CentOS 8.2上安装部署MongoDB 4.4
<p></p><div class="toc"><div class="toc-container-header">目录</div><ul><li>什么是MongoDB?:</li><li>环境规格:</li><li>CentOS 8中安装MongoDB Yum存储库:</li><li>CentOS 8中为MongoDB设置资源限制:</li><li>在CentOS 8上安装MongoDB数据库:</li><li>CentOS 8上为MongoDB创建SELinux策略:</li><li>MongoDB中创建管理员用户:</li><li>MongoDB服务器中启用访问控制:</li><li>配置MongoDB服务以进行网络访问:</li><li>MongoDB数据和日志目录:</li><li>广告时间:</li><li>结论:</li></ul></div><p></p><p> <img src="https://img2020.cnblogs.com/blog/2183860/202012/2183860-20201218235425690-216411019.png" alt="" loading="lazy"></p>
<p><strong>MongoDB</strong>是一个面向文档的开源NoSQL数据库管理系统。在本文中,您将学习如何在CentOS 8服务器上安装MongoDB。</p>
<h2 id="什么是mongodb">什么是MongoDB?:</h2>
<hr>
<p>MongoDB是一个开源,跨平台,面向文档的数据库管理系统。<strong>MongoDB</strong>是NoSQL(不仅是SQL)数据库软件。MongoDB使用带有模式的文档之类的<strong>JSON(JavaScript对象表示法)</strong>。MongoDB由<strong>MongoDB Inc</strong>开发,并根据<strong>SSPL(服务器端公共许可证)进行</strong>分发。</p>
<p>虽然,我们在CentOS 8上安装了MongoDB 4.2,但是相同的过程将适用于CentOS 7,RHEL 7,RHEL 8和类似的发行版。</p>
<h2 id="环境规格">环境规格:</h2>
<hr>
<ul>
<li><strong>CPU</strong> :3.4 GHz(2核)</li>
<li><strong>内存</strong>:2 GB</li>
<li><strong>储存空间</strong>:20 GB</li>
<li><strong>作业系统</strong>:CentOS 8.2</li>
<li><strong>主机名</strong>:mongodb.lianglab.cn</li>
<li><strong>IP地址</strong>:192.168.6.160/24</li>
<li><strong>软件版本</strong>:MongoDB 4.4</li>
</ul>
<h2 id="centos-8中安装mongodb-yum存储库">CentOS 8中安装MongoDB Yum存储库:</h2>
<hr>
<p>我们可以从MongoDB下载页面下载所需的安装包。</p>
<p>这里是可以直接下载,我们需要的rpm包https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-server-4.4.2-1.el8.x86_64.rpm</p>
<p>在这里,您可以选择所需的MongoDB版本以及目标操作系统,该网站将为您提供指向相应安装软件包的下载链接。然后,您可以使用<strong>dnf</strong>命令下载该<strong>RPM</strong>软件包并将其安装在CentOS 8服务器上。</p>
<p><img src="https://img2020.cnblogs.com/blog/2183860/202012/2183860-20201218235516581-719007679.png" alt="" loading="lazy"></p>
<p>但是,有更好的方法在CentOS 8服务器上安装MongoDB,即在CentOS 8中安装MongoDB官方yum存储库,然后使用<strong>dnf</strong>命令安装MongoDB ,并且在本安装指南中使用相同的方法。</p>
<p>通过使用<strong></strong>以<strong>root</strong>用户身份与<strong>mongodb-01.centlinux.com</strong>连接。</p>
<p>在<strong>/etc/yum.repo.d</strong>目录中创建一个回购文件,以在CentOS 8服务器中安装MongoDB yum存储库。</p>
<pre><code class="language-shell"># hostnamectl set-hostname mongodb.lianglab.cn
# vi /etc/yum.repos.d/mongodb-org-4.4.repo
</code></pre>
<p>并在此文件中添加以下配置。</p>
<pre><code class="language-shell">
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
</code></pre>
<p>为<strong>MongoDB</strong> yum存储库构建缓存。</p>
<pre><code class="language-shell"># dnf clean all
39 files removed
# dnf makecache
CentOS-8 - Base - mirrors.tongdun.cn 45 MB/s | 2.2 MB 00:00
CentOS-8 - Extras - mirrors.tongdun.cn 482 kB/s | 8.6 kB 00:00
CentOS-8 - AppStream - mirrors.tongdun.cn 56 MB/s | 5.8 MB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 66 MB/s | 8.4 MB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 - Debug 54 MB/s | 3.6 MB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 - Source 43 MB/s | 1.8 MB 00:00
MongoDB Repository 9.5 kB/s |12 kB 00:01
Metadata cache created.
