mongodb 4.4.6副本集配置笔记

2023年 7月 15日 50.0k 0

  • version : 4.4.6
  • 先决条件

1,防火墙互相放行27020

2, 节点配置应该一致

副本集解决不了写入瓶颈,如果副本集规模越大,写入性能越会下降,副本集可以应对读多的场景

序号 ip 配置
1 172.16.100.10 8*16 / hdd(推荐ssd)
2 172.16.100.11 8*16 / hdd(推荐ssd)
3 172.16.100.12 8*16 / hdd(推荐ssd)

echo never > /sys/kernel/mm/transparent_hugepage/enabledecho never > /sys/kernel/mm/transparent_hugepage/defrag

3, deploy.sh

#!/bin/bash
\# auther: mark
\# descriptions:  the shell scripts install mongodb 4.4.6 version and start script and firewalld 
if ! grep ntp.aliyun.com  /var/spool/cron/root >/dev/null 2>&1;then (crontab -l; echo -e "10 * * * * ntpdate ntp.aliyun.com") | crontab -;fi
timedatectl set-timezone Asia/Shanghai
hostnamectl set-hostname mongodb1

tar xf mongodb-linux-x86_64-rhel70-4.4.6.tgz -C /usr/local
cd /usr/local/
ln -s mongodb-linux-x86_64-rhel70-4.4.6 mongodb
mkdir /data/mongodb/{data,logs,pid,conf} -p

groupadd mongodb
useradd -g mongodb mongodb
chown -R mongodb.mongodb /data/mongodb
ln -s /usr/local/mongodb/bin/mongo /usr/local/bin/

cp /etc/firewalld/zones/public.xml /etc/firewalld/zones/public.xml.oldone
cat > /etc/firewalld/zones/public.xml  /etc/systemd/system/mongodb.service > /etc/security/limits.conf
echo "mongodb  hard  nofile  64000" >> /etc/security/limits.conf
echo "mongodb  soft  nproc  32000" >> /etc/security/limits.conf
echo "mongodb  hard  nproc  32000" >> /etc/security/limits.conf

echo "never" > /sys/kernel/mm/transparent_hugepage/enabled
echo "never" > /sys/kernel/mm/transparent_hugepage/defrag
LimitFSIZE=infinity
LimitCPU=infinity
LimitAS=infinity
LimitMEMLOCK=infinity
LimitNOFILE=64000
LimitNPROC=64000

配置文件

10配置

systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/logs/mongod.log

storage:
  dbPath: /data/mongodb/data
  journal:
    enabled: true
  directoryPerDB: true
  wiredTiger:
     engineConfig:
        cacheSizeGB: 8
        directoryForIndexes: true
processManagement:
  fork: true
  pidFilePath: /data/mongodb/pid/mongod.pid

net:
  port: 27020
  bindIp: 0.0.0.0
  #bindIp: 0.0.0.0,mongodb1,localhost # ip and hostname
  maxIncomingConnections: 5000

#security:
#  keyFile: /data/mongodb/conf/keyfile
#  authorization: enabled
replication:
#   oplogSizeMB: 1024
   replSetName: rs0

先注释security字段,没有密码登陆。三台节点防火墙开启27020互通

初始化集群

直接使用mongo连入admin

/usr/local/mongodb/bin/mongo  172.16.100.10:27020  --authenticationDatabase admin

配置仲裁

priority。如果节点配置不一样,根据配置大小调整权重比例

config = { _id:"rs0",
  members:[
    {_id:0,host:"172.16.100.10:27020",priority:90}, 
    {_id:1,host:"172.16.100.11:27020",priority:90}, 
    {_id:2,host:"172.16.100.12:27020",arbiterOnly:true}
    ]
};

或者不配置。节点少,不配置仲裁

config = { _id:"rs0",
  members:[
    {_id:0,host:"172.16.100.10:27020",priority:90}, 
    {_id:1,host:"172.16.100.11:27020",priority:90}, 
    {_id:2,host:"172.16.100.12:27020",priority:90}
    ]
};

配置集群要进入admin

> use admin
switched to db admin
> config = { _id:"rs0",
...   members:[
...     {_id:0,host:"172.16.100.10:27020",priority:90},
...     {_id:1,host:"172.16.100.11:27020",priority:90},
...     {_id:2,host:"172.16.100.12:27020",priority:90}
...     ]
... }
{
    "_id" : "rs0",
    "members" : [
        {
            "_id" : 0,
            "host" : "172.16.100.10:27020",
            "priority" : 90
        },
        {
            "_id" : 1,
            "host" : "172.16.100.11:27020",
            "priority" : 90
        },
        {
            "_id" : 2,
            "host" : "172.16.100.12:27020",
            "priority" : true
        }
    ]
}

