mongodb certification (5)

My name He Zhang, greedy lust. A qualified LINUX operation and maintenance engineers, focusing on LINUX study and research, was responsible for the website operation and maintenance of a medium-sized enterprises, loving Buddhist and running.
Personal blog: Chuan Songzhen
author micro letter: zhanghe15069028807, You Are the One.

mongodb certification

Single Instance certification

systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/27017/mongodb.log
storage:
  dbPath: /data/mongodb/27017/
  journal:
    enabled: true
processManagement:
  fork: true
net:
  port: 27017
  bindIp: 127.0.0.1
security:                      #这里有一个安全认证，启动
  authorization: enabled

//启动之后是无法使用insert，因为没有认证
//创建用户名和密码
use admin
db.createUser({
  user: "zhanghe",
  pwd: "cba-123",
  roles: [ { role: "root", db: "admin"}]    #这里的root和admin的意思仅代表最高权限而已。
})


//想要插入，要先认证，认证的方法如下：
use admin
db.auth('zhanghe', 'cba-123')

//在终端登录的时候可以这样认证：
mongo -uzhanghe -pcba-123 --authenticationDatabase admin

Replica set Certification

Certified copies set to open

1. First replica set of data synchronization using a key, and then set up after the completion of the replica set used for creating a user authentication

2. openssl rand -base64 756 > /data/mongodb/zhanghe.key

3. chmod 700 /data/mongodb/zhanghe.key

When synchronized using a key, we use, that is, when the user authentication or do you want to create user authentication

All servers must have the key, otherwise it can not be synchronized

Mongodb副本集配置文件mongodb.conf
systemLog:
  destination: file
  logAppend: true
  path: /data/mongodb/27017/mongodb.log
storage:
  dbPath: /data/mongodb/27017/
  journal:
    enabled: true
processManagement:
  fork: true
net:
  port: 27017
  bindIp: 127.0.0.1
replication:
 replSetName: zhanghe
security:
  keyFile: /data/mongodb/zhanghe.key
  authorization: enabled


//启动三个Mongodb服务器
mongod -f /data/mongodb/27017/mongodb.conf
mongod -f /data/mongodb/27018/mongodb.conf
mongod -f /data/mongodb/27019/mongodb.conf

Replica set initialization :

use admin
config = { _id:"zhanghe", members:[
  {_id:0,host:"127.0.0.1:27017"},
  {_id:1,host:"127.0.0.1:27018"},
  {_id:2,host:"127.0.0.1:27019"}]
}
rs.initiate( config )
rs.status()

Replica set authentication settings, log on to the primary, run the following command to create a user :

use admin
db.createUser({
  user: "zhanghe",
  pwd: "cba-123",
  roles: [ { role: "root", db: "admin"}]
})

Test data synchronization replica set :

use zhanghe
db.user.insert({ name: "zhanghe" })
rs.slaveOk()
rs.printSlaveReplicationInfo()

Fragmentation cluster certification

important point:

router configuration does not require authentication was configured keyFile
configsvr need to configure authentication
sharedsvr need to configure authentication

Skip the process, please see the blog post, not repeat them here ......