MongoDB安装及用户名密码管理
安装一、tar包进行安装
1.百度网盘 http://pan.baidu.com/s/1FOH2m
2.https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.0.6.tgz
二、yum源进行安装
Configure the package management system (yum).改变
创建一个 /etc/yum.repos.d/mongodb-org-3.0.repo 文件,如此你就可以直接用yum安装MongoDB.
改到 3.0版本: MongoDB Linux packages for 3.0 are in a new repository.
MongoDB的最近稳定版
用下面的repo文件
name=MongoDB Repositorybaseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.0/x86_64/gpgcheck=0enabled=1 安装MongoDB的最近稳定版To install the latest stable version of MongoDB, issue the following command:
sudo yum install -y mongodb-org
To install a specific(特殊)>sudo yum install -y mongodb-org-3.0.6 mongodb-org-server-3.0.6 mongodb-org-shell-3.0.6 mongodb-org-mongos-3.0.6 mongodb-org-tools-3.0.6 即可安装最近的mongodb版本。
配置
二、tar包安装过程中的配置
1.
mkdir -p /mongodb/export/mongodb
cp mongodb-linux-x86_64-3.0.6.tgz /mongodb/export/mongodb
tar zxvf mongodb-linux-x86_64-3.0.6.tgz
vim /etc/profile (配置mongodb的环境变量)
export PATH=/mongodb/export/mongodb/mongodb-linux-x86_64-3.0.6/bin:$PATH
cd /mongodb/export/mongodb
mkdir conf
mkdir log
mkdir keyfile
mkdir data
vim conf/master.conf
#dbpath=/mnt/export/mongodb/data/master01
#logpath=/mnt/export/mongodb/log/master01.log
#logappend=true
#replSet=mas
#port=10001
#fork=true
#journal=true
#auth=true
#keyFile=/mnt/export/mongodb/keyfile/keyfile01
storage:
dbPath: /mongodb/export/mongodb/data/master
directoryPerDB: true
engine: wiredTiger
journal:
enabled: true
systemLog:
path: /mongodb/export/mongodb/log/master.log
logAppend: true
logRotate: rename
destination: file
replication:
#oplogSizeMB:
replSetName: mongodb
processManagement:
fork: true
net:
#bindIp: 127.0.0.1
port: 27017
#security:
# keyFile: /mongodb/export/mongodb/keyfile/keyfile00
# authorization: enabled
# vim conf/slave.conf
#dbpath=/mnt/export/mongodb/data/master01
#logpath=/mnt/export/mongodb/log/master01.log
#logappend=true
#replSet=mas
#port=10001
#fork=true
#journal=true
#auth=true
#keyFile=/mnt/export/mongodb/keyfile/keyfile01
storage:
dbPath: /mongodb/export/mongodb/data/slave
directoryPerDB: true
engine: wiredTiger
journal:
enabled: true
systemLog:
path: /mongodb/export/mongodb/log/slave.log
logAppend: true
logRotate: rename
destination: file
replication:
#oplogSizeMB:
replSetName: mongodb
processManagement:
fork: true
net:
#bindIp: 127.0.0.1
port: 27018
#security:
# keyFile: /mongodb/export/mongodb/keyfile/keyfile00
# authorization: enabled
这次没有添加arbiter,没有设置仲裁
启动mongodb ,但是要注意需要在/mongodb/export/mongodb/data 需要创建数据库文件夹master slave
否则mongodb不可以正常启动
启动命令
cd /mongodb/export/mongodb/mongodb-linux-x86_64-3.0.6/bin
./mongod -f /mongodb/export/mongodb/conf/master.conf
./mongod -f /mongodb/export/mongodb/conf/slave.conf
(本次启动没有开启验证如果要开启验证)
启动mongo
./mongo --port 27017
>use admin
>cfg1={ _id:"mongodb", members:[ {_id:0,host:'192.168.1.87:27017',priority:2}, {_id:1,host:'192.168.1.87:27018',priority:1}] };
{
"_id" : "mongodb",
