In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)05/31 Report--
This article is to share with you about how to turn on set authentication in mongodb, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.
Environment:
All systems are Centos 7.
Mongodb-linux-x86_64-rhel70-3.4.5.tgz
Node:
Node0:Primary
Node1:Secondary
Node2:Secondary
Node3:Arbiter
Node0:
Extract the mongodb package to / usr/local/mongodb
Create etc and log directories under / usr/local/mongodb
Add / usr/local/mongodb/bin to the / etc/profile system environment variable
Create and place in the data directory / var/lib/mongodb/data
Create a service startup script
Vi / usr/lib/systemd/system/mongodb.service adds the following
[Unit]
Description=Mongodb Monitoring and Control Daemon
After=Network.target
# Network must be start before this service
[Service]
Type=forking
ExecStart=/usr/local/mongodb/bin/mongod-f / usr/local/mongodb/etc/mongodb.conf
ExecStop=/usr/local/mongodb/bin/mongod-shutdown
KillMode=process
Restart=on-failure
# Restart=always
# always mean restart service even this service stop by yourself,using pkill or kill to stop a service.
RestartSec=15s
[Install]
WantedBy=multi-user.target
#
Set up boot boot
Systemctl enable mongodb
The other three nodes are the same as above.
Node0:
Generate SSL KEY file
Openssl rand-base64 741 > / usr/local/mongodb/mongodb.key
Copy the / usr/local/mongodb/mongodb.key file to the other three nodes
Configure mongodb
Node0:
Cat / usr/local/mongodb/etc/mongodb.conf
Dbpath=/var/lib/mongodb/datalogpath=/usr/local/mongodb/log/mongodb.log pidfilepath=/usr/local/mongodb/mongodb.piddirectoryperdb=truelogappend=true#replSet=mggroup1bind_ip=0.0.0.0port=27017oplogSize=10000fork=true#noprealloc=true#keyFile=/usr/local/mongodb/mongodb.keymaxConns=10000
If you need to execute mongod-f config_file_path directly, comment fork=true
Create a user
Start mongodb
Systemctl start mongodb
Open mongodb shell
Mongo-port 27017
Use admindb.createUser ({user: "mgpai", pwd: "passwd", roles: [{role: "userAdminAnyDatabase", db: "admin"}]}); db.createUser ({user: "mgroot", pwd: "passwd", roles: [{role: "root", db: "admin"]}) # exit quit () # View user db.system.users.find () # Delete user db.system.users.remove ({user:'username'})
Stop the node0 mongodb service
Systemctl stop mongodb
Cancel the following two comments in the / usr/local/mongodb/etc/mongodb.conf configuration file
# replSet=mggroup1
# keyFile=/usr/local/mongodb/mongodb.key
Node0 restarts the mongodb service
Systemctl start mongodb
The other 3 node profiles: cat / usr/local/mongodb/etc/mongodb.conf
Dbpath=/var/lib/mongodb/datalogpath=/usr/local/mongodb/log/mongodb.log pidfilepath=/usr/local/mongodb/mongodb.piddirectoryperdb=truelogappend=truereplSet=mggroup1bind_ip=0.0.0.0port=27017oplogSize=10000fork=true#noprealloc=truekeyFile=/usr/local/mongodb/mongodb.keymaxConns=10000
Mongodb service is enabled on the other three nodes.
Replica set configuration
Node0: log in to mongodb
Mongo 127.0.0.1 mgroot 27017 / admin-u mgroot-p
Enter password
Cfg = {_ id: 'mggroup1', members: [{_ id:0, host:'192.168.1.13:1707', priority:2}, {_ id:1, host:'192.168.1.16:1707', priority:1}, {_ id:2, host:'192.168.1.17:1707', priority:1}, {_ id:3, host:'192.168.1.19:1707', arbiterOnly:true} ]} # cfg variable can have a different name Initialization can only be performed once without conflicts with the main keywords of mongodb. If you want to cancel, delete the file under dbpath, restart the service rs.initiate (cfg) # to view the replica set status rs.status () # myState the status of this node, 1 for Primary, 2 for Secondary, 7 for Arbiter
Attachment: let the secondary of mongodb set support read operation
The secondary node in replica set is unreadable by default. In applications where there is more writing and less reading, Replica Sets is used to achieve the separation of reading and writing. By specifying the slaveOk at connection time or in the main library, the Secondary shares the read pressure, and the Primary only takes on the write operation.
If you access mongo through shell, query it in secondary. The following error occurs:
P_w_picpathSet:SECONDARY > db.fs.files.find ()
Error: {"$err": "not master and slaveOk=false", "code": 13435}
There are two ways to implement slave query:
The first method: db.getMongo (). SetSlaveOk ()
The second method: rs.slaveOk ()
But one drawback of this approach is that the next time you enter the instance through mongo, the query will still report an error, which can be done in the following ways
Vi / .mongorc.js
Add a line rs.slaveOk ()
In this way, you can query it every time you enter it through the mongo command.
The following exception will be reported if you are accessing secondary through java
Com.mongodb.MongoException: not talking to master and retries used up
There are many solutions.
The first method: call dbFactory.getDb (). SlaveOk () in the java code
The second method: call in the java code
DbFactory.getDb () .setReadPreference (ReadPreference.secondaryPreferred ()); / / read the secondary first in the replication set, and read from the master if the secondary cannot be accessed
Or
DbFactory.getDb () .setReadPreference (ReadPreference.secondary ()); / / read only from secondary, and cannot query if secondary cannot be accessed
The third method: when configuring mongo, add slave-ok= "true" to also support reading directly from secondary.
The above is how to turn on set authentication in mongodb. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.