t7k.space p2.php,MongoDB 3.2.7 基于keyFile的认证在副本集+集群分片中的使用

最新推荐文章于 2022-03-12 09:57:19 发布
最新推荐文章于 2022-03-12 09:57:19 发布
阅读量734 收藏
点赞数
文章标签: t7k.space p2.php

基于副本集的分片集群打建好后,mongodb数据库并没有提供用户安全认证,需要用户手工配置,才能使得数据库只接受特定用户特定方式的连接,增加数据库的安全性与稳定性。本文提供

MongoDB 3.2.7 基于keyFile的认证在副本集+集群分片中的使用方法。

首先,参照博文MongoDB 3.2.7 for rhel6.4 副本集-分片集群部署(http://blog.itpub.net/29357786/viewspace-2128515/)部署MongoDB 3.2.7集群环境。

思路:为2个集群分片,firstset、secondset分别创建超级用户(用来分别管理Mongo集群的分片),再为集群创建一个管理用户,控制外部链接对集群进程Mongos的访问。

1、为firstset创建分片管理超级用户

[mongo@mongo2 conf]$ mongo admin  --port 10001

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:10001/admin

firstset:PRIMARY> rs.status()

{

"set" : "firstset",

"date" : ISODate("2016-12-14T04:26:56.026Z"),

"myState" : 1,

"term" : NumberLong(15),

"heartbeatIntervalMillis" : NumberLong(2000),

"members" : [

{

"_id" : 0,

"name" : "192.168.144.120:10001",

"health" : 1,

"state" : 2,

"stateStr" : "SECONDARY",

"uptime" : 45,

"optime" : {

"ts" : Timestamp(1481689582, 1),

"t" : NumberLong(15)

},

"optimeDate" : ISODate("2016-12-14T04:26:22Z"),

"lastHeartbeat" : ISODate("2016-12-14T04:26:55.533Z"),

"lastHeartbeatRecv" : ISODate("2016-12-14T04:26:55.093Z"),

"pingMs" : NumberLong(0),

"syncingTo" : "192.168.144.130:10001",

"configVersion" : 1

},

{

"_id" : 1,

"name" : "192.168.144.130:10001", "health" : 1,

"state" : 1,

"stateStr" : "PRIMARY",

"uptime" : 46,

"optime" : {

"ts" : Timestamp(1481689582, 1),

"t" : NumberLong(15)

},

"optimeDate" : ISODate("2016-12-14T04:26:22Z"),

"infoMessage" : "could not find member to sync from",

"electionTime" : Timestamp(1481689581, 1),

"electionDate" : ISODate("2016-12-14T04:26:21Z"),

"configVersion" : 1,

"self" : true

},

{

"_id" : 2,

"name" : "192.168.144.111:10001",

"health" : 1,

"state" : 7,

"stateStr" : "ARBITER",

"uptime" : 45,

"lastHeartbeat" : ISODate("2016-12-14T04:26:55.533Z"),

"lastHeartbeatRecv" : ISODate("2016-12-14T04:26:55.589Z"),

"pingMs" : NumberLong(1),

"configVersion" : 1

}

],

"ok" : 1

}

firstset:PRIMARY> db.createUser(

... {

...     user:"firstset",

...     pwd:"firstset",

...     roles:[{role:"root",db:"admin"}]

... }

... );

Successfully added user: {

"user" : "firstset",

"roles" : [

{

"role" : "root",

"db" : "admin"

}

]

}

firstset:PRIMARY> db.auth("firstset","firstset")

1

firstset:PRIMARY>

1、为secondset创建分片管理超级用户

[root@mongo1 ~]# mongo --port 30001

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:30001/test

Server has startup warnings:

2016-12-13T21:45:13.366-0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,

2016-12-13T21:45:13.366-0800 I CONTROL  [main] **          enabling http interface

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten]

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten]

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten]

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'

2016-12-13T21:45:13.444-0800 I CONTROL  [initandlisten]

secondset:PRIMARY> rs.status()

{

"set" : "secondset",

"date" : ISODate("2016-12-14T05:46:03.841Z"),

"myState" : 1,

"term" : NumberLong(10),

"heartbeatIntervalMillis" : NumberLong(2000),

"members" : [

{

"_id" : 0,

"name" : "192.168.144.120:30001",

"health" : 1,

"state" : 1,

"stateStr" : "PRIMARY",

"uptime" : 50,

"optime" : {

"ts" : Timestamp(1481694325, 1),

"t" : NumberLong(10)