使用rs.initiate(config);进行初始化

>  rs.initiate(config);
{ "ok" : 1 }

使用rs.status()查看状态

rs0:SECONDARY> rs.status()
{
    "set" : "rs0",
    "date" : ISODate("2021-05-18T02:37:24.202Z"),
    "myState" : 1,
    "term" : NumberLong(1),
    "syncSourceHost" : "",
    "syncSourceId" : -1,
    "heartbeatIntervalMillis" : NumberLong(2000),
    "majorityVoteCount" : 2,
    "writeMajorityCount" : 2,
    "votingMembersCount" : 3,
    "writableVotingMembersCount" : 2,
    "optimes" : {
        "lastCommittedOpTime" : {
            "ts" : Timestamp(1621305433, 1),
            "t" : NumberLong(1)
        },
        "lastCommittedWallTime" : ISODate("2021-05-18T02:37:13.348Z"),
        "readConcernMajorityOpTime" : {
            "ts" : Timestamp(1621305433, 1),
            "t" : NumberLong(1)
        },
        "readConcernMajorityWallTime" : ISODate("2021-05-18T02:37:13.348Z"),
        "appliedOpTime" : {
            "ts" : Timestamp(1621305433, 1),
            "t" : NumberLong(1)
        },
        "durableOpTime" : {
            "ts" : Timestamp(1621305433, 1),
            "t" : NumberLong(1)
        },
        "lastAppliedWallTime" : ISODate("2021-05-18T02:37:13.348Z"),
        "lastDurableWallTime" : ISODate("2021-05-18T02:37:13.348Z")
    },
    "lastStableRecoveryTimestamp" : Timestamp(1621305431, 3),
    "electionCandidateMetrics" : {
        "lastElectionReason" : "electionTimeout",
        "lastElectionDate" : ISODate("2021-05-18T02:37:11.853Z"),
        "electionTerm" : NumberLong(1),
        "lastCommittedOpTimeAtElection" : {
            "ts" : Timestamp(0, 0),
            "t" : NumberLong(-1)
        },
        "lastSeenOpTimeAtElection" : {
            "ts" : Timestamp(1621305421, 1),
            "t" : NumberLong(-1)
        },
        "numVotesNeeded" : 2,
        "priorityAtElection" : 90,
        "electionTimeoutMillis" : NumberLong(10000),
        "numCatchUpOps" : NumberLong(0),
        "newTermStartDate" : ISODate("2021-05-18T02:37:11.879Z"),
        "wMajorityWriteAvailabilityDate" : ISODate("2021-05-18T02:37:13.328Z")
    },
    "members" : [
        {
            "_id" : 0,
            "name" : "172.16.100.10:27020",
            "health" : 1,
            "state" : 1,
            "stateStr" : "PRIMARY",
            "uptime" : 733,
            "optime" : {
                "ts" : Timestamp(1621305433, 1),
                "t" : NumberLong(1)
            },
            "optimeDate" : ISODate("2021-05-18T02:37:13Z"),
            "syncSourceHost" : "",
            "syncSourceId" : -1,
            "infoMessage" : "",
            "electionTime" : Timestamp(1621305431, 1),
            "electionDate" : ISODate("2021-05-18T02:37:11Z"),
            "configVersion" : 1,
            "configTerm" : 1,
            "self" : true,
            "lastHeartbeatMessage" : ""
        },
        {
            "_id" : 1,
            "name" : "172.16.100.11:27020",
            "health" : 1,
            "state" : 2,
            "stateStr" : "SECONDARY",
            "uptime" : 22,
            "optime" : {
                "ts" : Timestamp(1621305433, 1),
                "t" : NumberLong(1)
            },
            "optimeDurable" : {
                "ts" : Timestamp(1621305433, 1),
                "t" : NumberLong(1)
            },
            "optimeDate" : ISODate("2021-05-18T02:37:13Z"),
            "optimeDurableDate" : ISODate("2021-05-18T02:37:13Z"),
            "lastHeartbeat" : ISODate("2021-05-18T02:37:23.871Z"),
            "lastHeartbeatRecv" : ISODate("2021-05-18T02:37:23.378Z"),
            "pingMs" : NumberLong(0),
            "lastHeartbeatMessage" : "",
            "syncSourceHost" : "172.16.100.10:27020",
            "syncSourceId" : 0,
            "infoMessage" : "",
            "configVersion" : 1,
            "configTerm" : 1
        },
        {
            "_id" : 2,
            "name" : "172.16.100.12:27020",
            "health" : 1,
            "state" : 7,
            "stateStr" : "SECONDARY",
            "uptime" : 22,
            "lastHeartbeat" : ISODate("2021-05-18T02:37:23.872Z"),
            "lastHeartbeatRecv" : ISODate("2021-05-18T02:37:23.876Z"),
            "pingMs" : NumberLong(0),
            "lastHeartbeatMessage" : "",
            "syncSourceHost" : "",
            "syncSourceId" : -1,
            "infoMessage" : "",
            "configVersion" : 1,
            "configTerm" : 1
        }
    ],
    "ok" : 1,
    "$clusterTime" : {
        "clusterTime" : Timestamp(1621305433, 1),
        "signature" : {
            "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
            "keyId" : NumberLong(0)
        }
    },
    "operationTime" : Timestamp(1621305433, 1)
}

