mongo replication auth install
创建用户
1
[root@mongodb app]# useradd -s /sbin/nologin mongo
解压和安装
1
2
3[root@mongodb app]# tar xzf mongodb-linux-x86_64-rhel70-3.4.10.tgz
[root@mongodb app]# mv mongodb-linux-x86_64-rhel70-3.4.10 /mnt/app/mongo
[root@mongodb app]# chown -R mongo.mongo /mnt/app/mongo设置环境变量
1
2
3
4
5[root@mongodb app]# cat >/etc/profile.d/mongo.sh <<EOF
export MONGO_HOME=/mnt/app/mongo
export PATH=\${MONGO_HOME}/bin:\$PATH
EOF
[root@mongodb app]# source /etc/profile创建mongo配置文件目录
1
2[root@mongodb app]# mkdir -p /mnt/app/mongo/conf
[root@mongodb app]# chown -R mongo.mongo /mnt/app/mongo/conf创建mongo存放keyfile目录
1
2[root@mongodb app]# mkdir -p /mnt/app/mongo/key
[root@mongodb app]# chown -R mongo.mongo /mnt/app/mongo/key创建mongo数据文件目录
1
2[root@mongodb app]# mkdir -p /mnt/data/mongo/{27017,27018,27019}
[root@mongodb app]# chown -R mongo.mongo /mnt/data/mongo创建mongo日志目录
1
2[root@mongodb app]# mkdir -p /mnt/log/mongo/{27017,27018,27019}
[root@mongodb app]# chown -R mongo.mongo /mnt/log/mongo生成mongo.key
1
2
3
4
5生成mongo.key加密文件(注意:mongo.key里面密码的长度不能超过1024),并将mongo.key拷贝到副本集中其它几台机器上
[root@mongodb ~]# openssl rand -base64 741 > /mnt/app/mongo/key/mongo.key
[root@mongodb ~]# chmod 600 /mnt/app/mongo/key/mongo.key
[root@mongodb ~]# chown -R mongo.mongo /mnt/app/mongo/key设置mongo配置文件(primary)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18[root@mongodb app]# cat > /mnt/app/mongo/conf/mongo.27017.conf <<EOF
dbpath=/mnt/data/mongo/27017
logpath=/mnt/log/mongo/27017/mongo.log
logappend=true
port=27017
fork=true
nohttpinterface=true
objcheck=true
rest=false
#auth=true
journal=true
oplogSize=2048
smallfiles=true
replSet=dbset
keyFile=/mnt/app/mongo/key/mongo.key
EOF设置mongo systemd文件(primary)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21[root@mongodb app]# cat > /usr/lib/systemd/system/mongo-27017.service <<EOF
[Unit]
Description=mongodb
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/mnt/app/mongo/bin/mongod --config /mnt/app/mongo/conf/mongo.27017.conf
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStop=/mnt/app/mongo/bin/mongod --shutdown --config /mnt/app/mongo/conf/mongo.27017.conf
PrivateTmp=true
User=mongo
Group=mongo
[Install]
WantedBy=multi-user.target
EOF
[root@mongodb app]# systemctl daemon-reload
[root@mongodb app]# systemctl start mongo-27017
[root@mongodb app]# systemctl enable mongo-27017副本集初始化(primary)
1
2
3
4[root@mongodb ~]# mongo --port 27017
> config={_id: "dbset",version: 1,members: [{ _id: 0, host : "192.168.13.218:27017" }]}
> rs.initiate(config)
dbset:PRIMARY>设置用户权限(primary,(auth=false))
1
2
3
4
5
6dbset:PRIMARY> use admin
dbset:PRIMARY> db.createUser({user: "root",pwd:"root",roles:[{role:"root",db:"admin" }]})
dbset:PRIMARY> db.auth('root','root')
dbset:PRIMARY> db.createUser({user: "admin",pwd:"admin",roles:[{role:"userAdminAnyDatabase",db:"admin" }]})
dbset:PRIMARY> exit
bye重启mongo(primary,(auth=true))
1
2
3
4
5[root@mongodb ~]# vim /mnt/app/mongo/conf/mongo.27017.conf
#auth=true
改为:
auth=true
[root@mongodb ~]# systemctl status mongo-27017验证(primary)
1
2
3dbset:PRIMARY> use admin
dbset:PRIMARY> db.auth('root','root')
dbset:PRIMARY> rs.status()配置文件设置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41//secondary配置文件
[root@mongodb app]# cat > /mnt/app/mongo/conf/mongo.27018.conf <<EOF
dbpath=/mnt/data/mongo/27018
logpath=/mnt/log/mongo/27018/mongo.log
logappend=true
port=27018
fork=true
nohttpinterface=true
objcheck=true
rest=false
auth=true
journal=true
oplogSize=2048
smallfiles=true
replSet=dbset
keyFile=/mnt/app/mongo/key/mongo.key
EOF
//arbiter配置文件
[root@mongodb app]# cat > /mnt/app/mongo/conf/mongo.27019.conf <<EOF
dbpath=/mnt/data/mongo/27019
logpath=/mnt/log/mongo/27019/mongo.log
logappend=true
port=27019
fork=true
nohttpinterface=true
objcheck=true
rest=false
auth=true
nojournal=true
oplogSize=2048
smallfiles=true
replSet=dbset
keyFile=/mnt/app/mongo/key/mongo.key
EOF
