准备三台服务器,或者在一台服务器上启动三个不同端口的mongodb服务
防火墙,开放对应的端口,否则会报错
1.1关闭selinx
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
1.2文件目录规划,目录的结构:
mongodb
├── bin #可执行文件
├── data #存放数据库文件
├── keyfile #存放Keyfile
├── logs #存放系统日志
├── etc #配置文件
2.1下载安装包
[root@localhost ~]# wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.0.tgz
2.2解压
[root@localhost ~]# tar zxvf mongodb-linux-x86_64-3.4.0.tgz -C /opt
[root@localhost ~]# cd /opt/
2.3重命名
[root@localhost opt]# mv mongodb-linux-x86_64-3.4.0 mongodb
2.4创建所需的目录
[root@localhost mongodb]# mkdir /opt/mongodb/{data/{27017,27018,27019}},logs,keyfile,etc}
2.5修改环境变量
[root@localhost mongodb]# cat>>/etc/profile<
export MONGODB_HOME=/opt/mongodb/
export PATH=$PATH:$MONGODB_HOME/bin
EOF
[root@localhost mongodb]# source /etc/profile
2.6修改配置文件
[root@localhost mongodb]# touch logs/{27017.log,27018.log,27019.log}
[root@localhost mongodb]# cat>>/opt/mongodb/etc/27017.conf<
#数据目录
#auth=true
dbpath=/opt/mongodb/data/27017
#日志目录
logpath=/opt/mongodb/logs/27017.log
pidfilepath=/opt/mongodb/etc/master.pid
#directoryperdb=true
#日志输出方式
logappend=true
#副本集名称
replSet=baoxue
#本机IP
bind_ip=0.0.0.0
#端口号
port=27017
#以后台方式运行
fork=true
#不预先分配内存
noprealloc=true
#操作文件最大值,单位 mb,默认硬盘百分之 5
oplogSize=10000
#副本集认证key
auth=true
keyFile=/opt/mongodb/keyfile/keyfile
EOF
[root@localhost mongodb]# cat>>/opt/mongodb/etc/27018.conf<
#数据目录
#auth=true
dbpath=/opt/mongodb/data/27018
#日志目录
logpath=/opt/mongodb/logs/27018.log
pidfilepath=/opt/mongodb/etc/master.pid
#directoryperdb=true
#日志输出方式
logappend=true
#副本集名称
replSet=baoxue
#本机IP
bind_ip=0.0.0.0
#端口号
port=27018
#以后台方式运行
fork=true
#不预先分配内存
noprealloc=true
#操作文件最大值,单位 mb,默认硬盘百分之 5
oplogSize=10000
#副本集认证key
auth=true
keyFile=/opt/mongodb/keyfile/keyfile
EOF
[root@localhost mongodb]# cat>>/opt/mongodb/etc/27019.conf<
#数据目录
#auth=true
dbpath=/opt/mongodb/data/27019
#日志目录
logpath=/opt/mongodb/logs/27019.log
pidfilepath=/opt/mongodb/etc/master.pid
#directoryperdb=true
#日志输出方式
logappend=true
#副本集名称
replSet=baoxue
#本机IP
bind_ip=0.0.0.0
#端口号
port=27019
#以后台方式运行
fork=true
#不预先分配内存
noprealloc=true
#操作文件最大值,单位 mb,默认硬盘百分之 5
oplogSize=10000
#副本集认证key
auth=true
keyFile=/opt/mongodb/keyfile/keyfile
EOF
2.7生成key文件
带keyfile安全认证以及用户权限
创建key文件: 注意,三个节点必须要用同一份keyfile,在一台机器生成,拷贝到另外两台,并且修改成 600 的文件属性
需要在root目录下生成,否则报错
140220877305744:error:02001015:system library:fopen:Is a directory:bss_file.c:402:fopen('./keyfile','w')
140220877305744:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
[root@localhost ~]# openssl rand -base64 745 > /opt/mongodb/keyfile/keyfile
[root@localhost ~]# chmod 600 /opt/mongodb/keyfile/keyfile
2.8启动服务
[root@localhost etc]# mongod -f /opt/mongodb/etc/27017.conf
[root@localhost etc]# mongod -f /opt/mongodb/etc/27018.conf
[root@localhost etc]# mongod -f /opt/mongodb/etc/27019.conf
3.创建副本集
在三个节点中的任意一个节点机上操作
3.1登录mongodb
[root@localhost etc]# mongo 10.14.2.155:27017
MongoDB shell version v3.4.0
connecting to: mongodb://10.14.2.155:27017
MongoDB server version: 3.4.0
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
Server has startup warnings:
2021-04-05T10:30:01.360+0800 I CONTROL [initandlisten]
2021-04-05T10:30:01.360+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2021-04-05T10:30:01.360+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2021-04-05T10:30:01.360+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2021-04-05T10:30:01.360+0800 I CONTROL [initandlisten]
2021-04-05T10:30:01.361+0800 I CONTROL [initandlisten]
2021-04-05T10:30:01.361+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2021-04-05T10:30:01.361+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2021-04-05T10:30:01.361+0800 I CONTROL [initandlisten]
2021-04-05T10:30:01.361+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2021-04-05T10:30:01.361+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2021-04-05T10:30:01.361+0800 I CONTROL [initandlisten]
>
3.2进入admin数据库
> use admin
switched to db admin
3.3#定义副本集配置变量,这里的 _id:”repset” 和上面命令参数“ –replSet repset” 要保持一样。
> config={_id:"baoxue",members:[{_id:0,host:"10.14.2.155:27017"},{_id:1,host:"10.14.2.155:27018"},{_id:2,host:"10.14.2.155:27019"}]}
{
"_id" : "baoxue",
"members" : [
{
"_id" : 0,
"host" : "10.14.2.155:27018"
},
{
"_id" : 1,
"host" : "10.14.2.155:27018"
},
{
"_id" : 2,
"host" : "10.14.2.155:27019"
