Shulou(Shulou.com)06/01 Report--

This tutorial is the process of deploying mongodb under Alibaba Cloud Centos. The whole process encounters many pits and wastes a lot of time. In the online search for a lot of tutorials, but because most of the tutorials are too long, the environment is not the same, so most of the tutorials go nowhere. There have been a lot of potholes for this, so make a record here.

Environment:

System: Alibaba Cloud Centos 7.3 64 bit

Mongodb Version: 3.4

Because it is very convenient to use yum installation, so use yum installation below.

Modify yum package management configuration:

vi /etc/yum.repos.d/mongodb-org-3.4.repo //automatically creates a new mongodb-org-3.4.repo file

Copy the following configuration information:

[mongodb-org-3.4]name=MongoDB Repositorybaseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/gpgcheck=0enabled=1

Tips: don't know linux to make up for the basics (vi editor)

install MongoDB

yum install -y mongodb-org //all the way yes install mongodb

Start mongodb

systemctl start mongod.service //start mongodb

Stop mongodb

systemctl stop mongod.service //stop mongodb

Restart mongodb

systemctl restart mongod.service //restart mongodb

Set mongodb boot up

systemctl enable mongod.service //set boot boot

tips: centos 7 Change the service command to systemctl.

mongodb installation successful, default configuration file path: /etc/mongod.conf Run cat /etc/mongod.conf to view the configuration of the file.

Configuration file is yaml Syntax:

systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod. log//log file storage path: dbPath: /var/lib/mongo //data storage path journal: enabled: true

You can also change the storage path, change the path because the first new folder and file, here do not modify.

Local connection mongodb:

mongo //connect local mongodbshow dbs //View all databases use mydb //switch mydb database, no show collections will be added automatically//view collections

By default, mongodb is unauthenticated and can connect to the database. Because mongodb requires deployment in a secure environment, no validation is required.

Remote connection:

In the local window, open cmd, execute mongo 192.168.31.54 (192.168.31.54 is the external network address of your Ali Cloud Virtual Machine), and find that the connection is not available. After searching online for a long time, it is finally solved.

1. Set the security group in the Alibaba Cloud esc instance, open port 27017, mongodb default port is 27017, Alibaba Cloud for security ports are closed by default.

2. Modify the mongodb configuration file:

vi /etc/mongod.conf //Edit profile net: port: 27017 bindIp: 127.0.0.1 Default binding IP address

By default, Alibaba Cloud is only bound to the local address of 127.0.0.1, which can only be accessed locally. You need to add the Alibaba Cloud intranet address to it.

bindIp: 127.0.0.1, Alibaba Cloud intranet address

Restart mongodb server:

systemctl restart mongod.service

Executed in local cmd

mongo Aliyun extranet address//found that you can now connect.

This local and remote can be connected to mongodb, remote can be connected with the visualization tool Robomongo, directly input Alibaba Cloud external network address and port number 27017 can be connected remotely successfully. Although you can connect to mongodb remotely, as long as you know the Aliyun extranet address, anyone can connect to the database remotely and modify the data in the database, which is very insecure. Therefore, in actual deployment, it is not recommended to add Alibaba Cloud intranet address in bindIp, which can only be accessed locally. Remote connection is only for the convenience of using Robomongo visualization tool to facilitate database management. If you want to use Robomongo, but also want the database can not be connected to others can? Sure, just turn on the I. D.

By default, mongodb is to turn off authentication. To turn on authentication, the following steps are required:

1. Modify mongodb configuration file

vi /etc/mongod.conf //edit mongod.conf file security: //Remove # authorization: enabled before security//Add this sentence to enable authentication

Read a lot of tutorials on the Internet about opening identity authentication, use auth=true found that it does not work, later learned that the tutorial is too old, configuration fields have changed, pit I have been looking for a long time.

2. Add super administrator

The default Mongodb is without user information such as administrator, and to enable authentication, user information verification is required. The first thing to add should be the administrator account in the admin database, which is used for user addition, modification, deletion and other permissions control of other databases.

Do the following:

mongo //local connection database use admin //Switch to admin database, no db.createUser(will be added automatically //Create administrator user { user: "admin", //account pwd: "admin", //password roles: [ { role: "root", db: "admin" } ] //role: super administrator, database: admin })

Successfully added user...

Restart mongodb

systemctl restart mongod.service

implementation

mongo //connect database show dbs //Display all databases, this step will give an error saying that the validation has not passed. use admin //Switch to admin database db.auth ('admin ',' admin')//Log in with the account password set above

If '1' is returned, validation is successful; if '0' is returned, validation fails.

Authentication is enabled, execute the following command in cmd window

mongo Alibaba Cloud external network address//connection failed because it did not pass verification.

If you execute the following sentence

mongo Alibaba Cloud Extranet Address-u "admin" -p "admin" --authenticationDatabase admin

//Connection found successful

Robomongo authentication connection:

Switch to Authorization option, select Perform authorization, fill in Database, user name, password, you can connect successfully.

Mongodb is not like mysql, authenticated users have the ability to read and write to all databases, and different libraries need to configure relevant user information to read and write to the library. For example, there is a myblog database, need to have the ability to read and write to it, create a new user with reading and writing ability.

The order reads as follows:

mongo //connect database use admin //switch to admin database db.auth ('admin ',' admin')// auth verify login use myblog //switch to myblog database db.createUser( //Create a normal user { user: "keen", //account pwd: "123", //password roles: [ { role: "readWrite", db: "myblog" } ] //role: readwrite, database: myblog })db.auth ('keen ', ' 123') //Login using new user keen authentication

This is the end of the entire mongodb configuration, about mongodb identity authentication, and permission control, you can see this article, written in great detail.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.