},

"optimeDate" : ISODate("2016-12-14T05:45:25Z"),

"electionTime" : Timestamp(1481694324, 1),

"electionDate" : ISODate("2016-12-14T05:45:24Z"),

"configVersion" : 1,

"self" : true

},

{

"_id" : 1,

"name" : "192.168.144.130:30001",

"health" : 1,

"state" : 2,

"stateStr" : "SECONDARY",

"uptime" : 29,

"optime" : {

"ts" : Timestamp(1481694325, 1),

"t" : NumberLong(10)

},

"optimeDate" : ISODate("2016-12-14T05:45:25Z"),

"lastHeartbeat" : ISODate("2016-12-14T05:46:02.779Z"),

"lastHeartbeatRecv" : ISODate("2016-12-14T05:46:03.584Z"),

"pingMs" : NumberLong(0),

"syncingTo" : "192.168.144.120:30001",

"configVersion" : 1

},

{

"_id" : 2,

"name" : "192.168.144.111:30001",

"health" : 1,

"state" : 7,

"stateStr" : "ARBITER",

"uptime" : 50,

"lastHeartbeat" : ISODate("2016-12-14T05:46:02.773Z"),

"lastHeartbeatRecv" : ISODate("2016-12-14T05:45:59.910Z"),

"pingMs" : NumberLong(0),

"configVersion" : 1

}

],

"ok" : 1

}

secondset:PRIMARY> show dbs

dns_testdb  0.002GB

local       0.003GB

secondset:PRIMARY> use admin

switched to db admin

secondset:PRIMARY> db.createUser(

... {

...     user:"secondset",

...     pwd:"secondset",

...     roles:[{role:"root",db:"admin"}]

... }

... );

Successfully added user: {

"user" : "secondset",

"roles" : [

{

"role" : "root",

"db" : "admin"

}

]

}

secondset:PRIMARY> show users

{

"_id" : "admin.secondset",

"user" : "secondset",

"db" : "admin",

"roles" : [

{

"role" : "root",

"db" : "admin"

}

]

}

secondset:PRIMARY> db.auth("secondset","secondset")

1

secondset:PRIMARY>

3、为基于副本集的分片集群创建超级管理用户

[mongo@mongo1 data]$ mongo --port 27017

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:27017/test

mongos> use admin

switched to db admin

mongos> show users

{

"_id" : "admin.zhul",

"user" : "zhul",

"db" : "admin",

"roles" : [

{

"role" : "userAdminAnyDatabase",

"db" : "admin"

}

]

}

mongos> db.system.users.remove({user:"zhul"});

WriteResult({ "nRemoved" : 1 })

mongos> db.createUser(

... {

...     user:"zhul",

...     pwd:"zhul",

...     roles:[{role:"root",db:"admin"}]

... }

... );

Successfully added user: {

"user" : "zhul",

"roles" : [

{

"role" : "root",

"db" : "admin"

}

]

}

mongos> db.auth("zhul","zhul")

