Mongodb主从复制开启安全认证
2017-09-10 11:55
309 查看
2.1.1部署mongodb主从实例:
Mongodb-master实例
环境:mongodb-master 配置文件先注释掉验证参数:#auth = true启动mongodb-master 然后设置admin库登陆账户和密码:
[root@localhost logs]# mongo127.0.0.1:27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
> use admin;
switched to db admin
> db.createUser(
... {
... user:"root",
... pwd:"Zytest6699",
... roles: [ { role: "root", db: "admin" } ]
... }
... )
Successfully added user: {
"user": "root",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
>db.auth("root","Zytest6699")
1
> show users;
{
"_id": "admin.root",
"user": "root",
"db": "admin",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
到此处开启mongodb-master 配置文件的认证登陆参数:
auth = true
重启mongodb-master服务
登陆mongodb-master在admin库下创建另外一个admin数据库的管理账户:
[root@localhost ~]# mongo 127.0.0.1:27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
> use admin;
switched to db admin
>db.auth("root","Zytest6699")
1
> show users;
{
"_id": "admin.root",
"user": "root",
"db": "admin",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
> db.createUser(
... {
... user:"ZyDBA",
... pwd:"Zytest6699",
... roles: [ { role: "root", db: "admin" } ]
... }
... )
Successfully added user: {
"user": "ZyDBA",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
> shou users;
2017-09-10T09:36:18.511+0800 E QUERY SyntaxError: Unexpected identifier
> show users;
{
"_id": "admin.root",
"user": "root",
"db": "admin",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
{
"_id": "admin.ZyDBA",
"user": "ZyDBA",
"db": "admin",
"roles": [
{
"role": "root",
"db": "admin"
}
]
}
Mongod-slave从实例
启动mongodb-slave实例:[root@localhost mongodb-slave]#/etc/init.d/mongod1 start
Starting MongoDB Server...
[root@localhost mongodb-slave]# about tofork child process, waiting until server is ready for connections.
forked process: 1896
child process started successfully, parentexiting
[root@localhost mongodb-slave]# ss-lntup|grep mongo
tcp LISTEN 0 128 *:27017 *:* users:(("mongod",1709,6))
tcp LISTEN 0 128 *:27018 *:* users:(("mongod",1896,6))
查看mongodb-slave实例的日志文件:
[root@localhost logs]# tailf/data/mongodb-slave/logs/mongodb.log
2017-09-10T09:55:44.007+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:55:54.008+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:04.008+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:14.008+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:24.008+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:34.009+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:44.009+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:56:54.009+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
2017-09-10T09:57:04.009+0800 I REPL [replslave] repl: syncing fromhost:127.0.0.1:27017
提示从库已经开始同步。
2.1.2验证主从复制配置结果
安装mongodb 的windows客户端登陆软件来验证操作主从是否配置成功Robomongo 0.9.0-RC9
主库验证:
2.1.3相关的配置文件以及认证文件
单台服务器开启mongodb多实例,以及配置验证主从复制Mongodb主库配置文件
[root@localhost ~]# cat/usr/local/mongodb/mongod.cnf
logpath=/data/mongodb-master/logs/mongodb.log
logappend = true
#fork and run in background
fork = true
port = 27017
dbpath=/data/mongodb-master/data
#location of pidfile
pidfilepath=/data/mongodb-master/mongod.pid
auth = true
keyFile = /tmp/mongo-keyfile
master = true
mongodb从库配置文件:
[root@localhost ~]# cat/usr/local/mongodb/mongod1.cnf
logpath=/data/mongodb-slave/logs/mongodb.log
logappend = true
#fork and run in background
fork = true
port = 27018
dbpath=/data/mongodb-slave/data
#location of pidfile
pidfilepath=/data/mongodb-svale/mongod.pid
slave = true
source = 127.0.0.1:27017
auth = true
keyFile = /tmp/mongo-keyfile
#only = test001
#only = test002
开启主从复制验证:
随机生成keyFile或者手动写入,key的长度必须是6-1024的base64字符,unix必须相同组权限,windows下不需要
openssl rand -base64 1024>/tmp/mongo-keyfile
启动mongodb-master:
[root@localhost ~]# /etc/init.d/mongodstart
Starting MongoDB Server...
[root@localhost ~]# about to fork childprocess, waiting until server is ready for connections.
forked process: 1287
child process started successfully, parentexiting
[root@localhost data]# ls/data/mongodb-master/data/
journal local.1 local.11 local.13 local.15 local.17 local.3 local.5 local.7 local.9 mongod.lock _tmp
local.0 local.10 local.12 local.14 local.16 local.2 local.4 local.6 local.8 local.ns storage.bson
mongodb初始化数据库的大data文件特别的大,原因是:
oplog默认的大小是5%点数据库分区挂载点/data的大小,就导致了local数据库过大的问题
[root@localhost data]# du -sh/data/mongodb-master/data/
35G /data/mongodb-master/data/
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- MongoDB 开启安全认证及创建用户
- MongoDB开启安全认证
- mongoDB的复制集5----复制集安全(认证,用户,权限)
- MongoDB复制集安全认证
- 结合JAAS实现J2EE的安全认证和授权
- linux远程访问及认证安全
- mongodb3.4开启用户认证
- ASP.NET基于角色的窗体安全认证机制
- 开启CSP网页安全政策防止XSS攻击
- Java安全之认证与授权
- 移动 APP 端与服务器端用户身份认证的安全方案
- XDC+获得信息安全等级保护三级认证
- 浅谈邮件安全(sendmail的加密及认证安全)
- CISM国际注册信息安全经理认证
- 网络安全身份认证一般过程
- 忆龙2009:CAMS做EAD在进行安全认证时出错“补丁检查失败” 的解决方法
- 教育安全认证体系建设项目容灾备份体系建设项目
- 客户端调用有安全认证的Webservice,原来可以用Message Handler
- phpcms 上传图片服务器安全认证错误