服务器准备
准备三台服务器,以副本集集群方式部署Mongodb,假设服务器如下:
服务器 | 节点类型 | IP地址 | 端口 |
---|
Node1 | Mongodb服务1(优先级最高,默认为主节点Master) | 10.10.4.127 | 27017 | Node2 | Mongodb服务2(Slave) | 10.10.4.128 | 27017 | Node3 | Mongodb服务3(Slave) | 10.10.4.129 | 27017 |
Mongodb安装
分别在三台服务器上安装Mongodb,安装可参考: Mongodb单机安装(Centos7) 注:三台服务台中的mongodb配置 bind_ip 分别绑定自己服务器对应IP
三台服务器mongodb的配置
- 10.10.4.127 服务 /usr/local/mongodb/bin/mongodb.conf
dbpath = /usr/local/mongodb/data
logpath = /usr/local/mongodb/logs/mongodb.log
fork = true
logappend = true
noprealloc = true
bind_ip = 10.10.4.127
port = 27017
- 10.10.4.128 服务 /usr/local/mongodb/bin/mongodb.conf
dbpath = /usr/local/mongodb/data
logpath = /usr/local/mongodb/logs/mongodb.log
fork = true
logappend = true
noprealloc = true
bind_ip = 10.10.4.128
port = 27017
- 10.10.4.129 服务 /usr/local/mongodb/bin/mongodb.conf
dbpath = /usr/local/mongodb/data
logpath = /usr/local/mongodb/logs/mongodb.log
fork = true
logappend = true
noprealloc = true
bind_ip = 10.10.4.129
port = 27017
副本集集群配置
添加副本集名称
给三台服务服中的 /usr/local/mongodb/bin/mongodb.conf 文件中添加一项配置参数,如下:
# 副本集名称 rs
replSet = rs
例如 10.10.4.127 服务 /usr/local/mongodb/bin/mongodb.conf 配置如下
dbpath = /usr/local/mongodb/data
logpath = /usr/local/mongodb/logs/mongodb.log
fork = true
logappend = true
noprealloc = true
bind_ip = 10.10.4.127
port = 27017
replSet = rs
10.10.4.128,10.10.4.129服务如上添加一项配置。
修改完成后,重新启动三台服务器的mongodb服务。
初始化副本集
初始化前提
- 确保配置副本集名称后,重启mongodb服务
- 确保各服务之边网络通信正常,最好关闭每台服务器的防火墙,如下操作
# centos7防火墙关闭命令
$ systemctl stop firewalld
$ systemctl disable firewalld
初始化
连接任意一台服务器中的mongodb服务客户端进行副本集初始化,这里选择10.10.4.127服务器进行副本集初始化
$ /usr/local/mongodb/bin/mongo 10.10.4.127:27017
> config={
_id:"rs",
members:[
{_id:0,host:"10.10.4.127:27017",priority:3},
{_id:1,host:"10.10.4.128:27017",priority:2},
{_id:2,host:"10.10.4.129:27017",priority:1}
]
}
> rs.initiate(config)
初始化语句说明
- _id : 副本集名称rs
- members : 副本集的服务器列表
- members[0]._id:服务器的唯一ID
- members[0].host:服务器IP+mongodb端口号
- members[0].priority:优先级,默认为1,优先级0为被动节点,不能成为活跃节点。优先级不为0则按照由大到小选出活跃节点。
设置mongodb结点为可读状态
给三台服务器中,添加 mongorc.js 具体操作如下:
$ vi ~/.mongorc.js
进入vi编辑命令窗口中,添加如下内容
rs.slaveOk();
保存退出(wq)
开启权限认证
根据需要,开启权限认证
添加认证配置
给三台服务服中的 /usr/local/mongodb/bin/mongodb.conf 文件中添加一项配置参数,如下:
# mongodb访问认证开启
auth = true
# 指定存储身份验证信息的密钥文件的路径。默认缺省。集群之间的安全认证
keyFile = /usr/local/mongodb/keyfile
例如 10.10.4.127 服务 /usr/local/mongodb/bin/mongodb.conf 配置如下
dbpath = /usr/local/mongodb/data
logpath = /usr/local/mongodb/logs/mongodb.log
fork = true
logappend = true
noprealloc = true
bind_ip = 10.10.4.127
port = 27017
replSet = rs
auth = true
keyFile = /usr/local/mongodb/keyfile
10.10.4.128,10.10.4.129服务如上添加一项配置。
keyfile文件生成
在 /usr/local/mongodb/bin/mongodb.conf 文件中配置的 keyFile = /usr/local/mongodb/keyfile 属于一个文件,是mongodb集群之间的安全认证,将keyfile放到集群中每一台mongodb服务机器上,keyfile文件必须保持一致
在随意一台服务器上执行如下命令:
$ openssl rand -base64 745 > /usr/local/mongodb/keyfile
$ cat /usr/local/mongodb/keyfile
yfd+EkREk/GNW+fIpSiz1i90t1A6P/ndau5DEn5kJKais3IAxFopg9MFi0sewLeN
w6ZlKEGQ3YkcofpYRqH3A47TbGWOrAdsFgqsuoegPcvAysU1I3hG7L2KY6yo0ZSO
