三节点副本集(keyfile+auth)测试
CentOS7下MongoDB3.6的三节点副本集keyfile+auth方式测试
(1). 安装MongoDB
[root@10-12-167-31 ~]# tar xf mongodb-linux-x86_64-rhel70-v3.6-latest.tgz 
[root@10-12-167-31 ~]# ln -s /usr/local/mongodb-linux-x86_64-rhel70-3.6.6-92-gc692662/ /usr/local/mongodb

(2). 创建普通用户和相关目录
[root@10-12-167-31 ~]# mkdir /data/mongodb
[root@10-12-167-31 ~]# useradd keung
[root@10-12-167-31 ~]# chown keung.keung /data/mongodb

[root@10-12-167-31 ~]# echo never > /sys/kernel/mm/transparent_hugepage/enabled
[root@10-12-167-31 ~]# echo never > /sys/kernel/mm/transparent_hugepage/defrag

[root@10-12-167-31 ~]# su - keung
[keung@10-12-167-31 ~]$ mkdir /data/mongodb/2701{7,8,9}/{data,logs} -p

(3). 配置mongod.conf
#mongod.conf
systemLog:
    destination: file
    path: "/data/mongodb/27017/logs/mongod.log"
    logAppend: true
storage:
    dbPath: "/data/mongodb/27017/data"
    journal:
        enabled: true
    wiredTiger:
        engineConfig:
            cacheSizeGB: 1
replication:
    replSetName: "myReplSet"
processManagement:
    fork: true
    pidFilePath: "/data/mongodb/27017/mongodb.pid"
net:
    bindIp: 127.0.0.1,10.12.167.31
    port: 27017
setParameter:
    enableLocalhostAuthBypass: false
27018节点和27019节点配置类似,只需把端口改一下

(4). 启动三个节点
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27017/mongodb.conf 
about to fork child process, waiting until server is ready for connections.
forked process: 9517
child process started successfully, parent exiting
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27018/mongodb.conf 
about to fork child process, waiting until server is ready for connections.
forked process: 9545
child process started successfully, parent exiting
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27019/mongodb.conf 
about to fork child process, waiting until server is ready for connections.
forked process: 9573
child process started successfully, parent exiting

