CentOS7.4搭建基于用户认证的MongoDB4.0三节点副本集集群

mongoDB官方已经不建议使用主从模式了,替代方案是采用副本集的模式,点击 ,如图:

那什么是副本集呢?打魔兽世界总说打副本,其实这两个概念差不多一个意思。游戏里的副本是指玩家集中在高峰时间去一个场景打怪,会出现玩家暴多怪物少的情况,游戏开发商为了保证玩家的体验度,就为每一批玩家单独开放一个同样的空间同样的数量的怪物,这一个复制的场景就是一个副本,不管有多少个玩家各自在各自的副本里玩不会互相影响。 mongoDB的副本也是这个,主从模式其实就是一个单副本的应用,没有很好的扩展性和容错性。而副本集具有多个副本保证了容错性,就算一个副本挂掉了还有很多副本存在,并且解决了上面第一个问题“主节点挂掉了,整个集群内会自动切换”。难怪mongoDB官方推荐使用这种模式。

我们来看看mongoDB副本集的架构图:

由图可以看到客户端连接到整个副本集,不关心具体哪一台机器是否挂掉。主服务器负责整个副本集的读写,副本集定期同步数据备份,一但主节点挂掉,副本节点就会选举一个新的主服务器,这一切对于应用服务器不需要关心。我们看一下主服务器挂掉后的架构:

副本集中的副本节点在主节点挂掉后通过心跳机制检测到后,就会在集群内发起主节点的选举机制,自动选举一位新的主服务器。看起来很牛X的样子,我们赶紧操作部署一下!
官方推荐的副本集机器数量为至少3个,那我们也按照这个数量配置测试。

Mongodb副本集环境部署记录

系统环境
Centos7.5、MongoDB4.0.6、关闭防火墙、集群采用不同通讯端口

1) 机器环境
10.153.1.183 master-node(主节点)
10.153.1.184 slave-node1(从节点)
10.153.1.185 slave-node2(从节点)

2) 安装master-node

#!/bin/bash
#######################
#mongodb简介
#mongodb是个非关系型数据库,但操作跟关系型数据最类似。mysql是关系型数据库
#mongodb是面向文档存储的非关系型数据库,数据以json的格式进行存储
#mongodb可用来永久存储,也可用来缓存数据
#mongodb提供副本集和分片集群功能,操作简单
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi

if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi

#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag

#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local

#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config
systemctl disable firewalld.service

#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
*          soft   nofile    204800
*          hard   nofile    204800
*          soft   nproc     204800
*          hard   nproc     204800
EOF

sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf

#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz

#install mongodb
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb

#Create data directory
mkdir -p /data/mongodb/27017/

cat > /data/mongodb/27017/mongodb.conf <<EOF
systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/27017/mongodb.log
storage:
  dbPath: /data/mongodb/27017/
  journal:
    enabled: true
processManagement:
  fork: true
net:
  port: 27017
  bindIp: 0.0.0.0
  maxIncomingConnections: 40000
replication:
  replSetName: oriente
  oplogSizeMB: 1024
security:
  authorization: enabled
  keyFile: /home/mongodb/keyfile
EOF

#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/

#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF

chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile

#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27017/"
MONGODB_CONF="/data/mongodb/27017/mongodb.conf"
PORT=\$(netstat -tunlp|grep 27017|awk ‘{print \$4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case \$1 in
        start)
        echo -n "Starting mongodb..."
        if [[ \$PORT = 27017 ]];then
        echo "mongodb is alreday running!"
        else
        /bin/su - \$MONGODB_USER -s /bin/bash -c "\$MONGODB_EXEC -f \$MONGODB_CONF"
        fi
        echo " done"
        ;;
        stop)
        echo -n "Stoping mongodb..."
        /bin/su - \$MONGODB_USER -s /bin/bash -c "\$MONGODB_EXEC --shutdown  --dbpath \$MONGODB_DATA"
        echo " done"
        ;;
        restart)
        \$0 stop
        \$0 start
        ;;
        status)
        if [[ \$PORT != 27017 ]];then
             echo "mongodb is not running!"
        else
             echo "mongodb is running!"
        fi
        ;;
        *)
        echo "Usage: \$0"
        exit 1
esac
EOF

#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=\$PATH:\$MONGODB_HOME/bin
EOF

source /etc/profile.d/mongodb.sh

#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb

#Add to chkconfig service
chkconfig --add mongodb

#Setting up MongoDB auto-start
chkconfig mongodb on

#Start MongoDB
service mongodb start

3) 安装slave-node1

#!/bin/bash
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi

if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi

#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag

#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local

#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config
systemctl disable firewalld.service