X7nqvEN81ggke7WZp4cIzo3Vfhb9vpM81YZ4Q+Z8ooLEsD+KH6fwnGGliHPYTs09
vB+uLnW7UIhnerHZrqn2IW9sPGLWxWf3tf2+2CJe81ly4QU2ivSmY11HISPQCUth
HWlvqkjsqOqYjpn+Xb1GnqaqXuhuO8wO+Yc87QLksOAKzQsbUvygFHaqnWPb5rWb
BkHKrGoVFY9mOwegS8n8oquP2ijni8m2xSC2ofYT9act5YXt5JT7TL88Lhgeg87G
YC+TlqJHGDKR//DCvN/r6govoDYRa76zB6OTuW0p3fq3+lYQvdFjVNtEAMD2fm8F
Zqq1lglppUPvCUdyINFkxbjL3w5y0BRFXobYWmZu26xbb5aXntKtjTOdxvYvlUsB
7LtvN9BMnU9GmCEeZSNtyanP8VMC8Bl4dZr/x/jeGNzsXPvLzL+NTDeX2kB67ys4
DIzNz20bnfdWlVPVgFnK3/TrvxWZuUIxtrqfjkd3H5RcjHbdlzwMRgVFkXn8ElvX
CWygC+AF7hkwUPr+Z0WisqoZVKetoCb0M/6WyvUMwfU7ARyYN5O2gvKv9C0Bt4/p
YCp38Vt/Wc1Df6CPdI5VS08f5++sfo+gDRrWgdy1pdUpHcsbtMr2BYPp8BdPFFwM
ZbLTE83RH1Nu8zuyKjR5re6x9B2sbJ/v4dxn4bYojaDb4EDF6FMpQPp8cOCm+oGr
aA2ATxBmz8VsE1XYX4/1H2x/K7+eD9j4ufHJY1Bsj/wMOO+6M51Ici0FQTCZLyXO
cxYNcmn/0wV8ald9oPUz7ZUQTLmmdhOIRURns1mpO71BcNW15snON3RYeIXztJ4e
yp1Ycl+bKl4t1EZnkXf/ofcj8oMddj4BRA==
执行完以上命令后,将在目录 /usr/local/mongodb 下生成一个 keyfile 文件
keyfile文件授权
注:必须给keyfile文件授权为 600,权限不能太高,太高时mongodb服务启动会失败。
keyfile 文件授权命令如下:
$ chmod 600 /usr/local/mongodb/keyfile
附: keyfile文件权限不能过大,过大时启会报错,如下报错信息
$ /usr/local/mongodb/bin/mongod -f /usr/local/mongodb/bin/mongodb.conf
note: noprealloc may hurt performance in many applications
about to fork child process, waiting until server is ready for connections.
forked process: 12400
ERROR: child process failed, exited with error number 1
To see additional information in this output, start without the "--fork" option.
$ tail logs/mongodb.log
2022-02-23T23:28:50.165+0800 I ASIO [NetworkInterfaceASIO-Replication-0] Dropping all pooled connections to 172.22.17.94:27017 due to failed operation on a connection
2022-02-23T23:28:50.165+0800 I REPL_HB [replexec-3] Error in heartbeat (requestId: 634) to 172.22.17.94:27017, response status: HostUnreachable: Connection refused
2022-02-23T23:28:50.166+0800 I ASIO [NetworkInterfaceASIO-Replication-0] Connecting to 172.22.17.94:27017
2022-02-23T23:28:50.166+0800 I ASIO [NetworkInterfaceASIO-Replication-0] Failed to connect to 172.22.17.94:27017 - HostUnreachable: Connection refused
2022-02-23T23:28:50.166+0800 I ASIO [NetworkInterfaceASIO-Replication-0] Dropping all pooled connections to 172.22.17.94:27017 due to failed operation on a connection
2022-02-23T23:28:50.167+0800 I REPL_HB [replexec-5] Error in heartbeat (requestId: 637) to 172.22.17.94:27017, response status: HostUnreachable: Connection refused
2022-02-23T23:28:50.167+0800 I REPL [replexec-5] Member 172.22.17.94:27017 is now in state RS_DOWN
2022-02-23T23:28:53.829+0800 I REPL [SyncSourceFeedback] SyncSourceFeedback error sending update to 172.22.17.94:27017: InvalidSyncSource: Sync source was cleared. Was 172.22.17.94:27017
2022-02-23T23:46:52.243+0800 I CONTROL [main] ***** SERVER RESTARTED *****
2022-02-23T23:46:52.246+0800 I ACCESS [main] permissions on /usr/local/mongodb/keyfile are too open
keyfile文件复制给每个mongodb服务
给每台服务器上的Mongodb服务添加keyfile文件
此处将 keyfile 服务器 /usr/local/mongodb 目录下,该文件路径则对应 mongodb.conf 配置文件中的配置项【keyFile = /usr/local/mongodb/keyfile】
|