第三章:MongoDB导出&备份恢复&用户管理
1. 将user表导出 mongoexport
-o指明要导出的文件名, 本例中为”user.dat”
D:\Program Files\mongodb\Server\3.1\bin> mongoimport -d test -c user user.dat --现在导入数据
2015-05-05T15:45:13.016+0800 connected to: localhost
2015-05-05T15:45:13.021+0800 imported 5 documents
D:\Program Files\mongodb\Server\3.1\bin>mongo
2015-05-05T15:45:18.832+0800 I CONTROL Hotfix KB2731284 or later update is not installed, will zero-out data files
MongoDB shell version: 3.1.2
connecting to: test
Server has startup warnings:
2015-05-05T08:45:20.786+0800 I CONTROL [initandlisten]
2015-05-05T08:45:20.786+0800 I CONTROL [initandlisten] ** NOTE: This is a development version (3.1.2) of MongoDB.
2015-05-05T08:45:20.787+0800 I CONTROL [initandlisten] ** Not recommended for production.
2015-05-05T08:45:20.787+0800 I CONTROL [initandlisten]
> db.user.find() -- 现在可以看到原来的数据导入进去了
{ "_id" : ObjectId("55473cc3f2122f816c6dec1b"), "address" : { "city" : "dongguan", "province" : "shenzhen" }, "age" : 20, "loves" : [ "eat", "play", "drink" ], "name" : "tom2", "password" : "123456" }
{ "_id" : ObjectId("55473cb4f2122f816c6dec1a"), "address" : { "city" : "shiyan", "province" : "hubei" }, "age" : 24, "loves" : [ "eat", "play", "drink" ], "name" : "tom","password" : "123456" }
{ "_id" : ObjectId("55473ce1f2122f816c6dec1d"), "address" : { "city" : "shiyan", "province" : "guangdong" }, "age" : 20, "loves" : [ "eat", "play", "drink" ], "name" : "tom4", "password" : "123456" }
{ "_id" : ObjectId("55473cd3f2122f816c6dec1c"), "address" : { "city" : "changsha", "province" : "hunan" }, "age" : 20, "loves" : [ "eat", "play", "drink" ], "name" : "tom3", "password" : "123456" }
{ "_id" : ObjectId("55473d34f2122f816c6dec1e"), "address" : { "city" : "shiyan", "province" : "hubei" }, "age" : 44, "loves" : [ "eat", "play", "drink" ], "name" : "tom","password" : "123456" }
3.3 查看user里面的数据,可以看到有数据了
> db.user.find()
{ "_id" : ObjectId("55487797e45c6e187f75cc8c"), "EMPNO" : 7369, "ENAME" : "SMITH", "JOB" : "CLERK", "MGR" : 7902, "HIREDATE" : "1980/12/17", "SAL" : 800, "COMM" : "", "DE
PTNO" : 20 }
{ "_id" : ObjectId("55487797e45c6e187f75cc8d"), "EMPNO" : 7521, "ENAME" : "WARD", "JOB" : "SALESMAN", "MGR" : 7698, "HIREDATE" : "1981/2/22", "SAL" : 1250, "COMM" : 500,
"DEPTNO" : 30 }
2015-05-05T16:02:14.827+0800 writing test.user to dump\test\user.bson
2015-05-05T16:02:14.829+0800 writing test.system.indexes to dump\test\system.indexes.bson
2015-05-05T16:02:14.830+0800 writing test.persion to dump\test\persion.bson
2015-05-05T16:02:14.831+0800 writing test.users to dump\test\users.bson
2015-05-05T16:02:14.831+0800 writing test.fs.chunks to dump\test\fs.chunks.bson
2015-05-05T16:02:14.865+0800 writing test.persion metadata to dump\test\persion.metadata.json
2015-05-05T16:02:14.865+0800 writing test.user metadata to dump\test\user.metadata.json
2015-05-05T16:02:14.877+0800 writing test.fs.chunks metadata to dump\test\fs.chunks.metadata.json
2015-05-05T16:02:14.892+0800 writing test.users metadata to dump\test\users.metadata.json
2015-05-05T16:02:14.929+0800 done dumping test.persion
2015-05-05T16:02:14.929+0800 done dumping test.user
2015-05-05T16:02:14.930+0800 done dumping test.fs.chunks
2015-05-05T16:02:14.931+0800 done dumping test.users
2015-05-05T16:02:14.932+0800 writing test.fs.files to dump\test\fs.files.bson
