### 开启auth认证的mongodb的复制集
### 注意点
- 服务器节点之前时间要同步
- 开启防火墙的一定要允许通过
- 开启selinux的也要进行设置
- 建立双击互信模式最好不过
### 提前要做的事情
-
生产高端大气上档次的keyFile文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@redis journal]# openssl rand -base64 753
3LC/EZGPOLXdVBQInqeKVglqNNWo2Et93ib51BQJZRAUB2gRUovi4b6ZkAeNAQxc
vu3UEOLWA9IyWvHy6g3rAQ8lAWqVX+dIJ52Lf5EKiUp9uTwqlzGd6FKgtheN6hNL
HV1YhwdzHLN7itmUgcTSe5qCSNJJijQh+OtKipkPH3laE+UxvC4rafPqNtzcBBjU
7P2GOAq7zyHqT68IBysNzcdribb9qVQ35Q+kFG3sB4ne26pgk2qjnUYAK2r42BLm
ec6VfKw0LnemJsSCB1d2M+5fLMvBe8w59lOL7/n8IHeeT4jiTmFhrWcgyTATK7D3
16Zbf8DJOkHobfnW7v0eUJINAS7BrVLjItSR51qQ4nqQAQpWd5DyNCsycDcNIzQj
u9pGO2OzBiroOlo/tz/tLjS8jPHaa7GamOI+L+OF1sn9ytpSq0T0BswItbaNIFjr
g97Nj6iwL86zblDY1U2380qBqKZdBP/yZdYi9Mj05328PdjPvF32vPt3wAHmkxTW
zHXMELO6AO4q4LxTPUbIGuLzbeGoLF/ZZia5ndXWzJxVaLNUxxdzrCtcoCXvfwXw
NXiN6Gg2Ep/IwkVZtNILtmbUZG51q45bb7afvS7p27P89WTk0TZ4rWNdnpNNJ1ry
Nwz8jMUFe9DdAY50KYUqYiIEDFltICYycnXwtmKYTpaun/6gXLKKp6PwHtfdid1t
v6dkv1FHB0fU0bReOBTTSfaFkwbdKcxHcLV2p6xiFdRKLMGDrgCQNXlJN0SaUUgP
U55DrScsWT3A6Pzx2Ga6yl/xnGaJpXBHb+g2gWFhSL64oo58KB4e1TQT5z/pkI0Y
Ow+GLv8m82K2epU7hpTB6ks0PZcalGlGPy4OBxu7tNQqJIY/pLa60Gtqbs5KBCIX
p7MV9JxCnOML68JU3ZKqlZUIkZeNSLpFXbnHNsuRtXWRuARdb3WM6BxsNS6uOfjA
/iYa0dsUtz5w8z6CQOEJ0bPo5GjpA95WSjXnwiCY8Hvf
[root@redis journal]#
|
-
- 把生产的key复制到/usr/local/mongodb/key
-
- 设置key文件的权限为600
-
- 修改key文件的属主属组
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@redis mongodb]# ll
total 72
drwxr-xr-x 2 mongodb mongodb 4096 Jul 19 12:58 bin
-rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0
-rw-r--r-- 1 root root 1020 Jul 21 08:26 key
-rw-r--r-- 1 mongodb mongodb 5 Jul 21 07:54 mongo.pid
-rw-r--r-- 1 mongodb mongodb 1359 Jun 19 22:41 README
-rw-r--r-- 1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES
[root@redis mongodb]# chmod 600 key
[root@redis mongodb]# ll
total 72
drwxr-xr-x 2 mongodb mongodb 4096 Jul 19 12:58 bin
-rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0
-rw------- 1
mongodb mongodb
1020 Jul 21 08:26 key
-rw-r--r-- 1 mongodb mongodb 5 Jul 21 07:54 mongo.pid
-rw-r--r-- 1 mongodb mongodb 1359 Jun 19 22:41 README
-rw-r--r-- 1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES
[root@redis mongodb]#
|
### 把key文件复制到另外一个节点上去
-
- 注意属组属主
-
- 创建一个全局账户
|
1
2
3
4
5
6
7
8
9
10
11
|
>
> show dbs
admin (empty)
local 1.078GB
test (empty)
> use admin
switched to db admin
> db.addUser("zhuima","zhuima")
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' instead
Successfully added user: { "user" : "zhuima", "roles" : [ "root" ] }
>
|
### 主服务器配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@redis mongodb]# sed -e '/^$/d;/^#/d' /etc/mongod.conf
port=27017
dbpath=/mongo/data/mongodb_data/
logpath=/mongo/data/mongodb_log/mongodb.log
pidfilepath=/usr/local/mongodb/mongo.pid
fork=true
logappend=true
shardsvr=true
directoryperdb=true
replSet=zhuima
keyFile=/usr/local/mongodb/key
bind_ip=192.168.58.30
|
### 从服务器上配置文件
|
1
2
3
4
5
6
7
8
9
10
|
[root@mongo1 data]# vim /etc/mongod.conf
[root@mongo1 data]# sed -e '/^$/d;/^#/d' /etc/mongod.conf
logpath=/var/log/mongodb/mongod.log
logappend=true
fork=true
dbpath=/mongo/data
pidfilepath=/var/run/mongodb/mongod.pid
bind_ip=192.168.58.10
replSet = zhuima
keyFile = /mongo/data/key
|
### 重启mongodb服务观察结果
-
- 初始化副本集
|
1
|
> rs.initiate()
|
-
- 由下面的可以看出,keyFile默认就包含了开启auth功能
|
1
2
3
4
5
6
7
|
zhuima:SECONDARY> show dbs
2014-07-21T08:52:44.617+0200 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
zhuima:SECONDARY>
|
### 验证信息
-
- 主节点上
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
zhuima:PRIMARY> show dbs
admin 0.078GB
local 1.078GB
zhuima:PRIMARY> use zhuima
switched to db zhuima
zhuima:PRIMARY> info = {Name:"zhuima",Age:26,Gender:"F",Address:"Beijing China"}
{
"Name" : "zhuima",
"Age" : 26,
"Gender" : "F",
"Address" : "Beijing China"
}
zhuima:PRIMARY> db.person.insert(info)
WriteResult({ "nInserted" : 1 })
zhuima:PRIMARY> db.person.find()
{ "_id" : ObjectId("53ccb955f09dbb6f5a213faf"), "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China" }
zhuima:PRIMARY>
|
-
- 从节点上
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
zhuima:SECONDARY> show dbs
admin 0.078GB
local 1.078GB
zhuima 0.078GB
zhuima:SECONDARY> use zhuima
switched to db zhuima
zhuima:SECONDARY> show collections
2014-07-21T08:55:40.267+0200 error: { "$err" : "not master and slaveOk=false", "code" : 13435 } at src/mongo/shell/query.js:131
zhuima:SECONDARY> rs.slaveOk()
zhuima:SECONDARY> rs.slaveOk()
zhuima:SECONDARY> show collections
person
system.indexes
zhuima:SECONDARY> db.person.find()
{ "_id" : ObjectId("53ccb955f09dbb6f5a213faf"), "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China" }
zhuima:SECONDARY>
|
### 关于mongodb 复制集 + auth的配置要感谢灿哥的指点
### 后记:
-
生产环境中虽说mongdb不对外服务,但是加上auth认证总归是有好处的
-
还记得曾经被乌云爆过的痛么~
-
后续博客将会讲诉索引记忆分片操作
本文转自lovelace521 51CTO博客,原文链接:http://blog.51cto.com/lovelace/1441047,如需转载请自行联系原作者
