-- 源库 新库IP lavelysh
xxoo140836 168.168.168.204 xxoo145245 168.168.168.204
xxoo140837 168.168.168.252 xxoo145246 168.168.168.205
xxoo140838 168.168.168.253 xxoo145247 168.168.168.206
lavelysh:PRIMARY> db.runCommand({usersInfo:'ogla'});
cat /mg_data/lavelysh/conf/mongodb.conf
mkdir -p /mg_data/lavelysh/conf
mkdir -p /mg_data/lavelysh/data
mkdir -p /mg_data/lavelysh/keyfile
mkdir -p /mg_data/lavelysh/log
cp /mg_data/hssfspim/conf/mongodb.conf /mg_data/lavelysh/conf/
cat /mg_data/lavelysh/conf/mongodb.conf
sed -i 's?rs01?lavelysh?' /mg_data/lavelysh/conf/mongodb.conf
sed -i 's?24000?24001?' /mg_data/lavelysh/conf/mongodb.conf
sed -i 's?hssfspim?lavelysh?' /mg_data/lavelysh/conf/mongodb.conf
cat /mg_data/lavelysh/conf/mongodb.conf
七、配置keyfile
在一个节点上执行,然后复制mg.key到其他节点上
mkdir /mg_data/lavelysh/keyfile
openssl rand -base64 741 > /mg_data/lavelysh/keyfile/mg.key
chmod 600 /mg_data/lavelysh/keyfile/mg.key
scp /mg_data/lavelysh/keyfile/mg.key 168.168.168.205:/mg_data/lavelysh/keyfile/
scp /mg_data/lavelysh/keyfile/mg.key 168.168.168.206:/mg_data/lavelysh/keyfile/
vi /mg_data/lavelysh/conf/mongodb.conf -- 去掉参数注释部分,重启生效。
一、建目录。
二、用户环境变量。
export PATH
umask 027
MONGO_BASE=/mongodb/base
MONGO_HOME=/mongodb/base/mongodb-5.0.12
MONGO_DATA=/mg_data/data
MONGO_SERVER_NAME=hybrid
logpath=/mg_data/log/mongodb.log
PORT=24001
TEMP=MONGO_HOME/bin:PATH
export PATH MONGO_BASE MONGO_HOME MONGO_DATA IP PORT EDITOR TEMP
PS1="hostname:MONGO_SERVER_NAME >"
三、上传软件并解压/mongodb/base,更名为mongodb_版本号。
四、配置conf文件。
mkdir /mg_data/lavelysh/conf/
[mongodb@xxoo140836 mg_data]$ cat /mg_data/lavelysh/conf/mongodb.conf
dbpath=/mg_data/lavelysh/data
logpath=/mg_data/lavelysh/log/mongodb.log
logappend=true
fork=true
replSet=lavelysh
bind_ip=168.168.168.204
maxConns=10240
oplogSize=20480
port=24001
#keyFile =/mg_data/lavelysh/keyfile/mg.key
#clusterAuthMode = keyFile
#auth = true
五、配置启停脚本。
[mongodb@xxoo140836 mg_data]$ vim /mg_data/lavelysh/MongoDBMgr.sh
#!/bin/bash
#description: Mongodb service control script
PROG="/mongodb/base/mongodb-5.0.12/bin/mongod"
CONF="/mg_data/lavelysh/conf/mongodb.conf"
case $1 in
start)
numactl --interleave=all $PROG -f $CONF &> /dev/null
echo "Starting mongodb: [ OK ]"
;;
stop)
numactl --interleave=all $PROG -f $CONF --shutdown &> /dev/null
echo "Shutting down mongodb: [ OK ]"
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
esac
chmod u+x /mg_data/lavelysh/MongoDBMgr.sh
六.启动mongodb实例并进行初始化。
/mg_data/lavelysh/MongoDBMgr.sh start
mongo 168.168.168.204:24001
use admin
cfg={ _id:"lavelysh", members:[ {_id:0,host:'168.168.168.204:24001',priority:2}, {_id:1,host:'168.168.168.205:24001',priority:1},{_id:2,host:'168.168.168.206:24001',arbiterOnly:true}] };
rs.initiate(cfg)
--初始化用户:
db.createUser({user:"dbmgr",pwd:"xxxoooooo",roles:[{role:"root",db:"admin"}]});
db.createRole({role: "r_deployop", privileges: [{resource:{db:"",collection:"system.indexes"},actions:["find"]},{resource:{db:"",collection:"system.namespaces"},actions:["find"]},{resource:{db:"",collection:"system.js"},actions:["find"]},{ resource: { db: "", collection: "" }, actions: ["viewUser","viewRole","changeOwnPassword","grantRole","revokeRole","enableSharding" ] }],roles: [{ role: "readWriteAnyDatabase", db: "admin" }]});
db.createRole({role:"r_dbmon",privileges:[{resource:{db:"",collection:"system.indexes"},actions:["find"]},{resource:{db:"",collection:"system.namespaces"},actions:["find"]},{resource:{db:"",collection:"system.js"},actions:["find"]},{resource:{db:"admin",collection:""},actions:["changeOwnPassword"]}],roles:[{role:"clusterMonitor",db:"admin"},{role:"readAnyDatabase",db:"admin"}]});
db.createUser({user:"dbmonopr",pwd:"xxxoooooo",roles:[{role:"r_dbmon",db:"admin"}]});