2015-05-05T16:02:14.934+0800 writing test.fs.files metadata to dump\test\fs.files.metadata.json
2015-05-05T16:02:14.935+0800 done dumping test.fs.files
[root@localhost bin]# ./mongo 192.168.1.102:28018
MongoDB shell version: 1.8.1
connecting to: 192.168.1.102:28018/test
![]()
很奇怪,为什么我们启用了登录验证模块,但我们登录时没有指定用户,为什么还可以登录呢?在最初始的时候 MongoDB 都默认有一个 admin 数据库(默认是空的), 而 admin.system.users 中将会保存比在其它数据库中设置的用户权限更大的用户信息。 注意:当 admin.system.users 中没有添加任何用户时,即使 MongoDB 启动时添加了 --auth 参数,如果在除 admin 数据库中添加了用户,此时不进行任何认证依然可以使用任何操作,
直到知道你在 admin.system.users 中添加了一个用户。
下面的示例创建用户test用户在管理数据库:
use admin
db.createUser(
{
user: "test",
pwd: "123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
连上test库了,但进一步操作时有异常,看来MongoDB 允许未授权连接,不能进行任何操作
本地客户端连接,指定用户,结果如下:
[root@localhost bin]# ./mongo -u records -p
> show collections;
fs.chunks
fs.files
persion
system.indexes
users
zw
看来指定了用户名之后,访问数据库才是正常
6.4.2 建立指定权限用户
>db.createUser(
{
user: "test1",
pwd: "123",
roles: [ "root" ]
}
)
db.user.find();
./ mongoexport -d
test -c user -o user.dat
-d 指明使用的库, 本例中为” my_mongodb”
-c 指明要导出的表, 本例中为”user”
-o指明要导出的文件名, 本例中为”user.dat”
从上面可以看到导出的方式使用的是 JSON的样式
2. 数据导入mongoimport
2.1 我们先将表user删除掉,以便演示效果
[root@localhost bin]# ./mongoimport -d test -c user user.dat> db.user.drop();true> show collections;fs.chunksfs.filespersionsystem.indexesusers> db.user.find() --这是候没数据> exitbye
D:\Program Files\mongodb\Server\3.1\bin> mongoimport -d test -c user user.dat --现在导入数据
2015-05-05T15:45:13.016+0800 connected to: localhost
2015-05-05T15:45:13.021+0800 imported 5 documents
D:\Program Files\mongodb\Server\3.1\bin>mongo
2015-05-05T15:45:18.832+0800 I CONTROL Hotfix KB2731284 or later update is not installed, will zero-out data files
MongoDB shell version: 3.1.2
connecting to: test
Server has startup warnings:
2015-05-05T08:45:20.786+0800 I CONTROL [initandlisten]
2015-05-05T08:45:20.786+0800 I CONTROL [initandlisten] ** NOTE: This is a development version (3.1.2) of MongoDB.
2015-05-05T08:45:20.787+0800 I CONTROL [initandlisten] ** Not recommended for production.
2015-05-05T08:45:20.787+0800 I CONTROL [initandlisten]
> db.user.find() -- 现在可以看到原来的数据导入进去了
{ "_id" : ObjectId("55473cc3f2122f816c6dec1b"), "address" : { "city" : "dongguan", "province" : "shenzhen" }, "age" : 20, "loves" : [ "eat", "play", "drink" ], "name" : "tom2", "password" : "123456" }
{ "_id" : ObjectId("55473cb4f2122f816c6dec1a"), "address" : { "city" : "shiyan", "province" : "hubei" }, "age" : 24, "loves" : [ "eat", "play", "drink" ], "name" : "tom","password" : "123456" }
{ "_id" : ObjectId("55473ce1f2122f816c6dec1d"), "address" : { "city" : "shiyan", "province" : "guangdong" }, "age" : 20, "loves" : [ "eat", "play", "drink" ], "name" : "tom4", "password" : "123456" }
{ "_id" : ObjectId("55473cd3f2122f816c6dec1c"), "address" : { "city" : "changsha", "province" : "hunan" }, "age" : 20, "loves" : [ "eat", "play", "drink" ], "name" : "tom3", "password" : "123456" }
{ "_id" : ObjectId("55473d34f2122f816c6dec1e"), "address" : { "city" : "shiyan", "province" : "hubei" }, "age" : 44, "loves" : [ "eat", "play", "drink" ], "name" : "tom","password" : "123456" }
可以看到导入数据的时候会隐式创建表结构
3.导入CSV数据
3.1我们先将表user删除掉,以便演示效果
> db.user.drop(); --删除usertrue> show collections;fs.chunksfs.filespersionsystem.indexesusers> db.user.find() --这时没数据了>
