基础环境

• CentOS 7
• MongoDB 4.4.13

MongoDB分副本集架构

• PSS1主2从（推荐）

• PSA1主1从1仲裁（不推荐）

创建目录

sudo mkdir -p \
/var/mongo/replica/rs0/data \
/var/mongo/replica/rs0/logs \
/var/mongo/replica/rs0/etc

下载MongoDB

wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.4.13.tgz -P /var/mongo && \
tar -xvf /var/mongo/mongodb-linux-x86_64-rhel70-4.4.13.tgz -C /var/mongo && \
mv /var/mongo/mongodb-linux-x86_64-rhel70-4.4.13 /var/mongo/mongodb

创建replica节点

vi /var/mongo/replica/rs0/etc/mongod.conf

/var/mongo/replica/rs0/etc/mongod.conf

processManagement:
    # 启用在后台运行或进程的守护程序模式
    fork: true
systemLog:
    # 日志输出类型，file或syslog
    destination: file
    # 日志目录
    path: /var/mongo/shard_cluster/shard1/logs/mongodb.log
    # 重启将新日志附加到现有日志文件的末尾
    logAppend: true
storage:
    # 指定数据存放的路径
    dbPath: /var/mongo/replica/rs/data/
    journal:
        # 启用或禁用持久性日志以确保数据文件保持有效和可恢复。此选项仅在指定dbPath设置时适用
        enabled: true
replication:  
    # 副本集的名称
    replSetName: rs0
net:
    # 设置mongod监听端口
    port: 27017
    bindIpAll: true
#security:
#    keyFile: /var/mongo/shard_cluster/shard1/keys/key.file
#    authorization: enabled

配置副本集

/var/mongo/mongodb/bin/mongo --port 27017

rs.initiate(
  {
    _id: "rs0",
    members: [
      { _id : 0, host : "<IP>:27017" },
      { _id : 1, host : "<IP>:27017" },
      { _id : 2, host : "<IP>:27017" }
    ]
  }
)

添加系统服务

shard

sudo vi /etc/systemd/system/mongo-rs0.service

[Unit]
Description=mongodb rs0 service
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStart=/var/mongo/mongodb/bin/mongod -f /var/mongo/replica/rs0/etc/mongod.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/var/mongo/mongodb/bin/mongod --shutdown -f /var/mongo/replica/rs/etc/mongod.conf
PrivateTmp=true
RestartSec=1
Restart=always
StartLimitIntervalSec=0

[Install]
WantedBy=multi-user.target

添加认证

生产建议开启权限认证

1. 生成密钥文件

openssl rand -base64 745 > /var/mongo/shard_cluster/shard1/keys/key.file
sudo chmod 600 /var/mongo/shard_cluster/shard1/keys/key.file
复制代码

复制key.file到所有节点，保持集群内一致

2. 配置文件中开启认证

security:
    keyFile: /var/mongo/shard_cluster/shard1/keys/key.file
    authorization: enabled
复制代码

3）添加管理员用户

use admin
db.createUser({user: "admin", pwd: "admin", roles: [{role: "root", db: "admin"}]});