#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
*          soft   nofile    204800
*          hard   nofile    204800
*          soft   nproc     204800
*          hard   nproc     204800
EOF

sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf

#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz

#install mongodb
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb

#Create data directory
mkdir -p /data/mongodb/27018/

cat > /data/mongodb/27018/mongodb.conf <<EOF
systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/27018/mongodb.log
storage:
  dbPath: /data/mongodb/27018/
  journal:
    enabled: true
processManagement:
  fork: true
net:
  port: 27018
  bindIp: 0.0.0.0
  maxIncomingConnections: 40000
replication:
  replSetName: oriente
  oplogSizeMB: 1024
security:
  authorization: enabled
  keyFile: /home/mongodb/keyfile
EOF

#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/

#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF

chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile

#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27018/"
MONGODB_CONF="/data/mongodb/27018/mongodb.conf"
PORT=\$(netstat -tunlp|grep 27018|awk ‘{print \$4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case \$1 in
        start)
        echo -n "Starting mongodb..."
        if [[ \$PORT = 27018 ]];then
        echo "mongodb is alreday running!"
        else
        /bin/su - \$MONGODB_USER -s /bin/bash -c "\$MONGODB_EXEC -f \$MONGODB_CONF"
        fi
        echo " done"
        ;;
        stop)
        echo -n "Stoping mongodb..."
        /bin/su - \$MONGODB_USER -s /bin/bash -c "\$MONGODB_EXEC --shutdown  --dbpath \$MONGODB_DATA"
        echo " done"
        ;;
        restart)
        \$0 stop
        \$0 start
        ;;
        status)
        if [[ \$PORT != 27018 ]];then
             echo "mongodb is not running!"
        else
             echo "mongodb is running!"
        fi
        ;;
        *)
        echo "Usage: \$0"
        exit 1
esac
EOF

#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=\$PATH:\$MONGODB_HOME/bin
EOF

source /etc/profile.d/mongodb.sh

#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb

#Add to chkconfig service
chkconfig --add mongodb

#Setting up MongoDB auto-start
chkconfig mongodb on

#Start MongoDB
service mongodb start

4) 安装slave-node2

#!/bin/bash
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi

if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi

#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag

#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local

#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config
systemctl disable firewalld.service

#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
*          soft   nofile    204800
*          hard   nofile    204800
*          soft   nproc     204800
*          hard   nproc     204800
EOF

sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf

#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz

#install mongodb
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb

#Create data directory
mkdir -p /data/mongodb/27019/

cat > /data/mongodb/27019/mongodb.conf <<EOF
systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/27019/mongodb.log
storage:
  dbPath: /data/mongodb/27019/
  journal:
    enabled: true
processManagement:
  fork: true
net:
  port: 27019
  bindIp: 0.0.0.0
  maxIncomingConnections: 40000
replication:
  replSetName: oriente
  oplogSizeMB: 1024
security:
  authorization: enabled
  keyFile: /home/mongodb/keyfile
EOF

#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/

#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF

chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile

#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27019/"
MONGODB_CONF="/data/mongodb/27019/mongodb.conf"
PORT=\$(netstat -tunlp|grep 27019|awk ‘{print \$4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case \$1 in
        start)
        echo -n "Starting mongodb..."
        if [[ \$PORT = 27019 ]];then
        echo "mongodb is alreday running!"
        else
        /bin/su - \$MONGODB_USER -s /bin/bash -c "\$MONGODB_EXEC -f \$MONGODB_CONF"
        fi
        echo " done"
        ;;
        stop)
        echo -n "Stoping mongodb..."
        /bin/su - \$MONGODB_USER -s /bin/bash -c "\$MONGODB_EXEC --shutdown  --dbpath \$MONGODB_DATA"
        echo " done"
        ;;
        restart)
        \$0 stop
        \$0 start
        ;;
        status)
        if [[ \$PORT != 27019 ]];then
             echo "mongodb is not running!"
        else
             echo "mongodb is running!"
        fi
        ;;
        *)
        echo "Usage: \$0"
        exit 1
esac
EOF

#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=\$PATH:\$MONGODB_HOME/bin
EOF

source /etc/profile.d/mongodb.sh

#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb

#Add to chkconfig service
chkconfig --add mongodb

#Setting up MongoDB auto-start
chkconfig mongodb on

#Start MongoDB
service mongodb start

5) 登录master-node
mongo

6) mongodb副本集的初始化及其状态查看

config = { _id:"oriente", members:[
  {_id:0,host:"10.153.1.183:27017"},
  {_id:1,host:"10.153.1.184:27018"},
  {_id:2,host:"10.153.1.185:27019"}]
}

截图如下

use admin
副本集初始化,需要一定时间
rs.initiate( config )

副本集状态,一个primary,其它SECONDARY
rs.status()

创建admin用户并且设置密码

db.createUser({user:"admin",pwd:"oriente1234.com",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})

设置相关权限

use admin
db.auth("admin","oriente1234.com")
db.grantRolesToUser( "admin" , [ { role: "dbOwner", db: "admin" },{ "role": "clusterAdmin", "db": "admin" },
{ "role": "userAdminAnyDatabase", "db": "admin" },
{ "role": "dbAdminAnyDatabase", "db": "admin" }])

