1:啟動三個實例
/home/maxiangqian/mongodb-linux-x86_64-rhel62-3.4.2/bin/mongod --config /home/mongodb/db27017/mongodb27017.conf /home/maxiangqian/mongodb-linux-x86_64-rhel62-3.4.2/bin/mongod --config /home/mongodb/db27018/mongodb27018.conf /home/maxiangqian/mongodb-linux-x86_64-rhel62-3.4.2/bin/mongod --config /home/mongodb/db27019/mongodb27019.conf
2:為每個實例配置超級管理員賬號:maxiangqian
use admin db.createUser( { user: "maxiangqian", pwd: "maxiangqian", roles: [ { role: "root", db: "admin" } ] } )
然后使用驗證登錄
use admin db.auth("maxiangqian","maxiangqian") db.shutdownServer()
3:重啟mongodb數據庫以復制集的形式啟動mongodb數據庫
mongod -f /home/mongodb/db27017/mongodb27017.conf mongod -f /home/mongodb/db27018/mongodb27018.conf mongod -f /home/mongodb/db27019/mongodb27019.conf
4:登入27017mongodb數據庫進行初始化:
mongo localhost:27017 配置主節點: rsconf = { _id: "rsmxqtest", members: [ { _id: 0,host: "localhost:27017" } ] } 再進行初始化: > rs.initiate() 進行驗證: rs.conf() 添加一個節點: rs.add("localhost:27018")
嗯?報錯了,什么鬼,看一下報錯信息:
rsmxqtest:PRIMARY> rs.add("localhost:27018")
{
"ok" : 0,
"errmsg" : "Quorum check failed because not enough voting nodes responded; required 2 but only the following 1 voting nodes responded: localhost.localdomain:27017; the following nodes did not respond affirmatively: localhost:27018 failed with not authorized on admin to execute command { replSetHeartbeat: \"rsmxqtest\", pv: 1, v: 2, from: \"localhost.localdomain:27017\", fromId: 0, checkEmpty: false }",
"code" : 74,
"codeName" : "NodeNotFound"
}
意思就是沒有權限,復制集之間的互聯也是需要驗證的,所以要配置keyfile來滿足這個需求,如果開啟了 authorization ,投票節點通過證書的形式與復制集中其他節點進行認證。MongoDB的身份認證過程是加密的。MongoDB的認證交互是通過密碼進行的
5:創建一個keyfile,並且拷貝到其他從節點
openssl rand -base64 756 > /home/mongodb/db27017/key/autokey chmod 400 /home/mongodb/db27017/key/autokey
然后進行拷貝並且查看文件:
[root@localhost key]# cp /home/mongodb/db27017/key/autokey /home/mongodb/db27018/key/autokey [root@localhost key]# cp /home/mongodb/db27017/key/autokey /home/mongodb/db27019/key/autokey [root@localhost key]# ls -ll /home/mongodb/db27018/key/ total 4 -r-------- 1 root root 1024 Mar 14 16:32 autokey [root@localhost key]# ls -ll /home/mongodb/db27019/key/ total 4 -r-------- 1 root root 1024 Mar 14 16:33 autokey
6:以keyFile 參數啟動mongodb數據庫
首先我們在三個數據庫的配置文件添加以下信息:
keyFile = /home/mongodb/db27017/key/autokey keyFile = /home/mongodb/db27018/key/autokey keyFile = /home/mongodb/db27019/key/autokey
重啟三台mongodb數據庫
db.shutdownServer() mongod -f /home/mongodb/db27017/mongodb27017.conf mongod -f /home/mongodb/db27018/mongodb27018.conf mongod -f /home/mongodb/db27019/mongodb27019.conf
7:登錄主節點27017節點,然后進行操作添加節點
[root@localhost tmp]# mongo localhost:27017 MongoDB shell version v3.4.2 connecting to: localhost:27017 MongoDB server version: 3.4.2 rsmxqtest:PRIMARY> use admin switched to db admin rsmxqtest:PRIMARY> db.auth("maxiangqian","maxiangqian")
開始添加節點
rsmxqtest:PRIMARY> rs.add("localhost:27018") { "ok" : 1 }
顯示添加成功,然后添加一個投票節點(投票節點是不保存數據的,只是作為投票使用)
rsmxqtest:PRIMARY> rs.addArb("localhost:27019") { "ok" : 1 }
顯示添加成功,然后驗證看一下節點狀態:
rs.status()
rs.conf()
打印的消息就不打印貼出來了,有點太長了。
OK,現在一個keyfile的驗證復制集(一主一從一投票)已經配置完了,我們現在開始驗證一下復制集:
(1)主節點添加一條數據27017
rsmxqtest:PRIMARY> use maxiangqian switched to db maxiangqian rsmxqtest:PRIMARY> db.maxiangqian.insert({"name":"maxiangqian"}) WriteResult({ "nInserted" : 1 }) rsmxqtest:PRIMARY> db.maxiangqian.find().pretty() { "_id" : ObjectId("58c7b0c0088625cf734503ae"), "name" : "maxiangqian" }
(2)登錄從節點驗證數據27018
rsmxqtest:SECONDARY> use admin switched to db admin rsmxqtest:SECONDARY> db.auth("maxiangqian","maxiangqian") 1 rsmxqtest:SECONDARY> rs.slaveOk() rsmxqtest:SECONDARY> show dbs admin 0.000GB local 0.000GB maxiangqian 0.000GB rsmxqtest:SECONDARY> use maxiangqian switched to db maxiangqian rsmxqtest:SECONDARY> db.maxiangqian.find().pretty() { "_id" : ObjectId("58c7b0c0088625cf734503ae"), "name" : "maxiangqian" }
可以看得到,復制集的功能已經完成了,數據也已經同步了。投票節點是不存儲數據的,所以我們就不需要去驗證數據了。