MongoDB集群为 1主1从1仲裁架构。
image.png
主: 192.168.1.90:27017
从:192.168.1.86:27017
仲裁:192.168.1.104:37017
$ echo -e 'rs.addArb("192.168.1.104:37017");\n'| mongo -u "XXX" -p "XXX" --host 192.168.1.90 --port 27017 --authenticationDatabase "admin"
{
"msg": [
"----->test<-----",
"\t\t\t\"_id\" : 0,",
"\t\t\t\"name\" : \"192.168.1.86:27017\",",
"\t\t\t\"health\" : 1,",
"\t\t\t\"state\" : 2,",
"\t\t\t\"stateStr\" : \"SECONDARY\",",
"\t\t\t\"uptime\" : 5340104,",
"--",
"\t\t\t\"_id\" : 1,",
"\t\t\t\"name\" : \"192.168.1.90:27017\",",
"\t\t\t\"health\" : 1,",
"\t\t\t\"state\" : 1,",
"\t\t\t\"stateStr\" : \"PRIMARY\",",
"\t\t\t\"uptime\" : 5340104,",
"--",
"\t\t\t\"_id\" : 2,",
"\t\t\t\"name\" : \"192.168.1.104:37017\",",
"\t\t\t\"health\" : 1,",
"\t\t\t\"state\" : 7,",
"\t\t\t\"stateStr\" : \"ARBITER\",",
"\t\t\t\"uptime\" : 5340105,"
]
}
在主从节点:
$ mongo --host 192.168.1.90 --port 27017 -u username -p 'XXX' --authenticationDatabase admin
$ mongo --host 192.168.1.86 --port 27017 -u username -p 'XXX' --authenticationDatabase admin
$ echo "rs.status();" | mongo --quiet --host 192.168.1.90 --port 27017 -u username -p 'XXX' --authenticationDatabase admin
$ echo "rs.status();" | mongo --quiet --host 192.168.1.86 --port 27017 -u username -p 'XXX' --authenticationDatabase admin
{
"set" : "test",
"date" : ISODate("2024-04-30T05:39:55.523Z"),
"myState" : 1,
"term" : NumberLong(9),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1714455585, 1),
"t" : NumberLong(9)
},
"appliedOpTime" : {
"ts" : Timestamp(1714455585, 1),
"t" : NumberLong(9)
},
"durableOpTime" : {
"ts" : Timestamp(1714455585, 1),
"t" : NumberLong(9)
}
},
"members" : [
{
"_id" : 0,
"name" : "192.168.1.86:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 5348143,
"optime" : {
"ts" : Timestamp(1714455585, 1),
"t" : NumberLong(9)
},
"optimeDurable" : {
"ts" : Timestamp(1714455585, 1),
"t" : NumberLong(9)
},
"optimeDate" : ISODate("2024-04-30T05:39:45Z"),
"optimeDurableDate" : ISODate("2024-04-30T05:39:45Z"),
"lastHeartbeat" : ISODate("2024-04-30T05:39:54.377Z"),
"lastHeartbeatRecv" : ISODate("2024-04-30T05:39:54.169Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "192.168.1.90:27017",
"syncSourceHost" : "192.168.1.90:27017",
"syncSourceId" : 1,
"infoMessage" : "",
"configVersion" : 3
},
{
"_id" : 1,
"name" : "192.168.1.90:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 5348164,
"optime" : {
"ts" : Timestamp(1714455585, 1),
"t" : NumberLong(9)
},
"optimeDate" : ISODate("2024-04-30T05:39:45Z"),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"electionTime" : Timestamp(1709107452, 1),
"electionDate" : ISODate("2024-02-28T08:04:12Z"),
"configVersion" : 3,
"self" : true,
"lastHeartbeatMessage" : ""
},
{
"_id" : 2,
"name" : "192.168.1.104:37017",
"health" : 1,
"state" : 7,
"stateStr" : "ARBITER",
"uptime" : 1136881,
"lastHeartbeat" : ISODate("2024-04-30T05:39:54.915Z"),
"lastHeartbeatRecv" : ISODate("2024-04-30T05:39:55.497Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"configVersion" : 3
}
],
"ok" : 1
}
在仲裁节点:
$ echo "rs.status();" | mongo --host 192.168.1.104 --port 37017
MongoDB shell version v3.4.19
connecting to: mongodb://172.22.203.104:37017/
MongoDB server version: 3.4.19
{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { replSetGetStatus: 1.0 }",
"code" : 13,
"codeName" : "Unauthorized"
}
bye
$ echo "rs.status();" | mongo --host 127.0.0.1 --port 37017
MongoDB shell version v3.4.19
connecting to: mongodb://127.0.0.1:37017/
MongoDB server version: 3.4.19
$ ss -tan | grep 37017
LISTEN 0 128 *:37017 *:*
ESTAB 0 0 192.168.1.104:37017 192.168.192.160:23990
ESTAB 0 0 192.168.1.104:37017 192.168.192.158:48497
ESTAB 0 0 192.168.1.104:37017 192.168.192.160:27536
ESTAB 0 0 192.168.1.104:37017 192.168.192.159:42723
ESTAB 0 0 192.168.1.104:37017 192.168.192.158:19563
从上面的测试可以看出: MongoDB主从仲裁架构,仲裁节点如果没有开启认证,登陆无需用户名密码,但是只能从本机登陆,无法远程登录,这一定程度上保障了安全性,避免集群信息被泄露!
参考
Replica Set Arbiter
https://www.mongodb.com/docs/manual/core/replica-set-arbiter/#authentication
Localhost Exception
https://www.mongodb.com/docs/manual/core/localhost-exception/#std-label-localhost-exception
网友评论