(5). 连接任一节点,配置副本集
keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongo --port=27017
MongoDB shell version v3.6.6-92-gc692662
connecting to: mongodb://127.0.0.1:27017/
MongoDB server version: 3.6.6-92-gc692662
Server has startup warnings: 
2018-08-14T23:52:44.606+0800 I CONTROL  [initandlisten] 
2018-08-14T23:52:44.606+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-08-14T23:52:44.606+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2018-08-14T23:52:44.606+0800 I CONTROL  [initandlisten] 
> config = {_id: "myReplSet", members: [{_id: 0, host: "10.12.167.31:27017"}, {_id: 1, host: "10.12.167.31:27018"}, {_id: 2, host: "10.12.167.31:27019"}]}
{
	"_id" : "myReplSet",
	"members" : [
		{
			"_id" : 0,
			"host" : "10.12.167.31:27017"
		},
		{
			"_id" : 1,
			"host" : "10.12.167.31:27018"
		},
		{
			"_id" : 2,
			"host" : "10.12.167.31:27019"
		}
	]
}
> rs.initiate(config)
{
	"ok" : 1,
	"operationTime" : Timestamp(1534262137, 1),
	"$clusterTime" : {
		"clusterTime" : Timestamp(1534262137, 1),
		"signature" : {
			"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
			"keyId" : NumberLong(0)
		}
	}
}
myReplSet:SECONDARY> rs.status()
{
	"set" : "myReplSet",
	"date" : ISODate("2018-08-14T15:56:03.242Z"),
	"myState" : 1,
	"term" : NumberLong(1),
	"syncingTo" : "",
	"syncSourceHost" : "",
	"syncSourceId" : -1,
	"heartbeatIntervalMillis" : NumberLong(2000),
	"optimes" : {
		"lastCommittedOpTime" : {
			"ts" : Timestamp(1534262150, 1),
			"t" : NumberLong(1)
		},
		"readConcernMajorityOpTime" : {
			"ts" : Timestamp(1534262150, 1),
			"t" : NumberLong(1)
		},
		"appliedOpTime" : {
			"ts" : Timestamp(1534262150, 1),
			"t" : NumberLong(1)
		},
		"durableOpTime" : {
			"ts" : Timestamp(1534262150, 1),
			"t" : NumberLong(1)
		}
	},
	"members" : [
		{
			"_id" : 0,
			"name" : "10.12.167.31:27017",
			"health" : 1,
			"state" : 1,
			"stateStr" : "PRIMARY",
			"uptime" : 200,
			"optime" : {
				"ts" : Timestamp(1534262150, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2018-08-14T15:55:50Z"),
			"syncingTo" : "",
			"syncSourceHost" : "",
			"syncSourceId" : -1,
			"infoMessage" : "could not find member to sync from",
			"electionTime" : Timestamp(1534262148, 1),
			"electionDate" : ISODate("2018-08-14T15:55:48Z"),
			"configVersion" : 1,
			"self" : true,
			"lastHeartbeatMessage" : ""
		},
		{
			"_id" : 1,
			"name" : "10.12.167.31:27018",
			"health" : 1,
			"state" : 2,
			"stateStr" : "SECONDARY",
			"uptime" : 25,
			"optime" : {
				"ts" : Timestamp(1534262150, 1),
				"t" : NumberLong(1)
			},
			"optimeDurable" : {
				"ts" : Timestamp(1534262150, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2018-08-14T15:55:50Z"),
			"optimeDurableDate" : ISODate("2018-08-14T15:55:50Z"),
			"lastHeartbeat" : ISODate("2018-08-14T15:56:02.481Z"),
			"lastHeartbeatRecv" : ISODate("2018-08-14T15:56:02.630Z"),
			"pingMs" : NumberLong(0),
			"lastHeartbeatMessage" : "",
			"syncingTo" : "10.12.167.31:27017",
			"syncSourceHost" : "10.12.167.31:27017",
			"syncSourceId" : 0,
			"infoMessage" : "",
			"configVersion" : 1
		},
		{
			"_id" : 2,
			"name" : "10.12.167.31:27019",
			"health" : 1,
			"state" : 2,
			"stateStr" : "SECONDARY",
			"uptime" : 25,
			"optime" : {
				"ts" : Timestamp(1534262150, 1),
				"t" : NumberLong(1)
			},
			"optimeDurable" : {
				"ts" : Timestamp(1534262150, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2018-08-14T15:55:50Z"),
			"optimeDurableDate" : ISODate("2018-08-14T15:55:50Z"),
			"lastHeartbeat" : ISODate("2018-08-14T15:56:02.481Z"),
			"lastHeartbeatRecv" : ISODate("2018-08-14T15:56:02.634Z"),
			"pingMs" : NumberLong(0),
			"lastHeartbeatMessage" : "",
			"syncingTo" : "10.12.167.31:27017",
			"syncSourceHost" : "10.12.167.31:27017",
			"syncSourceId" : 0,
			"infoMessage" : "",
			"configVersion" : 1
		}
	],
	"ok" : 1,
	"operationTime" : Timestamp(1534262150, 1),
	"$clusterTime" : {
		"clusterTime" : Timestamp(1534262150, 1),
		"signature" : {
			"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
			"keyId" : NumberLong(0)
		}
	}
}

