MongoDB Replica Set Configuration

One: Concept

The popular copy set is to use multiple machines for the same data asynchronous synchronization, so that multiple machines have multiple copies of the same data, and when the main library when it is off without user intervention, automatically switch to other backup server Master library. The replica server can also be used as a read-only server to achieve read-write separation and increase load.

Second: Experimental environment

Three: Experimental steps
3.1 Downloads

Download Address:

https://www.mongodb.org/

The download is completed and uploaded to the/download of the three machines.

#3.2-3.5 is performed on three machines.

Here take 192.168.6.51 as an example:

3.2 Decompression

[root@ser6-51 download]# tar xvf mongodb-linux-x86_64-2.6.9.tgz 
mongodb-linux-x86_64-2.6.9/readme
Mongodb-linux-x86_64-2.6.9/third-party-notices
mongodb-linux-x86_64-2.6.9/gnu-agpl-3.0
Mongodb-linux-x86_64-2.6.9/bin/mongodump
Mongodb-linux-x86_64-2.6.9/bin/mongorestore
mongodb-linux-x86 _64-2.6.9/bin/mongoexport
 
mongodb-linux-x86_64-2.6.9/bin/mongoimport
mongodb-linux-x86_64-2.6.9/bin/ Mongostat
 
mongodb-linux-x86_64-2.6.9/bin/mongotop
mongodb-linux-x86_64-2.6.9/bin/mongooplog
Mongodb-linux-x86_64-2.6.9/bin/mongofiles
mongodb-linux-x86_64-2.6.9/bin/bsondump
mongodb-linux-x86_ 64-2.6.9/bin/mongoperf
Mongodb-linux-x86_64-2.6.9/bin/mongod
Mongodb-linux-x86_64-2.6.9/bin/mongos
Mongodb-linux-x86_64-2.6.9/bin/mongo

#For ease of management, move the installation file to/data

[Root@ser6-51 download]# MV Mongodb-linux-x86_64-2.6.9/data/mongodb

3.3 Creating a related directory

Location and log files for creating a database for MongoDB

[root@ser6-51 mongodb]# cd/data/mongodb/ 
[root@ser6-51 mongodb]# mkdir data
[root@ser6-51 mongodb]# Touch logs
[root@ser6-51 mongodb]# ls-ltr Total
-rw-r--r--1 1046 1046  1359 Mar 22:49 README
-rw-r--r--1 1046 1046 34520 Mar 22:49 gnu-agpl-3.0
-rw-r--r--1 1046 1046 17793 Mar 22:49 third-party-notices drwxr-xr-
x 2 root root  4096 Jul 13:26 bin
drwxr-xr-x 2 root root  4096 Jul 13:34 data
-rw-r--r--1 root ro OT     0 Jul 13:34 logs

3.4 Creating a Linux user

[root@ser6-51 mongodb]# groupadd mongodb
[root@ser6-51 mongodb]# useradd-g mongodb mongodb
[root@ser6-51 mongodb]# chown-r mongodb:mongodb/data/mongodb
[root@ser6-51 ~]# passwd mongodb
changing password for user mong oDB.
New password: Bad 
Password:it was based on a dictionary word bad
password:is too simple
retype new password:< C8/>passwd:all authentication tokens updated successfully.

3.5 Configuring Path

#mongodb user:

Add the MongoDB installation file/bin path at the end of path:

[Root@ser6-51 init.d]# Su-mongodb

[Mongodb@ser6-51 ~]$ Vi. Bash_profile

Path= $PATH: $HOME/bin:/data/mongodb/bin/

[mongodb@ser6-51 ~]$ source. bash_profile

This allows you to use the MONGO command without entering the/data/mongodb/bin/path, and enter the MONGO command directly.

3.6 Start MongoDB

#192.168.6.51:
[root@ser6-51 ~]# mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs  --fork-- Replset myreplset/192.168.6.51:27017 about
to fork child process, waiting until server was ready for connections.
Forked process:4936 Child
process started successfully, parent exiting
 
#192.168.6.52:
[root@ser6-52 bin]#  mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs  --fork--replset myreplset/ 192.168.6.52:27017 about
to fork child process, waiting until server was ready for connections.
Forked process:19649 Child
process started successfully, parent exiting
 
#192.168.6.70
 
[ mongodb@ser6-70 ~]$  mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs  --fork--replSet myreplset/192.168.6.70:27017 about
to fork child process, waiting until server was ready for connections.
Forked process:9782 Child
process started successfully, parent exiting
 
#note: Myreplset is the custom replica set name

3.7 Open Firewall port

#All three machines need an open port.

In order for other servers to connect to the MongoDB server remotely, if the firewall is turned on, its port needs to be opened.