# dnf repolist
repo id repo name
AppStream CentOS-8 - AppStream - mirrors.tongdun.cn
base CentOS-8 - Base - mirrors.tongdun.cn
epel Extra Packages for Enterprise Linux 8 - x86_64
epel-debuginfo Extra Packages for Enterprise Linux 8 - x86_64 - Debug
epel-source Extra Packages for Enterprise Linux 8 - x86_64 - Source
extras CentOS-8 - Extras - mirrors.tongdun.cn
mongodb-org-4.4 MongoDB Repository
#
</code></pre>
<p>我们已经在CentOS 8服务器中安装了MongoDB yum存储库。</p>
<h2 id="centos-8中为mongodb设置资源限制">CentOS 8中为MongoDB设置资源限制:</h2>
<p>我们需要根据MongoDB软件的要求在CentOS 8服务器中设置资源限制。</p>
<p>为此,请为MongoDB创建资源限制配置文件,如下所示。</p>
<pre><code># vi /etc/security/limits.d/mongod.conf
</code></pre>
<p>并在其中添加以下资源限制。</p>
<pre><code class="language-shell">mongod soft nproc 64000
mongod hard nproc 64000
mongod soft nofile 64000
mongod hard nofile 64000
</code></pre>
<h2 id="在centos-8上安装mongodb数据库">在CentOS 8上安装MongoDB数据库:</h2>
<p>我们可以从新添加的yum存储库在CentOS 8服务器上安装MongoDB。</p>
<p>我们正在使用以下<strong>dnf</strong>命令安装MongoDB服务器的最新稳定版本。</p>
<pre><code class="language-shell"># dnf list -y mongodb-org
Last metadata expiration check: 0:02:10 ago on Fri 18 Dec 2020 11:12:48 PM CST.
Available Packages
mongodb-org.x86_64 4.4.2-1.el8 mongodb-org-4.4
# dnf install -y mongodb-org
Last metadata expiration check: 0:02:50 ago on Fri 18 Dec 2020 11:12:48 PM CST.
Dependencies resolved.
========================================================================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================================================================
Installing:
mongodb-org x86_64 4.4.2-1.el8 mongodb-org-4.4 10 k
Installing dependencies:
mongodb-database-tools x86_64 100.2.1-1 mongodb-org-4.4 55 M
mongodb-org-database-tools-extra x86_64 4.4.2-1.el8 mongodb-org-4.4 20 k
mongodb-org-mongos x86_64 4.4.2-1.el8 mongodb-org-4.4 22 M
mongodb-org-server x86_64 4.4.2-1.el8 mongodb-org-4.4 28 M
mongodb-org-shell x86_64 4.4.2-1.el8 mongodb-org-4.4 18 M
mongodb-org-tools x86_64 4.4.2-1.el8 mongodb-org-4.4 10 k
python2 x86_64 2.7.17-1.module_el8.2.0+381+9a5b3c3b AppStream 108 k
python2-libs x86_64 2.7.17-1.module_el8.2.0+381+9a5b3c3b AppStream 6.0 M
python2-pip-wheel noarch 9.0.3-16.module_el8.2.0+381+9a5b3c3b AppStream 1.2 M
python2-setuptools-wheel noarch 39.0.1-11.module_el8.2.0+381+9a5b3c3b AppStream 289 k
Installing weak dependencies:
python2-pip noarch 9.0.3-16.module_el8.2.0+381+9a5b3c3b AppStream 1.9 M
python2-setuptools noarch 39.0.1-11.module_el8.2.0+381+9a5b3c3b AppStream 643 k
Enabling module streams:
python27 2.7
Transaction Summary
========================================================================================================================================================================
Install13 Packages
Total download size: 133 M
Installed size: 421 M
Downloading Packages:
(1/13): python2-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64.rpm 6.0 MB/s | 108 kB 00:00
(2/13): python2-pip-wheel-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch.rpm 26 MB/s | 1.2 MB 00:00
(3/13): python2-pip-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch.rpm 21 MB/s | 1.9 MB 00:00
(4/13): python2-setuptools-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch.rpm 15 MB/s | 643 kB 00:00
(5/13): python2-setuptools-wheel-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch.rpm 15 MB/s | 289 kB 00:00
(6/13): python2-libs-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64.rpm 37 MB/s | 6.0 MB 00:00
