zoukankan      html  css  js  c++  java
  • monggodb 复制集 集群 搭建

    https://docs.mongodb.com/manual/tutorial/enable-authentication/

    Overview

    Enabling access control on a MongoDB deployment enforces authentication, requiring users to identify themselves. When accessing a MongoDB deployment that has access control enabled, users can only perform actions as determined by their roles.

    For authentication, MongoDB supports various Authentication Mechanisms.

    The following tutorial enables access control on a standalone mongod instance and uses the default authentication mechanism.

    Replica sets and sharded clusters

    Replica sets and sharded clusters require internal authentication between members when access control is enabled. For more details, please see Internal Authentication.

    User Administrator

    With access control enabled, ensure you have a user with userAdmin or userAdminAnyDatabase role in the admin database. This user can administrate user and roles such as: create users, grant or revoke roles from users, and create or modify customs roles.

    You can create users either before or after enabling access control. If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in theadmin database. Once created, you must authenticate as the user administrator to create additional users as needed.

    Procedure

    The following procedure first adds a user administrator to a MongoDB instance running without access control and then enables access control.

    1

    Start MongoDB without access control.

    For example, the following starts a standalone mongod instance without access control.

    mongod --port 27017 --dbpath /data/db1
    
    2

    Connect to the instance.

    For example, connect a mongo shell to the instance.

    mongo --port 27017
    

    Specify additional command line options as appropriate to connect the mongo shell to your deployment, such as --host.

    3

    Create the user administrator.

    In the admin database, add a user with the userAdminAnyDatabase role. For example, the following creates the user myUserAdmin in the admin database:

    NOTE

    The database where you create the user (in this example, admin) is the user’s authentication database. Although the user would authenticate to this database, the user can have roles in other databases; i.e. the user’s authentication database does not limit the user’s privileges.

    use admin
    db.createUser(
      {
        user: "myUserAdmin",
        pwd: "abc123",
        roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
      }
    )
    

    Disconnect the mongo shell.

    4

    Re-start the MongoDB instance with access control.

    Re-start the mongod instance with the --auth command line option or, if using a configuration file, thesecurity.authorization setting.

    mongod --auth --port 27017 --dbpath /data/db1
    

    Clients that connect to this instance must now authenticate themselves as a MongoDB user. Clients can only perform actions as determined by their assigned roles.

    5

    Connect and authenticate as the user administrator.

    Using the mongo shell, you can:

    • Connect with authentication by passing in user credentials, or
    • Connect first withouth authentication, and then issue the db.auth() method to authenticate.

    To authenticate during connection

    Start a mongo shell with the -u <username>-p <password>, and the --authenticationDatabase <database> command line options:

    mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
    

    To authenticate after connecting

    Connect the mongo shell to the mongod:

    mongo --port 27017
    

    Switch to the authentication database (in this case, admin), and use db.auth(<username>,<pwd>) method to authenticate:

    use admin
    db.auth("myUserAdmin", "abc123" )
    
     
    https://docs.mongodb.com/manual/tutorial/deploy-replica-set/
    
    wget wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.10.tgz;
    tar xf mongodb* -C /usr/local/;
    ln -sf /usr/local/mongodb-linux-x86_64-3.4.10 /usr/local/mongodb;
    
    cd /usr/local/mongodb/bin; ll -a;
    mkdir -p /data/db1;
    
    
    now=$(date +"%H_%I_%S_%m_%d_%Y");
    echo $now;
    echo 123 > $now.now;
    
    
    ./mongod  --port 27017  --dbpath /data/db1 --logpath /data/db1.$now.log--logappend;
    
    ps -aux | grep mongo;
    ./mongo --port 27017;
    use admin
    db.createUser(
      {
        user: "admin",
        pwd: "admin123",
        roles: [ { role: "userAdminAnyDatabase", db: "admin" } ,"clusterAdmin"]
      }
    )
    db.shutdownServer()
    exit
    
    ps -aux | grep mongo;
    
    echo 'mykeyfksdfjjsjf>2<1024' > mykeyf;
    chmod 600;
    
    scp mykeyf hadoop2:/usr/local/mongodb/bin;
    scp mykeyf bigdata-server-02:/usr/local/mongodb/bin;scp mykeyf bigdata-server-03:/usr/local/mongodb/bin;
    
