官方文档:

https://docs.mongodb.com/manual/tutorial/deploy-replica-set-with-keyfile-access-control/#deploy-repl-set-with-auth

一、创建fileKey,秘钥文件复制集的成员一样,将秘钥复制给所有成员

openssl rand -base64 756 > <path-to-keyfile>

chmod 400 <path-to-keyfile>

实例:key/security.key:

avslWt007EL8g0/omOnclstP+2cgpu6YChkc4KCJOU5bVG...省略

二、开启成员的访问控制

security:

keyFile: <path-to-keyfile>

replication:

replSetName: <replicaSetName>

net:

bindIp: localhost,<hostname(s)|ip address(es)>

实例:etc/mongod1.conf 注意:后面有个空格

# mongod.conf

# for documentation of all options, see:

#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.

systemLog:

destination: file

logAppend: true

path: /home/mongod/mongodb/log/mongod1.log

# Where and how to store data.

storage:

dbPath: /home/mongod/mongodb/data/mongod1/

journal:

enabled: true

#  engine:

#  mmapv1:

#  wiredTiger:

# how the process runs

processManagement:

fork: true  # fork and run in background

pidFilePath: /var/run/mongodb/mongod1.pid  # location of pidfile

timeZoneInfo: /usr/share/zoneinfo

# network interfaces

net:

port: 27018

bindIp: 127.0.0.1  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.

# keyFile privilege 400

security:

authorization: enabled

keyFile: /home/mongod/mongodb/key/security.key

#operationProfiling:

replication:

replSetName: replTest

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:

三、创建目录,需要将以下目录的用户设置为mongod

# ll
total 16
drwxr-xr-x 5 mongod mongod 4096 Nov 8 20:04 data
drwxr-xr-x 2 mongod mongod 4096 Nov 9 17:01 etc
drwxr-xr-x 2 mongod mongod 4096 Nov 8 19:58 key
drwxr-xr-x 2 mongod mongod 4096 Nov 9 11:02 log

四、初始化mongo replSet,域名替换为自己的域名或者IP生产环境建议使用域名

rs.initiate({

_id : <replicaSetName>,

members: [

{ _id : 0, host : "mongo.example.net:27017" },

{ _id : 1, host : "mongo.example.net:27018" },

{ _id : 2, host : "mongo.example.net:27019" }

]

}

)

五、连接primary节点,在admin的数据库上创建用有userAdminAnyDatabase 角色管理员用户。使用rs.status()可以查看主节点的位置。

db.createUser(

{

user: "replTest",

pwd: "replTest",

roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

}

)

六、使用主节点的admin数据用户登录,并且创建集群管理员账号

mongo 127.0.0.1:27018/admin(假如这个节点是主节点)

db.createUser(

{

"user" : "cluster",

"pwd" : "cluster",

roles: [ { "role" : "clusterAdmin", "db" : "admin" } ]

}

)

七、创建普通数据的用户,用于操作数据库

mongo 127.0.0.1:27018/admin

use business;

db.createUser( {

"user": "test",

"pwd": "test",

"roles":[

{ role: "dbOwner", "db": "reset" },

{ role: "readWrite", db: "reset" }

] } )

八、在/etc/init.d/创建启动服务配置,将CONFIGFILE="/etc/mongod.conf"执行第二点配置路径

/etc/init.d/mongod1(/etc/init.d/mongod2、/etc/init.d/mongod3)

#!/bin/bash

# mongod - Startup script for mongod

# chkconfig: 35 85 15

# description: Mongo is a scalable, document-oriented database.

# processname: mongod

# config: /etc/mongod.conf

. /etc/rc.d/init.d/functions

# NOTE: if you change any OPTIONS here, you get what you pay for:

# this script assumes all options are in the config file.

CONFIGFILE="/etc/mongod.conf"

