官方文档:

https://docs.mongodb.com/manual/tutorial/deploy-replica-set-with-keyfile-access-control/#deploy-repl-set-with-auth

一、创建fileKey,秘钥文件复制集的成员一样,将秘钥复制给所有成员

openssl rand -base64 756 > <path-to-keyfile>

chmod 400 <path-to-keyfile>

实例:key/security.key:

avslWt007EL8g0/omOnclstP+2cgpu6YChkc4KCJOU5bVG...省略

二、开启成员的访问控制

security:

keyFile: <path-to-keyfile>

replication:

replSetName: <replicaSetName>

net:

bindIp: localhost,<hostname(s)|ip address(es)>

实例:etc/mongod1.conf 注意:后面有个空格

# mongod.conf

# for documentation of all options, see:

#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.

systemLog:

destination: file

logAppend: true

path: /home/mongod/mongodb/log/mongod1.log

# Where and how to store data.

storage:

dbPath: /home/mongod/mongodb/data/mongod1/

journal:

enabled: true

#  engine:

#  mmapv1:

#  wiredTiger:

# how the process runs

processManagement:

fork: true  # fork and run in background

pidFilePath: /var/run/mongodb/mongod1.pid  # location of pidfile

timeZoneInfo: /usr/share/zoneinfo

# network interfaces

net:

port: 27018

bindIp: 127.0.0.1  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.

# keyFile privilege 400

security:

authorization: enabled

keyFile: /home/mongod/mongodb/key/security.key

#operationProfiling:

replication:

replSetName: replTest

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:

三、创建目录,需要将以下目录的用户设置为mongod

# ll
total 16
drwxr-xr-x 5 mongod mongod 4096 Nov 8 20:04 data
drwxr-xr-x 2 mongod mongod 4096 Nov 9 17:01 etc
drwxr-xr-x 2 mongod mongod 4096 Nov 8 19:58 key
drwxr-xr-x 2 mongod mongod 4096 Nov 9 11:02 log

四、初始化mongo replSet,域名替换为自己的域名或者IP生产环境建议使用域名

rs.initiate({

_id : <replicaSetName>,

members: [

{ _id : 0, host : "mongo.example.net:27017" },

{ _id : 1, host : "mongo.example.net:27018" },

{ _id : 2, host : "mongo.example.net:27019" }

]

}

)

五、连接primary节点,在admin的数据库上创建用有userAdminAnyDatabase 角色管理员用户。使用rs.status()可以查看主节点的位置。

db.createUser(

{

user: "replTest",

pwd: "replTest",

roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

}

)

六、使用主节点的admin数据用户登录,并且创建集群管理员账号

mongo 127.0.0.1:27018/admin(假如这个节点是主节点)

db.createUser(

{

"user" : "cluster",

"pwd" : "cluster",

roles: [ { "role" : "clusterAdmin", "db" : "admin" } ]

}

)

七、创建普通数据的用户,用于操作数据库

mongo 127.0.0.1:27018/admin

use business;

db.createUser( {

"user": "test",

"pwd": "test",

"roles":[

{ role: "dbOwner", "db": "reset" },

{ role: "readWrite", db: "reset" }

] } )

八、在/etc/init.d/创建启动服务配置,将CONFIGFILE="/etc/mongod.conf"执行第二点配置路径

/etc/init.d/mongod1(/etc/init.d/mongod2、/etc/init.d/mongod3)

#!/bin/bash

# mongod - Startup script for mongod

# chkconfig: 35 85 15

# description: Mongo is a scalable, document-oriented database.

# processname: mongod

# config: /etc/mongod.conf

. /etc/rc.d/init.d/functions

# NOTE: if you change any OPTIONS here, you get what you pay for:

# this script assumes all options are in the config file.

CONFIGFILE="/etc/mongod.conf"

