三个节点的副本集如下图所示:
实验目的:
配置MongoDB的3节点副本集
3个节点的副本集都要开启auth认证,并且开启认证后,能互相通信
第一步 - 准备环境
准备三个虚拟机,其中一个用作Primary,另外两个用作Secondary。如上图展示的那样
虚拟机信息如下:
Primary:172.xx.xx.107
Secondary:172.xx.xx.105 和172.xx.xx.106
第二步 - yum安装Mongo
在/etc/yum.repos.d/目录下,创建一个mongodb.repo文件,指定MongoDB资源库即可。
使用 vim /etc/yum.repos.d/mongodb.repo命令,创建并打开文件mongodb.repo
[mongodb-org-3.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
### 然后 # yum repolist # yum install mongodb-org
第三步 - 配置副本集
使用vim /etc/mongod.conf配置,每一台虚拟机上的Mongod配置文件。
在replication选项中添加oplogSizeMB 和 replSetName两个属性
# vim /etc/mongod.conf
replication:
oplogSizeMB: 1024
replSetName: test
查看mongod.conf文件配置
# cat /etc/mongod.conf
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 # Listen to local interface only, comment to listen on all interfaces.
#security:
#operationProfiling:
replication:
oplogSizeMB: 1024
replSetName: test
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
注意:
3台虚拟机,MongoDB配置文件mongod.conf中的replSetName名字要保持一致,
在本例中,replSetName的名字为test,这个名字可以随便取
第四步 - 启动
配置好副本集之后,通过mongod --config /etc/mongod.conf 命令启动三个虚拟机中的Mongo服务
[root@dev04 mongodb]# mongod --config /etc/mongod.conf about to fork child process, waiting until server is ready for connections. forked process: 30799 child process started successfully, parent exiting
因为107端口的虚拟机安装的MongoDB要用作Primary节点,所以,我们可以使用mongo命令来连接
[root@dev04 mongodb]# mongo MongoDB shell version v3.4.2 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.2 ### 使用use admin, 切换到时admin数据库 > use admin switched to db admin
然后通过config配置设置副本集节点成员
config={_id:"test",members:[{_id:0,host:"172.xxx.xxx.107:27017"},{_id:1,host:"172.xxx.xxx.106:27017"},{_id:2,host:"172.xxx.xxx.105:27017"}]}
注:
_id:"test", test是副本集中取得名字。
members中添加每个副本集Mongod的_id和host信息
> config={_id:"test",members:[{_id:0,host:"172.xxx.xxx.107:27017"},{_id:1,host:"172.xxx.xxx.106:27017"},{_id:2,host:"172.xxx.xxx.105:27017"}]}
{
"_id" : "test",
"members" : [
{
"_id" : 0,
"host" : "172.xxx.xxx.107:27017"
},
{
"_id" : 1,
"host" : "172.xxx.xxx.106:27017"
},
{
"_id" : 2,
"host" : "172.xxx.xxx.105:27017"
}
]
}
>
然后,执行配置初始化,看到{ "ok" : 1 },则表明初始化成功
> rs.initiate(config)
{ "ok" : 1 }
使用rs.status()查看副本节点状态
test:PRIMARY> rs.status()
{
"set" : "test",
"date" : ISODate("2017-02-17T01:30:53.128Z"),
"myState" : 1,
"term" : NumberLong(1),
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1487295047, 1),
"t" : NumberLong(1)
},
"appliedOpTime" : {
"ts" : Timestamp(1487295047, 1),
"t" : NumberLong(1)
},
"durableOpTime" : {
"ts" : Timestamp(1487295047, 1),
"t" : NumberLong(1)
}
},
"members" : [
{
"_id" : 0,
"name" : "172.xxx.xxx.107:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 693,
"optime" : {
"ts" : Timestamp(1487295047, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2017-02-17T01:30:47Z"),
"infoMessage" : "could not find member to sync from",
"electionTime" : Timestamp(1487294966, 1),
"electionDate" : ISODate("2017-02-17T01:29:26Z"),
"configVersion" : 1,
"self" : true
},
{
"_id" : 1,
"name" : "172.xxx.xxx.106:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 96,
"optime" : {
"ts" : Timestamp(1487295047, 1),
"t" : NumberLong(1)
},
"optimeDurable" : {
"ts" : Timestamp(1487295047, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2017-02-17T01:30:47Z"),
"optimeDurableDate" : ISODate("2017-02-17T01:30:47Z"),
"lastHeartbeat" : ISODate("2017-02-17T01:30:52.708Z"),
"lastHeartbeatRecv" : ISODate("2017-02-17T01:30:51.674Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "172.xxx.xxx.107:27017",
"configVersion" : 1
},
{
"_id" : 2,
"name" : "172.xxx.xxx.105:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 96,
"optime" : {
"ts" : Timestamp(1487295047, 1),
"t" : NumberLong(1)
},
"optimeDurable" : {
"ts" : Timestamp(1487295047, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2017-02-17T01:30:47Z"),
"optimeDurableDate" : ISODate("2017-02-17T01:30:47Z"),
"lastHeartbeat" : ISODate("2017-02-17T01:30:52.708Z"),
"lastHeartbeatRecv" : ISODate("2017-02-17T01:30:51.745Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "172.xxx.xxx.106:27017",
"configVersion" : 1
}
],
"ok" : 1
test:PRIMARY>
第五步:副本集的认证
副本集总体思路是用户名、密码和keyfile文件,keyfile需要各个副本集服务启动时加载而且要是同一文件,然后在操作库是需要用户名、密码
KeyFile文件必须满足条件:
- 至少6个字符,小于1024字节
- 认证时候不考虑文件中空白字符
- 连接到副本集的成员和mongos进成的keyfile文件内容必须一样
- 必须是base64编码,但是不能有等号
- 文件权限必须是x00,也就是说,不能分配任何权限给group成员和other成员
### 在107节点生成Keyfile [root@localhost ~]# openssl rand -base64 90 > /usr/local/mongodb/keyfiletest
### 然后该文件scp到105、106上面 scp /usr/local/mongodb/keyfile root@172.xxx.xxx.105[106]:/usr/local/mongodb/
### 修改配置文件
# vim /etc/mongod.conf security: keyFile: /usr/local/mongodb/keyfiletest authorization: enabled
# cat /etc/mongod.conf
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 # Listen to local interface only, comment to listen on all interfaces.
security:
keyFile: /usr/local/mongodb/keyfiletest
authorization: enabled
#operationProfiling:
replication:
oplogSizeMB: 1024
replSetName: test
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
重启mongod服务,认证OK
转载及借鉴博客地址:
https://my.oschina.net/wangmengjun/blog/840997?from=timeline&isappinstalled=0
http://www.cnblogs.com/xiaoit/p/4522218.html
http://www.cnblogs.com/libingql/archive/2011/06/09/2076440.html