本文介绍在CentOS 7环境下安装MongoDB 3.4.9的过程,包括下载、解压、配置环境变量及服务启动等内容,并提供了安全性配置示例。
目录
环境:
CentOS 7
MongoDB 3.4.9
1、下载MongoDB
首先去MongoDB官网下载MongoDB,地址ttps://www.mongodb.com/download-center#community。
2、解压
# tar -xvf mongodb-linux-x86_64-4.0.6.tar -C /data/
3、重命名
# cd /data
# mv mongodb-linux-x86_64-4.0.6 mongodb_4.0.6
4、进入到目录,创建相应文件夹
# cd mongodb_4.0.6/
# mkdir db
# mkdir logs
5、配置
5.1、进入到bin目录下,编辑mongodb.conf文件,内容如下:
| 1 # 数据目录 2 dbpath=/data/mongodb_4.0.6/db 3 # 日志目录 4 logpath=/data/mongodb_4.0.6/logs/mongodb.log 5 # 端口号 6 port=27017 7 # 设置后台运行 8 fork=true 9 # 日志输出方式 10 logappend = true 11 # 开启认证 12 # auth = true 13 # nohttpinterface=true |
5.2、做完这一切之后,我们就可以启动MongoDB了,还是在bin目录下:
# ./mongod --config /data/mongodb_4.0.6/bin/mongodb.conf
| # ./mongod --config /data/mongodb_4.0.6/bin/mongodb.conf about to fork child process, waiting until server is ready for connections. forked process: 48355 child process started successfully, parent exiting |
5.3、然后执行mongo命令表示表示进入到MongDB的控制台,进入到控制台之后,我们输入db.version()命令,如果能显示出当前MongoDB的版本号,说明安装成功了。如下:
| # ./mongo MongoDB shell version v4.0.6 connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb Implicit session: session { "id" : UUID("1f93fc98-315e-4773-9a66-1e1422d6da9a") } MongoDB server version: 4.0.6 Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see Questions? Try the support group http://groups.google.com/group/mongodb-user Server has startup warnings: 2019-03-08T19:58:15.570+0800 I STORAGE [initandlisten] 2019-03-08T19:58:15.570+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 2019-03-08T19:58:15.570+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** WARNING: This server is bound to localhost. 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** Remote systems will be unable to connect to this server. 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** Start the server with --bind_ip <address> to specify which IP 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** addresses it should serve responses from, or with --bind_ip_all to 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** bind to all interfaces. If this behavior is desired, start the 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] ** server with --bind_ip 127.0.0.1 to disable this warning. 2019-03-08T19:58:16.375+0800 I CONTROL [initandlisten] 2019-03-08T19:58:16.376+0800 I CONTROL [initandlisten] 2019-03-08T19:58:16.376+0800 I CONTROL [initandlisten] ** WARNING: You are running on a NUMA machine. 2019-03-08T19:58:16.376+0800 I CONTROL [initandlisten] ** We suggest launching mongod like this to avoid performance problems: 2019-03-08T19:58:16.376+0800 I CONTROL [initandlisten] ** numactl --interleave=all mongod [other options] 2019-03-08T19:58:16.376+0800 I CONTROL [initandlisten] 2019-03-08T19:58:16.376+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2019-03-08T19:58:16.376+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2019-03-08T19:58:16.377+0800 I CONTROL [initandlisten] 2019-03-08T19:58:16.377+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2019-03-08T19:58:16.377+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2019-03-08T19:58:16.377+0800 I CONTROL [initandlisten] > db.version() 4.0.6 > show dbs > |
5.4、默认情况下,连接地址是127.0.0.1:27017,连接的数据库是test数据库,我们也可以手动指定连接地址和连接的数据库:
# ./mongo 127.0.0.1:27017/admin
6、配置开机启动
我们也可以配置开机启动,编辑/etc/rc.d/rc.local文件,如下:
| # cat /etc/rc.d/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff.
touch /var/lock/subsys/local /home/falcon/agent/control restart [root@syq-snakenx-02 mongodb_4.0.6]# vim /etc/rc.d/rc.local [root@syq-snakenx-02 mongodb_4.0.6]# cat /etc/rc.d/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff.