OPTIONS=" -f $CONFIGFILE"

mongod=${MONGOD-/usr/bin/mongod}

MONGO_USER=mongod

MONGO_GROUP=mongod

# All variables set before this point can be overridden by users, by

# setting them directly in the SYSCONFIG file. Use this to explicitly

# override these values, at your own risk.

SYSCONFIG="/etc/sysconfig/mongod"

if [ -f "$SYSCONFIG" ]; then

. "$SYSCONFIG"

fi

# Handle NUMA access to CPUs (SERVER-3574)

# This verifies the existence of numactl as well as testing that the command works

NUMACTL_ARGS="--interleave=all"

if which numactl >/dev/null 2>/dev/null && numactl $NUMACTL_ARGS ls / >/dev/null 2>/dev/null

then

NUMACTL="numactl $NUMACTL_ARGS"

else

NUMACTL=""

fi

# things from mongod.conf get there by mongod reading it

PIDFILEPATH="`awk -F'[:=]' -v IGNORECASE=1 '/^[[:blank:]]*(processManagement\.)?pidfilepath[[:blank:]]*[:=][[:blank:]]*/{print $2}' \"$CONFIGFILE\" | tr -d \"[:blank:]\\"'\" | awk -F'#' '{print $1}'`"

PIDDIR=`dirname $PIDFILEPATH`

start()

{

# Make sure the default pidfile directory exists

if [ ! -d $PIDDIR ]; then

install -d -m 0755 -o $MONGO_USER -g $MONGO_GROUP $PIDDIR

fi

# Make sure the pidfile does not exist

if [ -f "$PIDFILEPATH" ]; then

echo "Error starting mongod. $PIDFILEPATH exists."

RETVAL=1

return

fi

# Recommended ulimit values for mongod or mongos

# See http://docs.mongodb.org/manual/reference/ulimit/#recommended-settings

#

ulimit -f unlimited

ulimit -t unlimited

ulimit -v unlimited

ulimit -n 64000

ulimit -m unlimited

ulimit -u 64000

ulimit -l unlimited

echo -n $"Starting mongod: "

daemon --user "$MONGO_USER" --check $mongod "$NUMACTL $mongod $OPTIONS >/dev/null 2>&1"

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/mongod

}

stop()

{

echo -n $"Stopping mongod: "

mongo_killproc "$PIDFILEPATH" $mongod

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/mongod

}

restart () {

stop

start

}

# Send TERM signal to process and wait up to 300 seconds for process to go away.

# If process is still alive after 300 seconds, send KILL signal.

# Built-in killproc() (found in /etc/init.d/functions) is on certain versions of Linux

# where it sleeps for the full $delay seconds if process does not respond fast enough to

# the initial TERM signal.

mongo_killproc()

{

local pid_file=$1

local procname=$2

local -i delay=300

local -i duration=10

local pid=`pidofproc -p "${pid_file}" ${procname}`

kill -TERM $pid >/dev/null 2>&1

usleep 100000

local -i x=0

while [ $x -le $delay ] && checkpid $pid; do

sleep $duration

x=$(( $x + $duration))

done

kill -KILL $pid >/dev/null 2>&1

usleep 100000

checkpid $pid # returns 0 only if the process exists

local RC=$?

[ "$RC" -eq 0 ] && failure "${procname} shutdown" || rm -f "${pid_file}"; success "${procname} shutdown"

RC=$((! $RC)) # invert return code so we return 0 when process is dead.

return $RC

}

RETVAL=0

case "$1" in

start)

start

;;

stop)

stop

;;

restart|reload|force-reload)

restart

;;

condrestart)

[ -f /var/lock/subsys/mongod ] && restart || :

;;

status)

status $mongod

RETVAL=$?

;;

*)

echo "Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"

RETVAL=1

esac

exit $RETVAL

九、从节点无法执行find等错误

rs.slaveOk();

十、写关注配置待补充

单机Mongo复制集安装配置(数据库版本:4.x)的更多相关文章

  1. mongo 复制集命令

    1.登录primary2.use admin >rs.add("new_node:port") 或 rs.add({"_id":4,"host& ...

  2. Hadoop spark mongo复制集

    启动hadoop cd /usr/local/hadoop/hadoop $hadoop namenode -format # 启动前格式化namenode $./sbin/start-all.sh ...

