mongodb叢集搭建及配置安全認證
1.叢集規劃
資料節點1: 192.168.81.95 埠:27017
資料節點2: 192.168.81.96 埠:27017
仲裁節點: 192.168.81.100 埠:27017
2.配置檔案(/etc/mongod.conf)
##資料節點1: 192.168.81.95
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: true
dbPath: /home/aspire/apps/mongodb/data
setParameter:
enableLocalhostAuthBypass: false
replication:
replSetName: rspoint
processManagement:
fork: true
security:
authorization: enabled
keyFile: "/home/aspire/apps/mongodb/data/security/mongodb-keyfile"
#------------------------------------------------------
##資料節點2: 192.168.81.96
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: true
dbPath: /home/aspire/apps/mongodb/data
setParameter:
enableLocalhostAuthBypass: false
replication:
replSetName: rspoint
processManagement:
fork: true
security:
authorization: enabled
keyFile: "/home/aspire/apps/mongodb/data/security/mongodb-keyfile"
#------------------------------------------------------
##仲裁節點: 192.168.81.100
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: false
dbPath: /home/aspire/apps/mongodb/data
processManagement:
fork: true
setParameter:
enableLocalhostAuthBypass: false
replication:
replSetName: rspoint
security:
authorization: enabled
keyFile: "/home/aspire/apps/mongodb/data/security/mongodb-keyfile"
3.建立相關目錄並授權
#root使用者建立日誌目錄:
mkdir /var/log/mongodb/
chown -R aspire:aspire /var/log/mongodb/
#aspire使用者建立資料目錄
mkdir -p /home/aspire/apps/mongodb/data
4.分別依次啟動三個節點
mongod --config /etc/mongod.conf
5.連線到節點1,初始化叢集
mongo
rs.initiate()
> rs.initiate()
{
"info2" : "no configuration specified. Using a default configuration for the set",
"me" : "BJ-YZ-103R-81-96:27017",
"ok" : 1
}
6.檢視叢集配置
rs.conf()
rspoint:OTHER> rs.conf()
{
"_id" : "rspoint",
"version" : 1,
"protocolVersion" : NumberLong(1),
"members" : [
{
"_id" : 0,
"host" : "BJ-YZ-103R-81-96:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
}
],
"settings" : {
"chainingAllowed" : true,
"heartbeatIntervalMillis" : 2000,
"heartbeatTimeoutSecs" : 10,
"electionTimeoutMillis" : 10000,
"getLastErrorModes" : {
},
"getLastErrorDefaults" : {
"w" : 1,
"wtimeout" : 0
}
}
}
7.將另外兩個節點加入到叢集
rs.add("BJ-YZ-103R-81-96")
rs.addArb("BJ-YZ-103R-81-100")
8.檢查叢集狀態
rs.status()
9.建立使用者
先把配置檔案中security部分去掉,並重啟
--建立管理使用者
use admin
db.createUser(
{
user: "root",
pwd: "root",
roles: [ { role: "root", db: "admin" } ]
}
)
mongo -u "admin" -p "ptadmin" --authenticationDatabase "admin"
mongo -u "root" -p "root" --authenticationDatabase "admin"
--建立應用使用者
use point
db.createUser(
{
user: "point",
pwd: "point",
roles: [
{ role: "read", db: "point" },
{ role: "readWrite", db: "point" }
]
}
)
mongo -u "test" -p "test" --authenticationDatabase "test" 192.168.81.95:27017
mongo -u "point" -p "point" --authenticationDatabase "point" 192.168.81.95:27017
10.叢集間安全認證
--建立keyfile
openssl rand -base64 741 > /home/aspire/apps/mongodb/data/security/mongodb-keyfile
chmod 600 /home/aspire/apps/mongodb/data/security/mongodb-keyfile
將mongodb-keyfile上傳到另外兩個節點相同目錄下,重啟
11.python連線mongodb測試
from pymongo import MongoClient
client = MongoClient('192.168.81.95',27017)
db = client.point
db.authenticate('point', 'point', source='point')
collection = db.alerts
for i in range(10000):
collection.insert({"foo":"bar","baz":i,"z":10 - i})
資料節點1: 192.168.81.95 埠:27017
資料節點2: 192.168.81.96 埠:27017
仲裁節點: 192.168.81.100 埠:27017
2.配置檔案(/etc/mongod.conf)
##資料節點1: 192.168.81.95
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: true
dbPath: /home/aspire/apps/mongodb/data
setParameter:
enableLocalhostAuthBypass: false
replication:
replSetName: rspoint
processManagement:
fork: true
security:
authorization: enabled
keyFile: "/home/aspire/apps/mongodb/data/security/mongodb-keyfile"
#------------------------------------------------------
##資料節點2: 192.168.81.96
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: true
dbPath: /home/aspire/apps/mongodb/data
setParameter:
enableLocalhostAuthBypass: false
