一、试验环境及准备
本次实验用了三台centos7服务器,详情如下表:
| 主机 | 角色 | 系统 |
|---|---|---|
| 10.0.0.101 | PRIMARY | centos7 |
| 10.0.0.102 | SECONDARY | centos7 |
| 10.0.0.103 | SECONDARY | centos7 |
下载安装包
下载地址:https://www.mongodb.com/download-center/v2/community
二、搭建步骤
1、上传、解压包
[root@test101 ~]# tar xf mongodb-linux-x86_64-4.0.2.tgz
[root@test101 ~]# ll
总用量 69364
-rw-------. 1 root root 1502 12月 14 2017 anaconda-ks.cfg
drwxr-xr-x. 3 root root 120 10月 9 10:18 mongodb-linux-x86_64-4.0.2
-rw-r--r--. 1 root root 71023715 10月 9 10:12 mongodb-linux-x86_64-4.0.2.tgz
[root@test101 ~]# mv mongodb-linux-x86_64-4.0.2 /usr/local/mongodb
2、配置环境变量
在/etc/profile文件末尾加入mongo的环境变量:
[root@test101 local]# echo "export PATH=/usr/local/mongodb/bin:\$PATH" >>/etc/profile
[root@test101 local]# source /etc/profile
3、编写配置文件
注意:/etc/mongodb/mongo.conf的路径和文件都是不存在的,需要自己创建
[root@test101 bin]# mkdir /etc/mongodb
[root@test101 bin]# cat /etc/mongodb/mongo.conf #这里只配置了一些基本的配置
net:
port: 27017 #用的默认端口27017
bindIp: 0.0.0.0 #这里默认的是127.0.0.1,如果不配置成0.0.0.0,在后面做副本集的时候会失败
systemLog:
destination: file
path: "/opt/mongodbdata/mongod.log"
logAppend: true
storage:
journal:
enabled: true
dbPath: /opt/mongodbdata
setParameter:
enableLocalhostAuthBypass: true
processManagement:
fork: true
pidFilePath: "/opt/mongodbdata/mongod.pid"
[root@test101 bin]#
4、创建配置文件目录
[root@test101 bin]# mkdir /opt/mongodbdata
5、启动服务
[root@test101 ~]# /usr/local/mongodb/bin/mongod -f /etc/mongodb/mongo.conf
about to fork child process, waiting until server is ready for connections.
forked process: 4390
child process started successfully, parent exiting
[root@test101 ~]# netstat -tlunp|grep 27017
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 4390/mongod
[root@test101 ~]#
6、创建管理员用户和权限
登录进去MongoDB,执行下面三条命令即可
> use admin; #切换到admin数据库
> db.createRole({role:'sysadmin',roles:[],privileges:[{resource:{anyResource:true},actions:['anyAction']}]}); #创建一个超级管理员的角色,并赋予相应的权限
> db.createUser({user:'root',pwd:'root',roles:[{role:'sysadmin',db:'admin'}]}); #创建一个超级管理员账号,并赋予上面的超级管理员角色和权限 ,pwd自定义
具体操作:
[root@test101 local]# mongo #无密码登录
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
Server has startup warnings:
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
> show dbs;
admin 0.000GB
config 0.000GB
local 0.000GB
> use admin #切换到admin数据库
switched to db admin
> db.createRole({role:'sysadmin',roles:[],privileges:[{resource:{anyResource:true},actions:['anyAction']}]}); #创建一个超级管理员的角色,并赋予相应的权限
{
"role" : "sysadmin",
"roles" : [ ],
"privileges" : [
{
"resource" : {
"anyResource" : true
},
"actions" : [
"anyAction"
]
}
]
}
> db.createUser({ #创建一个超级管理员账号,并赋予上面的超级管理员角色和权限
... ... ... ...
... ... ... ... user:'root',
... ... ... ...
... ... ... ... pwd:'root',
... ... ... ...
... ... ... ... roles:[
... ... ... ...
... ... ... ... {role:'sysadmin',db:'admin'}
... ... ... ...