(7/13): mongodb-org-database-tools-extra-4.4.2-1.el8.x86_64.rpm 35 kB/s |20 kB 00:00
(8/13): mongodb-org-4.4.2-1.el8.x86_64.rpm 11 kB/s |10 kB 00:00
(9/13): mongodb-org-mongos-4.4.2-1.el8.x86_64.rpm 3.4 MB/s |22 MB 00:06
(10/13): mongodb-org-server-4.4.2-1.el8.x86_64.rpm 3.6 MB/s |28 MB 00:07
(11/13): mongodb-org-tools-4.4.2-1.el8.x86_64.rpm 35 kB/s |10 kB 00:00
(12/13): mongodb-org-shell-4.4.2-1.el8.x86_64.rpm 3.9 MB/s |18 MB 00:04
(13/13): mongodb-database-tools-100.2.1.x86_64.rpm 3.9 MB/s |55 MB 00:14
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 9.2 MB/s | 133 MB 00:14
warning: /var/cache/dnf/mongodb-org-4.4-cef71e585db45e10/packages/mongodb-database-tools-100.2.1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 90cfb1f5: NOKEY
MongoDB Repository 885B/s | 1.6 kB 00:01
Importing GPG key 0x90CFB1F5:
Userid : "MongoDB 4.4 Release Signing Key <packaging@mongodb.com>"
Fingerprint: 2069 1EEC 3521 6C63 CAF6 6CE1 6564 08E3 90CF B1F5
From : https://www.mongodb.org/static/pgp/server-4.4.asc
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mongodb-org-shell-4.4.2-1.el8.x86_64 1/13
Installing : mongodb-org-mongos-4.4.2-1.el8.x86_64 2/13
Installing : mongodb-org-database-tools-extra-4.4.2-1.el8.x86_64 3/13
Running scriptlet: mongodb-database-tools-100.2.1-1.x86_64 4/13
Installing : mongodb-database-tools-100.2.1-1.x86_64 4/13
Running scriptlet: mongodb-database-tools-100.2.1-1.x86_64 4/13
Installing : mongodb-org-tools-4.4.2-1.el8.x86_64 5/13
Installing : python2-setuptools-wheel-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch 6/13
Installing : python2-pip-wheel-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch 7/13
Installing : python2-libs-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64 8/13
Installing : python2-pip-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch 9/13
Installing : python2-setuptools-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch 10/13
Installing : python2-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64 11/13
Running scriptlet: python2-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64 11/13
Running scriptlet: mongodb-org-server-4.4.2-1.el8.x86_64 12/13
Installing : mongodb-org-server-4.4.2-1.el8.x86_64 12/13
Running scriptlet: mongodb-org-server-4.4.2-1.el8.x86_64 12/13
Created symlink /etc/systemd/system/multi-user.target.wants/mongod.service → /usr/lib/systemd/system/mongod.service.
Installing : mongodb-org-4.4.2-1.el8.x86_64 13/13
Running scriptlet: mongodb-org-4.4.2-1.el8.x86_64 13/13
Verifying : python2-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64 1/13
Verifying : python2-libs-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64 2/13
Verifying : python2-pip-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch 3/13
Verifying : python2-pip-wheel-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch 4/13
Verifying : python2-setuptools-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch 5/13
Verifying : python2-setuptools-wheel-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch 6/13
Verifying : mongodb-database-tools-100.2.1-1.x86_64 7/13
Verifying : mongodb-org-4.4.2-1.el8.x86_64 8/13
Verifying : mongodb-org-database-tools-extra-4.4.2-1.el8.x86_64 9/13
Verifying : mongodb-org-mongos-4.4.2-1.el8.x86_64 10/13
Verifying : mongodb-org-server-4.4.2-1.el8.x86_64 11/13
Verifying : mongodb-org-shell-4.4.2-1.el8.x86_64 12/13
Verifying : mongodb-org-tools-4.4.2-1.el8.x86_64 13/13
Installed products updated.
