在任何服务系统中,要提供系统服务高可用,必须要解决单点故障及实现故障自动转移。mongodb的副本集提供了这样的功能,副本集由多个mongodb实例组成,其中一个为主,其他为从,解决了单点故障。另外主实例无法服务时,mongodb会重新选举主实例进行故障转移。
我们本次搭建一主、一从、一个仲裁节点,服务器信息如下:
172.30.2.223 主节点
172.30.2.133 从节点
172.30.2.225 仲裁节点
从原有服务器上导出镜像:
docker save harbor.neuqsoft.com/common/mongo:3.4.0 > mongo.tar
cd /work_nosql
mkdir mongo
cd mongo
mkdir bin dockerfile conf data logs backup
上传mongo.tar到/work_nosql/mongo
加载镜像:docker load < mongo.tar
cd /work_nosql/mongo/bin
vim startmongo.sh
脚本内容如下:
#!/bin/bash
set -e
#############################################################################################################
docker run -d -p 27017:27017 --name mongoserver --restart=always \
-v /work_nosql/mongo/logs:/var/log/mongodb/ \
-v /work_nosql/mongo/data:/data/db \
-v /etc/timezone:/etc/timezone \
-v /etc/localtime:/etc/localtime \
-e MONGO_INITDB_ROOT_USERNAME=root \
-e MONGO_INITDB_ROOT_PASSWORD=root \
-h mongoserver harbor.neuqsoft.com/common/mongo:3.4.0\
授予可执行权限:chmod +x ./startmongo.sh
执行启动:./startmongo.sh
启动后将mongod.conf文件拷贝到/work_nosql/mongo/conf目录中:
docker cp mongoserver:/etc/mongod.conf.orig /work_nosql/mongo/conf/mongod.conf
cd /work/mongo/conf
vim mongod.conf
1、注释掉 #dbPath: /var/lib/mongodb
2、注释掉 # bindIp: 127.0.0.1
3、增加内存访问限制参数在# wiredTiger:下面添加
(注:下面这句话前面需要两个空格)
wiredTiger:
engineConfig:
cacheSizeGB: 2
修改脚本,将–config /etc/mongo/mongod.conf追加到startmongo.sh结尾,增加配置文件映射
-v /work_nosql/mongo/conf/mongod.conf:/etc/mongo/mongod.conf
便于后期修改配置文件对mongo调优。
调整后的脚本如下:
#!/bin/bash
set -e
#############################################################################################################
docker run -d -p 27017:27017 --name mongoserver --restart=always \
-v /work_nosql/mongo/logs:/var/log/mongodb/ \
-v /work_nosql/mongo/data:/data/db \
-v /work_nosql/mongo/conf/mongod.conf:/etc/mongo/mongod.conf \
-v /etc/timezone:/etc/timezone \
-v /etc/localtime:/etc/localtime \
-e MONGO_INITDB_ROOT_USERNAME=root \
-e MONGO_INITDB_ROOT_PASSWORD=root \
-h mongoserver harbor.neuqsoft.com/common/mongo:3.4.0\
--config /etc/mongo/mongod.conf
调整完毕后将容器删除后再次启动。
docker rm -f mongoserver
./startmongo.sh
查看日志:docker logs -f --tail 200 mongoserver
发现如下错误信息:
Failed global initialization: FileNotOpen: Failed to open "/var/log/mongodb/mongod.log"
解决办法:
docker rm -f mongoserver
docker run -it --name temp -v /work_nosql/mongo/logs:/var/log/mongodb/ harbor.neuqsoft.com/common/mongo:3.4.0 /bin/bash
cd /var/log
chown -R root:root ./mongodb
cd /var/log/mongodb
echo '' > mongod.log
chmod 777 ./mongod.log
exit
docker ps -a
docker rm -f temp
cd /work_nosql/mongo/bin
./startmongo.sh
cd /work_nosql/mongo/logs
tail -fn200 mongod.log
所有节点都做如下操作:
修改bin目录下startmongo.sh文件,在–config /etc/mongo/mongod.conf\之前增加–replSet=wssbreplset
docker rm -f mongoserver
cd /work_nosql/mongo/bin
./startmongo.sh
配置副本及权重:
在任意一台节点上进入mongoserver容器:
>docker exec -it mongoserver /bin/bash
>mongo
>use admin
>cfg={
_id:“wssbreplset”,
members:[
{_id:0,host:‘172.30.2.223:27017’,priority:2},
{_id:1,host:‘172.30.2.133:27017’,priority:1},
{_id:4,host:‘172.30.2.225:27017’,arbiterOnly:true}
]
}; #备注: priority是优先级 优先级高的代表是主节点 arbiterOnly:true 表示仲裁节点
>rs.initiate(cfg) #初始化副本集
此步遇到问题:
{
"ok" : 0,
"errmsg" : "'172.30.2.225:27017' has data already, cannot initiate set.",
"code" : 110,
"codeName" : "CannotInitializeNodeWithData"
}
解决:在225上停掉mongo 删除/work_nosql/mongo/data下的文件 重新启动
然后重新初始化副本集
>rs.status() #查看副本集群状态
1、主节点
cd /work_nosql/mongo
mkdir keyfile
cd keyfile
openssl rand -base64 666 > keyfile.jks
chmod 600 /work_nosql/mongo/keyfile/keyfile.jks # 该key的权限必须是600
--修改/work_nosql/mongo/bin下startmongo.sh增加
-v /work_nosql/mongo/keyfile/keyfile.jks:/var/log/keyfile/keyfile.jks \
--keyFile=/var/log/keyfile/keyfile.jks \
重启:
docker rm -f mongoserver
cd /work_nosql/mongo/bin
./startmongo.sh
查看日志发现报错:
error opening file: /var/log/keyfile/keyfile.jks: Permission denied
解决如下:
docker rm -f mongoserver
docker run -it --name temp -v /work_nosql/mongo/keyfile/keyfile.jks:/var/log/keyfile/keyfile.jks harbor.neuqsoft.com/common/mongo:3.4.0 /bin/bash
--执行完上一句之后进入root用户
cd /var/log
chown -R mongodb:mongodb ./keyfile
cd /var/log/keyfile
chmod 600 ./keyfile.jks
exit
docker ps –a
docker rm –f temp
cd /work/mongo/bin
./startmongo.sh
cd /work/mongo/logs
tail -fn200 mongod.log
2、从节点和仲裁节点均做如上操作,注意一定要将主节点上/work_nosql/mongo/keyfile/keyfile.jks文件拷贝到其他节点上保证其一致性
开启keyfile认证就默认开启了auth认证了
1、先创建管理用户
use admin
db.createUser(
{
user:"admin",
pwd:"123456",
roles:[{role:"userAdminAnyDatabase",db:"admin"}]
}
);
db.auth('admin','123456')
db.createUser(
{
user: "root",
pwd: "123456",
roles: [{role:"root",db:"admin"}]
}
);
2、创建业务用户
use wssb
db.createUser({user:"wssb_user",pwd:"wssb_user_2019",roles:[{role:"readWrite",db:"wssb"}]})
db.auth('wssb_user','wssb_user_2019')