centos7环境下安装mongodb3.4.24主从复制集群并设置密码
1.安装mongodb
添加运行mongodb的用户mongo,避免直接使用root带来安全隐患
groupadd -g 1608 mongo
useradd -u 1608 -g mongo mongo
#下载源码包
wget http://downloads.mongodb.org/linux/mongodb-linux-x86_64-rhel70-3.4.24.tgz
#解压源码包
tar -xf mongodb-linux-x86_64-rhel70-3.4.24.tgz -C /usr/local/
#准备mongodb 配置文件
mkdir /data/mongodb/{data,logs} -p
mkdir /usr/local/mongodb/conf
2.部署 master 节点
# vim /usr/local/mongodb/conf/mongod.conf
#端口号
port=27017
bind_ip=172.16.0.233
#数据目录
dbpath=/data/mongodb/data
# 从节点同步日志大小,类似mysql 的 binlog 20G
oplogSize=20480
#日志目录
logpath=/data/mongodb/logs/mongodb.log
#日志文件追加
logappend=true
#如果设置为 true, 同步到 journal (在提交到数据库前写入到实体中). 应用于 safe=true
journal=true
#以守护进程的方式运行MongoDB,创建服务器进程
fork=true
#内存分配
wiredTigerCacheSizeGB=4
#auth=true
#为master 节点
master=true
3.部署 slave 节点
#准备mongodb 配置文件
mkdir /data/mongodb/{data,logs} -p
# vim /usr/local/mongodb/conf/mongod.conf
port=27017
bind_ip=172.16.0.234
dbpath=/data/mongodb/data
logpath=/data/mongodb/logs/mongodb.log
oplogSize=20480
logappend=true
journal=true
fork=true
wiredTigerCacheSizeGB=4
source=172.16.0.233:27017 #指定主节点
#auth=true
slave=true #从节点
autoresync=true
4.使用systemctl管理服务
chown -R mongo.mongo /usr/local/mongodb/
chown -R mongo.mongo /usr/local/mongodb-linux-x86_64-rhel70-3.4.24
chown -R mongo.mongo /data/mongodb
# vim /etc/systemd/system/mongodb.service
[Unit]
Description=mongodb
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
User=mongo
Group=mongo
ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/mongod.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/mongod.conf
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# 启动服务
systemctl start mongodb
systemctl enable mongodb
# 查看日志是否正常
tail -f /data/mongodb/logs/mongodb.log
5.检查同步情况
> db.printReplicationInfo()
检查主从配置是否正常
mongo --host 172.16.0.233 --port 27017
# 从库连接
[root@eus_influenex_es02:/etc/systemd/system]# mongo --host 172.16.0.234 --port 27017
MongoDB shell version v3.4.24
connecting to: mongodb://172.16.0.234:27017/
MongoDB server version: 3.4.24
Server has startup warnings:
2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten]
2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten]
2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten]
2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten]
2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten]
>
>
>
> db.printReplicationInfo()
this is a slave, printing slave replication info.
source: 172.16.0.233:27017
syncedTo: Fri Jul 16 2021 15:59:23 GMT+0800 (CST)
2 secs (0 hrs) behind the freshest member (no primary available at the moment)
6.设置admin管理员账号信息
use admin
db.createUser(
{
user:"admin",
pwd:"pass",
roles:[{role:"clusterAdmin",db:"admin"},{role:"clusterManager",db:"admin"},{role:"clusterMonitor",db:"admin"}]
}
)
7.开启设置鉴权
# 生成密码文件
cd /usr/local/mongodb/conf/
# -base64 生成的字符串不能超过1226,所以使用512
openssl rand -base64 512 > onlineimagemongo.key
chmod 600 /usr/local/mongodb/conf/onlineimagemongo.key
# 将生成的密码文件传输到slave节点
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.108:/usr/local/mongodb/conf/
# 设置权限
chown mongo.mongo /usr/local/mongodb/conf/onlineimagemongo.key
# 修改配置
vim /usr/local/mongodb/conf/mongod.conf
auth=true
keyFile = /usr/local/mongodb/conf/onlineimagemongo.key
# 重启数据库让鉴权配置生效
systemctl restart mongodb