我正在Linux环境中构建MongoDB 3节点集群。但我无法运行启用身份验证的模式。请帮助我理解我错过的重点。我列出了我所遵循的所有步骤,
1)所有3个节点都具有以下配置文件。
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /storage/mongodb/data/db
directoryPerDB: true
journal:
enabled: true
engine: wiredTiger
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /storage/mongodb/log/mongod.log
# network interfaces
net:
port: 27017
bindIpAll: true
#ssl:
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#security:
#operationProfiling:
replication:
oplogSizeMB: 10240
replSetName: rs2
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
2)以下是每台机器中/ etc / hosts的配置
服务器1:
127.0.0.1 Server1
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
服务器2:
127.0.0.1 Server2
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Server3的:
127.0.0.1 Server3
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
3)完成所有配置后,我启动了mongod服务并连接到Server1中的mongo客户端。
MongoDB shell version v3.6.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.2
Server has startup warnings:
2018-03-05T19:36:50.717+0000 I CONTROL [initandlisten]
2018-03-05T19:36:50.717+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-03-05T19:36:50.717+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-03-05T19:36:50.717+0000 I CONTROL [initandlisten]
2018-03-05T19:36:50.717+0000 I CONTROL [initandlisten]
2018-03-05T19:36:50.717+0000 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-03-05T19:36:50.717+0000 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-03-05T19:36:50.717+0000 I CONTROL [initandlisten]
> rs.status()
{
"info" : "run rs.initiate(...) if not yet done for the set",
"ok" : 0,
"errmsg" : "no replset config has been received",
"code" : 94,
"codeName" : "NotYetInitialized"
}
>
> rs.initiate()
{
"info2" : "no configuration specified. Using a default configuration for the set",
"me" : "Server1:27017",
"ok" : 1,
"operationTime" : Timestamp(1520278787, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1520278787, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
rs2:OTHER>
rs2:OTHER> rs.status()
{
"set" : "rs2",
"date" : ISODate("2018-03-05T19:40:24.836Z"),
"myState" : 1,
"term" : NumberLong(1),
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1520278819, 1),
"t" : NumberLong(1)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1520278819, 1),
"t" : NumberLong(1)
},
"appliedOpTime" : {
"ts" : Timestamp(1520278819, 1),
"t" : NumberLong(1)
},
"durableOpTime" : {
"ts" : Timestamp(1520278819, 1),
"t" : NumberLong(1)
}
},
"members" : [
{
"_id" : 0,
"name" : "Server1:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 214,
"optime" : {
"ts" : Timestamp(1520278819, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2018-03-05T19:40:19Z"),
"infoMessage" : "could not find member to sync from",
"electionTime" : Timestamp(1520278788, 1),
"electionDate" : ISODate("2018-03-05T19:39:48Z"),
"configVersion" : 1,
"self" : true
}
],
"ok" : 1,
"operationTime" : Timestamp(1520278819, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1520278819, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
rs2:PRIMARY>
4)在主要活动开始后,我执行了以下步骤来重命名我的服务器1'名字与我的私人IP" 10.0.1.136"
rs2:PRIMARY> cfg = rs.conf()
{
"_id" : "rs2",
"version" : 1,
"protocolVersion" : NumberLong(1),
"members" : [
{
"_id" : 0,
"host" : "Server1:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
}
],
"settings" : {
"chainingAllowed" : true,
"heartbeatIntervalMillis" : 2000,
"heartbeatTimeoutSecs" : 10,
"electionTimeoutMillis" : 10000,
"catchUpTimeoutMillis" : -1,
"catchUpTakeoverDelayMillis" : 30000,
"getLastErrorModes" : {
},
"getLastErrorDefaults" : {
"w" : 1,
"wtimeout" : 0
},
"replicaSetId" : ObjectId("5a9d9d0350e5eb7ba0b9a68b")
}
}
rs2:PRIMARY> cfg.members[0].host = "10.0.1.136:27017"
10.0.1.136:27017
rs2:PRIMARY> rs.reconfig(cfg)
{
"ok" : 1,
