CentOS7.4搭建基于用户认证的MongoDB4.0三节点副本集集群

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7.4搭建基于用户认证的MongoDB4.0三节点副本集集群相关的知识,希望对你有一定的参考价值。

mongoDB官方已经不建议使用主从模式了,替代方案是采用副本集的模式,点击 ,如图:

技术图片

那什么是副本集呢?打魔兽世界总说打副本,其实这两个概念差不多一个意思。游戏里的副本是指玩家集中在高峰时间去一个场景打怪,会出现玩家暴多怪物少的情况,游戏开发商为了保证玩家的体验度,就为每一批玩家单独开放一个同样的空间同样的数量的怪物,这一个复制的场景就是一个副本,不管有多少个玩家各自在各自的副本里玩不会互相影响。 mongoDB的副本也是这个,主从模式其实就是一个单副本的应用,没有很好的扩展性和容错性。而副本集具有多个副本保证了容错性,就算一个副本挂掉了还有很多副本存在,并且解决了上面第一个问题“主节点挂掉了,整个集群内会自动切换”。难怪mongoDB官方推荐使用这种模式。

我们来看看mongoDB副本集的架构图:

技术图片

由图可以看到客户端连接到整个副本集,不关心具体哪一台机器是否挂掉。主服务器负责整个副本集的读写,副本集定期同步数据备份,一但主节点挂掉,副本节点就会选举一个新的主服务器,这一切对于应用服务器不需要关心。我们看一下主服务器挂掉后的架构:

技术图片

副本集中的副本节点在主节点挂掉后通过心跳机制检测到后,就会在集群内发起主节点的选举机制,自动选举一位新的主服务器。看起来很牛X的样子,我们赶紧操作部署一下!
官方推荐的副本集机器数量为至少3个,那我们也按照这个数量配置测试。

Mongodb副本集环境部署记录

系统环境
Centos7.5、MongoDB4.0.6、关闭防火墙、集群采用不同通讯端口

1) 机器环境
10.153.1.183 master-node(主节点)
10.153.1.184 slave-node1(从节点)
10.153.1.185 slave-node2(从节点)

2) 安装master-node

#!/bin/bash
#######################
#mongodb简介
#mongodb是个非关系型数据库,但操作跟关系型数据最类似。mysql是关系型数据库
#mongodb是面向文档存储的非关系型数据库,数据以json的格式进行存储
#mongodb可用来永久存储,也可用来缓存数据
#mongodb提供副本集和分片集群功能,操作简单
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi

if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi

#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag

#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local

#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config 
systemctl disable firewalld.service

#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
*          soft   nofile    204800
*          hard   nofile    204800
*          soft   nproc     204800
*          hard   nproc     204800
EOF

sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf

#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz

#install mongodb 
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb

#Create data directory
mkdir -p /data/mongodb/27017/

cat > /data/mongodb/27017/mongodb.conf <<EOF
systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/27017/mongodb.log
storage:
  dbPath: /data/mongodb/27017/
  journal:
    enabled: true
processManagement:
  fork: true
net:
  port: 27017
  bindIp: 0.0.0.0
  maxIncomingConnections: 40000
replication:
  replSetName: oriente
  oplogSizeMB: 1024
security:
  authorization: enabled
  keyFile: /home/mongodb/keyfile
EOF

#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb 
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/

#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF

chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile

#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27017/"
MONGODB_CONF="/data/mongodb/27017/mongodb.conf"
PORT=$(netstat -tunlp|grep 27017|awk ‘{print $4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case $1 in
        start)
        echo -n "Starting mongodb..."
        if [[ $PORT = 27017 ]];then
        echo "mongodb is alreday running!"
        else
        /bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC -f $MONGODB_CONF"
        fi
        echo " done"
        ;;
        stop)
        echo -n "Stoping mongodb..."
        /bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC --shutdown  --dbpath $MONGODB_DATA"
        echo " done"
        ;;
        restart)
        $0 stop
        $0 start
        ;;
        status)
        if [[ $PORT != 27017 ]];then
             echo "mongodb is not running!"
        else
             echo "mongodb is running!"
        fi
        ;;
        *)
        echo "Usage: $0"
        exit 1
esac
EOF

#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=$PATH:$MONGODB_HOME/bin
EOF

source /etc/profile.d/mongodb.sh

#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb

#Add to chkconfig service
chkconfig --add mongodb

#Setting up MongoDB auto-start
chkconfig mongodb on

#Start MongoDB
service mongodb start

3) 安装slave-node1

#!/bin/bash
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi

if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi

#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag

#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local

#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config 
systemctl disable firewalld.service

#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
*          soft   nofile    204800
*          hard   nofile    204800
*          soft   nproc     204800
*          hard   nproc     204800
EOF

sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf

#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz

#install mongodb 
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb

#Create data directory
mkdir -p /data/mongodb/27018/

cat > /data/mongodb/27018/mongodb.conf <<EOF
systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/27018/mongodb.log
storage:
  dbPath: /data/mongodb/27018/
  journal:
    enabled: true
processManagement:
  fork: true
net:
  port: 27018
  bindIp: 0.0.0.0
  maxIncomingConnections: 40000
replication:
  replSetName: oriente
  oplogSizeMB: 1024
security:
  authorization: enabled
  keyFile: /home/mongodb/keyfile
EOF