Installed:
mongodb-database-tools-100.2.1-1.x86_64 mongodb-org-4.4.2-1.el8.x86_64
mongodb-org-database-tools-extra-4.4.2-1.el8.x86_64 mongodb-org-mongos-4.4.2-1.el8.x86_64
mongodb-org-server-4.4.2-1.el8.x86_64 mongodb-org-shell-4.4.2-1.el8.x86_64
mongodb-org-tools-4.4.2-1.el8.x86_64 python2-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64
python2-libs-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64 python2-pip-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch
python2-pip-wheel-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch python2-setuptools-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch
python2-setuptools-wheel-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch
Complete!
</code></pre>
<p>启用并启动<strong>MongoDB</strong>数据库服务。</p>
<pre><code class="language-shell"># systemctl enable --now mongod.service
#
</code></pre>
<p>成功启动后,检查<strong>MongoDB</strong>的服务状态和端口监听信息</p>
<pre><code class="language-shell"># systemctl status mongod.service
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2020-12-18 23:17:49 CST; 16s ago
Docs: https://docs.mongodb.org/manual
Process: 930807 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=0/SUCCESS)
Process: 930804 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS)
Process: 930802 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS)
Process: 930800 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS)
Main PID: 930809 (mongod)
Memory: 57.7M
CGroup: /system.slice/mongod.service
└─930809 /usr/bin/mongod -f /etc/mongod.conf
Dec 18 23:17:48 mongodb.lianglab.cn systemd: Starting MongoDB Database Server...
Dec 18 23:17:48 mongodb.lianglab.cn mongod: about to fork child process, waiting until server is ready for connections.
Dec 18 23:17:48 mongodb.lianglab.cn mongod: forked process: 930809
Dec 18 23:17:49 mongodb.lianglab.cn mongod: child process started successfully, parent exiting
Dec 18 23:17:49 mongodb.lianglab.cn systemd: Started MongoDB Database Server
# netstat -anplt| grep mongod
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 930809/mongod
# ss -anplt | grep mongod
LISTEN 0 128 127.0.0.1:27017 0.0.0.0:* users:(("mongod",pid=930809,fd=12))
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/2183860/202012/2183860-20201218235546264-1399429132.png" alt="" loading="lazy"></p>
<h2 id="centos-8上为mongodb创建selinux策略">CentOS 8上为MongoDB创建SELinux策略:</h2>
<p>根据MongoDB文档,如果您已将<strong>SELinux</strong>配置为<strong>强制</strong>模式,则必须为MongoDB创建SELinux策略。</p>
<p>检查当前的<strong>SELinux</strong>模式。</p>
<pre><code class="language-shel"># getenforce
Enforcing
</code></pre>
<p>我们需要<strong>checkpolicy</strong>命令来验证自定义<strong>SELinux</strong>策略,因此我们正在使用<strong>dnf</strong>命令安装<strong>checkpolicy</strong>软件包。</p>
<pre><code class="language-shell">#dnf install -y checkpolicy
CentOS-8 - AppStream 4.0 kB/s | 4.3 kB 00:01
CentOS-8 - Base 3.0 kB/s | 3.8 kB 00:01
CentOS-8 - Extras 2.7 kB/s | 1.5 kB 00:00
MongoDB Repository 1.6 kB/s | 2.5 kB 00:01
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
checkpolicy x86_64 2.9-1.el8 BaseOS 348 k
Transaction Summary
================================================================================
Install1 Package
Total download size: 348 k
Installed size: 1.7 M
Downloading Packages:
checkpolicy-2.9-1.el8.x86_64.rpm 7.5 kB/s | 348 kB 00:46
--------------------------------------------------------------------------------
Total 7.5 kB/s | 348 kB 00:46
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : checkpolicy-2.9-1.el8.x86_64 1/1
Running scriptlet: checkpolicy-2.9-1.el8.x86_64 1/1
Verifying : checkpolicy-2.9-1.el8.x86_64 1/1
Installed:
checkpolicy-2.9-1.el8.x86_64
Complete!
