MONGDB copy set + quorum (with permission authentication)

First, the environment

1. Architecture diagram

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/71/7A/wKioL1XRzn6SRVMYAADM1onFESo308.jpg "title=" 111111111.png "alt=" Wkiol1xrzn6srvmyaadm1onfeso308.jpg "/>

2. Deployment Details

10.10.17.26:27000 (primary) 10.10.17.27:27000 (secondary) 10.10.2.74:27000 (arbiter)

Second, installation configuration

1, installation see MongoDB installation

2. compose the configuration file

Vi/etc/mongod_27000.conflogpath=/data/mongodb/navy_db/log/mongod.log #mongodb日志文件logappend =true #追加方式写日志文件fork = True #后台运行port =27000 #mongodb端口dbpath =/data/mongodb/navy_db/dbpidfilepath=/data/mongodb/navy_db/log/mongod.pi Dbind_ip=0.0.0.0rest = True #开启web访问journal = True #启用日志选项, MONGODB data operations will be written to the Journal folder file oplogsize=2048 #同步操作记录文件 Size (MB) Replset=dbset #副本集名称, the same replica set, name must be consistent auth=true #开启验证keyFile =/data/mongodb/navy_db/password.key #key认证

3. Generate KeyFile file

echo "C57A012CF2F8A8E20DD4B21A7FAE48B3" >/data/mongodb/navy_db/password.key

4, set keyfile permissions, must be 600

chmod 600/data/mongodb/navy_db/password.key

5. Start the service

ulimit-s 4096 && ulimit-m 16777216 & numactl--interleave=all/usr/bin/mongod-f/etc/mongod_27000.conf

Ps:

Before configuring the cluster, Auth and KeyFile are commented out first, the cluster initialization is completed, the user is created, then opened, and the service is put into effect.

Third, cluster configuration

#use到adminuse Admin to create the configuration (Dbset is the cluster name and must be the same as the value Replset in the configuration file) Config = {_id: "Dbset", members:[... {_id:1,host: "10.10.11.34:27000"},... ... {_id:2,host: "10.10.16.6:27000"}] ... ... } #初始化集群 rs.initiate (config), #添加仲裁节点rs. Addarb ("10.10.2.74:27000") #查看集群状态 Rs.status ()

PS: Other common commands

#删除一个节点rs. Remove ("10.10.2.74:27000") #查看集群配置信息rs. conf () #查看当前谁是primaryrs. IsMaster () # View Master-Slave delay Rs.printslavereplicationinfo () #查看rs相关命令rs. Help ()

Rs.status () result description

1. STARTUP: Just joined to the replication set, the configuration has not yet loaded 2. STARTUP2: The configuration has been loaded, initializing State 3. RECOVERING: Recovering, not applicable read 4. Arbiter: Arbitrator 5. Down: The node cannot reach 6. UNKNOWN: No other node state is acquired and it is not known what state, generally occurs in only two members of the architecture, brain fissure 7. Removed: Remove replication set 8. ROLLBACK: Data rollback, at the end of rollback, is transferred to recovering or secondary state 9. FATAL: Error. View Log grep "Replset FATAL" to find the wrong reason and redo Sync 10. PRIMARY: Master node 11. Secondary: Backup node

Iv. establishing a user (operating only on primary nodes)

Use Admindb.adduser (' admin ', ' 123456 ') #建立管理员账号use navy_db #如果navy_db存在就进入库, if it does not exist on the establishment of the NAVY_DB library, the empty library show DBS is not seen The Db.adduser (' Navy_db_pro ', ' 123456 ') #建立navy_db的读写账号db. AddUser (' Navy_db_sel ', ' 123456 ', true) #建立navy_db的只读账号

V. Restart the cluster

Remove Auth and keyfile comments, arbiter, secondary, primary three nodes in turn, let it take effect

Rs.status () See if the cluster status is OK

Ps:

1, from the library by default is not readable, if you need to provide read business from the library, you need to do a set

Db.getmongo (). Setslaveok ()

2, MONGDB client driver Support this architecture, the main library hung, secondary promotion, for the application of basic transparency

Client=mongoclient ("Mongdb://navy_db_pro:[email protected]:27000,10.10.17.27:27000/navy_db"

This article is from the "Dick Silk ops Man" blog, please be sure to keep this source http://navyaijm.blog.51cto.com/4647068/1685347

MONGDB copy set + quorum (with permission authentication)