3.2 导入csv文件,这里我将oracle的emp表导出成csv文件
./mongoimport -d test -c user --type csv --headerline --file user2.dat
D:\Program Files\mongodb\Server\3.1\bin>
mongoimport -d test -c user --type csv --headerline --file user2.dat
2015-05-05T15:56:07.061+0800 connected to: localhost
2015-05-05T15:56:07.089+0800 imported 14 documents
2015-05-05T15:56:07.061+0800 connected to: localhost
2015-05-05T15:56:07.089+0800 imported 14 documents
3.3 查看user里面的数据,可以看到有数据了
> db.user.find()
{ "_id" : ObjectId("55487797e45c6e187f75cc8c"), "EMPNO" : 7369, "ENAME" : "SMITH", "JOB" : "CLERK", "MGR" : 7902, "HIREDATE" : "1980/12/17", "SAL" : 800, "COMM" : "", "DE
PTNO" : 20 }
{ "_id" : ObjectId("55487797e45c6e187f75cc8d"), "EMPNO" : 7521, "ENAME" : "WARD", "JOB" : "SALESMAN", "MGR" : 7698, "HIREDATE" : "1981/2/22", "SAL" : 1250, "COMM" : 500,
"DEPTNO" : 30 }
参数说明:
-type 指明要导入的文件格式
-headerline 批明不导入第一行,因为第一行是列名
-file 指明要导入的文件路径
-headerline 批明不导入第一行,因为第一行是列名
-file 指明要导入的文件路径
CSV格式良好,主流数据库都支持导出为CSV的格式,所以这种格式非常利于异构数据迁移
4.数据的备份 mongodump
可以用mongodump来做MongoDB 的库或表级别的备份,下面举例说明:
备份test 数据库
D:\Program Files\mongodb\Server\3.1\bin>
mongodump -d test
2015-05-05T16:02:14.827+0800 writing test.user to dump\test\user.bson
2015-05-05T16:02:14.829+0800 writing test.system.indexes to dump\test\system.indexes.bson
2015-05-05T16:02:14.830+0800 writing test.persion to dump\test\persion.bson
2015-05-05T16:02:14.831+0800 writing test.users to dump\test\users.bson
2015-05-05T16:02:14.831+0800 writing test.fs.chunks to dump\test\fs.chunks.bson
2015-05-05T16:02:14.865+0800 writing test.persion metadata to dump\test\persion.metadata.json
2015-05-05T16:02:14.865+0800 writing test.user metadata to dump\test\user.metadata.json
2015-05-05T16:02:14.877+0800 writing test.fs.chunks metadata to dump\test\fs.chunks.metadata.json
2015-05-05T16:02:14.892+0800 writing test.users metadata to dump\test\users.metadata.json
2015-05-05T16:02:14.929+0800 done dumping test.persion
2015-05-05T16:02:14.929+0800 done dumping test.user
2015-05-05T16:02:14.930+0800 done dumping test.fs.chunks
2015-05-05T16:02:14.931+0800 done dumping test.users
2015-05-05T16:02:14.932+0800 writing test.fs.files to dump\test\fs.files.bson
2015-05-05T16:02:14.934+0800 writing test.fs.files metadata to dump\test\fs.files.metadata.json
2015-05-05T16:02:14.935+0800 done dumping test.fs.files
此时会在当前目录下创建一个
dump目录,用于存放备份出来的文件也可以指定备份存放的目录;
# ./mongodump -d test
-o my_mongodb_dump --指定当前备份目录
5.数据恢复 mongoresotre
5.1由于刚刚已经做了备份,所以我们先将库test 删除掉
5 .2.接下来我们进行数据库恢复> use testswitched to db test> db.dropDatabase(){ "dropped" : "test", "ok" : 1 }> show dbsdbname 0.078GBlocal 0.078GB
D:\Program Files\mongodb\Server\3.1\bin> mongorestore --drop> db.persion.find() 查询persion集合,里面的数据已经恢复{ "_id" : ObjectId("55471e5ddd647b87c8344721"), "name" : "zt", "age" : 18 }{ "_id" : ObjectId("55472415dd647b87c8344724"), "name" : "zw", "age" : 20 }>经验证数据库又回来了,其实要是想恢复库,也大可不必先删除 test 库,只要指明–drop参数,就可以在恢复的时候先删除表然后再向表中插入数据的
6.访问控制
官方手册中启动 MongoDB 服务时没有任何参数,一旦客户端连接后可以对数据库任意操而且可以远程访问数据库,所以推荐开发阶段可以不设置任何参数,但对于生产环境还是要仔细考虑一下安全方面的因素,而提高 MongoDB 数据库安全有几个方面
绑定IP内网地址访问MongoDB服务
设置监听端口
使用用户名和口令登录
设置监听端口
使用用户名和口令登录
6.1 绑定 IP 内网地址访问 MongoDB 服务
MongoDB 可以限制只允许某一特定 IP 来访问,只要在启动时加一个参数 bind_ip 即可,如下:
服务端限制只有192.168.0.56这个IP可以访问MongoDB 服务
[root@localhost bin]# ./mongod --bind_ip 192.168.0.56
