一、试验环境及准备

本次实验用了三台centos7服务器，详情如下表：

下载安装包
下载地址：https://www.mongodb.com/download-center/v2/community

二、搭建步骤

1、上传、解压包

[root@test101 ~]# tar xf mongodb-linux-x86_64-4.0.2.tgz [root@test101 ~]# ll总用量 69364-rw-------. 1 root root 1502 12月 14 2017 anaconda-ks.cfgdrwxr-xr-x. 3 root root 120 10月 9 10:18 mongodb-linux-x86_64-4.0.2-rw-r--r--. 1 root root 71023715 10月 9 10:12 mongodb-linux-x86_64-4.0.2.tgz[root@test101 ~]# mv mongodb-linux-x86_64-4.0.2 /usr/local/mongodb

2、配置环境变量

在/etc/profile文件末尾加入mongo的环境变量：

[root@test101 local]# echo "export PATH=/usr/local/mongodb/bin:\$PATH" >>/etc/profile[root@test101 local]# source /etc/profile

3、编写配置文件

注意：/etc/mongodb/mongo.conf的路径和文件都是不存在的，需要自己创建

[root@test101 bin]# mkdir /etc/mongodb[root@test101 bin]# cat /etc/mongodb/mongo.conf #这里只配置了一些基本的配置net: port: 27017 #用的默认端口27017 bindIp: 0.0.0.0 #这里默认的是127.0.0.1，如果不配置成0.0.0.0，在后面做副本集的时候会失败systemLog: destination: file path: "/opt/mongodbdata/mongod.log" logAppend: truestorage: journal: enabled: true dbPath: /opt/mongodbdatasetParameter: enableLocalhostAuthBypass: trueprocessManagement: fork: true pidFilePath: "/opt/mongodbdata/mongod.pid"[root@test101 bin]# 

4、创建配置文件目录

[root@test101 bin]# mkdir /opt/mongodbdata

5、启动服务

[root@test101 ~]# /usr/local/mongodb/bin/mongod -f /etc/mongodb/mongo.conf about to fork child process, waiting until server is ready for connections.forked process: 4390child process started successfully, parent exiting[root@test101 ~]# netstat -tlunp|grep 27017tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 4390/mongod [root@test101 ~]# 

6、创建管理员用户和权限

登录进去MongoDB，执行下面三条命令即可

> use admin； #切换到admin数据库> db.createRole({role:‘sysadmin‘,roles:[],privileges:[{resource:{anyResource:true},actions:[‘anyAction‘]}]}); #创建一个超级管理员的角色，并赋予相应的权限> db.createUser({user:‘root‘,pwd:‘root‘,roles:[{role:‘sysadmin‘,db:‘admin‘}]}); #创建一个超级管理员账号，并赋予上面的超级管理员角色和权限 ，pwd自定义

具体操作：

[root@test101 local]# mongo #无密码登录MongoDB shell version v4.0.2connecting to: mongodb://127.0.0.1:27017MongoDB server version: 4.0.2Server has startup warnings: 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is ‘always‘.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to ‘never‘2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is ‘always‘.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to ‘never‘2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] > show dbs;admin 0.000GBconfig 0.000GBlocal 0.000GB> use admin #切换到admin数据库switched to db admin> db.createRole({role:‘sysadmin‘,roles:[],privileges:[{resource:{anyResource:true},actions:[‘anyAction‘]}]}); #创建一个超级管理员的角色，并赋予相应的权限{ "role" : "sysadmin", "roles" : [ ], "privileges" : [ { "resource" : { "anyResource" : true }, "actions" : [ "anyAction" ] } ]}> db.createUser({ #创建一个超级管理员账号，并赋予上面的超级管理员角色和权限 ... ... ... ... ... ... ... ... user:‘root‘,... ... ... ... ... ... ... ... pwd:‘root‘,... ... ... ... ... ... ... ... roles:[... ... ... ... ... ... ... ... {role:‘sysadmin‘,db:‘admin‘}... ... ... ... ... ... ... ... ]});Successfully added user: { "user" : "root", "roles" : [ { "role" : "sysadmin", "db" : "admin" } ]}> exitbye

退出后用新的超级管理员账号登录：

[root@test101 mongodb]# mongo -u"root" -p"root" --authenticationDatabase "admin" MongoDB shell version v4.0.2connecting to: mongodb://127.0.0.1:27017MongoDB server version: 4.0.2Server has startup warnings: 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is ‘always‘.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to ‘never‘2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is ‘always‘.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to ‘never‘2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] > show dbs;admin 0.000GBconfig 0.000GBlocal 0.000GB

