Mongodb主從複製開啟安全認證

最後更新：2017-09-10 來源：互聯網

上載者：User

創建阿里雲帳戶，並獲得超過 40 款產品的免費試用版；而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊！

標籤：mongodb主從複製開啟安全認證

2.1.1部署mongodb主從執行個體：Mongodb-master執行個體

環境：mongodb-master 設定檔先注釋掉驗證參數：#auth = true

啟動mongodb-master 然後設定admin庫登陸賬戶和密碼：

[[email protected] logs]# mongo127.0.0.1:27017

MongoDB shell version: 3.0.5

connecting to: 127.0.0.1:27017/test

> use admin;

switched to db admin

> db.createUser(

... {

... user:"root",

... pwd:"Zytest6699",

... roles: [ { role: "root", db: "admin" } ]

... }

... )

Successfully added user: {

"user": "root",

"roles": [

{

"role": "root",

"db": "admin"

}

]

}

>db.auth("root","Zytest6699")

> show users;

{

"_id": "admin.root",

"user": "root",

"db": "admin",

"roles": [

{

"role": "root",

"db": "admin"

}

]

}

到此處開啟mongodb-master 設定檔的認證登陸參數：

auth = true

重啟mongodb-master服務

登陸mongodb-master在admin庫下建立另外一個admin資料庫的管理賬戶：

[[email protected] ~]# mongo 127.0.0.1:27017

MongoDB shell version: 3.0.5

connecting to: 127.0.0.1:27017/test

> use admin;

switched to db admin

>db.auth("root","Zytest6699")

> show users;

{

"_id": "admin.root",

"user": "root",

"db": "admin",

"roles": [

{

"role": "root",

"db": "admin"

}

]

}

> db.createUser(

... {

... user:"ZyDBA",

... pwd:"Zytest6699",

... roles: [ { role: "root", db: "admin" } ]

... }

... )

Successfully added user: {

"user": "ZyDBA",

"roles": [

{

"role": "root",

"db": "admin"

}

]

}

> shou users;

2017-09-10T09:36:18.511+0800 E QUERY SyntaxError: Unexpected identifier

> show users;

{

"_id": "admin.root",

"user": "root",

"db": "admin",

"roles": [

{

"role": "root",

"db": "admin"

}

]

}

{

"_id": "admin.ZyDBA",

"user": "ZyDBA",

"db": "admin",

"roles": [

{

"role": "root",

"db": "admin"

}

]

}

Mongod-slave從執行個體

啟動mongodb-slave執行個體：

[[email protected] mongodb-slave]#/etc/init.d/mongod1 start

Starting MongoDB Server...

[[email protected] mongodb-slave]# about tofork child process, waiting until server is ready for connections.

forked process: 1896

child process started successfully, parentexiting

[[email protected] mongodb-slave]# ss-lntup|grep mongo

tcp LISTEN 0 128 *:27017 *:* users:(("mongod",1709,6))

tcp LISTEN 0 128 *:27018 *:* users:(("mongod",1896,6))

查看mongodb-slave執行個體的記錄檔：

[[email protected] logs]# tailf/data/mongodb-slave/logs/mongodb.log

2017-09-10T09:55:44.007+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:55:54.008+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:04.008+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:14.008+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:24.008+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:34.009+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:44.009+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:56:54.009+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

2017-09-10T09:57:04.009+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017

提示從庫已經開始同步。

2.1.2驗證主從複製配置結果

安裝mongodb 的windows用戶端登陸軟體來驗證操作主從是否配置成功

Robomongo 0.9.0-RC9

主庫驗證：

2.1.3相關的設定檔以及認證檔案

單台伺服器開啟mongodb多執行個體，以及配置驗證主從複製

Mongodb主庫設定檔

[[email protected] ~]# cat/usr/local/mongodb/mongod.cnf

logpath=/data/mongodb-master/logs/mongodb.log

logappend = true

#fork and run in background

fork = true

port = 27017

dbpath=/data/mongodb-master/data

#location of pidfile

pidfilepath=/data/mongodb-master/mongod.pid

auth = true

keyFile = /tmp/mongo-keyfile

master = true

mongodb從庫設定檔：

[[email protected] ~]# cat/usr/local/mongodb/mongod1.cnf

logpath=/data/mongodb-slave/logs/mongodb.log

logappend = true

#fork and run in background

fork = true

port = 27018

dbpath=/data/mongodb-slave/data

#location of pidfile

pidfilepath=/data/mongodb-svale/mongod.pid

slave = true

source = 127.0.0.1:27017

auth = true

keyFile = /tmp/mongo-keyfile

#only = test001

#only = test002

開啟主從複製驗證:

隨機產生keyFile或者手動寫入,key的長度必須是6-1024的base64字元，unix必須相同組許可權，windows下不需要

openssl rand -base64 1024>/tmp/mongo-keyfile

啟動mongodb-master:

[[email protected] ~]# /etc/init.d/mongodstart

Starting MongoDB Server...

[[email protected] ~]# about to fork childprocess, waiting until server is ready for connections.

forked process: 1287

child process started successfully, parentexiting

[[email protected] data]# ls/data/mongodb-master/data/

journal local.1 local.11 local.13 local.15 local.17 local.3 local.5 local.7 local.9 mongod.lock _tmp

local.0 local.10 local.12 local.14 local.16 local.2 local.4 local.6 local.8 local.ns storage.bson

mongodb初始化資料庫的大data檔案特別的大，原因是：

oplog預設的大小是5%點資料庫分區掛載點/data的大小，就導致了local資料庫過大的問題

[[email protected] data]# du -sh/data/mongodb-master/data/

35G /data/mongodb-master/data/

本文出自 “10931853” 部落格，請務必保留此出處http://wujianwei.blog.51cto.com/10931853/1964080

Mongodb主從複製開啟安全認證

本文章原先以中文撰寫並發佈於 aliyun.com，亦設英文版本，僅作資訊用途。本網站不對文章的準確性，完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴，請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡，一經驗證之後，即會刪除該侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Mongodb主從複製開啟安全認證

聯繫我們

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support