客户端访问时需要明确指定服务端的 IP,否则会报错:
[root@localhost bin]# ./mongo 192.168.0.56
6.2 设置监听端口
官方默认的监听端口是27017,为了安全起见,一般都会修改这个监听端口,避免恶意的连
接尝试,具体如下:
将服务端监听端口修改为28018
接尝试,具体如下:
将服务端监听端口修改为28018
[root@localhost bin]# ./
mongod --bind_ip 192.168.0.56 --port 28018
端户访问时不指定端口,会连接到默认端口27017,对于本例会报错
[root@localhost bin]# ./
mongo 192.168.0.56
MongoDB shell version: 1.8.1
connecting to: 192.168.1.102/test
Sun Apr 15 15:55:51 Error: couldn't connect to server 192.168.1.102 shell/mongo.js:81
exception: connect failed
MongoDB shell version: 1.8.1
connecting to: 192.168.1.102/test
Sun Apr 15 15:55:51 Error: couldn't connect to server 192.168.1.102 shell/mongo.js:81
exception: connect failed
所以当服务端指定了端口后,客户端必须要明确指定端口才可以正常访问
MongoDB shell version: 1.8.1
connecting to: 192.168.1.102:28018/test
>
6.4 使用用户名和口令登录
先启用系统的登录验证模块, 只需在启动时指定 auth 参数即可,如
[root@localhost bin]# ./mongod --auth
本地客户端连接一下看看效果;
[root@localhost bin]# ./mongo
MongoDB shell version: 1.8.1
connecting to: test
MongoDB shell version: 1.8.1
connecting to: test
> show collections;
6.4.1 建立系统 test 用户 在admin库中新添一个用户test
[root@localhost bin]# ./mongo
下面的示例创建用户test用户在管理数据库:
use admin
db.createUser(
{
user: "test",
pwd: "123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
> db.auth("test","123")
下面的示例创建用户records用户在管理数据库:
use records
db.createUser(
{
user: "records",
pwd: "123",
roles: [ { role: "userAdmin", db: "records" } ]
}
)
> db.auth("records","123")
use records
db.createUser(
{
user: "records",
pwd: "123",
roles: [ { role: "userAdmin", db: "records" } ]
}
)
> db.auth("records","123")
连上test库了,但进一步操作时有异常,看来MongoDB 允许未授权连接,不能进行任何操作
本地客户端连接,指定用户,结果如下:
[root@localhost bin]# ./mongo -u records -p
> show collections;
fs.chunks
fs.files
persion
system.indexes
users
zw
看来指定了用户名之后,访问数据库才是正常
6.4.2 建立指定权限用户
MongoDB 也支持为某个特定的数据库来设置用户,如我们为 test 库设一个只读的用户以下操作创建一个用户报告数据库具有指定名称、密码和角色。
db.下面有这么多collections
>use reportingdb.reporting.insert({"name":"bankreport","value":"bankreport"})
db.products.insert({"name":"笔记本","price":3000})
db.sales.insert({"name":"zhangsan","yeji":2})
db.accounts.insert({"username":"zw","passwd":"123"})
>use test
db.createUser(
{
user: "test",
pwd: "123",
roles: [
{ role: "read", db: "reporting" },
{ role: "readWrite", db: "test" }
]
}
)
db.auth("test","123")
客户端用此用户来访问:[root@localhost bin]# ./mongo -u test -p
6.4.3 创建一个无限制权限的用户
> use admin
>db.createUser(
{
user: "test1",
pwd: "123",
roles: [ "root" ]
}
)
6.4.4 创建一个角色
use admin
db.createRole(
{
role: "mongostatRole",
privileges: [
{ resource: { cluster: true }, actions: [ "serverStatus" ] }
],
roles: []
}
)
use admin
db.createRole(
{
role: "mongostatRole",
privileges: [
{ resource: { cluster: true }, actions: [ "serverStatus" ] }
],
roles: []
}
)
给一个用户分配角色
识别用户的角色和权限
use reporting
db.getUser("reportsUser")
use accounts
db.getRole( "readWrite", { showPrivileges: true } )
授予用户使用的角色db.grantRolesToUser()方法。
use reporting
db.grantRolesToUser(
"reportsUser",
[
{ role: "readWrite", db: "products" } ,
{ role: "readAnyDatabase", db:"admin" }
]
)
识别用户的角色和权限
use reporting
db.getUser("reportsUser")
use accounts
db.getRole( "readWrite", { showPrivileges: true } )
授予用户使用的角色db.grantRolesToUser()方法。
use reporting
db.grantRolesToUser(
"reportsUser",
[
{ role: "readWrite", db: "products" } ,
{ role: "readAnyDatabase", db:"admin" }
]
)