1

mongos> quit

4、关闭集群进程

5、创建keyFile文件

[mongo@arbiter keyfile]$ pwd

/opt/mongo/keyfile

[mongo@arbiter keyfile]$openssl rand -base64 1024>keyfile

7kKsmJvLUgm/aiZfZGHbT5NCUN0ikWBod7yF4k+luVwOnBHKEYWgTECQsyB0B8Nq

UyFbcKrW6ymUm+i30ZM9LfRnLueQf8kdzK4RAWpOD+sJDxHDHkMVPfmUvNo4gkLO

cLbPLga2+C7T399t7KOziH9ZkbAd2pUUm8znk1jMUdPe+ZUaJb6Ov3Z+VxxH7WSD

nlx+A4+KwJ6BADwaFOklJkGAwTcijWB6+N31JQPhpiZuhLIfgQvnID/AhY4umNpQ

yRtnnvTtji3rnMHIH5cDZeRaL3rXe80LMIqES5DV/IVG+v2xTo/dCHCJSvWYyq5F

p4vZ8IuXTDmcp989AU7m8V7b4M1LZTBcsQZz07jdVlb6ZfdZuqJEf/KRnKuAFsW6

ruFaAICllrhFM0X9fuUPDFYDNVBEvatl7BcuPrBiK3z6nL0LHNfFW2iWerg7ifaG

fjvOBXe6fFnYPgbvpTswssAeVcIk6cxDbYw0yEDv3YUajAFHfYE7ErCuhBSXbiiN

cUcsbOPFwg90mcDAI3qqaB9KOswYnDkSLmHZkmr8ObMx66jN6zd+Ua1XiK2dfeLX

NeyizP5j+dZaRSIydH9u7tNbouYw4nXRnwQmS/wFFFz6Y9iGAQEWnJFcFi8lBZCx

5GsFlWB8Iv4ZbtGqs12m3nILgwNYzpXEs71jIgjgBlnu0m4oegj1obP4QRNYfpDF

TRCourikJ0IaynNtQ3L1iyb8mxBqxiFp2+LX4mi+0W4Te2nhDQQ/beJI6ZN+IkMq

cLW3g1rtSQ0a4ecWUWSGNK7AltacJ4NVjzbfRUbVHuWIH/UzWmw5v7Dutt0NcoAy

fHCGEJ+Ov2CLjHnM2RGCOw8Ixx6ESZTqcP30DjlYs6qQ7PrYJ6rg9Z7TqQrmwXgZ

QLoSGnNGQ56PVRG4WM4PhhFNi2ue5Y7dgQ0jdHPd68UoaCxJnF6cz0BDVOmmYoNA

V1eOtSRSxnEpXmCGZDYoaa05MgLg0wZuIatjtZ8YnZ+Xuink

[mongo@arbiter keyfile]$

[mongo@arbiter keyfile]# chmod 600 keyfile

[mongo@arbiter keyfile]# ls -l

total 4

-rw-------. 1 mongo mongo 1024 Dec 12 00:36 keyfile

6、在mongo1、mongo2上使用mongo用户创建文件目录/opt/mongo/keyfile,然后将arbiter上的keyfile文件scp到mongo1、mongo2对应的/opt/mongo/keyfile下[mongo@mongo1 ~]$ cd /opt/mongo/keyfile/

[mongo@mongo1 keyfile]$ ls -l

total 4

-rw-------. 1 mongo mongo 1024 Dec 12 00:00 keyfile

[mongo@mongo1 keyfile]$

[mongo@mongo2 dns_repset2]$ cd /opt/mongo/keyfile/

[mongo@mongo2 keyfile]$ ls -l

total 4

-rw-------. 1 mongo mongo 1024 Dec 12 00:19 keyfile

[mongo@mongo2 keyfile]$

7、使用keyFile参数指定keyfile启动分片firstset

[mongo@arbiter ~]$ mongod --dbpath /opt/mongo/data/dns_arbiter1 --port 10001 --replSet firstset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/dns_aribter1/aribter1.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

2016-12-13T23:16:31.896-0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,

2016-12-13T23:16:31.897-0800 I CONTROL  [main] **          enabling http interface

about to fork child process, waiting until server is ready for connections.

forked process: 2522

child process started successfully, parent exiting

[mongo@arbiter ~]$

[mongo@mongo1 conf]$ mongod --dbpath /opt/mongo/data/dns_repset1 --port 10001 --replSetfirstset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/firstset/firstset.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

2016-12-13T23:16:34.296-0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,

2016-12-13T23:16:34.296-0800 I CONTROL  [main] **          enabling http interface

about to fork child process, waiting until server is ready for connections.

forked process: 50009

child process started successfully, parent exiting

[mongo@mongo1 conf]$

[mongo@mongo2 ~]$ mongod --dbpath /opt/mongo/data/dns_repset1 --port 10001 --replSet firstset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/firstset/firstset.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

2016-12-13T23:17:02.179-0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,

2016-12-13T23:17:02.181-0800 I CONTROL  [main] **          enabling http interface

about to fork child process, waiting until server is ready for connections.

forked process: 2542

child process started successfully, parent exiting

[mongo@mongo2 ~]$

8、firstset服务器端基于keyfile的用户口令认证测试

[mongo@mongo1 conf]$ mongo admin --port 10001 -u firstset -p firstset

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:10001/admin

Server has startup warnings:

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten]

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten] ** WARNING: The server is started with the web server interface and access control.

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten] **          The web interfaces (rest, httpinterface and/or jsonp) are insecure

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten] **          and should be disabled unless required for backward compatibility.

