MongoDB高可用架构 集群权限控制

原创 2012年03月23日 22:45:03

高可用架构图

 

MongoDB高可用架构的搭建

分片存储服务器规划

每个分片3服务器,前期采用三台,日后服务器的增加考虑灾备,服务增加的基数最少为两台。

 

类型

服务器

用途

系统

说明

存储/数据

Server1

Shard1/Shard2/Shard3

Linux 64

Shard1:10001;Shard2:10002,Shard3:10003;

Server2

Shard1/Shard2/Shard3

Linux 64

Shard1:10001;Shard2:10002,Shard3:10003;

Server3

Shard1/Shard2/Shard3

Linux 64

Shard1:10001;Shard2:10002,Shard3:10003;

配置

Server1

Config1

Linux 64

Config1:20000;

Server2

Config2

Linux 64

Config2:20000;

Serve3

Config3

Linux 64

Config3:20000;

路由

Server1

Mongos1

Linux 64

Mongos:30000

Server2

Mongos2

Linux 64

Mongos:30000

Server3

Mongos3

Linux 64

Mongos:30000

(表:一)

准备

创建配置、日志、分片、key文件存储目录及验证文件

[root@Mongo-server-B/]# mkdir /data/config/ -p

[root@Mongo-server-B/]# mkdir /data/log/ -p

[root@Mongo-server-B/]# mkdir /data/shard1/ -p

[root@Mongo-server-B/]# mkdir /data/shard2/ -p

[root@Mongo-server-B/]# mkdir /data/shard3/ -p

[root@Mongo-server-B/]# mkdir /data/key/ -p

创建验证与无验证目录

[root@Mongo-server-B/]# mkdir /Apps/mongo/bin/nosecurity/ -p

[root@Mongo-server-B/]# mkdir /Apps/mongo/bin/security/ -p

创建配置文件

1、 创建验证文件security于/data /key/目录,关赋予可读权限,命令如下:

[root@Mongo-server-B/]# cd /data/key/

[root@Mongo-server-Bkey]# echo 'pomohoshard1key'> security

[root@Mongo-server-Bkey]# chmod 600 security

2、 创建shard1.conf、shard2.conf、shard3.conf、configsvr.conf、mongos.conf于/Apps/mongo/bin/nosecurity目录与/Apps/mongo/bin/security目录,内容分别如下:

shard1.conf

dbpath = /data/shard1

shardsvr = true

replSet = shard1

bind_ip = 192.168.2.88,localhost

port = 10001

oplogSize = 100

logpath =/data/log/shard1.log

logappend = true

profile = 1

slowms = 5

rest = true

fork = true

keyFile = /data/key/security  #nosecurity目录将该行删除

shard2.conf

dbpath = /data/shard2

shardsvr = true

replSet = shard2

bind_ip = 192.168.2.88,localhost

port = 10002

oplogSize = 100

logpath = /data/log/shard2.log

logappend = true

profile = 1

slowms = 5

rest = true

fork = true

keyFile = /data/key/security  #nosecurity目录将该行删除

shard3.conf

dbpath = /data/shard3

shardsvr = true

replSet = shard3

bind_ip = 192.168.2.88,localhost

port = 10003

oplogSize = 100

logpath = /data/log/shard3.log

logappend = true

profile = 1

slowms = 5

rest = true

fork = true

keyFile = /data/key/security  #nosecurity目录将该行删除

configsvr.conf

dbpath = /data/config

configsvr = true

port = 20000

logpath =/data/log/config.log

logappend = true

fork = true

keyFile = /data/key/security  #nosecurity目录将该行删除

mongos.conf

configdb =192.168.2.88:20000, 192.168.2.89:20000, 192.168.2.90:20000

port = 30000

chunkSize = 5

logpath =/data/log/mongos.log

logappend = true

fork = true

keyFile = /data/key/security  #nosecurity目录将该行删除

分片配置

说明:分片要在无验证环境中配置,否则会出现无权限等异常。采用以下命令启动Server1\Server2\Server3上的shard1\shard2\shard3:

[root@Mongo-server-A bin]# cd/Apps/mongo/bin/

[root@Mongo-server-A bin]# ./mongod-f ./nosecurity/shard1.conf 

[root@Mongo-server-A bin]# ./mongod-f ./nosecurity/shard2.conf 

[root@Mongo-server-A bin]# ./mongod-f ./nosecurity/shard3.conf

以下命令查看是否正常启动:

[root@Mongo-server-A bin]# netstat–lnpt

启动后连接到shard1\shard2\shard3分别进行配置,以下是具体配置过程:

[root@Mongo-server-A bin]#./mongo 192.168.2.88:10001

>config = {_id:"shard1", members: [

                          {_id: 0, host:"192.168.2.88:10001"},

                          {_id: 1, host:"192.168.2.89:10001"},

                          {_id: 2, host:"192.168.2.90:10001"}]

           }

>rs.initiate(config)

>exit

[root@Mongo-server-A bin]#./mongo 192.168.2.88:10002

>config = {_id:"shard2", members: [

                          {_id: 0, host:"192.168.2.88:10002"},

                          {_id: 1, host:"192.168.2.89:10002"},

                          {_id: 2, host:"192.168.2.90:10002"}]

        }

>rs.initiate(config)

>exit

[root@Mongo-server-A bin]#./mongo 192.168.2.88:10003

>config = {_id:"shard3", members: [

                          {_id: 0, host:"192.168.2.88:10003"},

                          {_id: 1, host:"192.168.2.89:10003"},

                          {_id: 2, host:"192.168.2.90:10003"}]

        }

>rs.initiate(config)

至此,已完成分片配置

路由设置

路由是能过config来连接分片服务器,在启动路由进程时,先启动配置进程,路由配置过程如下:

[root@Mongo-server-A bin]#./mongod -f ./nosecurity/configsvr.conf

[root@Mongo-server-A bin]# ./mongos-f ./nosecurity/mongos.conf

启动后,连接路由进行分片添加,只需配置一台路由。注:分片操作需在admin库下进行,另外必需在无验证要求下进行,即采用前面创建于nosecurity文件夹下的配置。

[root@Mongo-server-A bin]#./mongo 192.168.2.88:30000

mongos> use admin

mongos> db.runCommand({addshard:"shard1/192.168.2.88:10001,192.168.2.89:10001,192.168.2.90:10001",name:"shard1", maxsize:20480} )

mongos> db.runCommand({addshard:"shard2/192.168.2.88:10002,192.168.2.89:10002,192.168.2.90:10002",name:"shard2", maxsize:20480} )

mongos> db.runCommand({addshard:"shard3/192.168.2.88:10003,192.168.2.89:10003,192.168.2.90:10003",name:"shard3", maxsize:20480} )

命令检查分片添加情况,如出现以下结果则表示配置成功:

mongos> db.runCommand( {listshards : 1 } )

{

        "shards" : [

                {

                        "_id" :"shard1",

                        "host" :"shard1/192.168.2.88:10001,192.168.2.89:10001,192.168.2.90:10001"

                },

                {

                        "_id" :"shard2",

                        "host" :"shard2/192.168.2.88:10002,192.168.2.89:10002,192.168.2.90:10002"

                },

                {

                        "_id" :"shard3",

                        "host" :"shard3/192.168.2.88:10003,192.168.2.89:10003,192.168.2.90:10003"

                }

        ],

        "ok" : 1

}

权限控制

MongoDB默认为验证模式。如需对数据库进行权限控制,需先采用无验证模式登录,进入admin库创建管理员用户后,再采用验证模式登录。通过前面创建的管理员帐号进行数据库与用户的创建。MongoDB集群的权限与单台的权限控制的不同之处在于,单台是通过-auth属性,集群是通过keyFile来进行服务器间的验证。以下介绍配置全过程。

前面的所有步骤,都是在nosecurity模式下进行。如果没有采用非验证模式的需要将所有进程(分片、配置、mongos)停止,将切换到无验证模式。

步骤一:先进行登录,并切换进admin库创建管理员帐号

[root@Mongo-server-A bin]#./mongo 192.168.2.88:30000

mongos> use admin

mongos>db.addUser('admin','123456')

{

        "singleShard" :"192.168.2.88:20000,192.168.2.89:20000,192.168.2.90:20000",

        "n" : 0,

        "connectionId" : 211,

        "err" : null,

        "ok" : 1

}

{

        "_id" :ObjectId("4f6c78ddad912a3ac6833ece"),

        "user" : "admin",

        "readOnly" : false,

        "pwd" :"95ec4261124ba5951720b199908d892b"

}

验证用户名与密码

mongos> db.auth('admin','123456')

1

mongos>exit

步骤二:退出后,将Server1\Server2\Server3服务器上MongoDB的所有进程(分片、配置、mongos)停止,将切换到验证模式。具体命令如下:

[root@Mongo-server-A bin]#killall mongod mongos

[root@Mongo-server-A bin]#netstat -lnpt

[root@Mongo-server-A bin]# ./mongod-f ./security/shard1.conf

[root@Mongo-server-A bin]# ./mongod-f ./security/shard2.conf

[root@Mongo-server-A bin]# ./mongod-f ./security/shard3.conf

[root@Mongo-server-A bin]#netstat –lnpt

[root@Mongo-server-A bin]#./mongod -f ./security/configsvr.conf

[root@Mongo-server-A bin]# ./mongos-f ./security/mongos.conf

启动后,如对库进行查看,则会报以下异常:

[root@Mongo-server-A bin]#./mongo 192.168.2.90:30000/admin

MongoDB shell version: 2.0.3

connecting to:192.168.2.90:30000/admin

> show dbs

Fri Mar 23 22:28:28 uncaughtexception: listDatabases failed:{ "ok" : 0, "errmsg" :"unauthorized" }

以下是正常登录后显示的信息:

[root@Mongo-server-A bin]#./mongo 192.168.2.90:30000/admin

MongoDB shell version: 2.0.3

connecting to:192.168.2.90:30000/admin

>db.auth('admin','123456')

1

mongos>

步骤三:以下是数据库及数据库用户创建的过程:

mongos> use hello

switched to db hello

mongos>db.addUser('sa','sa')

{

        "singleShard" :"shard2/192.168.2.88:10002,192.168.2.89:10002,192.168.2.90:10002",

        "n" : 0,

        "lastOp" :NumberLong("5723101431532093441"),

        "connectionId" : 38,

        "err" : null,

        "ok" : 1

}

{

        "user" : "sa",

        "readOnly" : false,

        "pwd" :"75692b1d11c072c6c79332e248c4f699",

        "_id" :ObjectId("4f6c8a6e9f67b049a20a00de")

}

mongos> exit

bye

[root@Mongo-server-A bin]#./mongo 192.168.2.90:30000/hello -u sa -p

MongoDB shell version: 2.0.3

Enter password:

connecting to:192.168.2.90:30000/hello

> show collections

system.indexes

system.users

> db.system.users.find()

{ "_id" :ObjectId("4f6c8a6e9f67b049a20a00de"), "user" :"sa", "readOnly" : false, "pwd" :"75692b1d11c072c6c79332e248c4f699" }

 

版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章推荐

mongodb 3.2 集群认证及创建用户

认证之前先创建用户 mongodb 创建用户 db.createUser({user:"lixiaomeng",pwd:"11111",roles:[{role:"root",db:"admin...
  • isoleo
  • isoleo
  • 2016-07-04 16:21
  • 2534

搭建mongodb副本集群,keyfile和ssl方式,用户认证模式

环境: Microsoft Windows [版本 10.0.10586] mongod 版本: db version v3.2.1 git version: a14d55980c2cdc...

部署MongoDB Replica Set同时给数据库设置用户名密码

1. 根据下面链接配置好mongodb replica set http://blog.csdn.net/monkey_four/article/details/50837586 2....

MongoDB分片群集(windows)

1、准备工作 C:\Documents and Settings\Administrator>d: D:\>cd D:\mongodb-win32-i386-2.0.2 D:\mongodb...

MongoDB分片布属(Linux)

1、创建数据文件夹 [root@Mongo-server-A /]# mkdir data [root@Mongo-server-A /]# cd /data [root@Mongo-serve...

Mongodb的带用户验证replica set配置

mkdir -p /data/data/dbmaster /data/data/dbslave1 /data/data/dbslave2 /data/data/dbslave3 mo...

mongodb3.4使能传输加密

证书准备 参考http://blog.csdn.net/zahuopuboss/article/details/53606883 准备自建CA并签发服务端证书和客户端证书 把服务端证书合并到一个...

Mongodb 集群keyFile认证

mongodb集群Replica Set模式,配置keyFile认证,预防黑客攻击
  • wlzjsj
  • wlzjsj
  • 2017-03-11 18:12
  • 1775

mongodb用户权限管理配置

环境mongodb 3.4 window7MongoDB常用命令[root@snails ~]# ps -ef|grep mongod [root@snails ~]# mongo --host=1...

mongodb分片模式启用认证的注意事项

1. 确保mongdb的configsvr是采用service模式启动的,即从/etc/init.dxia
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)