    	[
    		Use rs.initiate() on one and only one member of the replica set
    		https://docs.mongodb.com/manual/tutorial/deploy-replica-set/
    		https://docs.mongodb.com/manual/core/security-internal-authentication/
    		https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterAuthMode
    	]
    
    ./mongod --auth  --port 27017 --keyFile /usr/local/mongodb/bin/mykeyf --replSet myreplSet  --dbpath /data/db1 --logpath  /data/db1.$now.log;
    ./mongo --port 27017;
    use admin;
    db.auth("admin","admin123");
    
    
    ##
    rs.status();
    rs.add("hadoop2:27017");
    

      

     
    > rs.initiate();
    {
    	"info2" : "no configuration specified. Using a default configuration for the set",
    	"me" : "hadoop1:27017",
    	"ok" : 1
    }
    myreplSet:SECONDARY> rs.add("hadoop2:27017");
    { "ok" : 1 }
    myreplSet:PRIMARY> rs.status()
    {
    	"set" : "myreplSet",
    	"date" : ISODate("2017-11-22T08:59:42.246Z"),
    	"myState" : 1,
    	"term" : NumberLong(1),
    	"heartbeatIntervalMillis" : NumberLong(2000),
    	"optimes" : {
    		"lastCommittedOpTime" : {
    			"ts" : Timestamp(1511341175, 2),
    			"t" : NumberLong(1)
    		},
    		"appliedOpTime" : {
    			"ts" : Timestamp(1511341175, 2),
    			"t" : NumberLong(1)
    		},
    		"durableOpTime" : {
    			"ts" : Timestamp(1511341175, 2),
    			"t" : NumberLong(1)
    		}
    	},
    	"members" : [
    		{
    			"_id" : 0,
    			"name" : "hadoop1:27017",
    			"health" : 1,
    			"state" : 1,
    			"stateStr" : "PRIMARY",
    			"uptime" : 118,
    			"optime" : {
    				"ts" : Timestamp(1511341175, 2),
    				"t" : NumberLong(1)
    			},
    			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),
    			"infoMessage" : "could not find member to sync from",
    			"electionTime" : Timestamp(1511341163, 2),
    			"electionDate" : ISODate("2017-11-22T08:59:23Z"),
    			"configVersion" : 2,
    			"self" : true
    		},
    		{
    			"_id" : 1,
    			"name" : "hadoop2:27017",
    			"health" : 1,
    			"state" : 2,
    			"stateStr" : "SECONDARY",
    			"uptime" : 6,
    			"optime" : {
    				"ts" : Timestamp(1511341175, 2),
    				"t" : NumberLong(1)
    			},
    			"optimeDurable" : {
    				"ts" : Timestamp(1511341175, 2),
    				"t" : NumberLong(1)
    			},
    			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),
    			"optimeDurableDate" : ISODate("2017-11-22T08:59:35Z"),
    			"lastHeartbeat" : ISODate("2017-11-22T08:59:41.891Z"),
    			"lastHeartbeatRecv" : ISODate("2017-11-22T08:59:37.663Z"),
    			"pingMs" : NumberLong(0),
    			"configVersion" : 2
    		}
    	],
    	"ok" : 1
    }
    myreplSet:PRIMARY> 
    

      