以上步骤在三台主机上都要执行。

7、生成集群之间的安全认证机制KeyFile

在PRIMARY主机10.0.0.101机器上生成的KeyFile

[root@test101 local]# openssl rand -base64 745 >>/etc/mongodb/mongodb-keyfile[root@test101 local]# cat /etc/mongodb/mongodb-keyfileSgbDaERMIChd3MbuQ6WN7LJ7gI5FhOUI8D/uLxSHsH3buTDA0qjwcO1fP9/jRNkIH+soQ/F/X7IUOnG238UjtO263/SwWebGMGd09u0VbyQwI1splmr+xeR3YDFWD0rwstmDGcz6m/2ABfYTtKh/hIjZE5Yc1NSEWFmPNrhVbWsgD0BSI9CUr9JYTTnc1tl7gycp9SsoPuoGLlPhnB8TG7Pu0rmNTuWq5DJnCG4fDClvkDJnlnDW59KDmfrLwnO3ccLmb/+5OQNi1SGRsrdR3I8y2LE/lR6cK4cKX3GtiQB+BR3+BYdYCNVXpWC4Fw6zxViVMKdPM4QIF99D+RLbwc16L9FQtlKy4NyHP5XyDmeMvfVDL5RIk8YVogZ3Y5Zr1jgF2HxTEsxQ4TEZ2KUKA/gWZnTypXZ83Zso0XRk+n0pBSkwiG96Sk6fS9FiWwhpv4Z80w1HS2L+dg8Qe3d1U+bl1Ro4Nj+sjxmXCFigJFRI4n40N+TCWHYJHx0l3BWm3q2YyETol0+OrjIU71nFsGtUnP0seXa1HJsCtYCR7QFDf6uAE2u7JQD9Okram3IncrH/tuvdnq8Fi3FVsXxgoIMZhuYNr4kOLIszHQcv5Z/F1D+JmdD+yUvEzx+S7NppRZiXKz+kVKY1SFpDoMXZ7kv5oC+K5Ag3ZFPU+8SDh99dZCfq2z5TW+XiQTWB4Wh0XlTae7IE15ILdLPpy+GQ9rtC4rlRmkdC9lNb6bOuYw3CbN0ANjVed1tenOEsBJ7YDFIeWNdnze5H38t2m2BrXpMbXLIZ3n4Ze/89th+UQnlP2ij0FMWFnMIxa6Dq3wqLaEWvOXukbMbAw/vZZU5Ad2JmtBmClf6vP59fetz1wPCZFBqTF+NiNWEmlzuBEJwyYBDzjWUiLODdopKugzZ+hxsSieYIZYzMg1CO9gAL2572mvOcPrUIWekC+gqWaZE7wBQ5f3HmRAnHY4Wa/MYuEDCMrNtqNNy5hg==[root@test101 local]# 

将10.0.0.101主机生成的mongodb-keyfile拷贝到另外两台SECONDARY机器上的/etc/mongodb/目录下，三台主机的mongodb-keyfile文件权限都改成400

8、修改三台主机的配置文件

修改三台主机的/etc/mongodb/mongo.conf，并将三台主机的MongoDB服务分别重启

[root@test101 mongodb]# cat /etc/mongodb/mongo.confnet: port: 27017 bindIp: 0.0.0.0systemLog: destination: file path: "/opt/mongodbdata/mongod.log" logAppend: truestorage: journal: enabled: true dbPath: /opt/mongodbdatasetParameter: enableLocalhostAuthBypass: trueprocessManagement: fork: true pidFilePath: "/opt/mongodbdata/mongod.pid"#加入下面的几行内容：replication: replSetName: CrystalTest #replSetName自定义security: authorization: enabled keyFile: "/etc/mongodb/mongodb-keyfile" #步骤7生成的安全认证机制KeyFile[root@test101 mongodb]# 

9、初始化副本集

在初始化集群的时候，可以在所有机器上改好配置文件，并重启服务之后，一次性完成。也可以先初始化PRIMARY，然后再把SECONDARY主机一台一台加进去:
方法1——一次性初始化完成

> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"},{_id:1,host:"10.0.0.102:27017"},{_id:2,host:"10.0.0.103:27017"}] };> rs.initiate(config);

