MongoDB Replica Set Configuration

Source: Internet
Author: User
Tags auth base64 config dba mongodb server readable iptables firewall
One: Concept

The popular copy set is to use multiple machines for the same data asynchronous synchronization, so that multiple machines have multiple copies of the same data, and when the main library when it is off without user intervention, automatically switch to other backup server Master library. The replica server can also be used as a read-only server to achieve read-write separation and increase load.

Second: Experimental environment

Three: Experimental steps

Download Address:

The download is completed and uploaded to the/download of the three machines.

#3.2-3.5 is performed on three machines.

Here take as an example:

3.2 Decompression

[root@ser6-51 download]# tar xvf mongodb-linux-x86_64-2.6.9.tgz 
mongodb-linux-x86 _64-2.6.9/bin/mongoexport
mongodb-linux-x86_64-2.6.9/bin/ Mongostat
mongodb-linux-x86_ 64-2.6.9/bin/mongoperf

#For ease of management, move the installation file to/data

[Root@ser6-51 download]# MV Mongodb-linux-x86_64-2.6.9/data/mongodb

3.3 Creating a related directory

Location and log files for creating a database for MongoDB

[root@ser6-51 mongodb]# cd/data/mongodb/ 
[root@ser6-51 mongodb]# mkdir data
[root@ser6-51 mongodb]# Touch logs
[root@ser6-51 mongodb]# ls-ltr Total
-rw-r--r--1 1046 1046  1359 Mar 22:49 README
-rw-r--r--1 1046 1046 34520 Mar 22:49 gnu-agpl-3.0
-rw-r--r--1 1046 1046 17793 Mar 22:49 third-party-notices drwxr-xr-
x 2 root root  4096 Jul 13:26 bin
drwxr-xr-x 2 root root  4096 Jul 13:34 data
-rw-r--r--1 root ro OT     0 Jul 13:34 logs

3.4 Creating a Linux user

[root@ser6-51 mongodb]# groupadd mongodb
[root@ser6-51 mongodb]# useradd-g mongodb mongodb
[root@ser6-51 mongodb]# chown-r mongodb:mongodb/data/mongodb
[root@ser6-51 ~]# passwd mongodb
changing password for user mong oDB.
New password: Bad 
Password:it was based on a dictionary word bad
password:is too simple
retype new password:< C8/>passwd:all authentication tokens updated successfully.

3.5 Configuring Path

#mongodb user:

Add the MongoDB installation file/bin path at the end of path:

[Root@ser6-51 init.d]# Su-mongodb

[Mongodb@ser6-51 ~]$ Vi. Bash_profile

Path= $PATH: $HOME/bin:/data/mongodb/bin/

[mongodb@ser6-51 ~]$ source. bash_profile

This allows you to use the MONGO command without entering the/data/mongodb/bin/path, and enter the MONGO command directly.

3.6 Start MongoDB

[root@ser6-51 ~]# mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs  --fork-- Replset myreplset/ about
to fork child process, waiting until server was ready for connections.
Forked process:4936 Child
process started successfully, parent exiting
[root@ser6-52 bin]#  mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs  --fork--replset myreplset/ about
to fork child process, waiting until server was ready for connections.
Forked process:19649 Child
process started successfully, parent exiting
[ mongodb@ser6-70 ~]$  mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs  --fork--replSet myreplset/ about
to fork child process, waiting until server was ready for connections.
Forked process:9782 Child
process started successfully, parent exiting
#note: Myreplset is the custom replica set name

3.7 Open Firewall port

#All three machines need an open port.

In order for other servers to connect to the MongoDB server remotely, if the firewall is turned on, its port needs to be opened.


Directly in the configuration file-A input under those commands

Add a line:

-A input-m state--state new-m tcp-p TCP--dport 27017-j ACCEPT

Restarting the firewall

[root@ser6-52 mongodb]#/etc/init.d/iptables Restart

Iptables:setting chains to Policy Accept:filter [OK]

iptables:flushing firewall rules: [OK]

iptables:unloading modules: [OK]

iptables:applying firewall rules: [OK]

3.8 initializing a replica set

One of the nodes is connected, and the initialization command executes only once.

[root@ser6-51 ~]# MONGO
MongoDB shell version:2.6.9
connecting to:test
> Use admin;
Switched to DB admin
> config = {_id: "Myreplset", members:[
...  {_id:0,host: ""},
...  {_id:1,host: ""},
...  {_id:2,host: ""}]
...  }
"_id": "Myreplset",
"members": [
"_id": 0,
"host": ""
"_id": 1,
"host": ""
"_id": 2,
"host": ""
> rs.initiate (config);
"info": "Config now saved locally.  Should come online in about a minute. ",
" OK ": 1


Config = {_id: "Myreplset", members:[{_id:0,host: ""},

{_id:1,host: ""}, {_id:2,host: ""}]}


--note that, if the user authentication is turned on, initialize the replica set times wrong: "ErrMsg": "Not authorized the admin to execute command {replsetinitiate: {_id: \" Myreplset\ ", Members You need to give the user Clustermanager role. such as: Db.grantrolestouser ("admin", [{role: "Clustermanager", DB: "admin"}]); 3.9 Viewing status

Myreplset:primary> db.printslavereplicationinfo ();
syncedto:wed Jul 16:04:52 gmt+0800 (CST)
0 secs (0 hrs) behind the primarysource:
syncedto:wed Jul 16:04:52 gmt+0800 (CST)

Displays a list of data sources from the node, with data latency.

3.10 Set the replica node to be readable

#mongodb defaults to read and write on the replica node and you need to set the replica node to be readable.