授权root用户

创建super man用户

db.createUser({user: "root", pwd: "linuxea.com", roles: [{role: "root", db: "admin"}]});
db.createUser({user: "root", pwd: "linuxea.com", roles: [{role: "dbAdminAnyDatabase", db: "admin"}]});

db.createUser({user: "marksugar", pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU", roles: [{role: "dbAdminAnyDatabase", db: "admin"}]});

创建普通用户

https://www.jianshu.com/p/0a7452d8843d

db.createUser( { user: "marksugar2",pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU",roles: [ { role:"readWrite", db: "marksugar" }] })

db.createUser( { user: "marksugar",pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU",roles: [ { role:"dbAdmin", db: "marksugar" }] })

db.createUser({ user: "marksugar",pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU",roles: [ { role: "dbAdmin", db: "marksugar" }]})
db.createUser({ user: "marksugar",pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU",roles: [ { role: "dbOwner", db: "marksugar" }]})

如下:

修改密码
db.createUser({user: "root", pwd: "linuxea.com", roles: [{role: "root", db: "admin"}]})
执行结果
Successfully added user: {
    "user" : "root",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ]
}

创建完成可以使用如下命令验证授权

mongo -u root -p "linuxea.com"  17.168.0.175:27020/admin
rs0:PRIMARY> db.get
admin.get

mongo -u marksugar -p "TdmMzIyNjRmMjViOTc1MGIwZGU"  17.168.0.175:27020/marksugar
rs0:PRIMARY> db.get
marksugar.get

验证集群

登入:mongo 172.16.100.10:27020/admin

[root@localhost ~]# mongo 172.16.100.10:27020/admin
MongoDB shell version v4.4.6
connecting to: mongodb://172.16.100.10:27020/admin?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("e73613cb-6004-46b0-b229-8356c6ed8cf5") }
MongoDB server version: 4.4.6
---
The server generated these startup warnings when booting:
        2021-05-18T10:25:11.991+08:00: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine. See http://dochub.mongodb.org/core/prodnotes-filesystem
        2021-05-18T10:25:13.535+08:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
        2021-05-18T10:25:13.535+08:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never'
        2021-05-18T10:25:13.535+08:00: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. We suggest setting it to 'never'
        2021-05-18T10:25:13.535+08:00: Soft rlimits too low
        2021-05-18T10:25:13.535+08:00:         currentValue: 1024
        2021-05-18T10:25:13.535+08:00:         recommendedMinimum: 64000
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---

查看库show dbs

rs0:PRIMARY> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB

创建库use yxtops-test

rs0:PRIMARY> use yxtops-test
switched to db yxtops-test

查看db.getName()

rs0:PRIMARY> db.getName()
yxtops-test

插入:db.student.insert([{'name':'mark'},{}])

rs0:PRIMARY> db.student.insert([{'name':'mark'},{}])
BulkWriteResult({
    "writeErrors" : [ ],
    "writeConcernErrors" : [ ],
    "nInserted" : 2,
    "nUpserted" : 0,
    "nMatched" : 0,
    "nModified" : 0,
    "nRemoved" : 0,
    "upserted" : [ ]
})

查询

rs0:PRIMARY> show tables;
student
rs0:PRIMARY> db.student.find()
{ "_id" : ObjectId("60a329d15d32fd9c982ccde1"), "name" : "mark" }
{ "_id" : ObjectId("60a329d15d32fd9c982ccde2") }

验证

登陆其他节点: mongo 172.16.100.11:27020/admin

/usr/local/mongodb/bin/mongo -u root -p 'linuxea.com' 172.16.100.11:27020  --authenticationDatabase admin

打开读

rs0:SECONDARY> rs.slaveOk()