[root@mongodb app]# chown -R mongo.mongo /mnt/app/mongo/conf设置mongo systemd文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41[root@mongodb app]# cat > /usr/lib/systemd/system/mongo-27018.service <<EOF
[Unit]
Description=mongodb
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/mnt/app/mongo/bin/mongod --config /mnt/app/mongo/conf/mongo.27018.conf
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStop=/mnt/app/mongo/bin/mongod --shutdown --config /mnt/app/mongo/conf/mongo.27018.conf
PrivateTmp=true
User=mongo
Group=mongo
[Install]
WantedBy=multi-user.target
EOF
[root@mongodb app]# cat > /usr/lib/systemd/system/mongo-27019.service <<EOF
[Unit]
Description=mongodb
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/mnt/app/mongo/bin/mongod --config /mnt/app/mongo/conf/mongo.27019.conf
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStop=/mnt/app/mongo/bin/mongod --shutdown --config /mnt/app/mongo/conf/mongo.27019.conf
PrivateTmp=true
User=mongo
Group=mongo
[Install]
WantedBy=multi-user.target
EOF
[root@mongodb app]# systemctl daemon-reload
[root@mongodb app]# systemctl start mongo-27018
[root@mongodb app]# systemctl start mongo-27019
[root@mongodb app]# systemctl enable monog-27018
[root@mongodb app]# systemctl enable monog-27019副本集添加节点
1
2
3
4
5
6
7
8[root@mongodb ~]# mongo --port 27017
dbset:PRIMARY> use admin
dbset:PRIMARY> db.auth('root','root')
dbset:PRIMARY> rs.status()
dbset:PRIMARY> rs.add("192.168.13.218:27018")
dbset:PRIMARY> rs.addArb("192.168.13.218:27019")
dbset:PRIMARY> rs.status()副本集状态
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77dbset:PRIMARY> rs.status()
{
"set" : "dbset",
"date" : ISODate("2017-11-13T09:12:44.740Z"),
"myState" : 1,
"term" : NumberLong(1),
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1510564357, 1),
"t" : NumberLong(1)
},
"appliedOpTime" : {
"ts" : Timestamp(1510564357, 1),
"t" : NumberLong(1)
},
"durableOpTime" : {
"ts" : Timestamp(1510564357, 1),
"t" : NumberLong(1)
}
},
"members" : [
{
"_id" : 0,
"name" : "192.168.13.218:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 641,
"optime" : {
"ts" : Timestamp(1510564357, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2017-11-13T09:12:37Z"),
"electionTime" : Timestamp(1510564115, 2),
"electionDate" : ISODate("2017-11-13T09:08:35Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 1,
"name" : "192.168.13.218:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 122,
"optime" : {
"ts" : Timestamp(1510564357, 1),
"t" : NumberLong(1)
},
"optimeDurable" : {
"ts" : Timestamp(1510564357, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2017-11-13T09:12:37Z"),
"optimeDurableDate" : ISODate("2017-11-13T09:12:37Z"),
"lastHeartbeat" : ISODate("2017-11-13T09:12:43.815Z"),
"lastHeartbeatRecv" : ISODate("2017-11-13T09:12:43.814Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "192.168.13.218:27017",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "192.168.13.218:27019",
"health" : 1,
"state" : 7,
"stateStr" : "ARBITER",
"uptime" : 58,
"lastHeartbeat" : ISODate("2017-11-13T09:12:43.814Z"),
"lastHeartbeatRecv" : ISODate("2017-11-13T09:12:40.893Z"),
"pingMs" : NumberLong(0),
"configVersion" : 3
}
],
"ok" : 1
}副本集常用命令
1
2
3
4
5
6
7
8
9
10
11//primary secondary切换
dbset:PRIMARY> rs.stepDown()
//副本集中移除
dbset:PRIMARY> rs.remove("192.168.13.218:27019")
//副本集配置
dbset:PRIMARY> rs.conf()
//查看副本同步状态
dbset:PRIMARY> db.printSlaveReplicationInfo();mongo内核优化
1
2
3
4
5
6
7
8
9
10
11
12
13
14[root@mongodb ~]# echo never |tee /sys/kernel/mm/transparent_hugepage/enabled
[root@mongodb ~]# echo never |tee /sys/kernel/mm/transparent_hugepage/defrag
[root@mongodb ~]# systemctl stop mongo && systemctl start mongo
[root@mongodb ~]# cat >>/etc/rc.local <<EOF
### mongodb close hugepage
if test -f /sys/kernel/mm/transparent_hugepage/enabled;then
echo never |tee /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag;then
echo never |tee /sys/kernel/mm/transparent_hugepage/defrag
fi
EOF