Vi/etc/sysconfig/iptables

Directly in the configuration file-A input under those commands

Add a line:

-A input-m state--state new-m tcp-p TCP--dport 27017-j ACCEPT

Restarting the firewall

[root@ser6-52 mongodb]#/etc/init.d/iptables Restart

Iptables:setting chains to Policy Accept:filter [OK]

iptables:flushing firewall rules: [OK]

iptables:unloading modules: [OK]

iptables:applying firewall rules: [OK]

3.8 initializing a replica set

One of the nodes is connected, and the initialization command executes only once.

[root@ser6-51 ~]# MONGO
MongoDB shell version:2.6.9
connecting to:test
> Use admin;
Switched to DB admin
 
> config = {_id: "Myreplset", members:[
...  {_id:0,host: "192.168.6.51:27017"},
...  {_id:1,host: "192.168.6.52:27017"},
...  {_id:2,host: "192.168.6.70:27017"}]
...  }
{
"_id": "Myreplset",
"members": [
{
"_id": 0,
"host": "192.168.6.51:27017"
},
{
"_id": 1,
"host": "192.168.6.52:27017"
},
{
"_id": 2,
"host": "192.168.6.70:27017"
}
]
}
> rs.initiate (config);
{
"info": "Config now saved locally.  Should come online in about a minute. ",
" OK ": 1
}
 
 

/*

Config = {_id: "Myreplset", members:[{_id:0,host: "192.168.6.51:27017"},

{_id:1,host: "192.168.6.52:27017"}, {_id:2,host: "192.168.6.70:27017"}]}

*/

--note that, if the user authentication is turned on, initialize the replica set times wrong: "ErrMsg": "Not authorized the admin to execute command {replsetinitiate: {_id: \" Myreplset\ ", Members You need to give the user Clustermanager role. such as: Db.grantrolestouser ("admin", [{role: "Clustermanager", DB: "admin"}]); 3.9 Viewing status

Myreplset:primary> db.printslavereplicationinfo ();
source:192.168.6.52:27017
syncedto:wed Jul 16:04:52 gmt+0800 (CST)
0 secs (0 hrs) behind the primarysource:192.168.6.70:27017
syncedto:wed Jul 16:04:52 gmt+0800 (CST)

Displays a list of data sources from the node, with data latency.

3.10 Set the replica node to be readable

#mongodb defaults to read and write on the replica node and you need to set the replica node to be readable.

#Set on all nodes

Modify the root user, the. mongorc.js file in the MongoDB user home directory

Such as:

Vi/root/.mongorc.js

Vi/home/mongodb/.mongorc.js

Add one line: Rs.slaveok ();

After the modification is complete, log back in to MONGO and find that the replica node is readable (the current session does not take effect and requires a re-login).

3.11 Verifying that synchronization is successful

Build a table on the main library to see if the other replicas were successfully synchronized.
#main node
Myreplset:primary> use DBA;
Switched to DB DBA
Myreplset:primary> show tables;
Myreplset:primary> db.createcollection ("a");
{"OK": 1}
Myreplset:primary> show tables;
A
System.indexes
 
#Copy node

myreplset:secondary> use DBA;
Switched to DB DBA
myreplset:secondary> show tables;
A
system.indexes
 
indicates that the synchronization was successful and the replica set was configured successfully.

3.12 Certified Users
3.12.1 Brief Introduction

By default, MongoDB can be accessed without authentication and is very insecure. Therefore, certification is required.

The KeyFile parameter must be used in the cluster and replica set environment, and only using the--auth parameter will not work.

Client authentication in a cluster is the same as authentication in a single-server environment, with the only difference being that the server in the cluster uses the key file for internal communication.

The key file is basically a plaintext file, and the hash is counted as the internal password of the cluster.

To set the validation of a replica set and/or shard:

A, create the key file and copy it to each server in the collection. A key file is a base64 set of characters, plus spaces and line breaks.

b, modify the key file permission to be read only by the current user.

C, use command-line arguments when starting a server in the cluster--keyfile/path/to/file

D, the client must verify to use the

You can start without using the--auth parameter, because--keyfile must be validated, which implies--auth. But--auth does not imply--keyfile.

If you do not build a password file, only the database users, you do not have authentication, you can directly login access, that is, auth failure.

Therefore, this mode of replica set must build a password file.

