CentOS7.4搭建基于用户认证的MongoDB4.0三节点副本集集群
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7.4搭建基于用户认证的MongoDB4.0三节点副本集集群相关的知识,希望对你有一定的参考价值。
mongoDB官方已经不建议使用主从模式了,替代方案是采用副本集的模式,点击 ,如图:
那什么是副本集呢?打魔兽世界总说打副本,其实这两个概念差不多一个意思。游戏里的副本是指玩家集中在高峰时间去一个场景打怪,会出现玩家暴多怪物少的情况,游戏开发商为了保证玩家的体验度,就为每一批玩家单独开放一个同样的空间同样的数量的怪物,这一个复制的场景就是一个副本,不管有多少个玩家各自在各自的副本里玩不会互相影响。 mongoDB的副本也是这个,主从模式其实就是一个单副本的应用,没有很好的扩展性和容错性。而副本集具有多个副本保证了容错性,就算一个副本挂掉了还有很多副本存在,并且解决了上面第一个问题“主节点挂掉了,整个集群内会自动切换”。难怪mongoDB官方推荐使用这种模式。
我们来看看mongoDB副本集的架构图:
由图可以看到客户端连接到整个副本集,不关心具体哪一台机器是否挂掉。主服务器负责整个副本集的读写,副本集定期同步数据备份,一但主节点挂掉,副本节点就会选举一个新的主服务器,这一切对于应用服务器不需要关心。我们看一下主服务器挂掉后的架构:
副本集中的副本节点在主节点挂掉后通过心跳机制检测到后,就会在集群内发起主节点的选举机制,自动选举一位新的主服务器。看起来很牛X的样子,我们赶紧操作部署一下!
官方推荐的副本集机器数量为至少3个,那我们也按照这个数量配置测试。
Mongodb副本集环境部署记录
系统环境
Centos7.5、MongoDB4.0.6、关闭防火墙、集群采用不同通讯端口
1) 机器环境
10.153.1.183 master-node(主节点)
10.153.1.184 slave-node1(从节点)
10.153.1.185 slave-node2(从节点)
2) 安装master-node
#!/bin/bash
#######################
#mongodb简介
#mongodb是个非关系型数据库,但操作跟关系型数据最类似。mysql是关系型数据库
#mongodb是面向文档存储的非关系型数据库,数据以json的格式进行存储
#mongodb可用来永久存储,也可用来缓存数据
#mongodb提供副本集和分片集群功能,操作简单
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi
if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi
#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag
#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local
#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config
systemctl disable firewalld.service
#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
* soft nofile 204800
* hard nofile 204800
* soft nproc 204800
* hard nproc 204800
EOF
sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf
#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz
#install mongodb
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb
#Create data directory
mkdir -p /data/mongodb/27017/
cat > /data/mongodb/27017/mongodb.conf <<EOF
systemLog:
destination: file
logAppend: true
path: /data/mongodb/27017/mongodb.log
storage:
dbPath: /data/mongodb/27017/
journal:
enabled: true
processManagement:
fork: true
net:
port: 27017
bindIp: 0.0.0.0
maxIncomingConnections: 40000
replication:
replSetName: oriente
oplogSizeMB: 1024
security:
authorization: enabled
keyFile: /home/mongodb/keyfile
EOF
#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/
#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF
chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile
#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27017/"
MONGODB_CONF="/data/mongodb/27017/mongodb.conf"
PORT=$(netstat -tunlp|grep 27017|awk ‘{print $4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case $1 in
start)
echo -n "Starting mongodb..."
if [[ $PORT = 27017 ]];then
echo "mongodb is alreday running!"
else
/bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC -f $MONGODB_CONF"
fi
echo " done"
;;
stop)
echo -n "Stoping mongodb..."
/bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC --shutdown --dbpath $MONGODB_DATA"
echo " done"
;;
restart)
$0 stop
$0 start
;;
status)
if [[ $PORT != 27017 ]];then
echo "mongodb is not running!"
else
echo "mongodb is running!"
fi
;;
*)
echo "Usage: $0"
exit 1
esac
EOF
#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=$PATH:$MONGODB_HOME/bin
EOF
source /etc/profile.d/mongodb.sh
#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb
#Add to chkconfig service
chkconfig --add mongodb
#Setting up MongoDB auto-start
chkconfig mongodb on
#Start MongoDB
service mongodb start
3) 安装slave-node1
#!/bin/bash
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi
if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi
#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag
#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local
#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config
systemctl disable firewalld.service
#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
* soft nofile 204800
* hard nofile 204800
* soft nproc 204800
* hard nproc 204800
EOF
sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf
#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz
#install mongodb
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb
#Create data directory
mkdir -p /data/mongodb/27018/
cat > /data/mongodb/27018/mongodb.conf <<EOF
systemLog:
destination: file
logAppend: true
path: /data/mongodb/27018/mongodb.log
storage:
dbPath: /data/mongodb/27018/
journal:
enabled: true
processManagement:
fork: true
net:
port: 27018
bindIp: 0.0.0.0
maxIncomingConnections: 40000
replication:
replSetName: oriente
oplogSizeMB: 1024
security:
authorization: enabled
keyFile: /home/mongodb/keyfile
EOF
#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/
#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF
chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile
#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27018/"
MONGODB_CONF="/data/mongodb/27018/mongodb.conf"
PORT=$(netstat -tunlp|grep 27018|awk ‘{print $4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case $1 in
start)
echo -n "Starting mongodb..."
if [[ $PORT = 27018 ]];then
echo "mongodb is alreday running!"
else
/bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC -f $MONGODB_CONF"
fi
echo " done"
;;
stop)
echo -n "Stoping mongodb..."
/bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC --shutdown --dbpath $MONGODB_DATA"
echo " done"
;;
restart)
$0 stop
$0 start
;;
status)
if [[ $PORT != 27018 ]];then
echo "mongodb is not running!"
else
echo "mongodb is running!"
fi
;;
*)
echo "Usage: $0"
exit 1
esac
EOF
#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=$PATH:$MONGODB_HOME/bin
EOF
source /etc/profile.d/mongodb.sh
#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb
#Add to chkconfig service
chkconfig --add mongodb
#Setting up MongoDB auto-start
chkconfig mongodb on
#Start MongoDB
service mongodb start
4) 安装slave-node2
#!/bin/bash
#############################
if [ `whoami` != root ]
then
echo "Please login as root to continue :)"
exit 1
fi
if [ ! -d /home/tools/ ];then
mkdir -p /home/tools
else
rm -rf /home/tools && mkdir -p /home/tools
fi
#Prohibit memory giant pages
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled
echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag
#Add commands to /etc/rc.local
chmod +x /etc/rc.d/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "echo ‘never‘ >/sys/kernel/mm/transparent_hugepage/defrag" >>/etc/rc.local
#Disable firewall and selinux
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config
systemctl disable firewalld.service
