Mongodb主从复制开启安全认证
2.1.1部署mongodb主从实例:Mongodb-master实例
环境:mongodb-master 配置文件先注释掉验证参数:#auth = true
启动mongodb-master 然后设置admin库登陆账户和密码:
# mongo127.0.0.1:27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
> use admin;
switched to db admin
> db.createUser(
... {
... user:"root",
... pwd:"Zytest6699",
... roles: [ { role: "root", db: "admin" } ]
... }
... )
Successfully added user: {
"user": "root",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
>db.auth("root","Zytest6699")
1
> show users;
{
"_id": "admin.root",
"user": "root",
"db": "admin",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
到此处开启mongodb-master 配置文件的认证登陆参数:
auth = true
重启mongodb-master服务
登陆mongodb-master在admin库下创建另外一个admin数据库的管理账户:
# mongo 127.0.0.1:27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
> use admin;
switched to db admin
>db.auth("root","Zytest6699")
1
> show users;
{
"_id": "admin.root",
"user": "root",
"db": "admin",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
> db.createUser(
... {
... user:"ZyDBA",
... pwd:"Zytest6699",
... roles: [ { role: "root", db: "admin" } ]
... }
... )
Successfully added user: {
"user": "ZyDBA",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
> shou users;
2017-09-10T09:36:18.511+0800 E QUERY SyntaxError: Unexpected> > show users;
{
"_id": "admin.root",
"user": "root",
"db": "admin",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
{
"_id": "admin.ZyDBA",
"user": "ZyDBA",
"db": "admin",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
Mongod-slave从实例
启动mongodb-slave实例:
#/etc/init.d/mongod1 start
Starting MongoDB Server...
# about tofork child process, waiting until server is ready for connections.
forked process: 1896
child process started successfully, parentexiting
# ss-lntup|grep mongo
tcp LISTEN 0 128 *:27017 *:* users:(("mongod",1709,6))
tcp LISTEN 0 128 *:27018 *:* users:(("mongod",1896,6))
查看mongodb-slave实例的日志文件:
# tailf/data/mongodb-slave/logs/mongodb.log
2017-09-10T09:55:44.007+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:55:54.008+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:04.008+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:14.008+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:24.008+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:34.009+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:44.009+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:54.009+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:57:04.009+0800 I REPL repl: syncing fromhost:127.0.0.1:27017
提示从库已经开始同步。
2.1.2验证主从复制配置结果
安装mongodb 的windows客户端登陆软件来验证操作主从是否配置成功
Robomongo 0.9.0-RC9
主库验证:
2.1.3相关的配置文件以及认证文件
单台服务器开启mongodb多实例,以及配置验证主从复制
Mongodb主库配置文件
# cat/usr/local/mongodb/mongod.cnf
logpath=/data/mongodb-master/logs/mongodb.log
logappend = true
#fork and run in background
fork = true
port = 27017
dbpath=/data/mongodb-master/data
#location of pidfile
pidfilepath=/data/mongodb-master/mongod.pid
auth = true
keyFile = /tmp/mongo-keyfile
master = true
mongodb从库配置文件:
# cat/usr/local/mongodb/mongod1.cnf
logpath=/data/mongodb-slave/logs/mongodb.log
logappend = true
#fork and run in background
fork = true
port = 27018
dbpath=/data/mongodb-slave/data
#location of pidfile
pidfilepath=/data/mongodb-svale/mongod.pid
slave = true
source = 127.0.0.1:27017
auth = true
keyFile = /tmp/mongo-keyfile
#only = test001
#only = test002
开启主从复制验证:
随机生成keyFile或者手动写入,key的长度必须是6-1024的base64字符,unix必须相同组权限,windows下不需要
openssl rand -base64 1024>/tmp/mongo-keyfile
启动mongodb-master:
# /etc/init.d/mongodstart
Starting MongoDB Server...
# about to fork childprocess, waiting until server is ready for connections.
forked process: 1287
child process started successfully, parentexiting
# ls/data/mongodb-master/data/
journal local.1 local.11local.13 local.15local.17local.3 local.5local.7local.9mongod.lock _tmp
local.0 local.10local.12local.14 local.16local.2 local.4 local.6local.8local.ns storage.bson
mongodb初始化数据库的大data文件特别的大,原因是:
oplog默认的大小是5%点数据库分区挂载点/data的大小,就导致了local数据库过大的问题
# du -sh/data/mongodb-master/data/
35G/data/mongodb-master/data/
页:
[1]