3.12.2 Build Database Users

#Building users on three machines:

Myreplset:primary> Db.createuser ({User: "root", pwd: "123456", Roles:[{role: "Root", DB: "admin"}]); 
Successfully added User: {
"user": "Root",
"roles": [
{
"role": "Root",
"db": "Admin"
}
]
}

3.12.3 Guanqu

#Close library (This takes the master node as an example)

Myreplset:primary> db.shutdownserver ();
2015-07-15t17:22:56.673+0800 Dbclientcursor::init Call () failed
server should is down ...
2015-07-15t17:22:56.675+0800 trying reconnect to 127.0.0.1:27017 (127.0.0.1) failed 2015-07-15t17:22:56.675+
0800 warning:failed to connect to 127.0.0.1:27017, reason:errno:111 Connection refused
2015-07-15t17:22:56.675+ 0800 Reconnect 127.0.0.1:27017 (127.0.0.1) failed failed couldn ' t connect to server 127.0.0.1:27017 (127.0.0.1), Connectio N Attempt failed

3.12.4 Generating a password file

Generate a password file on the #在192.168.6.51
[root@ser6-51 ~]# OpenSSL rand-base64 741 >/data/mongodb/mongodb-keyfile
give permission 600, File can be called
chmod 600/data/mongodb/mongodb-keyfile
 
#Copy the password file to another node
[root@ser6-51 ~]# scp/data/mongodb/ Mongodb-keyfile 192.168.6.52:/data/mongodb/
root@192.168.6.52 ' s password: 
mongodb-keyfile                                                                                                                                                        100% 1004     1.0kb/s   00:00    
[root@ser6-51 ~]# scp/data/mongodb/mongodb-keyfile 192.168.6.70:/data/mongodb/
root@192.168.6.70 ' s password: 
mongodb-keyfile                                                                                                                                                        100% 1004     1.0kb/s   

3.12.5 Log in as a certified form

#192.168.6.51 [root@ser6-51 ~]# mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs--fork--replSet myreplset/192.168.6.51:27017--keyfile=/data/mongodb/mongodb-keyfile about to fork child process, waiting until server
is ready for connections. Forked process:8472 child process started successfully, parent exiting #192.168.6.52 [root@ser6-51 ~]# mongod--dbpath= /data/mongodb/data--logpath=/data/mongodb/logs--fork--replset myreplset/192.168.6.52:27017--keyFile=/data/
Mongodb/mongodb-keyfile about to fork child process, waiting until server was ready for connections. Forked process:8472 child process started successfully, parent exiting #192.168.6.70 [root@ser6-51 ~]# mongod--dbpath= /data/mongodb/data--logpath=/data/mongodb/logs--fork--replset myreplset/192.168.6.70:27017--keyFile=/data/
Mongodb/mongodb-keyfile about to fork child process, waiting until server was ready for connections. Forked process:8472 child process started successfully, parent exiting

3.13 Configuration Files

Every time you start MongoDB, you have to specify the data file path, log path parameters, too cumbersome.

So build a configuration file, start MongoDB when the configuration file to start, can be convenient.

MongoDB does not have a configuration file by default and needs to be created manually.

Here take 192.168.6.51 as an example:

cd/data/mongodb/

VI mongod.conf

Add to:

Logpath=/data/mongodb/logs
logappend=true 
#fork and run in background
fork=true
auth=true
Port =27017
dbpath=/data/mongodb/data
#location of Pidfile
pidfilepath=/data/mongodb/mongod.pid 
Keyfile=/data/mongodb/mongodb-keyfile
replset=myreplset/192.168.6.51:27017
 

#note: When modifying the configuration file on 192.168.6.52/192.168.6.70, remember to change the IP of the Replset line to the corresponding IP.

#Close library

[Root@ser6-51 ~]# Ps-ef | grep MONGO

Root 608 1 0 11:02? 00:00:01 mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs--fork--replset =MyReplset/ 192.168.6.51:27017--keyfile=/data/mongodb/mongodb-keyfile

Root 794 579 0 11:06 pts/0 00:00:00 grep MONGO

Root 32347 32274 0 10:36 pts/1 00:00:00 su-mongodb

MongoDB 32348 32347 0 10:36 pts/1 00:00:00-bash

[Root@ser6-51 ~]# Kill-2 608

#Start as a configuration file

[Root@ser6-51 ~]# Mongod--config=/data/mongodb/mongod.conf

3.14 Set boot auto start

Vi/etc/rc.d/rc.local

Add to:

#boot start mongodb





/data/mongodb/bin/mongod--config/data/mongodb/mongod.conf











# Restart the machine

, whether the test is in effect

[Root@ser6-70 ~]# Ps-ef | grep MONGO

Root 1596 1 1 11:27? 00:00:00/data/mongodb/bin/mongod--config/data/mongodb/mongod.conf

Root 1735 1691 0 11:27 pts/1 00:00:00 grep MONGO

The instructions started successfully.

--This article references: mongodb-security and authentication, Mongodb2.6 replica set verification deployment and certification.