1. 环境
准备了三台机器(CentOS Linux release 7.2.1511 (Core)):
100.65.16.35 m1
100.65.16.117 m2
100.65.16.160 m3
2. 配置
副本模式配置文件配置:
cat << EOF > mongo.conf
dbpath=/root/dbs
logpath=/root/logs/mongo.log
pidfilepath=/root/dbs/mongod.pid
directoryperdb=true
storageEngine=wiredTiger
port=28017
bind_ip=127.0.0.1,100.65.16.35(另外两台需要改成响应的ip)
logappend=true
fork=true
journal=true
oplogSize=2000
replSet=haip
keyFile=/root/mongodb/mongodb_keyfile
auth=true
EOF
其中mongodb_keyfile中的密钥生成指令:
openssl rand -base64 756 > /root/mongodb/mongodb_keyfile
而后需要将此文件的权限改为:600
chmod 600 /root/mongodb/mongodb_keyfile
3. 启动
而后分别通过指令启动:
/root/mongodb/bin/mongod -f /root/mongodb/mongo.conf
about to fork child process, waiting until server is ready for connections.
forked process: 11220
child process started successfully, parent exiting
4. 集群
登录任意一台节点:
[root@LFA-L0170088 ~]# /root/mongodb/bin/mongo localhost:28017/admin
MongoDB shell version v3.6.8
connecting to: mongodb://localhost:28017/admin
MongoDB server version: 3.6.8
haip:PRIMARY>
副本初始化:
cfg = {
_id: "haip",
members: [{
_id: 0,
host: '100.65.16.35:28017',
priority: 1
}, {
_id: 1,
host: '100.65.16.117:28017',
priority: 1
}, {
_id: 2,
host: '100.65.16.160:28017',
priority: 1
}]
}
rs.initiate(cfg)
执行后当前节点显示为SECONDORAY,稍等下会变为PRIMARY:
haip:SECONDARY>
haip:PRIMARY>
haip:PRIMARY>
haip:PRIMARY>
通过rs.status()查看副本中各个节点的状态是否正确:
haip:PRIMARY> rs.status()
{
"set" : "haip",
"date" : ISODate("2019-07-29T02:55:39.504Z"),
"myState" : 1,
"term" : NumberLong(1),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
},
"appliedOpTime" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
},
"durableOpTime" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
}
},
"members" : [
{
"_id" : 0,
"name" : "100.65.16.35:28017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 236,
"optime" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2019-07-29T02:55:33Z"),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "could not find member to sync from",
"electionTime" : Timestamp(1564368871, 1),
"electionDate" : ISODate("2019-07-29T02:54:31Z"),
"configVersion" : 1,
"self" : true,
"lastHeartbeatMessage" : ""
},
{
"_id" : 1,
"name" : "100.65.16.117:28017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 78,
"optime" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
},
"optimeDurable" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2019-07-29T02:55:33Z"),
"optimeDurableDate" : ISODate("2019-07-29T02:55:33Z"),
"lastHeartbeat" : ISODate("2019-07-29T02:55:37.655Z"),
"lastHeartbeatRecv" : ISODate("2019-07-29T02:55:38.340Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "100.65.16.35:28017",
"syncSourceHost" : "100.65.16.35:28017",
"syncSourceId" : 0,
"infoMessage" : "",
"configVersion" : 1
},
{
"_id" : 2,
"name" : "100.65.16.160:28017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 78,
"optime" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
},
"optimeDurable" : {
"ts" : Timestamp(1564368933, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2019-07-29T02:55:33Z"),
"optimeDurableDate" : ISODate("2019-07-29T02:55:33Z"),
"lastHeartbeat" : ISODate("2019-07-29T02:55:37.656Z"),
"lastHeartbeatRecv" : ISODate("2019-07-29T02:55:38.335Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "100.65.16.35:28017",
"syncSourceHost" : "100.65.16.35:28017",
"syncSourceId" : 0,
"infoMessage" : "",
"configVersion" : 1
}
],
"ok" : 1,
"operationTime" : Timestamp(1564368933, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1564368933, 1),
"signature" : {
"hash" : BinData(0,"Vp/el0D4VfSZHnyFFuK9fvi9WXM="),
"keyId" : NumberLong("6718913148415377409")
}
}
}
若状态不对,可以通过rs.reconfig(cfg)重新初始化。
5. 授权
此时执行其他指令会报错:
haip:PRIMARY> show dbs
2019-07-29T11:04:03.484+0800 E QUERY [thread1] Error: listDatabases failed:{
"operationTime" : Timestamp(1564369439, 1),
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, $clusterTime: { clusterTime: Timestamp(1564369439, 1), signature: { hash: BinData(0, 169E3DDFB8C073C2099F043939F76CF31AF364D1), keyId: 6718913148415377409 } }, $db: \"admin\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(1564369439, 1),
"signature" : {
"hash" : BinData(0,"Fp4937jAc8IJnwQ5Ofds8xrzZNE="),
"keyId" : NumberLong("6718913148415377409")
}
}
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:65:1
shellHelper.show@src/mongo/shell/utils.js:849:19
shellHelper@src/mongo/shell/utils.js:739:15
@(shellhelp2):1:1
需要授权认证:
haip:PRIMARY> db.createUser(
... {
... user: "admin",
... pwd: "xxxxxxxxx",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
然后执行还是会报错,需要重启各个mongod(全部关闭,在重新启动):
ps axu|grep mongo|head -1|kill -9 `awk '{print $2}'`
ls ../dbs/*.lock|while read l; do rm $l -rf; done
而后用授权方式登录:
bin/mongo --port 28017 -u admin -p --authenticationDatabase admin
haip:PRIMARY> show dbs;
admin 0.000GB
config 0.000GB
local 0.000GB
6. 创建DB帐号:
db.createUser({user: "cprice", pwd: "xxxxxxx", roles: [{ role: "dbOwner", db: "cprice" }]})
网友评论