#Setting Handles Number and Process
cat >> /etc/security/limits.conf << EOF
* soft nofile 204800
* hard nofile 204800
* soft nproc 204800
* hard nproc 204800
EOF
sed -i ‘s/4096/204800/g‘ /etc/security/limits.d/20-nproc.conf
#download mongodb on centos 7
cd /home/tools && wget -c https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.6.tgz
#install mongodb
tar zxvf mongodb-linux-x86_64-rhel70-4.0.6.tgz
mv mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb-linux-x86_64-rhel70-4.0.6
ln -s /usr/local/mongodb-linux-x86_64-rhel70-4.0.6 /usr/local/mongodb
#Create data directory
mkdir -p /data/mongodb/27019/
cat > /data/mongodb/27019/mongodb.conf <<EOF
systemLog:
destination: file
logAppend: true
path: /data/mongodb/27019/mongodb.log
storage:
dbPath: /data/mongodb/27019/
journal:
enabled: true
processManagement:
fork: true
net:
port: 27019
bindIp: 0.0.0.0
maxIncomingConnections: 40000
replication:
replSetName: oriente
oplogSizeMB: 1024
security:
authorization: enabled
keyFile: /home/mongodb/keyfile
EOF
#Add mongodb users and setting permission
groupadd -g 800 mongodb && useradd -u 800 -g mongodb mongodb
chown -R mongodb.mongodb /data/mongodb/ /usr/local/mongodb/
#Create keyfile
cat >/home/mongodb/keyfile <<EOF
raQvX0ESjiZD/LaB4QmGpm/EJUfhea/r9CcGMHA/c46fNezLrIHLpSFlVb3BD7mt
sZY4w4qNuV7mL/6qxVEktSyRu1yvdZG49ImJBH8ssUeCLBBHtfAaayH5
EOF
chmod 600 /home/mongodb/keyfile && chown -R mongodb.mongodb /home/mongodb/keyfile
#Add autoStart script
cat >/etc/init.d/mongodb <<EOF
#!/bin/bash
# Description:mongodb ORS SERVER
# chkconfig: - 85 15
# Written by jerry
MONGODB_EXEC="/usr/local/mongodb/bin/mongod"
MONGODB_DATA="/data/mongodb/27019/"
MONGODB_CONF="/data/mongodb/27019/mongodb.conf"
PORT=$(netstat -tunlp|grep 27019|awk ‘{print $4}‘|cut -d ‘:‘ -f2)
MONGODB_USER=mongodb
case $1 in
start)
echo -n "Starting mongodb..."
if [[ $PORT = 27019 ]];then
echo "mongodb is alreday running!"
else
/bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC -f $MONGODB_CONF"
fi
echo " done"
;;
stop)
echo -n "Stoping mongodb..."
/bin/su - $MONGODB_USER -s /bin/bash -c "$MONGODB_EXEC --shutdown --dbpath $MONGODB_DATA"
echo " done"
;;
restart)
$0 stop
$0 start
;;
status)
if [[ $PORT != 27019 ]];then
echo "mongodb is not running!"
else
echo "mongodb is running!"
fi
;;
*)
echo "Usage: $0"
exit 1
esac
EOF
#Setting environment variables
cat >/etc/profile.d/mongodb.sh<<EOF
export MONGODB_HOME=/usr/local/mongodb
export PATH=$PATH:$MONGODB_HOME/bin
EOF
source /etc/profile.d/mongodb.sh
#Add permission to /etc/init.d/mongodb
chmod +x /etc/init.d/mongodb
#Add to chkconfig service
chkconfig --add mongodb
#Setting up MongoDB auto-start
chkconfig mongodb on
#Start MongoDB
service mongodb start
5) 登录master-nodemongo
6) mongodb副本集的初始化及其状态查看
config = { _id:"oriente", members:[
{_id:0,host:"10.153.1.183:27017"},
{_id:1,host:"10.153.1.184:27018"},
{_id:2,host:"10.153.1.185:27019"}]
}
截图如下
use admin
副本集初始化,需要一定时间rs.initiate( config )
副本集状态,一个primary,其它SECONDARYrs.status()
创建admin用户并且设置密码
db.createUser({user:"admin",pwd:"oriente1234.com",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})
设置相关权限
use admin
db.auth("admin","oriente1234.com")
db.grantRolesToUser( "admin" , [ { role: "dbOwner", db: "admin" },{ "role": "clusterAdmin", "db": "admin" },
{ "role": "userAdminAnyDatabase", "db": "admin" },
{ "role": "dbAdminAnyDatabase", "db": "admin" }])
7) 任意一台从库上查询,这里是node-slave1(10.153.1.184)mongo 10.153.1.184:27018
use admin
db.auth(admin,‘oriente1234.com‘)
rs.status()
以上是关于CentOS7.4搭建基于用户认证的MongoDB4.0三节点副本集集群的主要内容,如果未能解决你的问题,请参考以下文章
CentOS7.4+FreeRadius+ldap(Windows AD)认证 搭建radius服务