MongoDB副本集创建与认证(六)
一,修改配置文件,重启服务
示例节点:
1,x.x.x.89
2,x.x.x.62
3,x.x.x.143
vim /etc/mongo.conf
bindIp: 0.0.0.0
replication:
replSetName: testx
启动服务,登录
[[email protected] mongo]# service mongod restart
Stopping mongod: [ OK ]
Starting mongod: [ OK ]
执行以下操作
PS:三台节点进行同样操作,重启服务。
二,以x.x.x.89为主,在此节点操作
登录之后
这是正常的
配置副本集
稍等几秒
PRIMARY为主
MongoDB只能在主节点进行写入操作
配置参数:
config 定义集合信息
rs.initate(config) 初始化副本信息
ok:1代表创建成功
testx:PRIMARY> rs.conf()
{
"_id" : "testx",
"version" : 1,
"protocolVersion" : NumberLong(1),
"members" : [
{
"_id" : 0,
"host" : "x.x.x.89:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 10,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
},
{
"_id" : 1,
"host" : "x.x.x.62:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 9,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
},
{
"_id" : 2,
"host" : "x.x.x.143:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
}
],
"settings" : {
"chainingAllowed" : true,
"heartbeatIntervalMillis" : 2000,
"heartbeatTimeoutSecs" : 10,
"electionTimeoutMillis" : 10000,
"catchUpTimeoutMillis" : -1,
"catchUpTakeoverDelayMillis" : 30000,
"getLastErrorModes" : {
},
"getLastErrorDefaults" : {
"w" : 1,
"wtimeout" : 0
},
"replicaSetId" : ObjectId("5a69a8695dcaecbc86df9843")
}
}
testx:PRIMARY>
副本集信息如上
三,认证
创建帐号,详细参阅(五)
创建副本集认证key文件
退出并修改配置文件
security:
authorization: enabled
keyFile: /MongoDB/key/mongodb-keyfile
重启服务
生成副本集key文件: 注意,三个节点必须要用同一份keyfile,在一台机器生成,拷贝到另外两台,并且修改成 600 的文件属性
[[email protected] mongo]# openssl rand -base64 90 -out ./keyfile
[[email protected] mongo]# chmod 600 keyfile
[[email protected] mongo]# ll keyfile
-rw------- 1 root root 122 Jan 25 18:07 keyfile
PS:key文件与配置文件中路径一致
修改每个节点的mongo服务,打开认证。重启每个节点的mongodb服务,
security:
authorization: enabled
keyFile: /MongoDB/key/mongodb-keyfile
四,测试
testx:PRIMARY> db.auth('dbadmin','xxx')
1
testx:PRIMARY> rs.conf()
2018-01-25T18:11:08.694+0800 E QUERY [thread1] Error: Could not retrieve replica set config: {
"operationTime" : Timestamp(1516875064, 1),
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { replSetGetConfig: 1.0, $clusterTime: { clusterTime: Timestamp(1516875054, 1), signature: { hash: BinData(0, 15653A13B141443132E7E3FBF4A4525A80B48E36), keyId: 6514923556432773121 } }, $db: \"admin\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(1516875064, 1),
"signature" : {
"hash" : BinData(0,"d/O/cnPW5WKRANv3dwgtZWXl+T8="),
"keyId" : NumberLong("6514923556432773121")
}
}
} :
已认证,无群集权限
testx:PRIMARY> rs.isMaster()
{
"hosts" : [
"x.x.x.89:27017",
"x.x.x.62:27017",
"x.x.x143:27017"
],
"setName" : "testx",
"setVersion" : 1,
"ismaster" : true,
"secondary" : false,
"primary" : "x.x.x.89:27017",
"me" : "x.x.x.89:27017",
"electionId" : ObjectId("7fffffff0000000000000005"),
"lastWrite" : {
"opTime" : {
"ts" : Timestamp(1516875104, 1),
"t" : NumberLong(5)
},
"lastWriteDate" : ISODate("2018-01-25T10:11:44Z"),
"majorityOpTime" : {
"ts" : Timestamp(1516875104, 1),
"t" : NumberLong(5)