     
     主备自动切换
    当其中一个执行db.shutdownServer()后:
    myreplSet:SECONDARY> rs.status()
    {
    	"set" : "myreplSet",
    	"date" : ISODate("2017-11-22T02:20:43.349Z"),
    	"myState" : 2,
    	"term" : NumberLong(3),
    	"heartbeatIntervalMillis" : NumberLong(2000),
    	"optimes" : {
    		"lastCommittedOpTime" : {
    			"ts" : Timestamp(1511345737, 1),
    			"t" : NumberLong(3)
    		},
    		"appliedOpTime" : {
    			"ts" : Timestamp(1511345737, 1),
    			"t" : NumberLong(3)
    		},
    		"durableOpTime" : {
    			"ts" : Timestamp(1511345737, 1),
    			"t" : NumberLong(3)
    		}
    	},
    	"members" : [
    		{
    			"_id" : 0,
    			"name" : "hadoop1:27017",
    			"health" : 0,
    			"state" : 8,
    			"stateStr" : "(not reachable/healthy)",
    			"uptime" : 0,
    			"optime" : {
    				"ts" : Timestamp(0, 0),
    				"t" : NumberLong(-1)
    			},
    			"optimeDurable" : {
    				"ts" : Timestamp(0, 0),
    				"t" : NumberLong(-1)
    			},
    			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
    			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),
    			"lastHeartbeat" : ISODate("2017-11-22T02:20:42.871Z"),
    			"lastHeartbeatRecv" : ISODate("2017-11-22T02:20:26.990Z"),
    			"pingMs" : NumberLong(0),
    			"lastHeartbeatMessage" : "Connection refused",
    			"configVersion" : -1
    		},
    		{
    			"_id" : 1,
    			"name" : "hadoop2:27017",
    			"health" : 1,
    			"state" : 2,
    			"stateStr" : "SECONDARY",
    			"uptime" : 179,
    			"optime" : {
    				"ts" : Timestamp(1511345737, 1),
    				"t" : NumberLong(3)
    			},
    			"optimeDate" : ISODate("2017-11-22T10:15:37Z"),
    			"infoMessage" : "could not find member to sync from",
    			"configVersion" : 2,
    			"self" : true
    		}
    	],
    	"ok" : 1
    }
    

      

     
     
