centos7環境下安裝mongodb3.4.24主從複製叢集並設定密碼
centos7環境下安裝mongodb3.4.24主從複製叢集並設定密碼
1.安裝mongodb
新增執行mongodb的使用者mongo,避免直接使用root帶來安全隱患
groupadd -g 1608 mongo
useradd -u 1608 -g mongo mongo
#下載原始碼包
wget http://downloads.mongodb.org/linux/mongodb-linux-x86_64-rhel70-3.4.24.tgz
#解壓原始碼包
tar -xf mongodb-linux-x86_64-rhel70-3.4.24.tgz -C /usr/local/
#準備mongodb 配置檔案
mkdir /data/mongodb/{data,logs} -p
mkdir /usr/local/mongodb/conf
2.部署 master 節點
# vim /usr/local/mongodb/conf/mongod.conf
#埠號 port=27017 bind_ip=172.16.0.233 #資料目錄 dbpath=/data/mongodb/data # 從節點同步日誌大小,類似mysql 的 binlog 20G oplogSize=20480 #日誌目錄 logpath=/data/mongodb/logs/mongodb.log #日誌檔案追加 logappend=true #如果設定為 true, 同步到 journal (在提交到資料庫前寫入到實體中). 應用於 safe=true journal=true #以守護程序的方式執行MongoDB,建立伺服器程序 fork=true #記憶體分配 wiredTigerCacheSizeGB=4 #auth=true #為master 節點 master=true
3.部署 slave 節點
#準備mongodb 配置檔案
mkdir /data/mongodb/{data,logs} -p
# vim /usr/local/mongodb/conf/mongod.conf
port=27017 bind_ip=172.16.0.234 dbpath=/data/mongodb/data logpath=/data/mongodb/logs/mongodb.log oplogSize=20480 logappend=true journal=true fork=true wiredTigerCacheSizeGB=4 source=172.16.0.233:27017 #指定主節點 #auth=true slave=true #從節點 autoresync=true
4.使用systemctl管理服務
chown -R mongo.mongo /usr/local/mongodb/ chown -R mongo.mongo /usr/local/mongodb-linux-x86_64-rhel70-3.4.24 chown -R mongo.mongo /data/mongodb
# vim /etc/systemd/system/mongodb.service
[Unit] Description=mongodb After=network.target remote-fs.target nss-lookup.target [Service] Type=forking User=mongo Group=mongo ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/conf/mongod.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/usr/local/mongodb/bin/mongod --shutdown /usr/local/mongodb/conf/mongod.conf PrivateTmp=true [Install] WantedBy=multi-user.target
# 啟動服務
systemctl start mongodb
systemctl enable mongodb
# 檢視日誌是否正常
tail -f /data/mongodb/logs/mongodb.log
5.檢查同步情況
> db.printReplicationInfo()
檢查主從配置是否正常
mongo --host 172.16.0.233 --port 27017
# 從庫連線 [root@eus_influenex_es02:/etc/systemd/system]# mongo --host 172.16.0.234 --port 27017 MongoDB shell version v3.4.24 connecting to: mongodb://172.16.0.234:27017/ MongoDB server version: 3.4.24 Server has startup warnings: 2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] 2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2021-07-16T15:52:58.864+0800 I CONTROL [initandlisten] 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2021-07-16T15:52:58.865+0800 I CONTROL [initandlisten] > > > > db.printReplicationInfo() this is a slave, printing slave replication info. source: 172.16.0.233:27017 syncedTo: Fri Jul 16 2021 15:59:23 GMT+0800 (CST) 2 secs (0 hrs) behind the freshest member (no primary available at the moment)
6.設定admin管理員賬號資訊
use admin db.createUser( { user:"admin", pwd:"pass", roles:[{role:"clusterAdmin",db:"admin"},{role:"clusterManager",db:"admin"},{role:"clusterMonitor",db:"admin"}] } )
7.開啟設定鑑權
# 生成密碼檔案
cd /usr/local/mongodb/conf/
# -base64 生成的字串不能超過1226,所以使用512
openssl rand -base64 512 > onlineimagemongo.key chmod 600 /usr/local/mongodb/conf/onlineimagemongo.key
# 將生成的密碼檔案傳輸到slave節點
scp -P 2018 /usr/local/mongodb/conf/onlineimagemongo.key 172.30.0.108:/usr/local/mongodb/conf/
# 設定許可權
chown mongo.mongo /usr/local/mongodb/conf/onlineimagemongo.key
# 修改配置
vim /usr/local/mongodb/conf/mongod.conf
auth=true keyFile = /usr/local/mongodb/conf/onlineimagemongo.key
# 重啟資料庫讓鑑權配置生效
systemctl restart mongodb