Deploy Sharded Cluster with Keyfile Access Control
mkdir -p /configdb/{conf,data,log}openssl rand -base64 756 > /db/conf/keyfile chmod 400 /db/conf/keyfile生成后复制到所有节点,集群中所有节点使用同一个keyfile
storage: dbPath: "/configdb/data" journal: enabled: true systemLog: destination: file path: "/configdb/log/mongod.log" logAppend: true processManagement: fork: true net: bindIp: 192.168.3.103,127.0.0.1 port: 27020 security: keyFile: "/configdb/conf/keyfile" sharding: clusterRole: configsvr replication: replSetName: "config"mongod -f /configdb/conf/mongod.conf当前还没有用户被创建,只能通过localhost接口连接到 mongo shell,第一个用户被创建后,localhost接口关闭。
rs.initiate( { _id: "config", configsvr: true, members: [ { _id : 0, host : "192.168.3.103:27020" }, { _id : 1, host : "192.168.3.104:27020" }, { _id : 2, host : "192.168.3.105:27020" } ] } )mkdir -p /sharddb/{conf,data,log}集群中所有节点使用同一个keyfile, 使用上面的keyfile文件
storage: dbPath: "/sharddb/data" engine: wiredTiger wiredTiger: engineConfig: cacheSizeGB: 4 indexConfig: prefixCompression: true journal: enabled: true systemLog: destination: file path: "/sharddb/log/mongod.log" logAppend: true processManagement: fork: true net: bindIp: 192.168.3.103,127.0.0.1 port: 27018 security: keyFile: "/sharddb/conf/keyfile" replication: oplogSizeMB: 5000 replSetName: "rs1" sharding: clusterRole: shardsvr各mongod实例按实际情况修改以上参数
mongod -f /sharddb/conf/mongod.conf当前还没有用户被创建,只能通过localhost接口连接到 mongo shell,第一个用户被创建后,localhost接口关闭。
rs.initiate( { _id : "rs1", members: [ { _id : 0, host : "192.168.3.103:27018" }, { _id : 1, host : "192.168.3.104:27018" }, { _id : 2, host : "192.168.3.105:27018" } ] } )- 第一个用户创建完成后,localhost exception就不可用了,所以第一个用户(例如:userAdminAnyDatabase)必须具有创建用户的权限
- 必须在主节点上创建用户
use admin db.createUser( { user: "admin", pwd: "R00t@123", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )集群管理员用户可以修改复制集配置
use admin db.createUser( { user: 'cluster_admin', pwd: 'R00t@123', roles: [ {role: 'clusterAdmin', db: 'admin'} ] } )mkdir -p /mongos/{conf,data,log}集群中所有节点使用同一个keyfile, 使用上面的keyfile文件
systemLog: destination: file path: "/mongos/log/mongos.log" logAppend: true processManagement: fork: true net: bindIp: 192.168.3.103,127.0.0.1 port: 27019 security: keyFile: "/mongos/conf/keyfile" sharding: configDB: config/192.168.3.103:27020, 192.168.3.104:27020, 192.168.3.105:27020mongos -f /mongos/conf/mongos.conf当前还没有用户被创建,只能通过localhost接口连接到 mongo shell,第一个用户被创建后,localhost接口关闭。
use admin db.createUser( { user: "admin", pwd: "R00t@123", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )use admin db.createUser( { user: 'cluster_admin', pwd: 'R00t@123', roles: [ {role: 'clusterAdmin', db: 'admin'} ] } )以下操作必须用集群管理员操作
sh.addShard('rs1/192.168.3.103:27018')sh.enableSharding('test')sh.shardCollection("<database>.<collection>", { <key> : <direction> } )片键必须是索引,如果集合是空的,会自动建索引
转载请标明出处:使用keyfile部署分片集群
文章来源: 使用keyfile部署分片集群