"operationTime" : Timestamp(1520279033, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1520279033, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
rs2:PRIMARY> rs.status()
{
"set" : "rs2",
"date" : ISODate("2018-03-05T19:43:56.027Z"),
"myState" : 1,
"term" : NumberLong(1),
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1520279033, 1),
"t" : NumberLong(1)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1520279033, 1),
"t" : NumberLong(1)
},
"appliedOpTime" : {
"ts" : Timestamp(1520279033, 1),
"t" : NumberLong(1)
},
"durableOpTime" : {
"ts" : Timestamp(1520279033, 1),
"t" : NumberLong(1)
}
},
"members" : [
{
"_id" : 0,
"name" : "10.0.1.136:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 426,
"optime" : {
"ts" : Timestamp(1520279033, 1),
"t" : NumberLong(1)
},
"optimeDate" : ISODate("2018-03-05T19:43:53Z"),
"electionTime" : Timestamp(1520278788, 1),
"electionDate" : ISODate("2018-03-05T19:39:48Z"),
"configVersion" : 2,
"self" : true
}
],
"ok" : 1,
"operationTime" : Timestamp(1520279033, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1520279033, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
rs2:PRIMARY>
5)之后我在Server1中创建了admin用户。
rs2:PRIMARY> use admin;
switched to db admin
> db.createUser({user: "mongoDBAdmin", pwd: "password", roles:[{role: "root", db: "admin"}]})
2018-03-05T19:48:53.685+0000 I NETWORK [thread1] trying reconnect to 127.0.0.1:27017 (127.0.0.1) failed
2018-03-05T19:48:53.686+0000 I NETWORK [thread1] reconnect 127.0.0.1:27017 (127.0.0.1) ok
Successfully added user: {
"user" : "mongoDBAdmin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> show users;
{
"_id" : "admin.mongoDBAdmin",
"user" : "mongoDBAdmin",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
>
6)然后我连接到Server2 mongo客户端并验证了rs.status()。它尚未启动。
MongoDB shell version v3.6.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.2
Server has startup warnings:
2018-03-05T19:46:17.000+0000 I CONTROL [initandlisten]
2018-03-05T19:46:17.000+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-03-05T19:46:17.000+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2018-03-05T19:46:17.000+0000 I CONTROL [initandlisten]
2018-03-05T19:46:17.000+0000 I CONTROL [initandlisten]
2018-03-05T19:46:17.000+0000 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-03-05T19:46:17.000+0000 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-03-05T19:46:17.000+0000 I CONTROL [initandlisten]
> rs.status()
{
"info" : "run rs.initiate(...) if not yet done for the set",
"ok" : 0,
"errmsg" : "no replset config has been received",
"code" : 94,
"codeName" : "NotYetInitialized"
}
7)Server2已准备好与Server1加入。我的Server2私有IP是" 10.0.1.137"。所以我在Server1(10.0.1.136)中运行了以下命令。
> rs.add("10.0.1.137:27017")
{
"ok" : 1,
"operationTime" : Timestamp(1520279899, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1520279899, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
> rs.status()
{
"set" : "rs2",
"date" : ISODate("2018-03-05T19:58:22.470Z"),
"myState" : 1,
"term" : NumberLong(3),
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1520279899, 1),
"t" : NumberLong(3)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1520279899, 1),
"t" : NumberLong(3)
},
"appliedOpTime" : {
"ts" : Timestamp(1520279899, 1),
"t" : NumberLong(3)
},
"durableOpTime" : {
"ts" : Timestamp(1520279899, 1),
"t" : NumberLong(3)
}
},
"members" : [
{
"_id" : 0,
"name" : "10.0.1.136:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 1292,
"optime" : {
"ts" : Timestamp(1520279899, 1),
"t" : NumberLong(3)
},
"optimeDate" : ISODate("2018-03-05T19:58:19Z"),
"electionTime" : Timestamp(1520279205, 1),
"electionDate" : ISODate("2018-03-05T19:46:45Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 1,
"name" : "10.0.1.137:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 3,
"optime" : {
"ts" : Timestamp(1520279899, 1),