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten]

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten]

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten]

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'

2016-12-13T22:25:08.203-0800 I CONTROL  [initandlisten]

firstset:PRIMARY> rs.status()

{

"set" : "firstset",

"date" : ISODate("2016-12-14T06:25:51.423Z"),

"myState" : 1,

"term" : NumberLong(19),

"heartbeatIntervalMillis" : NumberLong(2000),

"members" : [

{

"_id" : 0,

"name" : "192.168.144.120:10001",

"health" : 1,

"state" : 1,

"stateStr" : "PRIMARY",

"uptime" : 43,

"optime" : {

"ts" : Timestamp(1481696719, 1),

"t" : NumberLong(19)

},

"optimeDate" : ISODate("2016-12-14T06:25:19Z"),

"electionTime" : Timestamp(1481696718, 1),

"electionDate" : ISODate("2016-12-14T06:25:18Z"),

"configVersion" : 1,

"self" : true

},

{

"_id" : 1,

"name" : "192.168.144.130:10001",

"health" : 1,

"state" : 2,

"stateStr" : "SECONDARY",

"uptime" : 33,

"optime" : {

"ts" : Timestamp(1481696719, 1),

"t" : NumberLong(19)

},

"optimeDate" : ISODate("2016-12-14T06:25:19Z"),

"lastHeartbeat" : ISODate("2016-12-14T06:25:50.660Z"),

"lastHeartbeatRecv" : ISODate("2016-12-14T06:25:49.677Z"),

"pingMs" : NumberLong(0),

"syncingTo" : "192.168.144.120:10001",

"configVersion" : 1

},

{

"_id" : 2,

"name" : "192.168.144.111:10001",

"health" : 1,

"state" : 7,

"stateStr" : "ARBITER",

"uptime" : 43,

"lastHeartbeat" : ISODate("2016-12-14T06:25:50.705Z"),

"lastHeartbeatRecv" : ISODate("2016-12-14T06:25:47.164Z"),

"pingMs" : NumberLong(0),

"configVersion" : 1

}

],

"ok" : 1

}

firstset:PRIMARY>show dbs

admin       0.000GB

dns_testdb  0.004GB

local       0.008GB

firstset:PRIMARY> use admin

switched to db admin

firstset:PRIMARY>show collections

system.users

system.version

firstset:PRIMARY> exit

bye

[mongo@mongo1 conf]$mongo admin --port 10001

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:10001/admin

firstset:PRIMARY> show dbs

2016-12-13T22:26:34.889-0800 E QUERY    [thread1] Error: listDatabases failed:{

"ok" : 0,

"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",

"code" : 13

} :

_getErrorWithCode@src/mongo/shell/utils.js:25:13

Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1

shellHelper.show@src/mongo/shell/utils.js:760:19

shellHelper@src/mongo/shell/utils.js:650:15

@(shellhelp2):1:1

firstset:PRIMARY> exit

bye

[mongo@mongo1 conf]$

9、使用keyFile参数指定keyfile启动分片secondset

[mongo@arbiter ~]$ mongod --dbpath /opt/mongo/data/dns_arbiter2 --port 30001 --replSet secondset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/dns_aribter2/aribter2.log --logappend --nojournal --directoryperdb--keyFile /opt/mongo/keyfile/keyfile

2016-12-13T23:17:34.638-0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,

2016-12-13T23:17:34.638-0800 I CONTROL  [main] **          enabling http interface

about to fork child process, waiting until server is ready for connections.

forked process: 2556

child process started successfully, parent exiting

[mongo@arbiter ~]$

[mongo@mongo1 dns_repset2]$ mongod --dbpath /opt/mongo/data/dns_repset2 --port 30001 --replSet secondset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/secondset/secondset.log --logappend --nojournal --directoryperdb --repair

2016-12-13T23:32:57.940-0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,

2016-12-13T23:32:57.940-0800 I CONTROL  [main] **          enabling http interface

about to fork child process, waiting until server is ready for connections.

forked process: 3294

child process started successfully, parent exiting

[mongo@mongo1 dns_repset2]$[mongo@mongo2 ~]$ mongod --dbpath /opt/mongo/data/dns_repset2 --port 30001 --replSetsecondset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/secondset/secondset.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

2016-12-13T23:17:55.822-0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,

2016-12-13T23:17:55.823-0800 I CONTROL  [main] **          enabling http interface

about to fork child process, waiting until server is ready for connections.

forked process: 2625

child process started successfully, parent exiting

[mongo@mongo2 ~]$

10、secondset服务器端基于keyfile的用户口令认证测试

[mongo@mongo2 conf]$mongo --port 30001

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:30001/test

secondset:PRIMARY> show dbs

2016-12-13T22:28:01.851-0800 E QUERY    [thread1] Error: listDatabases failed:{

"ok" : 0,

"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",

"code" : 13

} :

_getErrorWithCode@src/mongo/shell/utils.js:25:13

Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1

shellHelper.show@src/mongo/shell/utils.js:760:19

shellHelper@src/mongo/shell/utils.js:650:15

@(shellhelp2):1:1

secondset:PRIMARY> exit

bye

[mongo@mongo2 conf]$ mongo admin --port 30001 -u secondset -p secondset

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:30001/admin

Server has startup warnings:

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten]

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten] ** WARNING: The server is started with the web server interface and access control.

