1、安装配置 mongodb
# wget https://mirrors.aliyun.com/mongodb/yum/redhat/6Server/mongodb-org/3.6/x86_64/RPMS/mongodb-org-3.6.6-1.el6.x86_64.rpm
# wget https://mirrors.aliyun.com/mongodb/yum/redhat/6Server/mongodb-org/3.6/x86_64/RPMS/mongodb-org-mongos-3.6.6-1.el6.x86_64.rpm
# wget https://mirrors.aliyun.com/mongodb/yum/redhat/6Server/mongodb-org/3.6/x86_64/RPMS/mongodb-org-server-3.6.6-1.el6.x86_64.rpm
# wget https://mirrors.aliyun.com/mongodb/yum/redhat/6Server/mongodb-org/3.6/x86_64/RPMS/mongodb-org-shell-3.6.6-1.el6.x86_64.rpm
# wget https://mirrors.aliyun.com/mongodb/yum/redhat/6Server/mongodb-org/3.6/x86_64/RPMS/mongodb-org-tools-3.6.6-1.el6.x86_64.rpm
# ls
mongodb-org-3.6.6-1.el6.x86_64.rpm mongodb-org-server-3.6.6-1.el6.x86_64.rpm mongodb-org-tools-3.6.6-1.el6.x86_64.rpm
mongodb-org-mongos-3.6.6-1.el6.x86_64.rpm mongodb-org-shell-3.6.6-1.el6.x86_64.rpm
# rpm -ivh *
warning: mongodb-org-3.6.6-1.el6.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 91fa4ad5: NOKEY
Preparing... ########################################### [100%]
1:mongodb-org-tools ########################################### [ 20%]
2:mongodb-org-shell ########################################### [ 40%]
3:mongodb-org-server ########################################### [ 60%]
4:mongodb-org-mongos ########################################### [ 80%]
5:mongodb-org ########################################### [100%]
# egrep -v "^$|^#" /etc/mongod.conf
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo
net:
port: 27017
bindIp: 127.0.0.1,10.3.20.14 # Listen to local interface only, comment to listen on all interfaces.
2、启动 mongodb
# /etc/init.d/mongod start
Starting mongod: [ OK ]
# ps -ef|grep mongod
mongod 4074 1 32 18:19 ? 00:00:01 /usr/bin/mongod -f /etc/mongod.conf
root 4098 1421 0 18:20 pts/0 00:00:00 grep mongod
# netstat -nltup|grep 4074
tcp 0 0 10.3.20.14:27017 0.0.0.0:* LISTEN 4074/mongod
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 4074/mongod
3、mongodb 认证配置
# mongo
MongoDB shell version v3.6.6
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.6
Server has startup warnings:
2018-07-16T18:28:34.139+0800 I STORAGE [initandlisten]
2018-07-16T18:28:34.139+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2018-07-16T18:28:34.139+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
2018-07-16T18:28:35.074+0800 I CONTROL [initandlisten]
2018-07-16T18:28:35.074+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-07-16T18:28:35.074+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-07-16T18:28:35.074+0800 I CONTROL [initandlisten]
> show databases
admin 0.000GB
local 0.000GB
> use admin
switched to db admin
// 创建超级用户
> db.createUser({user: 'root', pwd: '123456', roles: ['root']})
Successfully added user: { "user" : "root", "roles" : [ "root" ] }
>
// 配置要认证才能登录(加上 security: authorization: 'enabled' 配置)
# egrep -v "^$|^#" /etc/mongod.conf
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo
net:
port: 27017
bindIp: 127.0.0.1,10.3.20.14 # Listen to local interface only, comment to listen on all interfaces.
