CentOS6.8部署MongoDB集群及支持auth认证

三个节点的副本集如下图所示：

实验目的：

　　配置MongoDB的3节点副本集

　　3个节点的副本集都要开启auth认证，并且开启认证后，能互相通信

第一步 - 准备环境

准备三个虚拟机，其中一个用作Primary，另外两个用作Secondary。如上图展示的那样

虚拟机信息如下：

    Primary：172.xx.xx.107 

    Secondary：172.xx.xx.105 和172.xx.xx.106  　　

第二步 - yum安装Mongo

在/etc/yum.repos.d/目录下，创建一个mongodb.repo文件，指定MongoDB资源库即可。

使用 vim /etc/yum.repos.d/mongodb.repo命令，创建并打开文件mongodb.repo

[mongodb-org-3.4]

name=MongoDB Repository

baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/

gpgcheck=1

enabled=1

gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc

　　

### 然后

# yum repolist
# yum install mongodb-org　　

第三步 - 配置副本集

使用vim /etc/mongod.conf配置，每一台虚拟机上的Mongod配置文件。

在replication选项中添加oplogSizeMB 和 replSetName两个属性

# vim /etc/mongod.conf

replication:

    oplogSizeMB: 1024

    replSetName: test　

查看mongod.conf文件配置

# cat /etc/mongod.conf

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# Where and how to store data.
storage:
  dbPath: /var/lib/mongo
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile

# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0  # Listen to local interface only, comment to listen on all interfaces.

#security:

#operationProfiling:

replication:
  oplogSizeMB:  1024
  replSetName:  test

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:　　　

注意：

    3台虚拟机，MongoDB配置文件mongod.conf中的replSetName名字要保持一致，

    在本例中，replSetName的名字为test，这个名字可以随便取　　

　

第四步 - 启动

配置好副本集之后，通过mongod --config /etc/mongod.conf 命令启动三个虚拟机中的Mongo服务

[root@dev04 mongodb]# mongod --config /etc/mongod.conf
about to fork child process, waiting until server is ready for connections.
forked process: 30799
child process started successfully, parent exiting　　

因为107端口的虚拟机安装的MongoDB要用作Primary节点，所以，我们可以使用mongo命令来连接

[root@dev04 mongodb]# mongo
MongoDB shell version v3.4.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.2

### 使用use admin, 切换到时admin数据库
> use admin
switched to db admin　　

然后通过config配置设置副本集节点成员

config={_id:"test",members:[{_id:0,host:"172.xxx.xxx.107:27017"},{_id:1,host:"172.xxx.xxx.106:27017"},{_id:2,host:"172.xxx.xxx.105:27017"}]}

注：

_id:"test", test是副本集中取得名字。

members中添加每个副本集Mongod的_id和host信息

> config={_id:"test",members:[{_id:0,host:"172.xxx.xxx.107:27017"},{_id:1,host:"172.xxx.xxx.106:27017"},{_id:2,host:"172.xxx.xxx.105:27017"}]}
{
	"_id" : "test",
	"members" : [
		{
			"_id" : 0,
			"host" : "172.xxx.xxx.107:27017"
		},
		{
			"_id" : 1,
			"host" : "172.xxx.xxx.106:27017"
		},
		{
			"_id" : 2,
			"host" : "172.xxx.xxx.105:27017"
		}
	]
}
>　　