</code></pre>
<p>创建一个定制的<strong>SELinux</strong>策略文件。</p>
<pre><code># vi mongodb_cgroup_memory.te
</code></pre>
<p>并在其中添加以下指令。</p>
<pre><code>module mongodb_cgroup_memory 1.0;
require {
type cgroup_t;
type mongod_t;
class dir search;
class file { getattr open read };
}
#============= mongod_t ==============
allow mongod_t cgroup_t:dir search;
allow mongod_t cgroup_t:file { getattr open read };
</code></pre>
<p>编译并应用此SELinux策略。</p>
<pre><code># checkmodule -M -m -o mongodb_cgroup_memory.mod mongodb_cgroup_memory.te
# semodule_package -o mongodb_cgroup_memory.pp -m mongodb_cgroup_memory.mod
[# semodule -i mongodb_cgroup_memory.pp
</code></pre>
<h2 id="mongodb中创建管理员用户">MongoDB中创建管理员用户:</h2>
<p>默认情况下,MongoDB服务器中未启用访问控制,因此任何人都可以访问MongoDB服务器并执行管理操作。</p>
<p>因此,非常重要的是,我们创建一个Admin用户并在MongoDB服务器中启用访问控制。</p>
<p>如下连接<strong>MongoDB</strong> shell。</p>
<pre><code class="language-shell"># mongo
MongoDB shell version v4.4.2
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("42a1e2d9-cd5c-42bf-93c1-f007b07ec356") }
MongoDB server version: 4.4.2
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
https://docs.mongodb.com/
Questions? Try the MongoDB Developer Community Forums
https://community.mongodb.com
---
The server generated these startup warnings when booting:
2020-12-18T23:17:49.873+08:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
---
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).
The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.
To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
>
</code></pre>
<p>与<strong>管理</strong>数据库连接。</p>
<pre><code class="language-shell">> use admin;
switched to db admin
>
</code></pre>
<p>如下创建<strong>管理员</strong>用户。</p>
<pre><code class="language-sql">> db.createUser(
... {
... user: "admin",
... pwd: "liang123",
... roles: [ { role: "userAdminAnyDatabase",db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
</code></pre>
<p>列出MongoDB数据库中的所有用户。</p>
<pre><code class="language-sql">> show users
{
"_id" : "admin.admin",
"userId" : UUID("26d81b7b-f86a-4507-aa75-015cb0e02a11"),
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
>
</code></pre>
<p>MongoDB<strong>管理员</strong>用户已成功创建。</p>
<p>从<strong>MongoDB</strong> Shell退出。</p>
<pre><code>> exit
bye
</code></pre>
<h2 id="mongodb服务器中启用访问控制">MongoDB服务器中启用访问控制:</h2>
<p>最初,访问控制在MongoDB服务器中被禁用。因此,任何具有CentOS 8服务器操作系统级访问权限的用户都可以连接到MongoDB实例并在数据库上执行管理操作。这就是为什么我们能够在上一步中创建<strong>管理员</strong>用户而无需任何身份验证的原因。</p>
<p>要为MongoDB服务器启用<strong>访问控制</strong>,我们需要为<strong>mongod.service</strong>编辑<strong>systemd</strong>单元文件。</p>
<pre><code class="language-shell"># vi /usr/lib/systemd/system/mongod.service
</code></pre>
<p>在此文件中找到以下行。</p>
<pre><code class="language-shell">Environment="OPTIONS=-f /etc/mongod.conf"
</code></pre>
<p>并将其替换为以下行。</p>
<pre><code class="language-shell">Environment="OPTIONS=--auth -f /etc/mongod.conf"
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/2183860/202012/2183860-20201218235606853-2029326771.png" alt="" loading="lazy"></p>
<p>我们已经使用文本编辑器显式地编辑了<strong>systemd</strong>单位文件。因此,我们需要执行以下命令来通知<strong>systemd</strong>有关此更改。</p>
<pre><code class="language-shell"># systemctl daemon-reload
</code></pre>
<p>重新启动<strong>MongoDB</strong>服务以应用更改。</p>
<pre><code class="language-shell"># systemctl restart mongod.service
</code></pre>
<p>要检查访问控制,请连接<strong>MongoDB</strong> shell并执行一些管理命令。</p>