... ... ... ... ]});
Successfully added user: {
"user" : "root",
"roles" : [
{
"role" : "sysadmin",
"db" : "admin"
}
]
}
> exit
bye
退出后用新的超级管理员账号登录:
[root@test101 mongodb]# mongo -u"root" -p"root" --authenticationDatabase "admin"
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
Server has startup warnings:
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
> show dbs;
admin 0.000GB
config 0.000GB
local 0.000GB
以上步骤在三台主机上都要执行。
7、生成集群之间的安全认证机制KeyFile
在PRIMARY主机10.0.0.101机器上生成的KeyFile
[root@test101 local]# openssl rand -base64 745 >>/etc/mongodb/mongodb-keyfile
[root@test101 local]# cat /etc/mongodb/mongodb-keyfile
SgbDaERMIChd3MbuQ6WN7LJ7gI5FhOUI8D/uLxSHsH3buTDA0qjwcO1fP9/jRNkI
H+soQ/F/X7IUOnG238UjtO263/SwWebGMGd09u0VbyQwI1splmr+xeR3YDFWD0rw
stmDGcz6m/2ABfYTtKh/hIjZE5Yc1NSEWFmPNrhVbWsgD0BSI9CUr9JYTTnc1tl7
gycp9SsoPuoGLlPhnB8TG7Pu0rmNTuWq5DJnCG4fDClvkDJnlnDW59KDmfrLwnO3
ccLmb/+5OQNi1SGRsrdR3I8y2LE/lR6cK4cKX3GtiQB+BR3+BYdYCNVXpWC4Fw6z
xViVMKdPM4QIF99D+RLbwc16L9FQtlKy4NyHP5XyDmeMvfVDL5RIk8YVogZ3Y5Zr
1jgF2HxTEsxQ4TEZ2KUKA/gWZnTypXZ83Zso0XRk+n0pBSkwiG96Sk6fS9FiWwhp
v4Z80w1HS2L+dg8Qe3d1U+bl1Ro4Nj+sjxmXCFigJFRI4n40N+TCWHYJHx0l3BWm
3q2YyETol0+OrjIU71nFsGtUnP0seXa1HJsCtYCR7QFDf6uAE2u7JQD9Okram3In
crH/tuvdnq8Fi3FVsXxgoIMZhuYNr4kOLIszHQcv5Z/F1D+JmdD+yUvEzx+S7Npp
RZiXKz+kVKY1SFpDoMXZ7kv5oC+K5Ag3ZFPU+8SDh99dZCfq2z5TW+XiQTWB4Wh0
XlTae7IE15ILdLPpy+GQ9rtC4rlRmkdC9lNb6bOuYw3CbN0ANjVed1tenOEsBJ7Y
DFIeWNdnze5H38t2m2BrXpMbXLIZ3n4Ze/89th+UQnlP2ij0FMWFnMIxa6Dq3wqL
aEWvOXukbMbAw/vZZU5Ad2JmtBmClf6vP59fetz1wPCZFBqTF+NiNWEmlzuBEJwy
YBDzjWUiLODdopKugzZ+hxsSieYIZYzMg1CO9gAL2572mvOcPrUIWekC+gqWaZE7
wBQ5f3HmRAnHY4Wa/MYuEDCMrNtqNNy5hg==
[root@test101 local]#
将10.0.0.101主机生成的mongodb-keyfile拷贝到另外两台SECONDARY机器上的/etc/mongodb/目录下,三台主机的mongodb-keyfile文件权限都改成400
8、修改三台主机的配置文件
修改三台主机的/etc/mongodb/mongo.conf,并将三台主机的MongoDB服务分别重启
[root@test101 mongodb]# cat /etc/mongodb/mongo.conf
net:
port: 27017
bindIp: 0.0.0.0
systemLog:
destination: file
path: "/opt/mongodbdata/mongod.log"
logAppend: true
storage:
journal:
enabled: true
dbPath: /opt/mongodbdata
setParameter:
enableLocalhostAuthBypass: true
processManagement:
fork: true
pidFilePath: "/opt/mongodbdata/mongod.pid"
#加入下面的几行内容:
replication:
replSetName: CrystalTest #replSetName自定义
security:
authorization: enabled
keyFile: "/etc/mongodb/mongodb-keyfile" #步骤7生成的安全认证机制KeyFile
[root@test101 mongodb]#
9、初始化副本集
在初始化集群的时候,可以在所有机器上改好配置文件,并重启服务之后,一次性完成。也可以先初始化PRIMARY,然后再把SECONDARY主机一台一台加进去: 方法1——一次性初始化完成
> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"},{_id:1,host:"10.0.0.102:27017"},{_id:2,host:"10.0.0.103:27017"}] };
> rs.initiate(config);
方法2——先初始化PRIMARY再加入SECONDARY: 先在PRIMARY上做如下两步操作:
> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"}]};
> rs.initiate(config);
具体操作:
> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"}]};
{
"_id" : "CrystalTest",
"members" : [
{
"_id" : 0,
"host" : "10.0.0.101:27017"
}
]
}
> rs.initiate(config);
{
"ok" : 1,
"operationTime" : Timestamp(1539054593, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1539054593, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