    先启动2,后启动1,2成了主节点
     
    [root@hadoop2 bin]# ./mongo --port 27017;
    MongoDB shell version v3.4.7
    connecting to: mongodb://127.0.0.1:27017/
    MongoDB server version: 3.4.7
    myreplSet:SECONDARY> use admin
    switched to db admin
    myreplSet:SECONDARY> db.auth("admin","admin123")
    1
    myreplSet:SECONDARY> rs.status()
    {
    	"set" : "myreplSet",
    	"date" : ISODate("2017-11-22T02:41:45.652Z"),
    	"myState" : 2,
    	"term" : NumberLong(4),
    	"heartbeatIntervalMillis" : NumberLong(2000),
    	"optimes" : {
    		"lastCommittedOpTime" : {
    			"ts" : Timestamp(0, 0),
    			"t" : NumberLong(-1)
    		},
    		"appliedOpTime" : {
    			"ts" : Timestamp(1511346776, 1),
    			"t" : NumberLong(4)
    		},
    		"durableOpTime" : {
    			"ts" : Timestamp(1511346776, 1),
    			"t" : NumberLong(4)
    		}
    	},
    	"members" : [
    		{
    			"_id" : 0,
    			"name" : "hadoop1:27017",
    			"health" : 0,
    			"state" : 8,
    			"stateStr" : "(not reachable/healthy)",
    			"uptime" : 0,
    			"optime" : {
    				"ts" : Timestamp(0, 0),
    				"t" : NumberLong(-1)
    			},
    			"optimeDurable" : {
    				"ts" : Timestamp(0, 0),
    				"t" : NumberLong(-1)
    			},
    			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
    			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),
    			"lastHeartbeat" : ISODate("2017-11-22T02:41:45.036Z"),
    			"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),
    			"pingMs" : NumberLong(0),
    			"lastHeartbeatMessage" : "Connection refused",
    			"configVersion" : -1
    		},
    		{
    			"_id" : 1,
    			"name" : "hadoop2:27017",
    			"health" : 1,
    			"state" : 2,
    			"stateStr" : "SECONDARY",
    			"uptime" : 186,
    			"optime" : {
    				"ts" : Timestamp(1511346776, 1),
    				"t" : NumberLong(4)
    			},
    			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),
    			"configVersion" : 2,
    			"self" : true
    		}
    	],
    	"ok" : 1
    }
    myreplSet:SECONDARY> rs.status()
    {
    	"set" : "myreplSet",
    	"date" : ISODate("2017-11-22T02:42:04.885Z"),
    	"myState" : 1,
    	"term" : NumberLong(5),
    	"heartbeatIntervalMillis" : NumberLong(2000),
    	"optimes" : {
    		"lastCommittedOpTime" : {
    			"ts" : Timestamp(0, 0),
    			"t" : NumberLong(-1)
    		},
    		"appliedOpTime" : {
    			"ts" : Timestamp(1511346776, 3),
    			"t" : NumberLong(5)
    		},
    		"durableOpTime" : {
    			"ts" : Timestamp(1511346776, 3),
    			"t" : NumberLong(5)
    		}
    	},
    	"members" : [
    		{
    			"_id" : 0,
    			"name" : "hadoop1:27017",
    			"health" : 1,
    			"state" : 2,
    			"stateStr" : "SECONDARY",
    			"uptime" : 9,
    			"optime" : {
    				"ts" : Timestamp(1511346776, 1),
    				"t" : NumberLong(4)
    			},
    			"optimeDurable" : {
    				"ts" : Timestamp(1511346776, 1),
    				"t" : NumberLong(4)
    			},
    			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),
    			"optimeDurableDate" : ISODate("2017-11-22T10:32:56Z"),
    			"lastHeartbeat" : ISODate("2017-11-22T02:42:04.303Z"),
    			"lastHeartbeatRecv" : ISODate("2017-11-22T02:42:00.050Z"),
    			"pingMs" : NumberLong(0),
    			"configVersion" : 2
    		},
    		{
    			"_id" : 1,
    			"name" : "hadoop2:27017",
    			"health" : 1,
    			"state" : 1,
    			"stateStr" : "PRIMARY",
    			"uptime" : 205,
    			"optime" : {
    				"ts" : Timestamp(1511346776, 3),
    				"t" : NumberLong(5)
    			},
    			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),
    			"infoMessage" : "could not find member to sync from",
    			"electionTime" : Timestamp(1511346776, 2),
    			"electionDate" : ISODate("2017-11-22T10:32:56Z"),
    			"configVersion" : 2,
    			"self" : true
    		}
    	],
    	"ok" : 1
    }
    myreplSet:PRIMARY> db.getRoles()
    [
    	{
    		"role" : "myClusterwideAdmin",
    		"db" : "admin",
    		"isBuiltin" : false,
    		"roles" : [
    			{
    				"role" : "read",
    				"db" : "admin"
    			}
    		],
    		"inheritedRoles" : [
    			{
    				"role" : "read",
    				"db" : "admin"
    			}
    		]
    	}
    ]
    myreplSet:PRIMARY> db.getUsers()
    [
    	{
    		"_id" : "admin.admin",
    		"user" : "admin",
    		"db" : "admin",
    		"roles" : [
    			{
    				"role" : "userAdminAnyDatabase",
    				"db" : "admin"
    			},
    			{
    				"role" : "clusterAdmin",
    				"db" : "admin"
    			}
    		]
    	},
    	{
    		"_id" : "admin.myClusterwideAdmin_user",
    		"user" : "myClusterwideAdmin_user",
    		"db" : "admin",
    		"roles" : [
    			{
    				"role" : "userAdminAnyDatabase",
    				"db" : "admin"
    			},
    			{
    				"role" : "clusterAdmin",
    				"db" : "admin"
    			},
    			{
    				"role" : "myClusterwideAdmin",
    				"db" : "admin"
    			}
    		]
    	}
    ]
    myreplSet:PRIMARY> 
    

    2个节点,谁先启动,谁就是可以充当主节点;

      

    Deploy a Replica Set — MongoDB Manual https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

  • 相关阅读:
    C#怎样保证弹出窗体是唯一并居中显示
    1、怎样设置C#OpenFileDialog(文件选择窗体)的指定路径、文件格式等属性(设置打开默认路径、文件格式、窗体显示文本)
    FTP在CentOS上安装与使用
    nano在CentOS上的安装和使用
    CentOS 7 安装php5.6,Nginx,Memcached环境及配置
    PhpStorm 2017.1安装及破解过程
    在唯一密钥属性“name”设置为“ExtensionlessUrlHandler-Integrated-4.0”时,无法添加类型为“add”的重复集合项
    获取含有字符串数组里元素的数据,并批量删除
    如何去掉browserLinkSignalR
    使用VS2015开发asp程序让IIS express 允许的父路径的方法
  • 原文地址:https://www.cnblogs.com/rsapaper/p/7874136.html
Copyright © 2011-2022 走看看