  3. 4-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(云端电脑(Windows)安装配置数据库,使用本地Navicat for MySQL和手机APP 远程连接测试)

    3-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(安装配置数据库,使用Navicat for MySQL和手机APP 连接测试) 根据前面的教程把软件复制到云 ...

  4. Mongo服务器集群配置【转】

    http://www.cnblogs.com/wly923/tag/MongoDB/ 当前标签: MongoDB   Mongo服务器集群配置学习三——分片 风行影者 2013-04-14 22:35 ...

  5. 3-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(安装配置数据库,使用Navicat for MySQL和手机APP 连接测试)

    2-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(数据库简单说明) https://www.mysql.com/ 咱用安装版的 我把自己下载的放在了这里 现在 ...

  6. mongo复制集脑裂问题如何处理

    mongo replication 脑裂问题如何处理: 一.问题描述:一套mongo replication有4个节点.1个仲裁节点.在停止实例(或实例毁坏)的时候,导致所有节点都变为SECONDAR ...

  7. mongodb-3.2.8 单机复制集安装

    规划: replSet 复制集名称: rs1 MongoDB数据库安装安装路径为:/usr/local/mongodb/ 复制集成员IP与端口: 节点1: localhost:28010   (默认的 ...

  8. Redis单机和集群配置(版本在5.0后)

    摘抄并用于自己后查 单机版的配置: 1. 下载redis压缩包,然后解压缩文件(tar xzf): 2. 进入解压后的redis文件目录,编译redis源文件(make,没有c环境要gcc): 3. ...

  9. Mongo的Replica Sets (复制集)的配置全过程和心得体会

    http://blog.csdn.net/bloggongchang/article/details/7272403 一.MongoDB Replica Sets(副本集)简单的说就是有自动故障恢复功 ...

随机推荐

  1. Kattis - Speed Limit

    Speed Limit Bill and Ted are taking a road trip. But the odometer in their car is broken, so they do ...

  2. 深度学习之入门Pytorch(1)------基础

    目录: Pytorch数据类型:Tensor与Storage 创建张量 tensor与numpy数组之间的转换 索引.连接.切片等 Tensor操作[add,数学运算,转置等] GPU加速 自动求导: ...

  3. java中的string trim具体有什么用处。。。

    去掉字符串首尾空格 防止不必要的空格导致错误public class test{ public static void main(String[] args) { String str = " ...

  4. 在CentOS6.5下配置安装LVS

    先上一个图,在内网测试机上安装了一个虚拟机,已经安装好了CentOS 乖乖连wget都没有安装,先安装wget吧 sudo yum install wget

  5. 20个C#热点问题

  6. Android程序之全国天气预报查询(聚合数据开发)

    一.项目演示效果例如以下: 项目源码下载地址: http://pan.baidu.com/s/1pL6o5Mb password:5myq 二.使用 聚合数据SDK: (1)聚合数据官网地址:http ...

  7. HDU5411CRB and Puzzle(矩阵高速幂)

    题目链接:传送门 题意: 一个图有n个顶点.已知邻接矩阵.问点能够反复用长度小于m的路径有多少. 分析: 首先我们知道了邻接矩阵A.那么A^k代表的就是长度为k的路径有多少个. 那么结果就是A^0+A ...

  8. Go语言Slice操作.

    1.基本使用方法: a = append(a, b...) 比如:list = appened(list,[]int{1,2,3,4}...) 能够用来合并两个列表. 不用这样了 :list := m ...

  9. php利用href进行页面传值的正确姿势

    首先在a.php中 <?php $a = "world"; echo "<a href='b.php?m=$a'>删除</a>"; ...

  10. xBIM 基础15 IFC导出Excel报表

    系列目录    [已更新最新开发文章,点击查看详细]  IFC导出Excel空间报表文件 本篇将向您展示从IFC文件读取数据所需的一些概念.它使用IFC4接口,适用于IFC2x3和IFC4型号.要创建 ...