replication:
replSetName: rspoint
processManagement:
fork: true
security:
authorization: enabled
keyFile: "/home/aspire/apps/mongodb/data/security/mongodb-keyfile"
#------------------------------------------------------
##仲裁節點: 192.168.81.100
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: false
dbPath: /home/aspire/apps/mongodb/data
processManagement:
fork: true
setParameter:
enableLocalhostAuthBypass: false
replication:
replSetName: rspoint
security:
authorization: enabled
keyFile: "/home/aspire/apps/mongodb/data/security/mongodb-keyfile"
3.建立相關目錄並授權
#root使用者建立日誌目錄:
mkdir /var/log/mongodb/
chown -R aspire:aspire /var/log/mongodb/
#aspire使用者建立資料目錄
mkdir -p /home/aspire/apps/mongodb/data
4.分別依次啟動三個節點
mongod --config /etc/mongod.conf
5.連線到節點1,初始化叢集
mongo
rs.initiate()
> rs.initiate()
{
"info2" : "no configuration specified. Using a default configuration for the set",
"me" : "BJ-YZ-103R-81-96:27017",
"ok" : 1
}
6.檢視叢集配置
rs.conf()
rspoint:OTHER> rs.conf()
{
"_id" : "rspoint",
"version" : 1,
"protocolVersion" : NumberLong(1),
"members" : [
{
"_id" : 0,
"host" : "BJ-YZ-103R-81-96:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
}
],
"settings" : {
"chainingAllowed" : true,
"heartbeatIntervalMillis" : 2000,
"heartbeatTimeoutSecs" : 10,
"electionTimeoutMillis" : 10000,
"getLastErrorModes" : {
},
"getLastErrorDefaults" : {
"w" : 1,
"wtimeout" : 0
}
}
}
7.將另外兩個節點加入到叢集
rs.add("BJ-YZ-103R-81-96")
rs.addArb("BJ-YZ-103R-81-100")
8.檢查叢集狀態
rs.status()
9.建立使用者
先把配置檔案中security部分去掉,並重啟
--建立管理使用者
use admin
db.createUser(
{
user: "root",
pwd: "root",
roles: [ { role: "root", db: "admin" } ]
}
)
mongo -u "admin" -p "ptadmin" --authenticationDatabase "admin"
mongo -u "root" -p "root" --authenticationDatabase "admin"
--建立應用使用者
use point
db.createUser(
{
user: "point",
pwd: "point",
roles: [
{ role: "read", db: "point" },
{ role: "readWrite", db: "point" }
]
}
)
mongo -u "test" -p "test" --authenticationDatabase "test" 192.168.81.95:27017
mongo -u "point" -p "point" --authenticationDatabase "point" 192.168.81.95:27017
10.叢集間安全認證
--建立keyfile
openssl rand -base64 741 > /home/aspire/apps/mongodb/data/security/mongodb-keyfile
chmod 600 /home/aspire/apps/mongodb/data/security/mongodb-keyfile
將mongodb-keyfile上傳到另外兩個節點相同目錄下,重啟
11.python連線mongodb測試
from pymongo import MongoClient
client = MongoClient('192.168.81.95',27017)
db = client.point
db.authenticate('point', 'point', source='point')
collection = db.alerts
for i in range(10000):
collection.insert({"foo":"bar","baz":i,"z":10 - i})
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/10972173/viewspace-1990721/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 搭建高可用MongoDB叢集(一):配置MongoDBMongoDB
- MongoDB 分片叢集搭建MongoDB
- Docker 搭建叢集 MongoDBDockerMongoDB
- 搭建MongoDB分片叢集MongoDB
- MongoDB高可用叢集搭建MongoDB
- 【Mongodb】Sharding 叢集配置MongoDB
- Hadoop叢集機器的SSH認證配置Hadoop
- zookeeper叢集及kafka叢集搭建Kafka
- Mongodb叢集搭建一篇就夠了-複製集、分片、帶認證、不帶認證等(帶詳細步驟說明)MongoDB
- 使用副本集搭建MongoDB叢集MongoDB
- mongodb 3.4 叢集搭建升級版 五臺叢集MongoDB
- Redis操作及叢集搭建以及高可用配置Redis
- MongoDB Sharding(二) -- 搭建分片叢集MongoDB
- 搭建高可用MongoDB叢集(四):分片MongoDB
- Elasticsearch叢集搭建教程及生產環境配置Elasticsearch
- MongoDB 4.2分片叢集搭建及與3.4分片叢集搭建時的一些異同MongoDB
- 在滴滴雲上搭建 MongoDB 叢集 (一):MongoDB
- mongodb叢集shard_replica的搭建方法MongoDB
- 搭建高可用MongoDB叢集(二): 副本集MongoDB
- 網路身份認證——Kerberos配置及認證ROS
- Elastic認證叢集環境準備AST
- linux下Mongodb叢集搭建:分片+副本集LinuxMongoDB
- .NET Core+MongoDB叢集搭建與實戰MongoDB
- 【MongoDB】分片(sharding)+副本集(replSet)叢集搭建MongoDB
- MongoDB 3.2.7 基於keyFile的認證在副本集+叢集分片中的使用MongoDB
- MongoDB叢集同步MongoDB
- Kubernetes-3.3:ETCD叢集搭建及使用(https認證+資料備份恢復)HTTP
- 搭建 MongoDB分片(sharding) / 分割槽 / 叢集環境MongoDB
- Docker 容器搭建及 Redis 叢集原理DockerRedis
- Redis 叢集搭建及使用Golang示例RedisGolang
- Es叢集搭建,及常用外掛
- mongodb複製集(replica set)搭建及管理MongoDB
- 搭建zookeeper叢集(偽叢集)
- mongodb副本叢集和分片叢集佈署MongoDB
- Mysql叢集/solr/mongoDBMySqlSolrMongoDB
- MongoDB叢集之分片MongoDB
- redis原理及叢集主從配置Redis
- Quartz叢集原理及配置應用quartz