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten] **          The web interfaces (rest, httpinterface and/or jsonp) are insecure

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten] **          and should be disabled unless required for backward compatibility.

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten]

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten]

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten]

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'

2016-12-13T22:27:48.244-0800 I CONTROL  [initandlisten]

secondset:PRIMARY> rs.status()

{

"set" : "secondset",

"date" : ISODate("2016-12-14T06:28:24.817Z"),

"myState" : 1,

"term" : NumberLong(12),

"heartbeatIntervalMillis" : NumberLong(2000),

"members" : [

{

"_id" : 0,

"name" : "192.168.144.120:30001",

"health" : 0,

"state" : 8,

"stateStr" : "(not reachable/healthy)",

"uptime" : 0,

"optime" : {

"ts" : Timestamp(0, 0),

"t" : NumberLong(-1)

},

"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

"lastHeartbeat" : ISODate("2016-12-14T06:28:24.511Z"),

"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),

"pingMs" : NumberLong(0),

"lastHeartbeatMessage" : "Connection refused",

"configVersion" : -1

},

{

"_id" : 1,

"name" : "192.168.144.130:30001",

"health" : 1,

"state" : 1,

"stateStr" : "PRIMARY",

"uptime" : 36,

"optime" : {

"ts" : Timestamp(1481696879, 1),

"t" : NumberLong(12)

},

"optimeDate" : ISODate("2016-12-14T06:27:59Z"),

"electionTime" : Timestamp(1481696878, 1),

"electionDate" : ISODate("2016-12-14T06:27:58Z"),

"configVersion" : 1,

"self" : true

},

{

"_id" : 2,

"name" : "192.168.144.111:30001",

"health" : 1,

"state" : 7,

"stateStr" : "ARBITER",

"uptime" : 36,

"lastHeartbeat" : ISODate("2016-12-14T06:28:24.479Z"),

"lastHeartbeatRecv" : ISODate("2016-12-14T06:28:23.725Z"),

"pingMs" : NumberLong(0),

"configVersion" : 1

}

],

"ok" : 1

}

secondset:PRIMARY> show dbs

admin       0.000GB

dns_testdb  0.002GB

local       0.003GB

secondset:PRIMARY> exit

bye

[mongo@mongo2 conf]$

11、三个节点启动分片集群的配置数据库服务进程

[mongo@arbiter ~]$ mongod --configsvr --dbpath /opt/mongo/data/dns_sdconfig1 --port 20001 --fork --logpath /opt/mongo/logs/dns_config1/config1.log --logappend --keyFile /opt/mongo/keyfile/keyfile

about to fork child process, waiting until server is ready for connections.

forked process: 2585

child process started successfully, parent exiting

[mongo@arbiter ~]$

[mongo@mongo1 ~]$ mongod --configsvr --dbpath /opt/mongo/data/dns_shard1 --port 20001 --fork --logpath /opt/mongo/logs/dns_sd1/sd1_mymongo1.log --logappend --keyFile /opt/mongo/keyfile/keyfile

about to fork child process, waiting until server is ready for connections.

forked process: 3437

child process started successfully, parent exiting

[mongo@mongo1 ~]$

[mongo@mongo2 ~]$ mongod --configsvr --dbpath /opt/mongo/data/dns_shard2 --port 20001 --fork --logpath /opt/mongo/logs/dns_sd2/sd1_mymongo2.log --logappend --keyFile /opt/mongo/keyfile/keyfile

about to fork child process, waiting until server is ready for connections.

forked process: 2712

child process started successfully, parent exiting

[mongo@mongo2 ~]$

12、在mongo1、mongo2启动mongos进程

[mongo@mongo1 ~]$ mongos --configdb 192.168.144.111:20001,192.168.144.120:20001,192.168.144.130:20001 --port 27017 --chunkSize 1 --fork --logpath /opt/mongo/logs/dns_sd.log --logappend --keyFile /opt/mongo/keyfile/keyfile

about to fork child process, waiting until server is ready for connections.

forked process: 3512

child process started successfully, parent exiting

[mongo@mongo1 ~]$

[mongo@mongo2 ~]$ mongos --configdb 192.168.144.111:20001,192.168.144.120:20001,192.168.144.130:20001 --port 27017 --chunkSize 1 --fork --logpath /opt/mongo/logs/dns_sd.log --logappend --keyFile /opt/mongo/keyfile/keyfile

about to fork child process, waiting until server is ready for connections.

