MongoDB3.0集群安装和安全认证指南
本文旨在建议一个高可用的MongoDB集群,为应用提供不间断,高性能的数据库服务,同时于集群中添加认证机制,提高数据库的安全性。
在建议一个高可用的MongoDB集群,为应用提供不间断,高性能的数据库服务,同时于集群中添加认证机制,提高数据库的安全性。
环境信息
安装版本信息:
版本:mongodb-linux-x86_64-rhel62-3.0.10.tgz
操作系统版本:CentOS release 6.6 (Final)
存储引擎:mmapv1
集群架构
该集群有设置3个shard servers,3个Config servers,2个mongos servers,共15个实例进程。
服务器信息
Machine Type |
Components Installed |
Description |
IP Address |
Hostname |
App Server 1 |
Application, Mongos |
This server will server dual role of app server as well as the mongos server |
192.168.56.102 |
mongodb01 |
App Server 1 |
Application, Mongos |
This server will server dual role of app server as well as the mongos server |
192.168.56.103 |
mongodb02 |
Mongo Config 1 |
Mongo Config Server |
Used as mongodb config server |
192.168.56.102 |
mongodb01 |
Mongo Config 2 |
Mongo Config Server |
Used as mongodb config server |
192.168.56.103 |
mongodb02 |
Mongo Config 3 |
Mongo Config Server |
Used as mongodb config server |
192.168.56.104 |
mongodb03 |
Shard 1 Primary |
Mongo DB |
Used as primary DB server in shard 1 |
192.168.56.102 |
mongodb01 |
Shard 1 Secondary |
Mongo DB |
Used as secondary DB server in shard 1 |
192.168.56.103 |
mongodb02 |
Shard 1 Secondary |
Mongo DB |
Used as secondary DB server in shard 1 |
192.168.56.104 |
mongodb03 |
Shard 2 Primary |
Mongo DB |
Used as primary DB server in shard 2 |
192.168.56.102 |
mongodb01 |
Shard 2 Secondary |
Mongo DB |
Used as secondary DB server in shard 2 |
192.168.56.103 |
mongodb02 |
Shard 2 Secondary |
Mongo DB |
Used as secondary DB server in shard 2 |
192.168.56.104 |
mongodb03 |
Shard 3 Primary |
Mongo DB |
Used as primary DB server in shard 3 |
192.168.56.102 |
mongodb01 |
Shard 3 Secondary |
Mongo DB |
Used as secondary DB server in shard 3 |
192.168.56.103 |
mongodb02 |
Shard 3 Secondary |
Mongo DB |
Used as secondary DB server in shard 3 |
192.168.56.104 |
mongodb03 |
部署步骤(无验证模式)
安装mongodb
在3台mongodb服务器上都安装mongodb,版本是mongodb-linux-x86_64-rhel62-3.0.10。安装步骤如下:
上传mongodb安装包到预先创建的目录/app目录下。
解压mongodb安装包 命令:tar –zxvf mongodb-linux-x86_64-rhel62-3.0.10.tgz。
安装路径创建
分别在3台机器运行一个mongod实例(称为mongod shard11,mongod shard12,mongod shard13)组织replica set1,作为cluster的shard1。
分别在3台机器运行一个mongod实例(称为mongod shard21,mongod shard22,mongod shard23)组织replica set2,作为cluster的shard2。
分别在3台机器运行一个mongod实例(称为mongod shard31,mongod shard32,mongod shard33)组织replica set3,作为cluster的shard3。
每台机器运行一个mongod实例,作为3个config server
每台机器运行一个mongs进程,用于客户端连接
创建配置、日志、分片、key文件存储目录及验证文件
在各台服务器上创建文件夹:
在三台shard服务器上创建shard数据文件目录和日志文件目录
mkdir -p /app/mongodb/mmapv1/shard11
mkdir -p /app/mongodb/mmapv1/shard21
mkdir -p /app/mongodb/mmapv1/shard31
Server2
mkdir -p /app/mongodb/mmapv1/shard12
mkdir -p /app/mongodb/mmapv1/shard22
mkdir -p /app/mongodb/mmapv1/shard32
Server3
mkdir -p /app/mongodb/mmapv1/shard13
mkdir -p /app/mongodb/mmapv1/shard23
mkdir -p /app/mongodb/mmapv1/shard33
在三台config服务器上创建config数据文件目录和日志文件目录
mkdir -p /app/mongodb/mmapv1/config
在三台route服务器上创建日志
mkdir -p /app/mongodb/mmapv1/logs
在三台key服务器上创建key
mkdir -p /app/mongodb/mmapv1/key
创建验证与无验证目录
目录命名规范
规范命名
创建shard11.conf、shard12.conf、shard13.conf、shard21.conf、shard22.conf、shard23.conf、shard31.conf、shard32.conf、shard33.conf、configsvr.conf、mongos.conf于/app/mongodb/mmapv1/security目录与/app/mongodb/mmapv1/nosecurity目录
配置relica set分片1
1. 配置shard1所用到的replica sets:
Server1:
cd /app/mongodb/mmapv1/nosecurity
设置config信息,配置文本命名为:shard11.conf
# mongod.conf
# for documentation of all options, see: # http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data. systemLog: destination: file logAppend: true path: /app/mongodb/mmapv1/logs/shard11.log
# Where and how to store data. storage: dbPath: /app/mongodb/mmapv1/shard11 journal: enabled: true # engine: # mmapv1:true # wiredTiger:
# how the process runs processManagement: fork: true # fork and run in background pidFilePath: /app/mongodb/mmapv1/shard11/mongod.pid # location of pidfile
# network interfaces net: port: 27017 # bindIp: 127.0.0.1,192.168.56.102,192.168.56.103,192.168.56.104 # Listen to local interface only, comment to listen on all interfaces.
#security: #"security": #{ # "authorization":"enabled", # "clusterAuthMode":"keyFile", # "keyFile":"/app/mongodb/mmapv1/shard11/mongodb.key" #}
#operationProfiling:
replication: oplogSizeMB: 100 replSetName: shard1
sharding: < |