mongodb之replSet复制集 + auth

786yr

### 开启auth认证的mongodb的复制集


### 注意点
- 服务器节点之前时间要同步
- 开启防火墙的一定要允许通过
- 开启selinux的也要进行设置
- 建立双击互信模式最好不过




### 提前要做的事情

• 生产高端大气上档次的keyFile文件
  
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

[iyunv@redis journal]# openssl rand -base64 753 3LC/EZGPOLXdVBQInqeKVglqNNWo2Et93ib51BQJZRAUB2gRUovi4b6ZkAeNAQxc vu3UEOLWA9IyWvHy6g3rAQ8lAWqVX+dIJ52Lf5EKiUp9uTwqlzGd6FKgtheN6hNL HV1YhwdzHLN7itmUgcTSe5qCSNJJijQh+OtKipkPH3laE+UxvC4rafPqNtzcBBjU 7P2GOAq7zyHqT68IBysNzcdribb9qVQ35Q+kFG3sB4ne26pgk2qjnUYAK2r42BLm ec6VfKw0LnemJsSCB1d2M+5fLMvBe8w59lOL7/n8IHeeT4jiTmFhrWcgyTATK7D3 16Zbf8DJOkHobfnW7v0eUJINAS7BrVLjItSR51qQ4nqQAQpWd5DyNCsycDcNIzQj u9pGO2OzBiroOlo/tz/tLjS8jPHaa7GamOI+L+OF1sn9ytpSq0T0BswItbaNIFjr g97Nj6iwL86zblDY1U2380qBqKZdBP/yZdYi9Mj05328PdjPvF32vPt3wAHmkxTW zHXMELO6AO4q4LxTPUbIGuLzbeGoLF/ZZia5ndXWzJxVaLNUxxdzrCtcoCXvfwXw NXiN6Gg2Ep/IwkVZtNILtmbUZG51q45bb7afvS7p27P89WTk0TZ4rWNdnpNNJ1ry Nwz8jMUFe9DdAY50KYUqYiIEDFltICYycnXwtmKYTpaun/6gXLKKp6PwHtfdid1t v6dkv1FHB0fU0bReOBTTSfaFkwbdKcxHcLV2p6xiFdRKLMGDrgCQNXlJN0SaUUgP U55DrScsWT3A6Pzx2Ga6yl/xnGaJpXBHb+g2gWFhSL64oo58KB4e1TQT5z/pkI0Y Ow+GLv8m82K2epU7hpTB6ks0PZcalGlGPy4OBxu7tNQqJIY/pLa60Gtqbs5KBCIX p7MV9JxCnOML68JU3ZKqlZUIkZeNSLpFXbnHNsuRtXWRuARdb3WM6BxsNS6uOfjA /iYa0dsUtz5w8z6CQOEJ0bPo5GjpA95WSjXnwiCY8Hvf [iyunv@redis journal]#

• - 把生产的key复制到/usr/local/mongodb/key
  
• - 设置key文件的权限为600
  
• - 修改key文件的属主属组
  
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

[iyunv@redis mongodb]# ll total 72 drwxr-xr-x 2 mongodb mongodb  4096 Jul 19 12:58 bin -rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0 -rw-r--r-- 1 root    root     1020 Jul 21 08:26 key -rw-r--r-- 1 mongodb mongodb     5 Jul 21 07:54 mongo.pid -rw-r--r-- 1 mongodb mongodb  1359 Jun 19 22:41 README -rw-r--r-- 1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES [iyunv@redis mongodb]# chmod 600 key [iyunv@redis mongodb]# ll total 72 drwxr-xr-x 2 mongodb mongodb  4096 Jul 19 12:58 bin -rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0 -rw------- 1 mongodb mongodb   1020 Jul 21 08:26 key -rw-r--r-- 1 mongodb mongodb     5 Jul 21 07:54 mongo.pid -rw-r--r-- 1 mongodb mongodb  1359 Jun 19 22:41 README -rw-r--r-- 1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES [iyunv@redis mongodb]#

### 把key文件复制到另外一个节点上去

• - 注意属组属主
  
• - 创建一个全局账户
  
  

1 2 3 4 5 6 7 8 9 10 11

> > show dbs admin  (empty) local  1.078GB test   (empty) > use admin switched to db admin > db.addUser("zhuima","zhuima") WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' instead Successfully added user: { "user" : "zhuima", "roles" : [ "root" ] } >

### 主服务器配置文件

1 2 3 4 5 6 7 8 9 10 11 12

[iyunv@redis mongodb]# sed -e '/^$/d;/^#/d' /etc/mongod.conf port=27017 dbpath=/mongo/data/mongodb_data/ logpath=/mongo/data/mongodb_log/mongodb.log pidfilepath=/usr/local/mongodb/mongo.pid fork=true logappend=true shardsvr=true directoryperdb=true replSet=zhuima keyFile=/usr/local/mongodb/key bind_ip=192.168.58.30

### 从服务器上配置文件

1 2 3 4 5 6 7 8 9 10

[iyunv@mongo1 data]# vim /etc/mongod.conf [iyunv@mongo1 data]# sed -e '/^$/d;/^#/d' /etc/mongod.conf logpath=/var/log/mongodb/mongod.log logappend=true fork=true dbpath=/mongo/data pidfilepath=/var/run/mongodb/mongod.pid bind_ip=192.168.58.10 replSet = zhuima keyFile = /mongo/data/key

### 重启mongodb服务观察结果

• - 初始化副本集
  
  

1	> rs.initiate()

• - 由下面的可以看出，keyFile默认就包含了开启auth功能
  
  

1 2 3 4 5 6 7

zhuima:SECONDARY> show dbs 2014-07-21T08:52:44.617+0200 listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }", "code" : 13 } at src/mongo/shell/mongo.js:47 zhuima:SECONDARY>

### 验证信息

• - 主节点上
  
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

zhuima:PRIMARY> show dbs admin  0.078GB local  1.078GB zhuima:PRIMARY> use zhuima switched to db zhuima zhuima:PRIMARY> info = {Name:"zhuima",Age:26,Gender:"F",Address:"Beijing China"} { "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China" } zhuima:PRIMARY> db.person.insert(info) WriteResult({ "nInserted" : 1 }) zhuima:PRIMARY> db.person.find() { "_id" : ObjectId("53ccb955f09dbb6f5a213faf"), "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China" } zhuima:PRIMARY>

• - 从节点上
  
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

zhuima:SECONDARY> show dbs admin   0.078GB local   1.078GB zhuima  0.078GB zhuima:SECONDARY> use zhuima switched to db zhuima zhuima:SECONDARY> show collections 2014-07-21T08:55:40.267+0200 error: { "$err" : "not master and slaveOk=false", "code" : 13435 } at src/mongo/shell/query.js:131 zhuima:SECONDARY> rs.slaveOk() zhuima:SECONDARY> rs.slaveOk() zhuima:SECONDARY> show collections person system.indexes zhuima:SECONDARY> db.person.find() { "_id" : ObjectId("53ccb955f09dbb6f5a213faf"), "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China" } zhuima:SECONDARY>

### 关于mongodb 复制集 + auth的配置要感谢灿哥的指点



### 后记：

• 生产环境中虽说mongdb不对外服务，但是加上auth认证总归是有好处的
  
• 还记得曾经被乌云爆过的痛么~
  
• 后续博客将会讲诉索引记忆分片操作