#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb 
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/

#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF

chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile

#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27018/"
MONGODB_CONF="/data/mongodb/27018/mongodb.conf"
PORT=$(netstat -tunlp|grep 27018|awk ‘{print $4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case $1 in
        start)
        echo -n "Starting mongodb..."
        if [[ $PORT = 27018 ]];then
        echo "mongodb is alreday running!"
        else
        /bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC -f $MONGODB_CONF"
        fi
        echo " done"
        ;;
        stop)
        echo -n "Stoping mongodb..."
        /bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC --shutdown  --dbpath $MONGODB_DATA"
        echo " done"
        ;;
        restart)
        $0 stop
        $0 start
        ;;
        status)
        if [[ $PORT != 27018 ]];then
             echo "mongodb is not running!"
        else
             echo "mongodb is running!"
        fi
        ;;
        *)
        echo "Usage: $0"
        exit 1
esac
EOF

#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=$PATH:$MONGODB_HOME/bin
EOF

source /etc/profile.d/mongodb.sh

#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb

#Add to chkconfig service
chkconfig --add mongodb

#Setting up MongoDB auto-start
chkconfig mongodb on

#Start MongoDB
service mongodb start

4) 安装slave-node2

#!/bin/bash
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi

if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi

#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag

#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local

#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config 
systemctl disable firewalld.service

#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
*          soft   nofile    204800
*          hard   nofile    204800
*          soft   nproc     204800
*          hard   nproc     204800
EOF

sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf

#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz

#install mongodb 
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb

#Create data directory
mkdir -p /data/mongodb/27019/

cat > /data/mongodb/27019/mongodb.conf <<EOF
systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/27019/mongodb.log
storage:
  dbPath: /data/mongodb/27019/
  journal:
    enabled: true
processManagement:
  fork: true
net:
  port: 27019
  bindIp: 0.0.0.0
  maxIncomingConnections: 40000
replication:
  replSetName: oriente
  oplogSizeMB: 1024
security:
  authorization: enabled
  keyFile: /home/mongodb/keyfile
EOF

#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb 
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/

#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF

chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile

#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27019/"
MONGODB_CONF="/data/mongodb/27019/mongodb.conf"
PORT=$(netstat -tunlp|grep 27019|awk ‘{print $4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case $1 in
        start)
        echo -n "Starting mongodb..."
        if [[ $PORT = 27019 ]];then
        echo "mongodb is alreday running!"
        else
        /bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC -f $MONGODB_CONF"
        fi
        echo " done"
        ;;
        stop)
        echo -n "Stoping mongodb..."
        /bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC --shutdown  --dbpath $MONGODB_DATA"
        echo " done"
        ;;
        restart)
        $0 stop
        $0 start
        ;;
        status)
        if [[ $PORT != 27019 ]];then
             echo "mongodb is not running!"
        else
             echo "mongodb is running!"
        fi
        ;;
        *)
        echo "Usage: $0"
        exit 1
esac
EOF

#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=$PATH:$MONGODB_HOME/bin
EOF

source /etc/profile.d/mongodb.sh

#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb

#Add to chkconfig service
chkconfig --add mongodb

#Setting up MongoDB auto-start
chkconfig mongodb on

#Start MongoDB
service mongodb start

5) 登录master-node
mongo

6) mongodb副本集的初始化及其状态查看

config = { _id:"oriente", members:[
  {_id:0,host:"10.153.1.183:27017"},
  {_id:1,host:"10.153.1.184:27018"},
  {_id:2,host:"10.153.1.185:27019"}]
}

截图如下

技术图片

use admin
副本集初始化,需要一定时间
rs.initiate( config )

副本集状态,一个primary,其它SECONDARY
rs.status()

创建admin用户并且设置密码

db.createUser({user:"admin",pwd:"oriente1234.com",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})

设置相关权限

use admin
db.auth("admin","oriente1234.com")
db.grantRolesToUser( "admin" , [ { role: "dbOwner", db: "admin" },{ "role": "clusterAdmin", "db": "admin" },
{ "role": "userAdminAnyDatabase", "db": "admin" },
{ "role": "dbAdminAnyDatabase", "db": "admin" }])

7) 任意一台从库上查询,这里是node-slave1(10.153.1.184)
mongo 10.153.1.184:27018

use admin
db.auth(admin,‘oriente1234.com‘)
rs.status()

以上是关于CentOS7.4搭建基于用户认证的MongoDB4.0三节点副本集集群的主要内容,如果未能解决你的问题,请参考以下文章

MongoDB一主一丛有用户认证的搭建

CentOS7.4+FreeRadius+ldap(Windows AD)认证 搭建radius服务

mongodb3.X 副本集(集群)添加用户名认证

openstack-r版(rocky)搭建基于centos7.4 的openstack swift对象存储服务 三

Mongodb之权限认证管理

MongoDB管理之安全性