标签:自定义 密钥验证 echo roles start inux only 权重 pat
#!/bin/bash port=( 27017 27018 27019 ) ips=( 10.0.1.167 ) #download mongo func_download_mongo(){ wget ‘https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1404-4.0.5.tgz‘ tar xf mongodb-linux-x86_64-ubuntu1404-4.0.5.tgz mv mongodb-linux-x86_64-ubuntu1404-4.0.5/bin/* /usr/local/sbin/ } # create directory, config file func_create_file(){ openssl rand 888 -base64 > /tmp/keyfile for i in ${port[@]}; do mkdir -p /data/mongo/$i/{config,db,log} cat > /data/mongo/$i/config/mongod.conf <<‘EOF‘ systemLog: destination: file path: /data/mongo/mongo_port/log/mongodb.log logAppend: true logRotate: rename storage: journal: enabled: true dbPath: /data/mongo/mongo_port/db directoryPerDB: true wiredTiger: engineConfig: directoryForIndexes: true collectionConfig: blockCompressor: zlib indexConfig: prefixCompression: true processManagement: fork: true pidFilePath: /data/mongo/mongo_port/mongod.pid timeZoneInfo: /usr/share/zoneinfo net: port: mongo_port bindIp: 0.0.0.0 replication: oplogSizeMB: 2048 replSetName: rep01 #security: # keyFile: /data/mongo/mongo_port/keyfile EOF sed -i -e "s/mongo_port/${i}/g" /data/mongo/$i/config/mongod.conf #cp -v /tmp/keyfile /data/mongo/$i/keyfile #chmod 400 /data/mongo/$i/keyfile done } #start mongo func_start_mongo(){ for i in ${port[@]}; do /usr/local/sbin/mongod -f /data/mongo/$i/config/mongod.conf #mongod -f /data/mongo/$i/config/mongod.conf --auth --bind_ip_all done } func_shutdown(){ for i in ${port[@]}; do /usr/local/sbin/mongod -f /data/mongo/$i/config/mongod.conf --shutdown done } #func_create_file func_start_mongo #func_shutdown #配置replicaset # config={"_id":"rep01","members":[{"_id":0,"host":"10.0.1.167:27017","priority":20},{"_id":1,"host":"10.0.1.167:27018","priority":10},{"_id":2,"host":"10.0.1.167:27019","priority":10}]} ##chen={"_id":"0","members":[{"_id":0,"host":"10.0.1.167:27017","priority":100},{"_id":1,"host":"172.16.10.29:27018","priority":100},{"_id":2,"host":"172.16.10.29:27019","priority":0},{"_id":3,"host":"172.16.10.29:27020","arbiterOnly":true}]} # rs.initiate(config) # 初始化 # rs.status() # 查看状态 #默认MongoDB复制集的从节点是不能读取数据的,但是可以使用命令来允许能够在从节点读取数据 # rs.slaveOk() #查看复制集状态信息 # rs.help # rs.printReplicationInfo() #查看oplog日志文件的大小及时间范围 # rs.printSlaveReplicationInfo() #查询节点及节点复制的时间 #关闭节点服务 # use admin #在复制集的从节点上做 # db.shutdownServer() #关闭服务,此时再想登陆该节点则会失败 #节点退出复制集 #注销掉replication的值和修改port值,将其作为单实例启动 # vim /etc/mongod2.conf # #replication: # # replSetName: rep01 # port: 27028 # mongod -f mongod.conf #启动实例,此时该实例不属于复制集 #完全备份oplog日志 #mongodump --port 27028 --db local --collection ‘oplog.rs‘ #删除节点中oplog文件 #> use local #> db.oplog.rs.drop() #部署认证复制 #创建管理用户 #>use admin #>db.createUser({"user":"root","pwd":"123123","roles":["root"]}) #配置密钥验证 #为了使其他的节点还能够和主节点进行同步,创建密钥文件使其他节点能够同步 #创建验证文件 # cd /usr/bin/ # echo "chenrs key"> chenrskey1 # echo "chenrs key"> chenrskey2 # echo "chenrs key"> chenrskey3 # echo "chenrs key"> chenrskey4 //密钥内容自定义,但是要保证内容的一致性 # chmod 600 chenrskey{1..4} //设置文件权限,不设置在接下来的启动中会报错 #修改配置文件,开启mongodb的安全验证功能(四个配置文件都要修改,注意内容差异) #vim /etc/mongod.conf #security: #keyFile: /usr/bin/chenrskey1 //每个节点的验证文件不同,要根据不同的节点修改 #clusterAuthMode: keyFile //认证类型,密钥文件认证 #重启服务 #mongod -f /etc/mongod.conf --shutdown #mongod -f /etc/mongod.conf /其他几台的重启方式都相同,重复操作即可 #身份验证登陆(先验证主,再验证从) #当你直接使用登陆命令登陆系统时,使用show dbs 是不能够查看数据的,此时就需要使用身份验证 #mongo --port 27018 #>use admin #>db.auth("root","123123") #修改权重 #>cfg = rs.conf() #:PRIMARY> cfg.members[0].priority = 20 #:PRIMARY> cfg.members[1].priority = 15 #:PRIMARY> cfg.members[2].priority = 10 #:PRIMARY> rs.reconfig(cfg) #Verify the current size of the oplog #>use local #>db.oplog.rs.stats().maxSize #reference: #https://docs.mongodb.com/manual/tutorial/change-oplog-size/ #http://blog.51cto.com/13643643/2144954 #http://blog.51cto.com/zero01/2059033
标签:自定义 密钥验证 echo roles start inux only 权重 pat
原文地址:https://www.cnblogs.com/rootid/p/10245155.html