进入其他库验证

rs0:SECONDARY> use yxtops-test
switched to db yxtops-test
rs0:SECONDARY> show tables;
student
rs0:SECONDARY> db.student.find()
{ "_id" : ObjectId("60a329d15d32fd9c982ccde1"), "name" : "mark" }
{ "_id" : ObjectId("60a329d15d32fd9c982ccde2") }

用户认证

集群与集群之间要使用Keyfile。首先创建keyfile。而后复制到其他节点

[root@mongodb1 ~]# cd /data/mongodb/conf/
[root@mongodb1 conf]# openssl rand -base64 756 > keyfile
[root@mongodb1 conf]# chmod 400 keyfile
[root@mongodb1 conf]# pwd
/mydata/data/mongodb/conf
chown mongodb.mongodb keyfile

将内容复制到其他两个节点:

cd /mydata/data/mongodb/conf
for i in 11 12;do scp keyfile 172.16.100.$i:/mydata/data/mongodb/conf/;done
for i in 11 12;do ssh 172.16.100.$i chmod 400 /mydata/data/mongodb/conf/keyfile;done
for i in 11 12;do ssh 172.16.100.$i chown mongodb.mongodb /mydata/data/mongodb/conf/keyfile;done

或者直接把keyfil文件内容粘贴出来复制到其他两个节点

cat > keyfile  db.dropUser("marksugar")
true

登陆

开启认证后登陆:创建操作等,只能在PRIMARY节点操作才可以。通过rs.status()查看

/usr/local/mongodb/bin/mongo -u root -p 'linuxea.com' 172.16.100.10:27020  --authenticationDatabase admin

创建其他库和授权库用户

use marksugar
db.createUser({user: "marksugar",pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU",roles: [ { role: "dbAdmin", db: "marksugar" }]});
db.createUser({user: "marksugar", pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU", roles:  [{role: "dbOwner", db: "marksugar"}]});
db.createUser({ user: "marksugar",pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU",roles: [ { role: "dbAdmin", db: "marksugar" }] })


db.createUser({ user: "marksugar",pwd: "TdmMzIyNjRmMjViOTc1MGIwZGU",roles: [ { role: "dbAdmin", db: "marksugar" }]})

db.createUser({user: "root", pwd: "linuxea.com", roles: [{role: "root", db: "admin"}]});
db.createUser({user: "root", pwd: "linuxea.com", roles: [{role: "dbAdminAnyDatabase", db: "admin"}]});

插入

rs0:PRIMARY> use marksugar
switched to db marksugar
rs0:PRIMARY> db
marksugar
rs0:PRIMARY> db.marksugar.insert({"name":"mark"})
WriteResult({ "nInserted" : 1 })
rs0:PRIMARY> show dbs
admin   0.000GB
config  0.000GB
marksugar     0.000GB
local   0.001GB
rs0:PRIMARY>

登陆marksugar

/usr/local/mongodb/bin/mongo -u marksugar -p "TdmMzIyNjRmMjViOTc1MGIwZGU" 172.16.100.10:27020/marksugar

监控授权

db.grantRolesToUser("root", [{role:"__system", db:"admin"}])
db.grantRolesToUser("root", [{role:"dbAdminAnyDatabase", db:"admin"}]);

如下:

mongo -u root -p "linuxea.com"  172.16.100.10:27020/admin
rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> db.grantRolesToUser("root", [{role:"__system", db:"admin"}])
rs0:PRIMARY> db.grantRolesToUser("root", [{role:"dbAdminAnyDatabase", db:"admin"}]);

副本读

rs.slaveOk()

或者

rs.secondaryOk()

日志清理

logpath日志中存储了日志过程。将会保留7天

#!/bin/bash
IPADDRES=172.16.100.10:27020
DBNAME=admin
USERNAME="USER_NAME"
PASSWORDS="PASSWORD"
LOGPATHS=/var/log/mongodb
LOGDYA=7
# mongodb logpath logfile roll
mongo ${IPADDRES}/${DBNAME} --authenticationDatabase ${DBNAME} -u ${USERNAME} -p "${PASSWORDS}" --eval "db.runCommand({logRotate:1});"
sleep 3s
# logfile delete last 7 days
find ${LOGPATHS}/mongod.log.20* -type f -mtime +${LOGDYA} -delete

# 1 12 * * * /bin/bash /data/script/mongomore.sh

其他参考

mongodb4.4.8复制(副本)集简单配置mongodb

相关文章

Oracle如何使用授予和撤销权限的语法和示例
Awesome Project: 探索 MatrixOrigin 云原生分布式数据库
下载丨66页PDF,云和恩墨技术通讯(2024年7月刊)
社区版oceanbase安装
Oracle 导出CSV工具-sqluldr2
ETL数据集成丨快速将MySQL数据迁移至Doris数据库

发布评论