linuxea:mongodb配置和授权


I. mongodb安装和配置

mongodb下载和安装

1,创建用户和目录

[root@LinuxEA-VM-Node146 ~]#  groupadd -r mongodb
[root@LinuxEA-VM-Node146 ~]#  mkdir /data/mongodb
[root@LinuxEA-VM-Node146 ~]#  useradd -M -r -g mongodb -d /data/mongodb/ -s /bin/false -c mongodb mongodb

2,download mongodb

[root@LinuxEA-VM-Node146 ~]# axel -n 40 https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.0.tgz
[root@LinuxEA-VM-Node146 ~]# tar xf mongodb-linux-x86_64-rhel70-4.0.0.tgz -C /usr/local/

3,创建目录和授权

[root@LinuxEA-VM-Node146 ~]# cd /usr/local/
[root@LinuxEA-VM-Node146 /usr/local]# chown mongodb.mongodb ./mongodb*
[root@LinuxEA-VM-Node146 /usr/local]# ln -s mongodb-linux-x86_64-rhel70-4.0.0 mongodb
[root@LinuxEA-VM-Node146 /usr/local]# export PATH=/usr/local/mongodb/bin:$PATH
[root@LinuxEA-VM-Node146 /usr/local]# mkdir /usr/local/mongodb/{logs,conf} -p
[root@LinuxEA-VM-Node146 ~]# chown mongodb -R /data/mongodb/ /usr/local/mongodb

开始配置

1,配置文件如下,先启动一下

[root@LinuxEA-VM-Node146 /usr/local/mongodb]# cat /usr/local/mongodb/conf/mongodb.conf
systemLog:
 destination: file
###日志存储位置
 path: /usr/local/mongodb/logs/mongodb.log
 logAppend: true
storage:
#journal配置
 journal:
  enabled: true
#数据文件存储位置
 dbPath: /data/mongodb/
#是否一个库一个文件夹
 directoryPerDB: true
#数据引擎
 engine: wiredTiger
#WT引擎配置
 wiredTiger:
  engineConfig:
   cacheSizeGB: 4
   directoryForIndexes: true
  collectionConfig:
   blockCompressor: zlib
  indexConfig:
   prefixCompression: true
net:
 port: 27017
processManagement: 
   fork: true
security:
   authorization: enabled
[root@LinuxEA-VM-Node146 /usr/local/mongodb]# 

2,启动

[root@LinuxEA-VM-Node146 /usr/local/mongodb]# mongod -f /usr/local/mongodb/conf/mongodb.conf
2018-07-04T11:30:07.794+0800 I CONTROL  [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
about to fork child process, waiting until server is ready for connections.
forked process: 9983
child process started successfully, parent exiting

3,并尝试登录

[root@LinuxEA-VM-Node146 /usr/local/mongodb]# mongo
MongoDB shell version v4.0.0
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.0
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
    http://docs.mongodb.org/
Questions? Try the support group
    http://groups.google.com/group/mongodb-user
> 
用户认证

在创建用户之前,先关闭mongodb数据库,其实不关闭也可以

pkill mongo

注释掉配置文件中的用户验证

security:
   authorization: enabled

启动后设置密码,在登录的时候还会提示不安全,如下

  • 报如下提示:
MongoDB shell version v4.0.0
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.0
Server has startup warnings: 
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] 
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] 
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] ** WARNING: This server is bound to localhost.
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] **          Remote systems will be unable to connect to this server. 
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] **          Start the server with --bind_ip <address> to specify which IP 
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] **          addresses it should serve responses from, or with --bind_ip_all to
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] **          bind to all interfaces. If this behavior is desired, start the
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] **          server with --bind_ip 127.0.0.1 to disable this warning.
2018-07-04T13:51:25.079+0800 I CONTROL  [initandlisten] 
---
Enable MongoDB's free cloud-based monitoring service to collect and display
metrics about your deployment (disk utilization, CPU, operation statistics,
etc).

The monitoring data will be available on a MongoDB website with a unique
URL created for you. Anyone you share the URL with will also be able to
view this page. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.

