MongoDB docker集群配置
拉取镜像
docker pull mongo:4.0.28
三台主机:主节点、备节点、仲裁节点
各个主机下,创建配置目录:
mkdir -p /root/mongodb/config
cd /root/mongodb/config
在每台主机的config
目录下,添加 mongod.conf
配置文件:
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
#storage:
# dbPath: /data/db
# engine:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /data/log/mongo.log
# network interfaces
#net:
# port: 27017
# bindIp: 127.0.0.1
# how the process runs
#processManagement:
# timeZoneInfo: /usr/share/zoneinfo
#security:
# keyFile: /data/db/mongo.key
# authorization: enabled
#operationProfiling:
# 配副本集名
replication:
replSetName: "rs0"
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
创建 run_mongo_cluster_node1.sh
脚本:
docker run --name mongo1 \
-h mongo1 \
-v /root/mongodb/db:/data/db \
-v /root/mongodb/log:/data/log \
-v /root/mongodb/config:/etc/mongo \
-p 0.0.0.0:27017:27017 \
--restart=always \
-d mongo:4.0.28 \
--config /etc/mongo/mongod.conf
创建 vim run_mongo_cluster_node2.sh
脚本:
docker run --name mongo2 \
-h mongo2 \
-v /root/mongodb/db:/data/db \
-v /root/mongodb/log:/data/log \
-v /root/mongodb/config:/etc/mongo \
-p 0.0.0.0:27017:27017 \
--restart=always \
-d mongo:4.0.28 \
--config /etc/mongo/mongod.conf
创建 vim run_mongo_cluster_node3.sh
脚本:
docker run --name mongo3 \
-h mongo3 \
-v /root/mongodb/db:/data/db \
-v /root/mongodb/log:/data/log \
-v /root/mongodb/config:/etc/mongo \
-p 0.0.0.0:27017:27017 \
--restart=always \
-d mongo:4.0.28 \
--config /etc/mongo/mongod.conf
5. 启动三个节点容器
sh run_mongo_cluster_node1.sh
sh run_mongo_cluster_node2.sh
sh run_mongo_cluster_node3.sh
启动后查看日志可发现,日志提示副本集模式还没有配置集群,状态不可用
配置集群
随便进入一个节点,这里进入节点1
docker exec -it mongo_node1 mongo
把这个配置粘贴上,回车之后显示OK就可以了。
rs.initiate({
_id: "rs0",
members: [
{_id: 0, host: "172.29.69.8:27017"},
{_id: 1, host: "172.29.69.9:27017"},
{_id: 2, host: "172.29.69.10:27017", arbiterOnly: true}
] })
_id: "rs0"副本集名要和配置文件中的一致。arbiterOnly: true这个是仲裁节点,建议把最后一个节点作为仲裁节点,因为第一个节点作为仲裁会报个错。通常第一个节点是主节点。
这个时候已经可以使用mongo集群了,但是没有认证,不安全。
开启认证
切到admin
库
use admin
创建用户,用户名root,密码12345678,权限root,所属库admin
db.createUser({user:"root",pwd:"12345678",roles:[{role:'root',db:'admin'}]})
生成 mongo.key
签名文件
cd /root/mongodb/config
openssl rand -base64 756 > mongo.key
修改文件权限:
sudo chmod 777 mongo.key
复制 mongo.key
文件到镜像中。3台机器都需要操作
sudo docker cp /root/mongodb/config/mongo.key mongo1:/tmp/mongo.key
sudo docker cp /root/mongodb/config/mongo.key mongo2:/tmp/mongo.key
sudo docker cp /root/mongodb/config/mongo.key mongo3:/tmp/mongo.key
进入 mongo1
镜像:
docker exec -it -u mongodb mongo1 /bin/bash
修改认证所属的用户和权限:
mv /tmp/mongo.key /data/db/
chown mongodb:mongodb /data/db/mongo.key
chmod 400 /data/db/mongo.key
退出窗口,关闭镜像
docker stop mongo1
docker stop mongo2
docker stop mongo3
修改 mongod.conf
配置文件,打开 security
注释:
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
#storage:
# dbPath: /data/db
# engine:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /data/log/mongo.log
# network interfaces
#net:
# port: 27017
# bindIp: 127.0.0.1
# how the process runs
#processManagement:
# timeZoneInfo: /usr/share/zoneinfo
security:
keyFile: /data/db/mongo.key
authorization: enabled
#operationProfiling:
# 配副本集名
replication:
replSetName: "rs0"
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
所有机器的配置文件都需要打开注释
开启所有镜像:
docker start mongo1
docker start mongo2
docker start mongo3
到此,认证开启完毕,集群可以使用了
mongodb操作
修改 root
账号密码:
use admin
db.updateUser(
"root",
{
pwd : "1234567890",
roles : [ { role: "root", db: "admin" } ]
}
)
认证账号:
use admin
db.auth("root","1234567890")
命令行登录mongodb
:
mongo -u root -p 1234567890
显示所有数据库:
show databases
显示数据库中所有文档:
show collections
插入数据:
db.foods.insert({"name":"西红柿"})
查看数据:
use test
db.foods.find()
删除现有用户:
db.dropUser("root")
删除集合:
db.foods.drop()