"t" : NumberLong(3)
},
"optimeDurable" : {
"ts" : Timestamp(1520279899, 1),
"t" : NumberLong(3)
},
"optimeDate" : ISODate("2018-03-05T19:58:19Z"),
"optimeDurableDate" : ISODate("2018-03-05T19:58:19Z"),
"lastHeartbeat" : ISODate("2018-03-05T19:58:21.031Z"),
"lastHeartbeatRecv" : ISODate("2018-03-05T19:58:19.454Z"),
"pingMs" : NumberLong(0),
"configVersion" : 3
}
],
"ok" : 1,
"operationTime" : Timestamp(1520279899, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1520279899, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
>
8)现在主要和次要都是同步的。所以我也可以在辅助节点中看到管理员用户。
rs2:SECONDARY> show users;
2018-03-05T20:00:40.457+0000 E QUERY [thread1] Error: not master and slaveOk=false :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1686:1
shellHelper.show@src/mongo/shell/utils.js:796:9
shellHelper@src/mongo/shell/utils.js:703:15
@(shellhelp2):1:1
rs2:SECONDARY> rs.slaveOk()
rs2:SECONDARY> use admin;
switched to db admin
rs2:SECONDARY> show users;
{
"_id" : "admin.mongoDBAdmin",
"user" : "mongoDBAdmin",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
rs2:SECONDARY>
9)出于测试目的,我没有与服务器3'连接。现在我将使用密钥文件启用身份验证。所以需要修改/etc/mongod.conf.Below是两个服务器中更新的conf文件。
我已经生成了密钥文件并将其复制到两台服务器上。分配了所需的权限。
更新了配置文件。
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /storage/mongodb/data/db
directoryPerDB: true
journal:
enabled: true
engine: wiredTiger
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /storage/mongodb/log/mongod.log
# network interfaces
net:
port: 27017
bindIpAll: true
#ssl:
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
security:
authorization: enabled
keyFile: /etc/mongodb/ssl/keyfile
#operationProfiling:
replication:
oplogSizeMB: 10240
replSetName: rs2
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
10)配置修改后,我重新启动了主服务器(Server1)中的mongod服务。但客户端没有连接。
我尝试过不同的方式,
User1@Server1:/storage/mongodb/data/db$ sudo service mongod restart
User1@Server1:/storage/mongodb/data/db$
User1@Server1:/storage/mongodb/data/db$ mongo
MongoDB shell version v3.6.2
connecting to: mongodb://127.0.0.1:27017
2018-03-05T20:11:47.746+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: Connection refused
2018-03-05T20:11:47.746+0000 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed :
connect@src/mongo/shell/mongo.js:251:13
@(connect):1:6
exception: connect failed
User1@Server1:/storage/mongodb/data/db$ mongo --host 10.0.1.136 --port 27017
MongoDB shell version v3.6.2
connecting to: mongodb://10.0.1.136:27017/
2018-03-05T20:12:06.069+0000 W NETWORK [thread1] Failed to connect to 10.0.1.136:27017, in(checking socket for error after poll), reason: Connection refused
2018-03-05T20:12:06.070+0000 E QUERY [thread1] Error: couldn't connect to server 10.0.1.136:27017, connection attempt failed :
connect@src/mongo/shell/mongo.js:251:13
@(connect):1:6
exception: connect failed
User1@Server1:/storage/mongodb/data/db$ mongo --host Server1 --port 27017
MongoDB shell version v3.6.2
connecting to: mongodb://Server1:27017/
2018-03-05T20:12:21.237+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: Connection refused
2018-03-05T20:12:21.237+0000 E QUERY [thread1] Error: couldn't connect to server Prod-App04:27017, connection attempt failed :
connect@src/mongo/shell/mongo.js:251:13
@(connect):1:6
exception: connect failed
User1@Server1:/storage/mongodb/data/db$ mongo --host Server1 --port 27017 -u "mongoDBAdmin" -p "password"
MongoDB shell version v3.6.2
connecting to: mongodb://Server1:27017/
2018-03-05T20:12:57.149+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: Connection refused
2018-03-05T20:12:57.149+0000 E QUERY [thread1] Error: couldn't connect to server Prod-App04:27017, connection attempt failed :
connect@src/mongo/shell/mongo.js:251:13
@(connect):1:6
exception: connect failed
我真的不知道自己错过了什么。即使我无法使用mongo客户端连接到单台机器。请帮助我下一步我想做什么?