7) 任意一台从库上查询,这里是node-slave1(10.153.1.184)
mongo 10.153.1.184:27018

use admin
db.auth(admin,‘oriente1234.com‘)
rs.status()

原文地址:https://blog.51cto.com/jinyan2049/2379814

时间: 2024-10-09 02:51:01

CentOS7.4搭建基于用户认证的MongoDB4.0三节点副本集集群的相关文章

CentOS 6.6 x64搭建基于用户密码认证的openvpn

一.部署 部署情况请查看我上一篇文章,我们这里只是针对上一篇文章进行简单的修改 http://wangzan18.blog.51cto.com/8021085/1673778 二.修改 # vim /etc/openvpn/server.conf 在配置文件最后面添加如下几行数据 script-security 3 system auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env client-cert-not-required user

Centos7——16.搭建JAVAEE 环境(安装Tomcat9.0.24)

目录 1. 安装JDK 2. 下载Tomcat9压缩包 3. 创建新目录并解压缩 4. 在linux本机上启动Tomcat 5. 本机上测试结果 6. 在防火墙中添加8080端口,并重启防火墙 7. 在Windows上打开浏览器输入 linux 的 IP 和 端口号 (默认是 8080) 1. 安装JDK https://www.cnblogs.com/zwxo1/p/11402591.html 2. 下载Tomcat9压缩包 进入Apache Tomcat官网,进行下载 https://tom

Centos7——16.搭建JAVAEE环境(安装MySQL8.0.15)

目录 1. 选择你自己想要安装的版本然后下载,并上传到 linux 上 2. 查看 mariadb 的安装包,并将其卸载(想知道原因自行百度) 3. 进入到 前面软件上传的目录,并安装 rpm 安装包 4. 对 MySQL 进行初始化和相关配置 5. 查看 MySQL 的初始密码,并登录 6. 设置新的密码,并登录 7. 进行远程访问的授权 8. 开放端口重启防火墙 9. 通过可视化工具连接 MySQL 数据库 1. 选择你自己想要安装的版本然后下载,并上传到 linux 上 http://re

搭建三节点高可用集群配置步骤,zookeeper

步骤一:干净的集群,全新的hdfs在第一台主机上配置配置文件core-site.xml:<configuration><property> <name>fs.defaultFS</name> <value>hdfs://bcqm1711</value></property><property> <name>hadoop.tmp.dir</name> <value>/home/

httpd虚拟主机配置及基于用户的访问控制

本文旨在实践httpd虚拟主机及基于用户的访问控制 知识储备 虚拟主机有三种实现方案: 基于ip: 为每个虚拟主机准备至少一个独有ip地址: 基于port: 为每个虚拟主机使用至少一个独有的port: 基于FQDN: 为每个虚拟主机使用至少一个FQDN: 注意:一般虚拟机不要与中心主机混用:因此,要使用虚拟主机,得先禁用'main'主机: 禁用方法:注释中心主机的DocumentRoot指令即可: 基于用户的访问控制: http协议认证方式2种 basic:明文 digest:消息摘要认证 本次

httpd 基于用户的访问控制的配置

当我们在网站的某些特定目录放置了比较私密的信息,而又只想提供给我们信任的指定用户访问,这时就需要使用httpd的基于用户访问控制,其能帮你实现只有通过认证的用户才能被允许访问特定的资源,从而大大提高了网站的安全性. 一.httpd基于用户的访问控制简介 基于用户的访问控制包含认证和授权两个过程:        认证(Authentication)是指识别用户身份的过程        授权(Authorization)是允许特定用户访问特定区域信息的过程. Apache的认证包含基本认证(Basi

10.Django用户认证组件

用户认证组件: 功能:用session记录登录验证状态: 前提:用户表,django自带的auth_user 创建超级用户:python manage.py createsuperuser           kris的密码是abc123456 基于用户认证组件的登录验证信息储存 views.py from django.shortcuts import render, HttpResponse, redirect # Create your views here. from django.co

在Centos7下搭建Socks5代理服务器

在Centos7下搭建Socks5代理服务器 知者不言0人评论20237人阅读2017-12-21 09:50:25 采用socks协议的代理服务器就是SOCKS服务器,是一种通用的代理服务器.Socks是个电路级的底层网关,是DavidKoblas在1990年开发的,此后就一直作为Internet RFC标准的开放标准.Socks 不要求应用程序遵循特定的操作系统平台,Socks 代理与应用层代理. HTTP 层代理不同,Socks 代理只是简单地传递数据包,而不必关心是何种应用协议(比如FT

Linux FTP服务器的搭建与配置+基于关系型数据库实现用户认证

一.服务器端的安装: yum install vsftpd 1)查看安装后生成的哪些文件 [[email protected] ~]# rpm -ql vsftpd /etc/logrotate.d/vsftpd  <==========主志日志文件 /etc/pam.d/vsftpd<==================认证文件 /etc/rc.d/init.d/vsftpd<=============服务脚本 /etc/vsftpd<======================