mongodb副本集(replica set)
- mongodb副本集时由一组mongod实例进程组成,是由一个primary节点和一个或多个secondary节点组成。
- MongoDB的最新版本已经不推荐使用master-slave主从复制
副本集节点可以有的角色:(primary和secondary外)
- primary主节点:接受所有的写请求,然后将修改数据同步给secondary节点,一个副本集只能有一个primary节点
- secondary副本节点:保存数据,通过rs.slaveOk()设置可以提供只读服务
- arbiter仲裁节点:不保存数据,不能作为主节点,只能用于选举投票,在资源或硬件设备差的情况下可以使用
成为primary | 对客户端可见 | 参与投票 | 延迟同步 | 复制数据 | |
---|---|---|---|---|---|
default | √ | √ | √ | – | √ |
secondary-only | – | √ | √ | – | √ |
hidden | – | – | √ | – | √ |
delayed | – | √ | √ | √ | √ |
arbiters | – | – | √ | – | – |
non-voting | √ | √ | – | – | √ |
简单的副本集架构
- PSS:主节点,副本节点,副本节点
- PSA:主节点,副本节点,仲裁节点
一.mongodb副本集搭建
- replica set故障切换完全自动
- MongoDB的最新版本已经不推荐使用master-slave主从复制
1)环境准备
172.16.0.103
172.16.0.104
172.16.0.105
2)配置各个节点
vim /data/mongodb/config/mongodb.conf
logpath=/data/mongodb/logs/mongodb.log
##修改对应节点的监听地址
bind_ip=172.16.0.103
port=27017
fork=true
journal=true
logappend=true
##设置副本集名称,各节点必须相同
replSet=rs1
3)分别启动各节点服务
/usr/local/mongodb4/bin/mongod --config /data/mongodb/config/mongodb.conf --fork
4)开发各个节点防火墙端口
firewall-cmd --zone=public --add-port=27017/tcp --permanent
firewall-cmd --reload
5)初始化
##登录其中一个节点
mongo 172.16.0.103:27017
-- 配置成员信息
config_rs1={_id:'rs1',members:[{_id:0,host:'172.16.0.103:27017',priority:1},{_id:1,host:'172.16.0.104:27017'},{_id:2,host:'172.16.0.105:27017'}]}
{
"_id" : "rs1",
"members" : [
{
"_id" : 0,
"host" : "172.16.0.103:27017",
"priority" : 1
},
{
"_id" : 1,
"host" : "172.16.0.104:27017"
},
{
"_id" : 2,
"host" : "172.16.0.105:27017"
}
]
}
-- 初始化
rs.initiate(config_rs1)
{
"ok" : 1,
"operationTime" : Timestamp(1643098081, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1643098081, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
-- 查看副本集状态
rs.status()
{
"set" : "rs1",
"date" : ISODate("2022-01-25T08:08:27.482Z"),
"myState" : 1,
"term" : NumberLong(1),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
},
"appliedOpTime" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
},
"durableOpTime" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
}
},
"lastStableCheckpointTimestamp" : Timestamp(1643098093, 1),
"members" : [
{
"_id" : 0,
"name" : "172.16.0.103:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 86,
"optime" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2022-01-25T08:08:14Z"),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "could not find member to sync from",
"electionTime" : Timestamp(1643098091, 1),
"electionDate" : ISODate("2022-01-25T08:08:11Z"),
"configVersion" : 1,
"self" : true,
"lastHeartbeatMessage" : ""
},
{
"_id" : 1,
"name" : "172.16.0.104:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 26,
"optime" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
},
"optimeDurable" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2022-01-25T08:08:14Z"),
"optimeDurableDate" : ISODate("2022-01-25T08:08:14Z"),
"lastHeartbeat" : ISODate("2022-01-25T08:08:25.980Z"),
"lastHeartbeatRecv" : ISODate("2022-01-25T08:08:26.560Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "172.16.0.103:27017",
"syncSourceHost" : "172.16.0.103:27017",
"syncSourceId" : 0,
"infoMessage" : "",
"configVersion" : 1
},
{
"_id" : 2,
"name" : "172.16.0.105:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 26,
"optime" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
},
"optimeDurable" : {
"ts" : Timestamp(1643098094, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2022-01-25T08:08:14Z"),
"optimeDurableDate" : ISODate("2022-01-25T08:08:14Z"),
"lastHeartbeat" : ISODate("2022-01-25T08:08:25.980Z"),
"lastHeartbeatRecv" : ISODate("2022-01-25T08:08:26.552Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "172.16.0.103:27017",
"syncSourceHost" : "172.16.0.103:27017",
"syncSourceId" : 0,
"infoMessage" : "",
"configVersion" : 1
}
],
"ok" : 1,
"operationTime" : Timestamp(1643098094, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1643098094, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
二.安全设置
1.创建用户
-- 创建管理员账号
rs1:PRIMARY> db.createUser({user:"admin",pwd:"123456",roles:[{role:'userAdminAnyDatabase',db:"admin"}]})
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
-- 创建超级用户
rs1:PRIMARY> db.createUser({user:"root",pwd:"123456",roles:[{role:'root',db:"admin"}]})
Successfully added user: {
"user" : "root",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
2.添加集群节点认证
##在一个节点上生成配置文件后拷贝到其他节点上
openssl rand -base64 745 > /data/mongodb/key/mongodb-keyfile
##各个节点修改文件权限为600
chmod 600 mongodb-keyfile
3.开启认证方式
vim mongodb.conf
##密码认证
auth=true
##密钥路径
keyFile=/data/mongodb/key/mongodb-keyfile
4.重启服务
/usr/local/mongodb4/bin/mongod --config /data/mongodb/config/mongodb.conf --fork
三.遇到问题
1.初始化中没有启用journal
STORAGE [initandlisten] Running wiredTiger without journaling in a replica set is not supported. Make sure you are not using --nojournal and that storage.journal.enabled is not set to ‘false’.