"members" : [
{
"_id" : 0,
"host" : "192.168.1.87:27017",
"priority" : 2
},
{
"_id" : 1,
"host" : "192.168.1.87:27018",
"priority" : 1
}
]
}
> rs.initiate(cfg1)
{ "ok" : 1 }
mongodb:OTHER> rs.status()
{
"set" : "mongodb",
"date" : ISODate("2015-09-27T00:36:13.929Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "192.168.1.87:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 1031,
"optime" : Timestamp(1443314165, 1),
"optimeDate" : ISODate("2015-09-27T00:36:05Z"),
"electionTime" : Timestamp(1443314169, 1),
"electionDate" : ISODate("2015-09-27T00:36:09Z"),
"configVersion" : 1,
"self" : true
},
{
"_id" : 1,
"name" : "192.168.1.87:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 8,
"optime" : Timestamp(1443314165, 1),
"optimeDate" : ISODate("2015-09-27T00:36:05Z"),
"lastHeartbeat" : ISODate("2015-09-27T00:36:13.634Z"),
"lastHeartbeatRecv" : ISODate("2015-09-27T00:36:13.725Z"),
"pingMs" : 0,
"syncingTo" : "192.168.1.87:27017",
"configVersion" : 1
}
],
"ok" : 1
添加mongodb的超级用户名密码
mongodb:PRIMARY> use admin
switched to db admin
mongodb:PRIMARY> db.addUser('root','123456'); (错误方式)
V3版本mongoDB已经不再使用addUser,而是采用了db.createUser
2015-09-27T09:10:34.491+0800 E QUERY TypeError: Property 'addUser' of object admin is not a function
at (shell):1:4
mongodb:PRIMARY> use admin
switched to db admin
mongodb:PRIMARY> db.createUser(
... {
... user: "admin",
... pwd: "admin",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
添加认证,重启mongodb然后进行登录
关闭mongodb数据库
进入mongodb的master
./mongo --port 27017
>use admin
>db.shutdownServer()
进入mongodb的slave
./mongo --port 27017
>use admin
>db.shutdownServer()
Master-Slave安全
这个主从安全在 MongoDB官网说的很清楚。不能和普通的mongod权限验证那样。这里除了需要加入 —auth 还需要加入 —keyFile 的验证。
首先,我们生成我们的keyFile,根据官网提供的说明,这个keyfile是可以任意内容的,只要保证所有集群中的机器都拥有同样的文件即可。在linux环境下,我们通过
openssl rand -base64 741 > /mongodb/export/mongodb/keyfile/keyfile00 这条命令来生成我们的keyFile。 生成之后就可以在启动mongod的时候指定了。
配置之文件为
storage:
dbPath: /mongodb/export/mongodb/data/master
directoryPerDB: true
engine: wiredTiger
journal:
enabled: true
systemLog:
path: /mongodb/export/mongodb/log/master.log
logAppend: true
logRotate: rename
destination: file
replication:
#oplogSizeMB:
replSetName: mongodb
processManagement:
fork: true
net:
#bindIp: 127.0.0.1
port: 27017
security:
keyFile: /mongodb/export/mongodb/keyfile/keyfile00
authorization: enabled
添加认证后测试结果
# ./mongo --port 27017
MongoDB shell version: 3.0.6
connecting to: 127.0.0.1:27017/test
mongodb:PRIMARY> show dbs
2015-10-08T19:37:29.881+0800 E QUERY Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
}
at Error ()
at Mongo.getDBs (src/mongo/shell/mongo.js:47:15)
at shellHelper.show (src/mongo/shell/utils.js:630:33)
at shellHelper (src/mongo/shell/utils.js:524:36)
at (shellhelp2):1:1 at src/mongo/shell/mongo.js:47
mongodb:PRIMARY> use admin
switched to db admin
mongodb:PRIMARY> db.auth("admin","admin")
1
mongodb:PRIMARY> show dbs
admin0.000GB
local0.000GB
页:
[1]