(6). 连接主节点创建账号密码
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongo --host=10.12.167.31 --port=27017
MongoDB shell version v3.6.6-92-gc692662
connecting to: mongodb://10.12.167.31:27017/
MongoDB server version: 3.6.6-92-gc692662
Server has startup warnings: 
2018-08-14T23:52:44.606+0800 I CONTROL  [initandlisten] 
2018-08-14T23:52:44.606+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-08-14T23:52:44.606+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2018-08-14T23:52:44.606+0800 I CONTROL  [initandlisten] 
myReplSet:PRIMARY> use admin
switched to db admin
# 创建管理员
myReplSet:PRIMARY> db.createUser({user: "admin",pwd: "p@ssw0rd4admin",roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
Successfully added user: {
	"user" : "admin",
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		}
	]
}
#创建集群管理员
myReplSet:PRIMARY> db.createUser({"user" : "cluster","pwd" : "changeme2",roles: [ { "role" : "clusterAdmin", "db" : "admin" } ]})
Successfully added user: {
	"user" : "cluster",
	"roles" : [
		{
			"role" : "clusterAdmin",
			"db" : "admin"
		}
	]
}
#创建普通用户
myReplSet:PRIMARY> use db1;
switched to db db1
myReplSet:PRIMARY> db.createUser({user:"keung",pwd:"pass4keung",roles:[{role:"dbOwner",db:"db1"}]})
Successfully added user: {
	"user" : "keung",
	"roles" : [
		{
			"role" : "dbOwner",
			"db" : "db1"
		}
	]
}

(7). 关闭副本集
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27019/mongodb.conf --shutdown
killing process with pid: 9573
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27018/mongodb.conf --shutdown
killing process with pid: 9545
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27017/mongodb.conf --shutdown
killing process with pid: 9517

(8). 修改配置文件,开启认证方式和keyFile鉴权
#27017节点配置为
security:
    keyFile: "/data/mongodb/27017/keyfile"
    authorization: enabled
#27018节点配置为
security:
    keyFile: "/data/mongodb/27018/keyfile"
    authorization: enabled
#27018节点配置为

(9). 生成keyfile文件, 权限为400, 并拷贝到相应节点下
[keung@10-12-167-31 ~]$ openssl rand -base64 756 -out keyfile
[keung@10-12-167-31 ~]$ chmod 400 keyfile 
[keung@10-12-167-31 ~]$ cp -a keyfile /data/mongodb/27017/
[keung@10-12-167-31 ~]$ cp -a keyfile /data/mongodb/27018/
[keung@10-12-167-31 ~]$ cp -a keyfile /data/mongodb/27019/

(10). 重新启动各个节点
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27017/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 9868
child process started successfully, parent exiting
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27018/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 9944
child process started successfully, parent exiting
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongod --config /data/mongodb/27019/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 10023
child process started successfully, parent exiting

(11). 在主节点测试写入
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongo --port=27017
MongoDB shell version v3.6.6-92-gc692662
connecting to: mongodb://127.0.0.1:27017/
MongoDB server version: 3.6.6-92-gc692662
myReplSet:PRIMARY> use db1;
switched to db db1
myReplSet:PRIMARY> db.auth('keung','pass4keung')
1
myReplSet:PRIMARY> db.t_user.insert({"user": "mongodb"});
WriteResult({ "nInserted" : 1 })
myReplSet:PRIMARY> db.t_user.find();
{ "_id" : ObjectId("5b72ff6e8363f501cd9e7323"), "user" : "mongodb" }

(12). 在secondary节点测试查询是否有数据同步
[keung@10-12-167-31 ~]$ /usr/local/mongodb/bin/mongo --port=27018
MongoDB shell version v3.6.6-92-gc692662
connecting to: mongodb://127.0.0.1:27018/
MongoDB server version: 3.6.6-92-gc692662
myReplSet:SECONDARY> use db1;
switched to db db1
myReplSet:SECONDARY> db.auth('keung','pass4keung')
1
myReplSet:SECONDARY> rs.slaveOk()   #默认情况下secondary是不可以读写的,需要执行rs.slaveOk()才可以执行查看命令
myReplSet:SECONDARY> db.t_user.find();
{ "_id" : ObjectId("5b72ff6e8363f501cd9e7323"), "user" : "mongodb" }

 

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