CrystalTest:OTHER>
CrystalTest:PRIMARY> #执行完上面的步骤,过一会儿,状态就从OTHER变成PRIMARY
CrystalTest:PRIMARY>
然后加入另外两台主机:
> rs.add("10.0.0.102:27017")
> rs.add("10.0.0.103:27017")
具体操作:
CrystalTest:PRIMARY> rs.add("10.0.0.102:27017") #添加10.0.0.102主机
{
"ok" : 1,
"operationTime" : Timestamp(1539056959, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1539056959, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
CrystalTest:PRIMARY> rs.add("10.0.0.103:27017") #添加10.0.0.103主机
{
"ok" : 1,
"operationTime" : Timestamp(1539057016, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1539057016, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
CrystalTest:PRIMARY> rs.status() #查看集群状态
{
"set" : "CrystalTest",
"date" : ISODate("2018-10-09T03:50:18.692Z"),
"myState" : 1,
"term" : NumberLong(2),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"appliedOpTime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"durableOpTime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
}
},
"lastStableCheckpointTimestamp" : Timestamp(1539056959, 1),
"members" : [
{
"_id" : 0,
"name" : "10.0.0.101:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 286,
"optime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDate" : ISODate("2018-10-09T03:50:16Z"),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"electionTime" : Timestamp(1539056735, 1),
"electionDate" : ISODate("2018-10-09T03:45:35Z"),
"configVersion" : 3,
"self" : true,
"lastHeartbeatMessage" : ""
},
{
"_id" : 1,
"name" : "10.0.0.102:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 58,
"optime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDurable" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDate" : ISODate("2018-10-09T03:50:16Z"),
"optimeDurableDate" : ISODate("2018-10-09T03:50:16Z"),
"lastHeartbeat" : ISODate("2018-10-09T03:50:18.661Z"),
"lastHeartbeatRecv" : ISODate("2018-10-09T03:50:18.227Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "10.0.0.103:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 2,
"optime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDurable" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDate" : ISODate("2018-10-09T03:50:16Z"),
"optimeDurableDate" : ISODate("2018-10-09T03:50:16Z"),
"lastHeartbeat" : ISODate("2018-10-09T03:50:18.671Z"),
"lastHeartbeatRecv" : ISODate("2018-10-09T03:50:18.495Z"),
"pingMs" : NumberLong(1),
"lastHeartbeatMessage" : "",
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"configVersion" : 3
}
],
"ok" : 1,
"operationTime" : Timestamp(1539057016, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1539057016, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
CrystalTest:PRIMARY>
登录10.0.0.102和10.0.0.103主机的MongoDB查看角色都变成了SECONDARY:
[root@test102 mongodb]# mongo -u"root" -p"root" --authenticationDatabase "admin"
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
Server has startup warnings:
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
>
CrystalTest:SECONDARY>
CrystalTest:SECONDARY>
CrystalTest:SECONDARY>
至此,集群搭建完毕