OPTIONS=" -f $CONFIGFILE"

mongod=${MONGOD-/usr/bin/mongod}

MONGO_USER=mongod

MONGO_GROUP=mongod

# All variables set before this point can be overridden by users, by

# setting them directly in the SYSCONFIG file. Use this to explicitly

# override these values, at your own risk.

SYSCONFIG="/etc/sysconfig/mongod"

if [ -f "$SYSCONFIG" ]; then

. "$SYSCONFIG"

fi

# Handle NUMA access to CPUs (SERVER-3574)

# This verifies the existence of numactl as well as testing that the command works

NUMACTL_ARGS="--interleave=all"

if which numactl >/dev/null 2>/dev/null && numactl $NUMACTL_ARGS ls / >/dev/null 2>/dev/null

then

NUMACTL="numactl $NUMACTL_ARGS"

else

NUMACTL=""

fi

# things from mongod.conf get there by mongod reading it

PIDFILEPATH="`awk -F'[:=]' -v IGNORECASE=1 '/^[[:blank:]]*(processManagement\.)?pidfilepath[[:blank:]]*[:=][[:blank:]]*/{print $2}' \"$CONFIGFILE\" | tr -d \"[:blank:]\\"'\" | awk -F'#' '{print $1}'`"

PIDDIR=`dirname $PIDFILEPATH`

start()

{

# Make sure the default pidfile directory exists

if [ ! -d $PIDDIR ]; then

install -d -m 0755 -o $MONGO_USER -g $MONGO_GROUP $PIDDIR

fi

# Make sure the pidfile does not exist

if [ -f "$PIDFILEPATH" ]; then

echo "Error starting mongod. $PIDFILEPATH exists."

RETVAL=1

return

fi

# Recommended ulimit values for mongod or mongos

# See http://docs.mongodb.org/manual/reference/ulimit/#recommended-settings

#

ulimit -f unlimited

ulimit -t unlimited

ulimit -v unlimited

ulimit -n 64000

ulimit -m unlimited

ulimit -u 64000

ulimit -l unlimited

echo -n $"Starting mongod: "

daemon --user "$MONGO_USER" --check $mongod "$NUMACTL $mongod $OPTIONS >/dev/null 2>&1"

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/mongod

}

stop()

{

echo -n $"Stopping mongod: "

mongo_killproc "$PIDFILEPATH" $mongod

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/mongod

}

restart () {

stop

start

}

# Send TERM signal to process and wait up to 300 seconds for process to go away.

# If process is still alive after 300 seconds, send KILL signal.

# Built-in killproc() (found in /etc/init.d/functions) is on certain versions of Linux

# where it sleeps for the full $delay seconds if process does not respond fast enough to

# the initial TERM signal.

mongo_killproc()

{

local pid_file=$1

local procname=$2

local -i delay=300

local -i duration=10

local pid=`pidofproc -p "${pid_file}" ${procname}`

kill -TERM $pid >/dev/null 2>&1

usleep 100000

local -i x=0

while [ $x -le $delay ] && checkpid $pid; do

sleep $duration

x=$(( $x + $duration))

done

kill -KILL $pid >/dev/null 2>&1

usleep 100000

checkpid $pid # returns 0 only if the process exists

local RC=$?

[ "$RC" -eq 0 ] && failure "${procname} shutdown" || rm -f "${pid_file}"; success "${procname} shutdown"

RC=$((! $RC)) # invert return code so we return 0 when process is dead.

return $RC

}

RETVAL=0

case "$1" in

start)

start

;;

stop)

stop

;;

restart|reload|force-reload)

restart

;;

condrestart)

[ -f /var/lock/subsys/mongod ] && restart || :

;;

status)

status $mongod

RETVAL=$?

;;

*)

echo "Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"

RETVAL=1

esac

exit $RETVAL

九、从节点无法执行find等错误

rs.slaveOk();

十、写关注配置待补充

单机Mongo复制集安装配置(数据库版本:4.x)的更多相关文章

  1. mongo 复制集命令

    1.登录primary2.use admin >rs.add("new_node:port") 或 rs.add({"_id":4,"host& ...

  2. Hadoop spark mongo复制集

    启动hadoop cd /usr/local/hadoop/hadoop $hadoop namenode -format # 启动前格式化namenode $./sbin/start-all.sh ...

