Deploy mongodb tutorials under Aliyun centos
- 2020-06-19 11:59:40
- OfStack
This tutorial is the process of deploying mongodb under Alicloud centos. The whole process has encountered many pitfalls and wasted a lot of time. I looked up a lot of tutorials on the Internet, but because most of the tutorials are too long, the environment is not the same, so most of the tutorials don't work. I have walked many potholes for this purpose, so I will make a record here.
Environment:
System: Aliyun centos 7.364 bit
mongodb version 3.4
Since the yum installation is very convenient, the yum installation is used below.
Modify the yum package management configuration:
vi /etc/yum.repos.d/mongodb-org-3.4.repo // 会自动新建mongodb-org-3.4.repo文件
Copy the following configuration information:
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
gpgcheck=0
enabled=1
tips: don't know linux go under catch up with basics (vi editor)
Install mongodb
yum install -y mongodb-org // 1路yes安装mongodb
Start the mongodb
systemctl start mongod.service // 启动mongodb
Stop mongodb
systemctl stop mongod.service // 停止mongodb
Restart mongodb
systemctl restart mongod.service // 重启mongodb
Set mongodb to boot
systemctl enable mongod.service // 设置开机启动
tips: centos 7 changes the service command to systemctl.
mongodb installed successfully, default configuration file path is: /etc/ mongod.conf. Execute cat /etc/ mongod.conf to view the configuration of the file.
The configuration file is yaml syntax:
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log // Log file storage path
storage:
dbPath: /var/lib/mongo // Data storage path
journal:
enabled: true
You can also change the storage path. When you change the path, you will create a new folder and file.
Local connection mongodb:
mongo // Connected to the local mongodb
show dbs // View all databases
use mydb // switch mydb The database is not automatically added
show collections // See the collection
By default, mongodb is not secure and can connect to the database. Because mongodb requires deployment in a secure environment without validation.
Remote connection:
In local window, open cmd, mongo 192.168.31.54 (192.168.31.54 is your cloud server network address), found that the connection can not be connected, looking for a long time online, finally solved.
1. Set the security group in the instance of Aliyun esc and open port 27017. The default port of mongodb is 27017.
2. Modify the mongodb configuration file:
vi /etc/mongod.conf // Edit configuration file
net:
port: 27017
bindIp: 127.0.0.1 // mongodb Default-Bound IP address
By default, Aliyun is only bound to the local address of 127.0.0.1, which can only be accessed locally, so the address of Aliyun Intranet should be added to it.
bindIp: 127.0.0.1, Ali Cloud Intranet address
Restart the mongodb server:
systemctl restart mongod.service
Do this again in local cmd
mongo Ali Cloud extranet address // found now connected.
Both local and remote can be connected to mongodb. Remote can be connected with visual tool Robomongo. The remote can be successfully connected by directly entering the address and port number of Aliyun external network 27017. Although remote can connect to mongodb, as long as you know the address of aliyun network, anyone can connect to the database remotely and modify the data of the database, which is very insecure. Therefore, in the actual deployment, it is not recommended to add ali cloud Intranet address in bindIp, which can only be accessed locally. Remote connections are simply for the convenience of managing databases with the visual tool Robomongo. If you want to use Robomongo, but also want to database can not be randomly connected to others? Sure, just turn on your identity.
mongodb is turned off by default. The following steps are required to enable identity authentication:
1. Modify the mongodb configuration file
vi /etc/mongod.conf // The editor mongod.conf file
security: // To get rid of security In front of the #
authorization: enabled // Add this to enable authentication
I read a lot of tutorials on the Internet about opening identity authentication, using auth=true I found it was not ok, later I knew that the tutorial was too old, the configuration fields had changed, I searched for a long time.
2. Add super administrator
By default Mongodb has no user information such as administrator, and user information verification is required to enable authentication. The first one to be added should be the administrator account of admin database, which is used to add, modify, delete and other users of other databases.
Do the following:
mongo // Local connection database
use admin // Switch to the admin The database is not automatically added
db.createUser( // Creating an administrator user
{
user: "admin", // account
pwd: "admin", // password
roles: [ { role: "root", db: "admin" } ] // Role: Super administrator, database: admin
}
)
Successfully added user...
Restart mongodb
systemctl restart mongod.service
perform
mongo // Connect to database
show dbs // Display all databases, this step will report an error saying that it did not pass the validation.
use admin // Switch to the admin The database
db.auth('admin','admin') // Log in with the password you set up above
A return of '1' indicates success, and a return of '0' indicates failure
Authentication is enabled, execute the following command from window on the cmd side
mongo External network address // found connection failed because it did not pass authentication.
If you execute the following sentence
Address: u "admin" -p "admin" --authenticationDatabase admin
// Connection found
Robomongo Authentication Connection:
Switch to the Authorization option, select Perform authorization, fill in Database, user name, password, and the connection is successful.
Unlike mongodb, the authenticated user can read and write to all databases, and different libraries need to configure user information to read and write to the library. For example, if you have an myblog database and need to be able to read and write to it, create a new user with reading and writing ability.
The order is as follows:
mongo // Connect to database
use admin // Switch to the admin The database
db.auth('admin','admin') // auth Verify the login
use myblog // Switch to the myblog The database
db.createUser( // Creating a regular user
{
user: "keen", // account
pwd: "123", // password
roles: [ { role: "readWrite", db: "myblog" } ] // Roles: Read and write, database: myblog
}
)
db.auth('keen', '123') // Using new user keen Verify the login
At this point, the entire mongodb configuration is over. Regarding mongodb's authentication and permission control, you can have a look at this article, which is very detailed.