" : "read",
"db" : "testdb"
}
]
}
7.
> db.createUser( { user: "test1", pwd: "123aaa", roles: [ { role: "readWrite", db: "db1" }, {role: "read", db: "db2" } ] } ) #创建test1用户。针对db1角色是读写。针对db2角色是只读
Successfully added user: {
"user" : "test1",
"roles" : [
{
"role" : "readWrite",
"db" : "db1"
},
{
"role" : "read",
"db" : "db2"
}
]
}
> show users #我们在这个db1库里是可以直接show users的
{
"_id" : "db1.test1",
"user" : "test1",
"db" : "db1",
"roles" : [
{
"role" : "readWrite",
"db" : "db1"
},
{
"role" : "read",
"db" : "db2"
}
]
}
8.
> use db1 #但是我们还要给他授权。一定要在db1里授权
switched to db db1
> db.auth("test1","123aaa") #在mongodb命令行里直接授权就可以了,用这个命令
1
Error: Authentication failed.
0