<pre><code class="language-shell"># mongo
MongoDB shell version v4.4.2
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("c2640def-e833-4bfc-93ae-e0e5ddea7712") }
MongoDB server version: 4.4.2
> use admin
switched to db admin
> show users
uncaught exception: Error: command usersInfo requires authentication :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1639:15
shellHelper.show@src/mongo/shell/utils.js:914:9
shellHelper@src/mongo/shell/utils.js:819:15
@(shellhelp2):1:1
</code></pre>
<p>这次“ <strong>show user”</strong>命令引发身份验证错误,它确认在我们的MongoDB服务器中已启用<strong>访问控制</strong>。</p>
<p>现在,以<strong>管理员</strong>用户身份连接。</p>
<pre><code class="language-shell">> db.auth("admin",passwordPrompt())
Enter password: ###输入我们前面设置的是密码
1
</code></pre>
<p>现在,执行相同的命令,以检查其是否正常运行。</p>
<pre><code class="language-sql">> show users #查询用户信息
{
"_id" : "admin.admin",
"userId" : UUID("26d81b7b-f86a-4507-aa75-015cb0e02a11"),
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
> exit
bye
#
</code></pre>
<p>已成功使用特权用户执行命令<strong>“显示用户”</strong>。</p>
<p>MongoDB数据库的<strong>访问控制</strong>已启用。</p>
<h2 id="配置mongodb服务以进行网络访问">配置MongoDB服务以进行网络访问:</h2>
<p>此步骤是可选的。如果您打算通过网络访问MongoDB数据库,则必须执行以下配置。</p>
<p>默认情况下,MongoDB服务在<strong>本地主机</strong>接口上运行。因此,要使其能够从网络访问,我们需要在所有接口上运行MongoDB服务。</p>
<p>使用<strong>vim</strong>编辑器编辑MongoDB配置文件</p>
<pre><code class="language-shell"># cat /etc/mongod.conf | grep bind
bindIp: 127.0.0.1# Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.binIpAll setting.
# vi /etc/mongod.conf
# netstat -anptl | grep mongod
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 931395/mongod
# systemctl restart mongod.service
# netstat -anptl | grep mongod
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 931722/mongod
#
</code></pre>
<p>在此文件中找到<strong>bindIp</strong>指令并将其设置为。</p>
<p>修改 bind_ip 127.0.0.1 为 bind_ip = 0.0.0.0 或者注释掉, #bind_ip 127.0.0.1, 让其监听所有外网ip。</p>
<pre><code class="language-shell">bindIp: 0.0.0.0
</code></pre>
<p>重新启动MongoDB服务以应用更改。</p>
<pre><code># systemctl restart mongod.service
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/2183860/202012/2183860-20201218235619874-462235259.png" alt="" loading="lazy"></p>
<p>如果我们启动了防火墙策略,还需要允许Linux防火墙中的MongoDB服务传入流量。</p>
<pre><code>#firewall-cmd --permanent --add-service=mongodb
success
# firewall-cmd --reload
success
</code></pre>
<p>您现在可以从网络访问MongoDB数据库服务。</p>
<h2 id="mongodb数据和日志目录">MongoDB数据和日志目录:</h2>
<p>以下是两个目录,对MongoDB数据库管理员来说非常重要。</p>
<ul>
<li><strong>/var/lib/mongo-</strong>数据目录(默认)</li>
<li><strong>/var/log/mongodb-</strong>日志目录(默认)</li>
</ul>
<p>我们可以通过在<strong>/etc/mongodb.conf</strong>文件中设置以下参数来自定义以上目录。</p>
<ul>
<li><strong>storage.dbPath-</strong>指定新的数据目录路径</li>
<li><strong>systemLog.path-</strong>指定新的日志文件路径</li>
</ul>
<h2 id="广告时间">广告时间:</h2>
<hr>
<ul>
<li><strong>关于我</strong> :全国7*24高效代维服务</li>
<li><strong>微信</strong>:lianglab</li>
<li><strong>QQ</strong>:867266199</li>
<li><strong>淘宝店</strong>:全国7*24高效代维服务</li>
<li><strong>全国高效代维</strong>:为中小型企业,提供云计算咨询代维、架构设计、降低成本。</li>
</ul>
<h2 id="结论">结论:</h2>
<p>我们已经在CentOS 8服务器上成功安装了MongoDB,并启用了访问控制。MongoDB的权威指南:强大的可扩展数据存储由<strong>O'Reilly Media公司</strong>是一个很好的书对MongoDB的管理,我们极力推荐这对MongoDB的数据库管理员。</p>
</div>
<div id="MySignature" role="contentinfo">
作者:zhangliangliang
出处:http://www.cnblogs.com/lianglab/
本文版权归作者和博客园共有,写文不易,支持原创,欢迎转载【点赞】,转载请保留此段声明,且在文章页面明显位置给出原文连接,谢谢。<br><br>
来源:https://www.cnblogs.com/lianglab/p/14157585.html
頁:
[1]