},
"majorityWriteDate" : ISODate("2018-01-25T10:11:44Z")
},
"maxBsonObjectSize" : 16777216,
"maxMessageSizeBytes" : 48000000,
"maxWriteBatchSize" : 100000,
"localTime" : ISODate("2018-01-25T10:11:52.717Z"),
"logicalSessionTimeoutMinutes" : 30,
"minWireVersion" : 0,
"maxWireVersion" : 6,
"readOnly" : false,
"ok" : 1,
"operationTime" : Timestamp(1516875104, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1516875104, 1),
"signature" : {
"hash" : BinData(0,"JZwIYziyLGDFX8bG7+rLtApcIos="),
"keyId" : NumberLong("6514923556432773121")
}
}
}
群集正常
日志:
说明认证成功
五,群集管理权限
db.grantRolesToUser("dbadmin",[{role:"clusterAdmin",db:"admin"}])
testx:PRIMARY> db.grantRolesToUser("dbadmin",[{role:"clusterAdmin",db:"admin"}])
testx:PRIMARY> rs.status()
{
"set" : "testx",
"date" : ISODate("2018-01-25T10:23:25.493Z"),
"myState" : 1,
"term" : NumberLong(5),
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1516875804, 1),
"t" : NumberLong(5)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1516875804, 1),
"t" : NumberLong(5)
},
"appliedOpTime" : {
"ts" : Timestamp(1516875804, 1),
"t" : NumberLong(5)
},
"durableOpTime" : {
"ts" : Timestamp(1516875804, 1),
"t" : Nu:mberLong(5)
}
},
"members" : [
{
"_id" : 0,
"name" : "x.x.x.x:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 1030,
"optime" : {
"ts" : Timestamp(1516875804, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-01-25T10:23:24Z"),
"electionTime" : Timestamp(1516874943, 1),
"electionDate" : ISODate("2018-01-25T10:09:03Z"),
"configVersion" : 1,
"self" : true
},
{
"_id" : 1,
"name" : "x.x.x.62:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 884,
"optime" : {
"ts" : Timestamp(1516875794, 1),
"t" : NumberLong(5)
},
"optimeDurable" : {
"ts" : Timestamp(1516875794, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-01-25T10:23:14Z"),
"optimeDurableDate" : ISODate("2018-01-25T10:23:14Z"),
"lastHeartbeat" : ISODate("2018-01-25T10:23:23.979Z"),
"lastHeartbeatRecv" : ISODate("2018-01-25T10:23:24.354Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "x.x.x.143:27017",
"configVersion" : 1
},
{
"_id" : 2,
"name" : "x.x.x.143:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 868,
"optime" : {
"ts" : Timestamp(1516875804, 1),
"t" : NumberLong(5)
},
"optimeDurable" : {
"ts" : Timestamp(1516875804, 1),
"t" : NumberLong(5)
},
"optimeDate" : ISODate("2018-01-25T10:23:24Z"),
"optimeDurableDate" : ISODate("2018-01-25T10:23:24Z"),
"lastHeartbeat" : ISODate("2018-01-25T10:23:24.389Z"),
"lastHeartbeatRecv" : ISODate("2018-01-25T10:23:24.466Z"),
"pingMs" : NumberLong(1),
"syncingTo" : "x.x.x.89:27017",
"configVersion" : 1
}
],
"ok" : 1,
"operationTime" : Timestamp(1516875804, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1516875804, 1),
"signature" : {
"hash" : BinData(0,"OsHSfLUf32wt/cRtDXgIor7Hnv8="),
"keyId" : NumberLong("6514923556432773121")
}
}
}
db.revokeRolesFromUser( "<username>", [ <roles> ], { <writeConcern> } )
附录一
附录二