security:
authorization: 'enabled'
# /etc/init.d/mongod restart
// 访问方式 1
# mongo -u root -p 123456 --authenticationDatabase admin
> show databases;
admin 0.000GB
config 0.000GB
local 0.000GB
// 访问方式 2
# mongo -u root -p 123456 admin
> show databases;
admin 0.000GB
config 0.000GB
local 0.000GB
// 访问方式 3
# mongo -u root -p 123456 10.3.20.14/admin
> show databases
admin 0.000GB
config 0.000GB
local 0.000GB
// 访问方式 4
# mongo
MongoDB shell version v3.6.6
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.6
> show databases
2018-07-16T18:54:01.527+0800 E QUERY [thread1] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, $db: \"admin\" }",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:65:1
shellHelper.show@src/mongo/shell/utils.js:849:19
shellHelper@src/mongo/shell/utils.js:739:15
@(shellhelp2):1:1
> use admin
switched to db admin
> db.auth('root', '123456')
1
> show databases
admin 0.000GB
config 0.000GB
local 0.000GB
4、mongodb 角色说明
内建角色
Read:允许用户读取指定数据库
readWrite:允许用户读写指定数据库
dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
userAdmin:允许用户向system.users集合写入,可以在指定数据库里创建、删除和管理用户
clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。
readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。
root:只在admin数据库中可用。超级账号,超级权限
5、mongodb 基本操作
// 切换 db ,没有就创建(要插入数据才能看到创建后的 db)
> use admin
switched to db admin
// 查看集合
> show collections
system.users
system.version
// 切换 db ,没有就创建(要插入数据才能看到创建后的 db)
> use test
switched to db test
// 查看集合
> show collections
// 创建集合 foo(手工)
> db.createCollection('foo')
{ "ok" : 1 }
> show collections
foo
// 插入文档
> db.foo.insert({"name": "foo", "age": 10})
WriteResult({ "nInserted" : 1 })
// 查看文档
> db.foo.find()
{ "_id" : ObjectId("5b4c7b9f04991562df3badec"), "name" : "foo", "age" : 10 }
>
// 切换 db ,没有就创建(要插入数据才能看到创建后的 db)
> use test
switched to db test
// 创建集合 bar(自动), 插入文档
> db.bar.insert({"name": "bar", "age": 20})
WriteResult({ "nInserted" : 1 })
// 查看集合
> show collections
bar
foo
// 查看文档
> db.bar.find()
{ "_id" : ObjectId("5b4c7bd204991562df3baded"), "name" : "bar", "age" : 20 }
// 创建用户(在 user db 后,操作)
> db.createUser({user: 'imkh', pwd: '123456', roles: [{role: 'readWrite', db: 'test'}]})
Successfully added user: {
"user" : "imkh",
"roles" : [
{
"role" : "readWrite",
"db" : "test"
}
]
}
// 查看用户
> use admin
switched to db admin
> show collections
system.users
system.version
> db.system.users.find().pretty()
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "EvZkZiowuGgIBFJsIBwpLA==",
"storedKey" : "3Ff4e/oXhwfTEap2IKKGZz2+CeI=",
"serverKey" : "p/oOE2YjOkKhcXLi7k/R9iFJcIw="
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
{
"_id" : "admin.imkh",
"user" : "imkh",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "sdnTzH79sFcNF+xk1huETA==",
"storedKey" : "Y0rxZNQBUfk53jW46h+vWEccdJ8=",
"serverKey" : "SIlwdFnA4Vw2uOxL54NGE3mmuQM="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "test"
}
]
}
{
"_id" : "test.imkh",
"user" : "imkh",
"db" : "test",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "YObdZB5cI+kMDDzjuA3x2w==",
"storedKey" : "6xGWfXhE72nF4/1OJiBs7Cj3DIo=",
"serverKey" : "s1jnZlbGoYmfAf+nb0x4MYbZaOc="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "test"
}
]
}
> use test
switched to db test
> show users
{
"_id" : "test.imkh",
"user" : "imkh",
"db" : "test",
"roles" : [
{
"role" : "readWrite",
"db" : "test"
}
]
}
// 更改密码(在 user db 后,操作)
> db.changeUserPassword('imkh', 'asdfgh')
// 回收权限(在 user db 后,操作)
> use admin
switched to db admin
> db.system.users.find().pretty()
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "EvZkZiowuGgIBFJsIBwpLA==",
"storedKey" : "3Ff4e/oXhwfTEap2IKKGZz2+CeI=",
"serverKey" : "p/oOE2YjOkKhcXLi7k/R9iFJcIw="
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
{
"_id" : "test.imkh",
"user" : "imkh",
"db" : "test",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "YObdZB5cI+kMDDzjuA3x2w==",
"storedKey" : "6xGWfXhE72nF4/1OJiBs7Cj3DIo=",
"serverKey" : "s1jnZlbGoYmfAf+nb0x4MYbZaOc="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "test"
}
]
}
> db.revokeRolesFromUser('imkh', [{role: 'readWrite', db: 'test'}])
2018-07-17T11:16:15.166+0800 E QUERY [thread1] Error: Could not find user imkh@admin :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.revokeRolesFromUser@src/mongo/shell/db.js:1652:19
@(shell):1:1
> use test
switched to db test
> db.revokeRolesFromUser('imkh', [{role: 'readWrite', db: 'test'}])
> show users
{ "_id" : "test.imkh", "user" : "imkh", "db" : "test", "roles" : [ ] }
// 删除用户(在 user db 后,操作)
> db.dropUser('imkh')
true
网友评论