forked process: 2823

child process started successfully, parent exiting

[mongo@mongo2 ~]$

13、测试分片集群基于keyfile的用户口令认证

[mongo@mongo1 ~]$mongo admin --port 27017 -u zhul -p zhul

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:27017/admin

mongos> show dbs

admin       0.000GB

config      0.001GB

dns_testdb  0.006GB

mongos> use admin

switched to db admin

mongos> show collections

system.users

system.version

mongos> use dns_testdb

switched to db dns_testdb

mongos>show collections

test_collection

mongos> exit

bye

[mongo@mongo1 ~]$ mongo admin --port 27017

MongoDB shell version: 3.2.7

connecting to: 127.0.0.1:27017/admin

mongos> show dbs

2016-12-13T23:41:11.803-0800 E QUERY    [thread1] Error: listDatabases failed:{

"ok" : 0,

"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",

"code" : 13

} :

_getErrorWithCode@src/mongo/shell/utils.js:25:13

Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1

shellHelper.show@src/mongo/shell/utils.js:760:19

shellHelper@src/mongo/shell/utils.js:650:15

@(shellhelp2):1:1

mongos> exit

bye

[mongo@mongo1 ~]$

14、三个节点上的mongo相关进程

[mongo@arbiter ~]$ ps -ef|grep mongo

root      2497  2477  0 Dec13 pts/0    00:00:00 su - mongo

mongo     2498  2497  0 Dec13 pts/0    00:00:00 -bash

mongo     2522     1  0 Dec13 ?        00:00:32 mongod --dbpath /opt/mongo/data/dns_arbiter1 --port 10001 --replSet firstset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/dns_aribter1/aribter1.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

mongo     2556     1  0 Dec13 ?        00:00:32 mongod --dbpath /opt/mongo/data/dns_arbiter2 --port 30001 --replSet secondset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/dns_aribter2/aribter2.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

mongo     2585     1  0 Dec13 ?        00:00:38mongod --configsvr --dbpath /opt/mongo/data/dns_sdconfig1 --port 20001 --fork --logpath /opt/mongo/logs/dns_config1/config1.log --logappend --keyFile /opt/mongo/keyfile/keyfile

mongo     3072  2498  0 00:55 pts/0    00:00:00 ps -ef

mongo     3073  2498  0 00:55 pts/0    00:00:00 grep mongo

[mongo@arbiter ~]$

[mongo@mongo1 ~]$ ps -ef|grep mongo

root      2965  2948  0 Dec13 pts/0    00:00:00 su - mongo

mongo     2966  2965  0 Dec13 pts/0    00:00:00 -bash

mongo     2993     1  1 Dec13 ?        00:01:07 mongod --dbpath /opt/mongo/data/dns_repset1 --port 10001 --replSet firstset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/firstset/firstset.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

mongo     3343     1  0 Dec13 ?        00:00:44 mongod --dbpath /opt/mongo/data/dns_repset2 --port 30001 --replSet secondset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/secondset/secondset.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

mongo     3437     1  0 Dec13 ?        00:00:24 mongod --configsvr --dbpath /opt/mongo/data/dns_shard1 --port 20001 --fork --logpath /opt/mongo/logs/dns_sd1/sd1_mymongo1.log --logappend --keyFile /opt/mongo/keyfile/keyfile

mongo     3512     1  0 Dec13 ?        00:00:12 mongos --configdb 192.168.144.111:20001,192.168.144.120:20001,192.168.144.130:20001 --port 27017 --chunkSize 1 --fork --logpath /opt/mongo/logs/dns_sd.log --logappend --keyFile /opt/mongo/keyfile/keyfile

mongo     4037  2966  0 00:56 pts/0    00:00:00 ps -ef

mongo     4038  2966  0 00:56 pts/0    00:00:00 grep mongo

[mongo@mongo1 ~]$

[mongo@mongo2 ~]$ ps -ef|grep mongo

root      2513  2497  0 Dec13 pts/0    00:00:00 su - mongo

mongo     2514  2513  0 Dec13 pts/0    00:00:00 -bash

mongo     2542     1  0 Dec13 ?        00:00:59 mongod --dbpath /opt/mongo/data/dns_repset1 --port 10001 --replSet firstset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/firstset/firstset.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

mongo     2625     1  1 Dec13 ?        00:01:04mongod --dbpath /opt/mongo/data/dns_repset2 --port 30001 --replSet secondset --oplogSize 512 --rest --fork --logpath /opt/mongo/logs/secondset/secondset.log --logappend --nojournal --directoryperdb --keyFile /opt/mongo/keyfile/keyfile

