Mongodb主从复制开启安全认证

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Mongodb主从复制开启安全认证相关的知识,希望对你有一定的参考价值。

2.1.1部署mongodb主从实例:

Mongodb-master实例

环境:mongodb-master 配置文件先注释掉验证参数:#auth = true

启动mongodb-master 然后设置admin库登陆账户和密码:

[[email protected] logs]# mongo127.0.0.1:27017

MongoDB shell version: 3.0.5

connecting to: 127.0.0.1:27017/test

> use admin;

switched to db admin

> db.createUser( 

...   { 

...     user:"root", 

...     pwd:"Zytest6699", 

...    roles: [ { role: "root", db: "admin" } ] 

...   } 

... ) 

Successfully added user: {

         "user": "root",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

 

>db.auth("root","Zytest6699")

1

> show users;

{

         "_id": "admin.root",

         "user": "root",

         "db": "admin",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

 

到此处开启mongodb-master 配置文件的认证登陆参数:

auth = true

重启mongodb-master服务

 

登陆mongodb-masteradmin库下创建另外一个admin数据库的管理账户:

[[email protected] ~]# mongo 127.0.0.1:27017

MongoDB shell version: 3.0.5

connecting to: 127.0.0.1:27017/test

> use admin;

switched to db admin

>db.auth("root","Zytest6699")

1

> show users;

{

         "_id": "admin.root",

         "user": "root",

         "db": "admin",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

 

> db.createUser( 

...   { 

...     user:"ZyDBA", 

...     pwd:"Zytest6699", 

...    roles: [ { role: "root", db: "admin" } ] 

...   } 

... ) 

Successfully added user: {

         "user": "ZyDBA",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

> shou users;

2017-09-10T09:36:18.511+0800 E QUERY    SyntaxError: Unexpected identifier

> show users;

{

         "_id": "admin.root",

         "user": "root",

         "db": "admin",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

{

         "_id": "admin.ZyDBA",

         "user": "ZyDBA",

         "db": "admin",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

 

Mongod-slave从实例

启动mongodb-slave实例:

[[email protected] mongodb-slave]#/etc/init.d/mongod1 start

Starting MongoDB Server...

[[email protected] mongodb-slave]# about tofork child process, waiting until server is ready for connections.

forked process: 1896

child process started successfully, parentexiting

 

[[email protected] mongodb-slave]# ss-lntup|grep mongo

tcp   LISTEN     0      128                    *:27017                 *:*      users:(("mongod",1709,6))

tcp   LISTEN     0      128                    *:27018                 *:*      users:(("mongod",1896,6))

 

查看mongodb-slave实例的日志文件:

[[email protected] logs]# tailf/data/mongodb-slave/logs/mongodb.log

2017-09-10T09:55:44.007+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:55:54.008+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:04.008+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:14.008+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:24.008+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:34.009+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:44.009+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:54.009+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:57:04.009+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

提示从库已经开始同步。


2.1.2验证主从复制配置结果

安装mongodb windows客户端登陆软件来验证操作主从是否配置成功

Robomongo 0.9.0-RC9

主库验证:


2.1.3相关的配置文件以及认证文件

单台服务器开启mongodb多实例,以及配置验证主从复制

Mongodb主库配置文件

[[email protected] ~]# cat/usr/local/mongodb/mongod.cnf

logpath=/data/mongodb-master/logs/mongodb.log

logappend = true

#fork and run in background

fork = true

port = 27017

dbpath=/data/mongodb-master/data

#location of pidfile

pidfilepath=/data/mongodb-master/mongod.pid

auth = true

keyFile = /tmp/mongo-keyfile

master = true

 

mongodb从库配置文件:

 

[[email protected] ~]# cat/usr/local/mongodb/mongod1.cnf

logpath=/data/mongodb-slave/logs/mongodb.log

logappend = true

#fork and run in background

fork = true

port = 27018

dbpath=/data/mongodb-slave/data

#location of pidfile

pidfilepath=/data/mongodb-svale/mongod.pid

slave = true

source = 127.0.0.1:27017

auth = true

keyFile = /tmp/mongo-keyfile

#only = test001

#only = test002

 

开启主从复制验证:

随机生成keyFile或者手动写入,key的长度必须是6-1024base64字符,unix必须相同组权限,windows下不需要

openssl rand -base64 1024>/tmp/mongo-keyfile

 

启动mongodb-master:

 

[[email protected] ~]# /etc/init.d/mongodstart

Starting MongoDB Server...

[[email protected] ~]# about to fork childprocess, waiting until server is ready for connections.

forked process: 1287

child process started successfully, parentexiting

[[email protected] data]# ls/data/mongodb-master/data/

journal local.1   local.11  local.13 local.15  local.17  local.3 local.5  local.7  local.9  mongod.lock   _tmp

local.0 local.10  local.12  local.14 local.16  local.2   local.4 local.6  local.8  local.ns storage.bson

 


mongodb初始化数据库的大data文件特别的大,原因是:

oplog默认的大小是5%点数据库分区挂载点/data的大小,就导致了local数据库过大的问题

[[email protected] data]# du -sh/data/mongodb-master/data/

35G  /data/mongodb-master/data/



本文出自 “10931853” 博客,请务必保留此出处http://wujianwei.blog.51cto.com/10931853/1964080

以上是关于Mongodb主从复制开启安全认证的主要内容,如果未能解决你的问题,请参考以下文章

MongoDB建立主从复制小案例(一主一从)

MongoDB建立主从复制小案例(一主一从)

MongoDB复制集 (主从复制)

数据安全(主从复制)

Redis主从复制丢失数据的情况分析

centos7环境下安装mongodb3.4.24主从复制集群并设置密码