To enable free monitoring, run the following command:
db.enableFreeMonitoring()

1,创建账户和密码
创建root管理员

> db.createUser({"user":"admin","pwd":"admin","roles":["root"]})
Successfully added user: { "user" : "admin", "roles" : [ "root" ] }

创建linuxea用户

> db.createUser({user:"linuxea",pwd:"123456",roles:["readWrite","dbAdmin"]})
Successfully added user: { "user" : "linuxea", "roles" : [ "readWrite", "dbAdmin" ] }

杀掉mongodb,重启生效

[root@LinuxEA-VM-Node146 /usr/local/mongodb]# pkill mongo
[root@LinuxEA-VM-Node146 /usr/local/mongodb]# mongod -f /usr/local/mongodb/conf/mongodb.conf
  • 重启之前要打开认证,也就是
security:
   authorization: enabled
验证登录

1,登录
开启认证后就不会提示警告信息

[root@LinuxEA-VM-Node146 /usr/local/mongodb]# mongo
MongoDB shell version v4.0.0
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.0

2,进入库,如果验证用户密码就会报错

> use linuxea
switched to db linuxea
> db.user.find()
Error: error: {
    "ok" : 0,
    "errmsg" : "command find requires authentication",
    "code" : 13,
    "codeName" : "Unauthorized"
}

2,验证登录

> db.auth("linuxea","123456")
1
> db.user.find()
> 

直接授权方式

进入admin表

> use admin
switched to db admin

授权

>db.createUser({"user":"admin","pwd":"admin","roles":["root"]})

登录

> db.auth("admin","admin")
1

创建用户dashboarduser密码dbpassword,库名dashboarddb

>  db.createUser(
... {
...   user: "dashboarduser",
...   pwd: "dbpassword",
...   roles: [
...   {role: "readWrite", db: "dashboarddb"}
...   ]
... })
Successfully added user: {
    "user" : "dashboarduser",
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "dashboarddb"
        }
    ]
}
> 

登录dashboarddb,用户dashboarduser密码dbpassword

> use dashboarddb
switched to db dashboarddb
>  db.auth("dashboarduser","dbpassword")
1
> show users;
{
    "_id" : "dashboarddb.dashboarduser",
    "user" : "dashboarduser",
    "db" : "dashboarddb",
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "dashboarddb"
        }
    ],
    "mechanisms" : [
        "SCRAM-SHA-1",
        "SCRAM-SHA-256"
    ]
}
> 

登录验证,创建数据

[root@LinuxEA-VM-Node146 /data/mongodb]# mongo
MongoDB shell version v4.0.0
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.0
> use dashboarddb
switched to db dashboarddb
> db.linuxea.insert({"name":1,"age":18})
WriteCommandError({
    "ok" : 0,
    "errmsg" : "command insert requires authentication",
    "code" : 13,
    "codeName" : "Unauthorized"
})
> db.auth("dashboarduser","dbpassword")
1
@(shell):1:20
> db.linuxea.insert({"name":1,"age":18})
WriteResult({ "nInserted" : 1 })
> show dbs;
dashboarddb  0.000GB
> 

快速安装脚本

系统centos7,mongodb版本如本章所示rhel70-4.0.0

curl -Lk https://raw.githubusercontent.com/LinuxEA-Mark/docker-mongodb/master/scripts/install_mongodb.sh|bash

robo3t下载

如果翻墙不了,这里提供下载地址
Robo 3T(以前称为Robomongo)是MongoDB免费轻量级GUI。
仍选择其一即可

https://github.com/LinuxEA-Mark/docker-mongodb/blob/master/robo3t-1.2.1-windows-x86_64-3e50a65.exe
https://github.com/LinuxEA-Mark/docker-mongodb/blob/master/robo3t-1.2.1-windows-x86_64-3e50a65.zip
1 分享

您可以选择一种方式赞助本站

支付宝扫码赞助

支付宝扫码赞助

日期: 2018-07-06分类: MongoDB

标签: mongodb

发表评论