#Set on all nodes

Modify the root user, the. mongorc.js file in the MongoDB user home directory

Such as:



Add one line: Rs.slaveok ();

After the modification is complete, log back in to MONGO and find that the replica node is readable (the current session does not take effect and requires a re-login).

3.11 Verifying that synchronization is successful

Build a table on the main library to see if the other replicas were successfully synchronized.
#main node
Myreplset:primary> use DBA;
Switched to DB DBA
Myreplset:primary> show tables;
Myreplset:primary> db.createcollection ("a");
{"OK": 1}
Myreplset:primary> show tables;
#Copy node

myreplset:secondary> use DBA;
Switched to DB DBA
myreplset:secondary> show tables;
indicates that the synchronization was successful and the replica set was configured successfully.

3.12 Certified Users
3.12.1 Brief Introduction

By default, MongoDB can be accessed without authentication and is very insecure. Therefore, certification is required.

The KeyFile parameter must be used in the cluster and replica set environment, and only using the--auth parameter will not work.

Client authentication in a cluster is the same as authentication in a single-server environment, with the only difference being that the server in the cluster uses the key file for internal communication.

The key file is basically a plaintext file, and the hash is counted as the internal password of the cluster.

To set the validation of a replica set and/or shard:

A, create the key file and copy it to each server in the collection. A key file is a base64 set of characters, plus spaces and line breaks.

b, modify the key file permission to be read only by the current user.

C, use command-line arguments when starting a server in the cluster--keyfile/path/to/file

D, the client must verify to use the

You can start without using the--auth parameter, because--keyfile must be validated, which implies--auth. But--auth does not imply--keyfile.

If you do not build a password file, only the database users, you do not have authentication, you can directly login access, that is, auth failure.

Therefore, this mode of replica set must build a password file.

3.12.2 Build Database Users

#Building users on three machines:

Myreplset:primary> Db.createuser ({User: "root", pwd: "123456", Roles:[{role: "Root", DB: "admin"}]); 
Successfully added User: {
"user": "Root",
"roles": [
"role": "Root",
"db": "Admin"

3.12.3 Guanqu

#Close library (This takes the master node as an example)

Myreplset:primary> db.shutdownserver ();
2015-07-15t17:22:56.673+0800 Dbclientcursor::init Call () failed
server should is down ...
2015-07-15t17:22:56.675+0800 trying reconnect to ( failed 2015-07-15t17:22:56.675+
0800 warning:failed to connect to, reason:errno:111 Connection refused
2015-07-15t17:22:56.675+ 0800 Reconnect ( failed failed couldn ' t connect to server (, Connectio N Attempt failed

3.12.4 Generating a password file

Generate a password file on the #在192.168.6.51
[root@ser6-51 ~]# OpenSSL rand-base64 741 >/data/mongodb/mongodb-keyfile
give permission 600, File can be called
chmod 600/data/mongodb/mongodb-keyfile
#Copy the password file to another node
[root@ser6-51 ~]# scp/data/mongodb/ Mongodb-keyfile
root@ ' s password: 
mongodb-keyfile                                                                                                                                                        100% 1004     1.0kb/s   00:00    
[root@ser6-51 ~]# scp/data/mongodb/mongodb-keyfile
root@ ' s password: 
mongodb-keyfile                                                                                                                                                        100% 1004     1.0kb/s   

3.12.5 Log in as a certified form

# [root@ser6-51 ~]# mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs--fork--replSet myreplset/ about to fork child process, waiting until server
is ready for connections. Forked process:8472 child process started successfully, parent exiting # [root@ser6-51 ~]# mongod--dbpath= /data/mongodb/data--logpath=/data/mongodb/logs--fork--replset myreplset/
Mongodb/mongodb-keyfile about to fork child process, waiting until server was ready for connections. Forked process:8472 child process started successfully, parent exiting # [root@ser6-51 ~]# mongod--dbpath= /data/mongodb/data--logpath=/data/mongodb/logs--fork--replset myreplset/
Mongodb/mongodb-keyfile about to fork child process, waiting until server was ready for connections. Forked process:8472 child process started successfully, parent exiting

3.13 Configuration Files

Every time you start MongoDB, you have to specify the data file path, log path parameters, too cumbersome.

So build a configuration file, start MongoDB when the configuration file to start, can be convenient.

MongoDB does not have a configuration file by default and needs to be created manually.

Here take as an example:


VI mongod.conf

Add to:

#fork and run in background
Port =27017
#location of Pidfile

#note: When modifying the configuration file on, remember to change the IP of the Replset line to the corresponding IP.

#Close library

[Root@ser6-51 ~]# Ps-ef | grep MONGO

Root 608 1 0 11:02? 00:00:01 mongod--dbpath=/data/mongodb/data--logpath=/data/mongodb/logs--fork--replset =MyReplset/

Root 794 579 0 11:06 pts/0 00:00:00 grep MONGO

Root 32347 32274 0 10:36 pts/1 00:00:00 su-mongodb

MongoDB 32348 32347 0 10:36 pts/1 00:00:00-bash

[Root@ser6-51 ~]# Kill-2 608

#Start as a configuration file

[Root@ser6-51 ~]# Mongod--config=/data/mongodb/mongod.conf

3.14 Set boot auto start


Add to:

#boot start mongodb


# Restart the machine

, whether the test is in effect

[Root@ser6-70 ~]# Ps-ef | grep MONGO

Root 1596 1 1 11:27? 00:00:00/data/mongodb/bin/mongod--config/data/mongodb/mongod.conf

Root 1735 1691 0 11:27 pts/1 00:00:00 grep MONGO

The instructions started successfully.

--This article references: mongodb-security and authentication, Mongodb2.6 replica set verification deployment and certification.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.