touch /var/lock/subsys/local /home/falcon/agent/control restart /data/mongodb_4.0.6/bin/mongod --config /data/mongodb_4.0.6/bin/mongodb.conf |
7、配置环境变量
每次都要进入到安装目录中去输入命令,麻烦,我们直接配置环境变量即可,编辑当前用户目录下的.bash_profile文件,如下:
# vim ~/.bash_profile
export MONGODB_HOME=/data/mongodb_4.0.6/bin
export PATH=$PATH:$MONGODB_HOME
# source ~/.bash_profile
8、关闭MongoDB服务
使用db.shutdownServer();命令可以关闭到MongoDB服务,但是这个命令的执行要在admin数据库下,所以先切换到admin,再关闭服务,完整运行过程如下:
| > use admin # 先切换到admin switched to db admin > db.shutdownServer(); # 关闭服务 server should be down... 2019-03-08T20:20:42.225+0800 I NETWORK [js] trying reconnect to 127.0.0.1:27017 failed 2019-03-08T20:20:42.225+0800 I NETWORK [js] reconnect 127.0.0.1:27017 failed failed > exit # 退出控制台 bye 2019-03-08T20:20:47.074+0800 I NETWORK [js] trying reconnect to 127.0.0.1:27017 failed 2019-03-08T20:20:47.074+0800 I NETWORK [js] reconnect 127.0.0.1:27017 failed failed 2019-03-08T20:20:47.075+0800 I QUERY [js] Failed to end session { id: UUID("842f2437-a0bd-49fa-9898-fc4a5c1b88e0") } due to SocketException: socket exception [CONNECT_ERROR] server [couldn't connect to server 127.0.0.1:27017, connection attempt failed: SocketException: Error connecting to 127.0.0.1:27017 :: caused by :: Connection refused] # ./mongo # 再次登录就会抛错,需要/data/mongodb_4.0.6/bin/mongod --config /data/mongodb_4.0.6/bin/mongodb.conf重启服务 MongoDB shell version v4.0.6 connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb 2019-03-08T20:20:54.814+0800 E QUERY [js] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed: SocketException: Error connecting to 127.0.0.1:27017 :: caused by :: Connection refused : connect@src/mongo/shell/mongo.js:343:13 @(connect):1:6 exception: connect failed |
9、安全管理
上面我们所做的所有的操作都没有涉及到用户,我们在用Oracle、MySQL或者MSSQL时都有用户名密码需要登录才可以操作,MongoDB中当然也有,但是需要我们手动添加。在添加之前,我们先来说说MongoDB中用户管理的几个特点:
9.1、MongoDB中的账号是在某一个库里边进行设置的,我们在哪一个库里边进行设置,就要在哪一个库里边进行验证。
9.2、创建用户时,我们需要指定用户名、用户密码和用户角色,用户角色表示了该用户的权限。
9.3、假设我给admin数据库创建一个用户,方式如下:
| > use admin switched to db admin > db.createUser({user:"root",pwd:"wf123",roles:[{role:"userAdminAnyDatabase",db:"admin"}]}) Successfully added user: { "user" : "root", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] } > |
9.4、user表示用户名,pwd表示密码,role表示角色,db表示这个用户应用在哪个数据库上。用户的角色,有如下几种(参考资料):
| 角色名 | 备注 |
|---|---|
| Read | 允许用户读取指定数据库 |
| readWrite | 允许用户读写指定数据库 |
| dbAdmin | 允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile |
| userAdmin | 允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户 |
| clusterAdmin | 只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。 |
| readAnyDatabase | 只在admin数据库中可用,赋予用户所有数据库的读权限 |
| readWriteAnyDatabase | 只在admin数据库中可用,赋予用户所有数据库的读写权限 |
| userAdminAnyDatabase | 只在admin数据库中可用,赋予用户所有数据库的userAdmin权限 |
| dbAdminAnyDatabase | 只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。 |
| root | 只在admin数据库中可用。超级账号,超级权限 |
9.5、用户创建成功之后,我们关闭掉当前MongoDB服务实例,然后重新启动新的实例。启动成功之后,如果我们直接执行如下命令,会提示没有权限,此时我们需要先进入到admin数据库中,然后授权,auth方法执行结果返回1表示认证成功。然后再去执行show dbs就可以看到预期结果了。
| > show dbs; > use admin switched to db admin > db.auth("root","wf123") 1 > show dbs admin 0.000GB config 0.000GB local 0.000GB > |
扫一扫
1509
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