mongo     2712     1  0 Dec13 ?        00:00:30 mongod --configsvr --dbpath /opt/mongo/data/dns_shard2 --port 20001 --fork --logpath /opt/mongo/logs/dns_sd2/sd1_mymongo2.log --logappend --keyFile /opt/mongo/keyfile/keyfile

mongo     2823     1  0 Dec13 ?        00:00:12 mongos --configdb 192.168.144.111:20001,192.168.144.120:20001,192.168.144.130:20001 --port 27017 --chunkSize 1 --fork --logpath /opt/mongo/logs/dns_sd.log --logappend --keyFile /opt/mongo/keyfile/keyfile

mongo     3312  2514  0 00:58 pts/0    00:00:00 ps -ef

mongo     3313  2514  0 00:58 pts/0    00:00:00 grep mongo

[mongo@mongo2 ~]$

15、mongChef客户端连接配置

firstset连接配置

060e3813bd8f944d1110a85ebc8edca1.png

5a415c6648200c0ffcec1b3f669e1a89.png

secondset配置

f50533c26be40b8f0db08d0f035b750f.png

4458e5c67f3d251ce8f25a39ee06063f.png

mongos连接配置

b3b4dfdbf89b83290070b5a1914a593b.png

d6f78af8659468717a5ad14297cdcb71.png

16、完成配置后的登录

de0b08cdd5d8e8868ea448ecc6bf523b.png

小元老亨
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
MongoDB 3.2.7 基于keyFile认证副本+集群分片使用
clm20482的博客
12-14 150
基于副本分片集群打建好后,mongodb数据库并没有提供用户安全认证,需要用户手工配置,才能使得数据库只接受特定用户特定方式的连接,增加数据库的安全性与稳定性。本文提供 MongoDB 3.2.7 基于keyFil...
centos8+docker+mongodb4 分片集群搭建+keyfile权限认证
APPLEHU09的博客
09-15 908
上周写了windows12R2下MongoDB搭建集群和asp.net core3.1连接集群应用 这次把centos8+docker+mongodb分片集群搭建+keyfile权限认证全过程也记录一下(在centos8系统测试通过),希望可以给小伙伴带来参考价值。 一、mongodb集群分片概述 mongodb分片集群由下面几个组建组成: 1、shard 官方建议采用副本,提供数据冗余和高可用,主要存储业务数据 2、mongos 是应用程序的路由接口,通过它,应用程序与整个集群是...
Mongodb3.4.4复制集群+分片配置文档
weixin_34257076的博客
07-18 190
2019独角兽企业重金招聘Python工程师标准>>> ...
pay.t7k.space p2.php,easyPay: 可能是我用过的最优雅的「Alipay」 和 「WeChat」 的支付 SDK 扩展包了...
weixin_29159995的博客
03-09 1861
Pay注意:v1.x 与 v2.x 版本不兼容开发了多次支付宝与微信支付后,很自然产生一种反感,惰性又来了,想在网上找相关的轮子,可是一直没有找到一款自己觉得逞心如意的,要么使用起来太难理解,要么文件结构太杂乱,只有自己撸起袖子干了。!!请先熟悉 支付宝/微信 说明文档!!请具有基本的 debug 能力!!欢迎 Star,欢迎 PR!laravel 扩展包请 传送至这里yii 扩展包请 传送至这里...
一篇了解TrustZone
洛奇看世界
09-18 8万+
这篇文章源于老板想了解TrustZone,要求我写一篇文章简单介绍TrustZone的原理。既然是给领导看的,只介绍原理哪里够,因此也添加了公司自己现有TEE环境的设计、实现和发展,也顺带加入了一些题外话。也是因为要给领导看,所以文章也不能涉及太多技术细节,包括TrustZone模块的详细设计以及示例代码等,所以只从总体上讲解了什么是TrustZone,TrustZone是如何实现安全隔离的、Tr...
mongodb分片+副本集群部署文档.docx
09-04
mongos,数据库集群请求的入口,所有的请求都通过mongos进行协调,不需要在应用程序添加一个路由选择器,mongos自己就是一个请求分发心,它负责把对应的数据请求请求转发到对应的shard服务器上。在生产环境通常有...
MongoDB4.2分片副本集群搭建
04-21
MongoDB4.2分片副本集群搭建 MongoDB集群 MongoDB分片 MongoDB副本 MongoDB副本集群
k8s 安装 mongodb 分片(Sharding)+ 副本(Replica Set)
04-14