}
]
}
3.4初始化副本集配置
> rs.initiate(config)
{ "ok" : 1 }
返回1,是正常,返回0,就是失败
3.5查看副本集配置
baoxue:OTHER> rs.conf()
{
"_id" : "baoxue",
"version" : 1,
"protocolVersion" : NumberLong(1),
"members" : [
{
"_id" : 0,
"host" : "10.14.2.155:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
},
{
"_id" : 1,
"host" : "10.14.2.155:27018",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
},
{
"_id" : 2,
"host" : "10.14.2.155:27019",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
}
],
"settings" : {
"chainingAllowed" : true,
"heartbeatIntervalMillis" : 2000,
"heartbeatTimeoutSecs" : 10,
"electionTimeoutMillis" : 10000,
"catchUpTimeoutMillis" : 2000,
"getLastErrorModes" : {
},
"getLastErrorDefaults" : {
"w" : 1,
"wtimeout" : 0
},
"replicaSetId" : ObjectId("606a7922ead2a90e0e4183b2")
}
}
3.6查看副本同步状态
baoxue:PRIMARY> db.printSlaveReplicationInfo();
source: 10.14.2.155:27018
syncedTo: Mon Apr 05 2021 13:34:29 GMT+0800 (CST)
0 secs (0 hrs) behind the primary
source: 10.14.2.155:27019
syncedTo: Mon Apr 05 2021 13:34:29 GMT+0800 (CST)
0 secs (0 hrs) behind the primary
source:从库的ip和端口。
syncedTo:目前的同步情况,以及最后一次同步的时间。
3.7#创建分配用户权限的帐户
baoxue:PRIMARY> use admin
switched to db admin
baoxue:PRIMARY> db.createUser({user:"root", pwd:"Admin123", roles:[{role: "root", db:"admin" }]})
Successfully added user: {
"user" : "root",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
3.7#创建普通数据库、用户
baoxue:PRIMARY>use test
switched to db test
baoxue:PRIMARY>db.createUser({user:"test2", pwd:"Admin123", roles:[{role: "readWrite", db:"lzkj"}]})
Successfully added user: {
"user" : "test",
"roles" : [
{
"role" : "readWrite",
"db" : "lzkj"
}
]
}
#在test库上创建一个test2用户,密码为Admin123,具有读写权限。
#注意字符,标点符号,是英文下的的字符,否则会报错。
认证用户
baoxue:PRIMARY> use admin
switched to db admin
baoxue:PRIMARY> db.auth("root","Admin123")
这个报错,主要就是没有认证用户,所以无法创建
baoxue:PRIMARY> db.createUser({user:"test2", pwd:"Admin123", roles:[{role: "readWrite", db:"lzkj"}]})
2021-04-05T13:27:28.600+0800 E QUERY [main] Error: couldn't add user: not authorized on test to execute command { createUser: "test2", pwd: "xxx", roles: [ { role: "readWrite", db: "lzkj" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 300000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1290:15
做了认证的,每次登录必须先用户认证,否则无法做任何操作
插入数据
baoxue:PRIMARY> use lzkj
switched to db lzkj
baoxue:PRIMARY> db.lzkj.insert({"rt":"34"})
WriteResult({ "nInserted" : 1 })
查看当前库的所有用户
baoxue:PRIMARY> use test
switched to db test
baoxue:PRIMARY> show users
{
"_id" : "test.test2",
"user" : "test2",
"db" : "test",
"roles" : [
{
"role" : "readWrite",
"db" : "lzkj"
}
]
}
在另外两个节点查不到信息
baoxue:SECONDARY> use test
switched to db test
baoxue:SECONDARY> db.auth("test2","Admin123")
1
baoxue:SECONDARY> show users
2021-04-05T14:48:50.804+0800 E QUERY [main] Error: not authorized on test to execute command { usersInfo: 1.0 } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1537:1
shellHelper.show@src/mongo/shell/utils.js:738:9
shellHelper@src/mongo/shell/utils.js:645:15
@(shellhelp2):1:1
baoxue:SECONDARY> show users
2021-04-05T14:49:15.697+0800 E QUERY [main] Error: not authorized on test to execute command { usersInfo: 1.0 } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1537:1
shellHelper.show@src/mongo/shell/utils.js:738:9
shellHelper@src/mongo/shell/utils.js:645:15
@(shellhelp2):1:1
baoxue:SECONDARY> exit
bye
[root@localhost mongodb]# mongo --port 27019
MongoDB shell version v3.4.0
connecting to: mongodb://127.0.0.1:27019/
MongoDB server version: 3.4.0
baoxue:SECONDARY> use test
switched to db test
baoxue:SECONDARY> db.auth("test2","Admin123")
1
baoxue:SECONDARY> show users
2021-04-05T14:49:54.516+0800 E QUERY [main] Error: not authorized on test to execute command { usersInfo: 1.0 } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1537:1
shellHelper.show@src/mongo/shell/utils.js:738:9
shellHelper@src/mongo/shell/utils.js:645:15
@(shellhelp2):1:1
baoxue:SECONDARY> use admin
switched to db admin
baoxue:SECONDARY> db.auth("root","Admin123")
1
baoxue:SECONDARY> show users
2021-04-05T14:50:37.649+0800 E QUERY [main] Error: not master and slaveOk=false :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1537:1
shellHelper.show@src/mongo/shell/utils.js:738:9
shellHelper@src/mongo/shell/utils.js:645:15
@(shellhelp2):1:1