  3. 4-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(云端电脑(Windows)安装配置数据库,使用本地Navicat for MySQL和手机APP 远程连接测试)

    3-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(安装配置数据库,使用Navicat for MySQL和手机APP 连接测试) 根据前面的教程把软件复制到云 ...

  4. Mongo服务器集群配置【转】

    http://www.cnblogs.com/wly923/tag/MongoDB/ 当前标签: MongoDB   Mongo服务器集群配置学习三——分片 风行影者 2013-04-14 22:35 ...

  5. 3-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(安装配置数据库,使用Navicat for MySQL和手机APP 连接测试)

    2-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(数据库简单说明) https://www.mysql.com/ 咱用安装版的 我把自己下载的放在了这里 现在 ...

  6. mongo复制集脑裂问题如何处理

    mongo replication 脑裂问题如何处理: 一.问题描述:一套mongo replication有4个节点.1个仲裁节点.在停止实例(或实例毁坏)的时候,导致所有节点都变为SECONDAR ...

  7. mongodb-3.2.8 单机复制集安装

    规划: replSet 复制集名称: rs1 MongoDB数据库安装安装路径为:/usr/local/mongodb/ 复制集成员IP与端口: 节点1: localhost:28010   (默认的 ...

  8. Redis单机和集群配置(版本在5.0后)

    摘抄并用于自己后查 单机版的配置: 1. 下载redis压缩包,然后解压缩文件(tar xzf): 2. 进入解压后的redis文件目录,编译redis源文件(make,没有c环境要gcc): 3. ...

  9. Mongo的Replica Sets (复制集)的配置全过程和心得体会

    http://blog.csdn.net/bloggongchang/article/details/7272403 一.MongoDB Replica Sets(副本集)简单的说就是有自动故障恢复功 ...

随机推荐

  1. 陆、jq基础语法

    一.概述:更加方便的处理html文档.events事件.动画效果和ajax交互等. 1.jq主要功能: (1)访问页面框架的局部. (2)修改页面表现 (3)更改页面的内容 (4)响应事件 (5)为页 ...

  2. Redis数据库入门基础,及优缺点介绍

    简介 Redis是一个开源的使用ANSI C语言编写.支持网络.可基于内存亦可持久化的日志型.Key-Value数据库,并提供多种语言的API. Redis 是一个高性能的key-value数据库.R ...

  3. Django路由中的include

    include(module,namespace = None,app_name = None)[source] include(pattern_list) include((pattern_list ...

  4. 注解实战aftersuite和beforesuite

    package com.course.testng;import org.testng.annotations.*; public class BasicAnnotation { //最基本的注解,用 ...

  5. [Vue warn]: Invalid prop: custom validator check failed for prop "type".

    遇到错误如下, [Vue warn]: Invalid prop: custom validator check failed for prop "type". found in ...

  6. nfs+inotify

    服务器先安装nfs服务,因为nfs服务端没有固定端口给客户端访问,所以需要借助rpc服务的111端口给客户端连接,即客户端访问rpc会调用nfs服务 yum -y install rpcbind nf ...

  7. 小学生都能学会的python(<lamda匿名函数,sorted(),filter(),map(),递归函数>)

    小学生都能学会的python(<<lamda匿名函数,sorted(),filter(),map(),递归函数,二分法>> 1. lambda 匿名函数 lambda 参数: ...

  8. array_combine php一个比较偏门的数组函数

    这函数  返回数组1的值 当做key,把数组2的值当做value,   当查询数据库用了 group +GROUP_CONCAT 两个组合时,(例如查询某个班级的,用户名,用户id,返回的是字符串,打 ...

  9. 【hihocoder 1519】 逃离迷宫II

    [题目链接]:http://hihocoder.com/problemset/problem/1519?sid=1098756 [题意] Chinese [题解] bfs题; 根据bfs的性质; 第一 ...

  10. shiro + maven 的web配置(不整合spring)

    本文采用的是1.4.0版本的shiro 官方中说的1.2之前,和之后的shiro配置分别为: 1.2之前: <filter> <filter-name>iniShiroFilt ...