点击上方蓝字 
关注大侠之运维
后台回复99.99% 获取运维干货物
简单介绍下背景:
近期公司在做系统迁移,之前有个系统是研发自己管理的,所有的中间件都是单点,而且没有开启认证,存在很大的风险隐患,趁着这次迁移,将相关中间件进行了重新部署。
今天先做的是mongodb集群的搭建,mongodb集群有三种模式,一种是主从模式、一种是副本集模式,还有一种和分片集群,本文介绍的是副本集模式。
♦️
准备工作
服务器准备:
序号 | IP | 角色 | 架构模式 |
1 | 172.168.5.26 | SECONDARY | Replica Set |
2 | 172.168.5.27 | SECONDARY | Replica Set |
| 3 | 172.168.5.28 | PRIMARY | Replica Set |
具体角色是根据实际部署完后集群间确定的
安装包准备,三台同步,不同版本根据需要调整:
wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel62-4.0.8.tgz
或者到官方网址中寻找:
https://www.mongodb.com/try/download/community
♦️
集群部署
解压部署包:
tar -xvf mongodb-linux-x86_64-rhel62-4.0.3.tgz -C datacd /datamv mongodb-linux-x86_64-rhel62-4.0.3 mongodb
新建数据目录、配置目录
mkdir -p data/mongodb/data/{db,log}mkdir -p data/mongodb/conf
初始化配置文件
vim data/mongosb/conf/mongodb.conf
dbpath=/data/mongodb/data/dblogpath=/data/mongodb/data/log/mongodb.logpidfilepath=/data/mongodb/mongo.pidlogappend=trueport=23017bind_ip=0.0.0.0fork=truedirectoryperdb=truereplSet=myset
启动mongo服务,三台执行
cd /data/mongodb/bin./mongod --config data/mongodb/conf/mongodb.conf
配置主从设置,其中一个节点执行
./mongo 172.168.5.26:23017
use adminrs
cfg = {_id: "myset",members:[{_id: 0,host: '172.168.5.26:23017',priority: 3},{_id: 1,host: '172.168.5.28:23017',priority: 2},{_id: 2,host: '172.168.5.27:23017',priority: 1}]};
rs.initiate(cfg)
rs.status()
如下结果
myset:PRIMARY> rs.status(){"set" : "myset","date" : ISODate("2022-10-10T12:03:23.256Z"),"myState" : 1,"term" : NumberLong(8),"syncingTo" : "","syncSourceHost" : "","syncSourceId" : -1,"heartbeatIntervalMillis" : NumberLong(2000),"optimes" : {"lastCommittedOpTime" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)},"readConcernMajorityOpTime" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)},"appliedOpTime" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)},"durableOpTime" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)}},"lastStableCheckpointTimestamp" : Timestamp(1665403384, 1),"members" : [{"_id" : 0,"name" : "172.168.5.26:23017","health" : 1,"state" : 1,"stateStr" : "PRIMARY","uptime" : 1393,"optime" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)},"optimeDate" : ISODate("2022-10-10T12:03:14Z"),"syncingTo" : "","syncSourceHost" : "","syncSourceId" : -1,"infoMessage" : "","electionTime" : Timestamp(1665402022, 1),"electionDate" : ISODate("2022-10-10T11:40:22Z"),"configVersion" : 1,"self" : true,"lastHeartbeatMessage" : ""},{"_id" : 1,"name" : "172.168.5.27:23017","health" : 1,"state" : 2,"stateStr" : "SECONDARY","uptime" : 1392,"optime" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)},"optimeDurable" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)},"optimeDate" : ISODate("2022-10-10T12:03:14Z"),"optimeDurableDate" : ISODate("2022-10-10T12:03:14Z"),"lastHeartbeat" : ISODate("2022-10-10T12:03:22.636Z"),"lastHeartbeatRecv" : ISODate("2022-10-10T12:03:22.570Z"),"pingMs" : NumberLong(0),"lastHeartbeatMessage" : "","syncingTo" : "172.16.52.30:24017","syncSourceHost" : "172.16.52.30:24017","syncSourceId" : 2,"infoMessage" : "","configVersion" : 1},{"_id" : 2,"name" : "172.168.5.28:23017","health" : 1,"state" : 2,"stateStr" : "SECONDARY","uptime" : 1392,"optime" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)},"optimeDurable" : {"ts" : Timestamp(1665403394, 1),"t" : NumberLong(8)},"optimeDate" : ISODate("2022-10-10T12:03:14Z"),"optimeDurableDate" : ISODate("2022-10-10T12:03:14Z"),"lastHeartbeat" : ISODate("2022-10-10T12:03:22.627Z"),"lastHeartbeatRecv" : ISODate("2022-10-10T12:03:22.793Z"),"pingMs" : NumberLong(0),"lastHeartbeatMessage" : "","syncingTo" : "172.16.52.22:24017","syncSourceHost" : "172.16.52.22:24017","syncSourceId" : 0,"infoMessage" : "","configVersion" : 1}],"ok" : 1,"operationTime" : Timestamp(1665403394, 1),"$clusterTime" : {"clusterTime" : Timestamp(1665403394, 1),"signature" : {"hash" : BinData(0,"C3Oa+jLMS7aIOE2cDbvt6+hEInw="),"keyId" : NumberLong("7152819770046283777")}}}
♦️
开启认证
添加用户
use admindb.createUser({user:"root",pwd:"mongo&prd",roles:["root"]})use scywdb.createUser({user: "yw", pwd: "ywprd", roles: ["readWrite"]})
生成key文件
openssl rand -base64 90 -out ./mongo.keyfilechmod 400 ./mongo.keyfile
同步上述文件到三台
配置文件调整,添加如下行
keyFile=/data/mongodb/mongo.keyfileauth=true
重启三个mongo实例
验证,可以看到没有认证是会报错的
myset:PRIMARY> db.system.users.find()Error: error: {"operationTime" : Timestamp(1665405804, 1),"ok" : 0,"errmsg" : "command find requires authentication","code" : 13,"codeName" : "Unauthorized","$clusterTime" : {"clusterTime" : Timestamp(1665405804, 1),"signature" : {"hash" : BinData(0,"qJB/hKg54xFEGj0O9gben+ZR80g="),"keyId" : NumberLong("7152819770046283777")}}}
需要 db.auth('root','mongo&prd')
👆点击查看更多内容👆
推荐阅读
记得星标记一下,下次更容易找到我
文章转载自大侠之运维,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
