Mongodb主从复制开启安全认证

2.1.1部署mongodb主从实例：

Mongodb-master实例

环境：mongodb-master 配置文件先注释掉验证参数：#auth = true

启动mongodb-master 然后设置admin库登陆账户和密码：

[root@localhost logs]# mongo127.0.0.1:27017

MongoDB shell version: 3.0.5

connecting to: 127.0.0.1:27017/test

> use admin;

switched to db admin

> db.createUser( 

...   { 

...     user:"root", 

...     pwd:"Zytest6699", 

...    roles: [ { role: "root", db: "admin" } ] 

...   } 

... ) 

Successfully added user: {

         "user": "root",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

>db.auth("root","Zytest6699")

1

> show users;

{

         "_id": "admin.root",

         "user": "root",

         "db": "admin",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

到此处开启mongodb-master 配置文件的认证登陆参数：

auth = true

重启mongodb-master服务

登陆mongodb-master在admin库下创建另外一个admin数据库的管理账户：

[root@localhost ~]# mongo 127.0.0.1:27017

MongoDB shell version: 3.0.5

connecting to: 127.0.0.1:27017/test

> use admin;

switched to db admin

>db.auth("root","Zytest6699")

1

> show users;

{

         "_id": "admin.root",

         "user": "root",

         "db": "admin",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

> db.createUser( 

...   { 

...     user:"ZyDBA", 

...     pwd:"Zytest6699", 

...    roles: [ { role: "root", db: "admin" } ] 

...   } 

... ) 

Successfully added user: {

         "user": "ZyDBA",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

> shou users;

2017-09-10T09:36:18.511+0800 E QUERY    SyntaxError: Unexpected identifier

> show users;

{

         "_id": "admin.root",

         "user": "root",

         "db": "admin",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

{

         "_id": "admin.ZyDBA",

         "user": "ZyDBA",

         "db": "admin",

         "roles": [

                   {

                            "role": "root",

                            "db": "admin"

                   }

         ]

}

Mongod-slave从实例

启动mongodb-slave实例：

[root@localhost mongodb-slave]#/etc/init.d/mongod1 start

Starting MongoDB Server...

[root@localhost mongodb-slave]# about tofork child process, waiting until server is ready for connections.

forked process: 1896

child process started successfully, parentexiting

[root@localhost mongodb-slave]# ss-lntup|grep mongo

tcp   LISTEN     0      128                    *:27017                 *:*      users:(("mongod",1709,6))

tcp   LISTEN     0      128                    *:27018                 *:*      users:(("mongod",1896,6))

查看mongodb-slave实例的日志文件：

[root@localhost logs]# tailf/data/mongodb-slave/logs/mongodb.log

2017-09-10T09:55:44.007+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:55:54.008+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:04.008+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:14.008+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:24.008+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:34.009+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:44.009+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:54.009+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:57:04.009+0800 I REPL     [replslave] repl: syncing fromhost:127.0.0.1:27017

提示从库已经开始同步。

2.1.2验证主从复制配置结果

安装mongodb 的windows客户端登陆软件来验证操作主从是否配置成功

Robomongo 0.9.0-RC9

主库验证：

2.1.3相关的配置文件以及认证文件

单台服务器开启mongodb多实例，以及配置验证主从复制

Mongodb主库配置文件

[root@localhost ~]# cat/usr/local/mongodb/mongod.cnf

logpath=/data/mongodb-master/logs/mongodb.log

logappend = true

#fork and run in background

fork = true

port = 27017

dbpath=/data/mongodb-master/data

#location of pidfile

pidfilepath=/data/mongodb-master/mongod.pid

auth = true

keyFile = /tmp/mongo-keyfile

master = true

mongodb从库配置文件：

[root@localhost ~]# cat/usr/local/mongodb/mongod1.cnf

logpath=/data/mongodb-slave/logs/mongodb.log

logappend = true

#fork and run in background

fork = true

port = 27018

dbpath=/data/mongodb-slave/data

#location of pidfile

pidfilepath=/data/mongodb-svale/mongod.pid

slave = true

source = 127.0.0.1:27017

auth = true

keyFile = /tmp/mongo-keyfile

#only = test001

#only = test002

开启主从复制验证:

随机生成keyFile或者手动写入,key的长度必须是6-1024的base64字符，unix必须相同组权限，windows下不需要

openssl rand -base64 1024>/tmp/mongo-keyfile

启动mongodb-master:

[root@localhost ~]# /etc/init.d/mongodstart

Starting MongoDB Server...

[root@localhost ~]# about to fork childprocess, waiting until server is ready for connections.

forked process: 1287

child process started successfully, parentexiting

[root@localhost data]# ls/data/mongodb-master/data/

journal local.1   local.11  local.13 local.15  local.17  local.3 local.5  local.7  local.9  mongod.lock   _tmp

local.0 local.10  local.12  local.14 local.16  local.2   local.4 local.6  local.8  local.ns storage.bson

mongodb初始化数据库的大data文件特别的大，原因是：

oplog默认的大小是5%点数据库分区挂载点/data的大小，就导致了local数据库过大的问题

[root@localhost data]# du -sh/data/mongodb-master/data/

35G  /data/mongodb-master/data/

 本文转自 wjw555 51CTO博客，原文链接:http://blog.51cto.com/wujianwei/1964080