在部署 MongoDB 分片(Sharding)和副本(Replica Set)后,我们需要配置 MongoDB 的配置文件,以便 MongoDB 可以连接到 Kubernetes 集群使用持久存储。 本解决方案的优点主要包括: * 高可用性:MongoDB 分片...
mongodb3.4集群搭建实战之高可用的分片+副本
09-09
主要给大家介绍了关于mongodb3.4集群搭建实战之高可用的分片+副本的相关资料,文通过示例代码将实现的步骤一步步的介绍的非常详细,对大家具有一定的参考学习价值,需要的朋友们下面跟着小编来一起学习学习吧。
mongodb副本分片集群安全认证使用账号密码登录
08-23
mongodb副本分片集群安全认证使用账号密码登录
Linux - CentOS 6 安装 JDK
热门推荐
_William_Cheung的博客
07-02 70万+
安装步骤如下: 1. 下载jdk1.7.0_55(jdk-7u55-linux-i586.tar.gz) 2. 卸载系统自带的开源JDK     查看是否安装JDK rpm -qa | grep java 显示如下信息: 存在,执行下面代码删除: rpm –e java3.解压jdk-7u55-linux-i586.tar.gz使用命令:tar
Yansongda\Pay 支付宝返回值封装
看的小羊的博客
03-12 1408
直接使用返回 return $alipay->app($order)->send(); 得到了 app_id=20210516&format=JSON&charset=utf-8&sign_type=RSA2&version=1.0×tamp=2020-07.... 显然不太符合一般的返回值格式 return json_encode(['code' => 0,'msg'=>'SUCCESS','data'=>$alipay-&gt
MongoDB 数据库安全之用户密码修改
www_xue_xi的博客
10-29 1446
MongoDB是非关系型数据库,其数据库安全方面与mysql 5.7之前的版本很相似,刚安装完数据库 软件及实例初始化后,数据库没有安全可言。简言之,新初始化的mongodb没有安全限制,如果数据 库在公网上,任意机器可通过互联网通过mongo任意客户端连接到数据库。因此,在MongoDB投产 之前,需要对MongoDB进行安全方面的加固。这里,介绍一主一从一仲裁的Mongodb架构...
mui服务端php写法,Dcloudmui 微信支付和支付宝支付接口完美实现付款代码(PHP支付宝demo)...
weixin_42318727的博客
03-11 96
走了好多坑,终于解决了支付宝支付的问题,下面分享给大家:演示下载你可以参考这里:(http://www.erdangjiade.com/php/2475.html)演示下载你可以参考这里:http://www.erdangjiade.com/php/2475.html1.先上图片,由于mui自己成了支付宝,所以不需要配置sdk和获取appid,微信配置有些小细节,不注意就会出错,在这里微信支付只...
mongoDB的读书笔记(04)_【Replica】(05)_初探Replica set副本的搭建 By Test模式
艺术码农农场
03-06 1642
Replica set Deployment On Test Mode 为啥是测试模式 实战 先絮叨絮叨操作系统 在一台机器上创建模拟5个节点 进入非db连接模式 建立5个节点的test script 启动所有的节点 配置节点 进入一个节点 配置Replica的config 进行初始化 check心跳和log 查看Replia的详细 查看Secondary Replia的详细 写数据实验 Prima
MongoDB - Basics
bettyHHUC的博客
10-09 1000
MongoDB is a cross-platform document-oriented database program. It is written in C++ and aiming at providing solutions for extensive and high-performance data storage for web applications. MongoDB
MongoDB副本搭建和测试
Cc是个疯子啊的博客
11-04 3409
前段时间花了时间看了看mongodb,室友买了mongodb权威指南也借过来瞅瞅,书对于刚刚接触的人还是不错的。废话不多说上代码。 搭建环境 MacBook pro 15款840 VMWare Fusion8 Centos 6.7 mongodb-linux-x86_64-3.0.6.tgz 安装mongodb 这一步其实就是一个解压的过程。很简单。 在安装前把dbpath
MongoDB 2.6.4 主从同步
风行天下
09-05 4439
1:启动master [jifeng@jifeng04 mongodb-linux-x86_64-2.6.4]$ mkdir log [jifeng@jifeng04 mongodb-linux-x86_64-2.6.4]$ mongod -dbpath /home/jifeng/mongodb-linux-x86_64-2.6.4/data --port 10000 --master --re
mongodb集群——分片+副本
最新发布
05-18
MongoDB集群,通常会使用分片副本两种技术的组合。每个分片都是一个副本,其包含一个主节点和多个从节点。这样就可以实现数据的分布式存储和高可用性。 当一个客户端发送一个查询请求时,请求会被发送...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值