然后，执行配置初始化，看到{ "ok" : 1 }，则表明初始化成功

> rs.initiate(config)
{ "ok" : 1 }　　

使用rs.status()查看副本节点状态

test:PRIMARY> rs.status()
{
	"set" : "test",
	"date" : ISODate("2017-02-17T01:30:53.128Z"),
	"myState" : 1,
	"term" : NumberLong(1),
	"heartbeatIntervalMillis" : NumberLong(2000),
	"optimes" : {
		"lastCommittedOpTime" : {
			"ts" : Timestamp(1487295047, 1),
			"t" : NumberLong(1)
		},
		"appliedOpTime" : {
			"ts" : Timestamp(1487295047, 1),
			"t" : NumberLong(1)
		},
		"durableOpTime" : {
			"ts" : Timestamp(1487295047, 1),
			"t" : NumberLong(1)
		}
	},
	"members" : [
		{
			"_id" : 0,
			"name" : "172.xxx.xxx.107:27017",
			"health" : 1,
			"state" : 1,
			"stateStr" : "PRIMARY",
			"uptime" : 693,
			"optime" : {
				"ts" : Timestamp(1487295047, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2017-02-17T01:30:47Z"),
			"infoMessage" : "could not find member to sync from",
			"electionTime" : Timestamp(1487294966, 1),
			"electionDate" : ISODate("2017-02-17T01:29:26Z"),
			"configVersion" : 1,
			"self" : true
		},
		{
			"_id" : 1,
			"name" : "172.xxx.xxx.106:27017",
			"health" : 1,
			"state" : 2,
			"stateStr" : "SECONDARY",
			"uptime" : 96,
			"optime" : {
				"ts" : Timestamp(1487295047, 1),
				"t" : NumberLong(1)
			},
			"optimeDurable" : {
				"ts" : Timestamp(1487295047, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2017-02-17T01:30:47Z"),
			"optimeDurableDate" : ISODate("2017-02-17T01:30:47Z"),
			"lastHeartbeat" : ISODate("2017-02-17T01:30:52.708Z"),
			"lastHeartbeatRecv" : ISODate("2017-02-17T01:30:51.674Z"),
			"pingMs" : NumberLong(0),
			"syncingTo" : "172.xxx.xxx.107:27017",
			"configVersion" : 1
		},
		{
			"_id" : 2,
			"name" : "172.xxx.xxx.105:27017",
			"health" : 1,
			"state" : 2,
			"stateStr" : "SECONDARY",
			"uptime" : 96,
			"optime" : {
				"ts" : Timestamp(1487295047, 1),
				"t" : NumberLong(1)
			},
			"optimeDurable" : {
				"ts" : Timestamp(1487295047, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2017-02-17T01:30:47Z"),
			"optimeDurableDate" : ISODate("2017-02-17T01:30:47Z"),
			"lastHeartbeat" : ISODate("2017-02-17T01:30:52.708Z"),
			"lastHeartbeatRecv" : ISODate("2017-02-17T01:30:51.745Z"),
			"pingMs" : NumberLong(0),
			"syncingTo" : "172.xxx.xxx.106:27017",
			"configVersion" : 1
		}
	],
	"ok" : 1
test:PRIMARY>

　　

第五步：副本集的认证

副本集总体思路是用户名、密码和keyfile文件，keyfile需要各个副本集服务启动时加载而且要是同一文件，然后在操作库是需要用户名、密码
KeyFile文件必须满足条件：

• 至少6个字符，小于1024字节
• 认证时候不考虑文件中空白字符
• 连接到副本集的成员和mongos进成的keyfile文件内容必须一样
• 必须是base64编码,但是不能有等号
• 文件权限必须是x00,也就是说，不能分配任何权限给group成员和other成员

###  在107节点生成Keyfile
[root@localhost ~]# openssl rand -base64 90 > /usr/local/mongodb/keyfiletest

　　

### 然后该文件scp到105、106上面

scp  /usr/local/mongodb/keyfile root@172.xxx.xxx.105[106]:/usr/local/mongodb/

　　

###  修改配置文件

# vim /etc/mongod.conf

security:
  keyFile: /usr/local/mongodb/keyfiletest
  authorization: enabled

　

# cat /etc/mongod.conf

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# Where and how to store data.
storage:
  dbPath: /var/lib/mongo
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile

# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0  # Listen to local interface only, comment to listen on all interfaces.

security:
  keyFile: /usr/local/mongodb/keyfiletest
  authorization: enabled

#operationProfiling:

replication:
  oplogSizeMB:  1024
  replSetName:  test

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:　

重启mongod服务，认证OK

转载及借鉴博客地址：

https://my.oschina.net/wangmengjun/blog/840997?from=timeline&isappinstalled=0

http://www.cnblogs.com/xiaoit/p/4522218.html

http://www.cnblogs.com/libingql/archive/2011/06/09/2076440.html