db.createUser({user:"deployop",pwd:"xxxoooooo",roles:[{role:"r_deployop",db:"admin"}]});
--普通用户创建:
db.createUser({user:"ogla",pwd:"xxxoooooo",roles:[{role:"r_deployop",db:"admin"}]});
七、配置keyfile
在一个节点上执行,然后复制mg.key到其他节点上
mkdir /mg_data/lavelysh/keyfile
openssl rand -base64 741 > /mg_data/lavelysh/keyfile/mg.key
chmod 600 /mg_data/lavelysh/keyfile/mg.key
vi /mg_data/lavelysh/conf/mongodb.conf --去掉参数注释部分,重启生效。
/mongodb/base/mongodb-5.0.12/bin/mongo 168.168.168.204:24001/admin -u dbmgr -p xxxoooooo
/mongodb/base/mongodb-5.0.12/bin/mongo 168.168.168.205:24001/admin -u dbmgr -p xxxoooooo
/mongodb/base/mongodb-5.0.12/bin/mongo 168.168.168.206:24001/admin -u dbmgr -p xxxoooooo
create user
-- 创建如下数据库:
ogla-eval
ogla-eval-t0
basedata
webset
oglarithm
-- 用户名:
ogla: 对所有DB的ddl和dml权限
ogla_opr: 对所有DB的dml权限
devsup: 对所有DB的select权限
itopr: 对所有DB的select权限
-------------------------------------------------------------------------------------------------
use ogla-eval-t0
db.createUser({user:"ogla",pwd:"xxxoooooo",roles:[{role:"dbOwner",db:"ogla-eval-t0"}]});
db.createRole({role:"r_ogla-eval-t0_dml",
privileges:[
{resource:{db:"ogla-eval-t0",collection:""},actions:["find"]},
{resource:{db:"ogla-eval-t0",collection:"system.indexes"},actions:["find"]},
{resource:{db:"ogla-eval-t0",collection:"system.namespaces"},actions:["find"]},
{resource:{db:"ogla-eval-t0",collection:"system.js"},actions:["find"]},
{resource:{db:"ogla-eval-t0",collection:""},actions:["changeOwnPassword"]}
],
roles:[{role:"readWrite",db:"ogla-eval-t0"}]});
db.createRole({role:"r_ogla-eval-t0_qry",
privileges:[
{resource:{db:"ogla-eval-t0",collection:""},actions:["find"]},
{resource:{db:"ogla-eval-t0",collection:"system.indexes"},actions:["find"]},
{resource:{db:"ogla-eval-t0",collection:"system.namespaces"},actions:["find"]},
{resource:{db:"ogla-eval-t0",collection:"system.js"},actions:["find"]},
{resource:{db:"ogla-eval-t0",collection:""},actions:["changeOwnPassword"]}
],
roles:[{role:"read",db:"ogla-eval-t0"}]});
use admin
db.grantRolesToUser("ogla_opr",[{ role: "r_ogla-eval-t0_dml", db: "ogla-eval-t0" }]);
db.grantRolesToUser("devsup",[{ role: "r_ogla-eval-t0_qry", db: "ogla-eval-t0" }]);
db.grantRolesToUser("itopr",[{ role: "r_ogla-eval-t0_qry", db: "ogla-eval-t0" }]);
-------------------------------------------------------------------------------------------------
use basedata
db.createUser({user:"ogla",pwd:"xxxoooooo",roles:[{role:"dbOwner",db:"basedata"}]});
db.createRole({role:"r_basedata_dml",
privileges:[
{resource:{db:"basedata",collection:""},actions:["find"]},
{resource:{db:"basedata",collection:"system.indexes"},actions:["find"]},
{resource:{db:"basedata",collection:"system.namespaces"},actions:["find"]},
{resource:{db:"basedata",collection:"system.js"},actions:["find"]},
{resource:{db:"basedata",collection:""},actions:["changeOwnPassword"]}
],
roles:[{role:"readWrite",db:"basedata"}]});
db.createRole({role:"r_basedata_qry",
privileges:[
{resource:{db:"basedata",collection:""},actions:["find"]},
{resource:{db:"basedata",collection:"system.indexes"},actions:["find"]},
{resource:{db:"basedata",collection:"system.namespaces"},actions:["find"]},
{resource:{db:"basedata",collection:"system.js"},actions:["find"]},
{resource:{db:"basedata",collection:""},actions:["changeOwnPassword"]}
],
roles:[{role:"read",db:"basedata"}]});
use admin
db.grantRolesToUser("ogla_opr",[{ role: "r_basedata_dml", db: "basedata" }]);
db.grantRolesToUser("devsup",[{ role: "r_basedata_qry", db: "basedata" }]);
db.grantRolesToUser("itopr",[{ role: "r_basedata_qry", db: "basedata" }]);
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