方法2——先初始化PRIMARY再加入SECONDARY：
先在PRIMARY上做如下两步操作：

> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"}]};> rs.initiate(config);

具体操作：

> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"}]};{ "_id" : "CrystalTest", "members" : [ { "_id" : 0, "host" : "10.0.0.101:27017" } ]}> rs.initiate(config);{ "ok" : 1, "operationTime" : Timestamp(1539054593, 1), "$clusterTime" : { "clusterTime" : Timestamp(1539054593, 1), "signature" : { "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="), "keyId" : NumberLong(0) } }}CrystalTest:OTHER> CrystalTest:PRIMARY> #执行完上面的步骤，过一会儿，状态就从OTHER变成PRIMARYCrystalTest:PRIMARY> 

然后加入另外两台主机：

> rs.add("10.0.0.102:27017")> rs.add("10.0.0.103:27017")

具体操作：

CrystalTest:PRIMARY> rs.add("10.0.0.102:27017") #添加10.0.0.102主机{ "ok" : 1, "operationTime" : Timestamp(1539056959, 1), "$clusterTime" : { "clusterTime" : Timestamp(1539056959, 1), "signature" : { "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="), "keyId" : NumberLong(0) } }}CrystalTest:PRIMARY> rs.add("10.0.0.103:27017") #添加10.0.0.103主机{ "ok" : 1, "operationTime" : Timestamp(1539057016, 1), "$clusterTime" : { "clusterTime" : Timestamp(1539057016, 1), "signature" : { "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="), "keyId" : NumberLong(0) } }}CrystalTest:PRIMARY> rs.status() #查看集群状态{ "set" : "CrystalTest", "date" : ISODate("2018-10-09T03:50:18.692Z"), "myState" : 1, "term" : NumberLong(2), "syncingTo" : "", "syncSourceHost" : "", "syncSourceId" : -1, "heartbeatIntervalMillis" : NumberLong(2000), "optimes" : { "lastCommittedOpTime" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) }, "readConcernMajorityOpTime" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) }, "appliedOpTime" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) }, "durableOpTime" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) } }, "lastStableCheckpointTimestamp" : Timestamp(1539056959, 1), "members" : [ { "_id" : 0, "name" : "10.0.0.101:27017", "health" : 1, "state" : 1, "stateStr" : "PRIMARY", "uptime" : 286, "optime" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) }, "optimeDate" : ISODate("2018-10-09T03:50:16Z"), "syncingTo" : "", "syncSourceHost" : "", "syncSourceId" : -1, "infoMessage" : "", "electionTime" : Timestamp(1539056735, 1), "electionDate" : ISODate("2018-10-09T03:45:35Z"), "configVersion" : 3, "self" : true, "lastHeartbeatMessage" : "" }, { "_id" : 1, "name" : "10.0.0.102:27017", "health" : 1, "state" : 2, "stateStr" : "SECONDARY", "uptime" : 58, "optime" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) }, "optimeDurable" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) }, "optimeDate" : ISODate("2018-10-09T03:50:16Z"), "optimeDurableDate" : ISODate("2018-10-09T03:50:16Z"), "lastHeartbeat" : ISODate("2018-10-09T03:50:18.661Z"), "lastHeartbeatRecv" : ISODate("2018-10-09T03:50:18.227Z"), "pingMs" : NumberLong(0), "lastHeartbeatMessage" : "", "syncingTo" : "", "syncSourceHost" : "", "syncSourceId" : -1, "infoMessage" : "", "configVersion" : 3 }, { "_id" : 2, "name" : "10.0.0.103:27017", "health" : 1, "state" : 2, "stateStr" : "SECONDARY", "uptime" : 2, "optime" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) }, "optimeDurable" : { "ts" : Timestamp(1539057016, 1), "t" : NumberLong(2) }, "optimeDate" : ISODate("2018-10-09T03:50:16Z"), "optimeDurableDate" : ISODate("2018-10-09T03:50:16Z"), "lastHeartbeat" : ISODate("2018-10-09T03:50:18.671Z"), "lastHeartbeatRecv" : ISODate("2018-10-09T03:50:18.495Z"), "pingMs" : NumberLong(1), "lastHeartbeatMessage" : "", "syncingTo" : "", "syncSourceHost" : "", "syncSourceId" : -1, "infoMessage" : "", "configVersion" : 3 } ], "ok" : 1, "operationTime" : Timestamp(1539057016, 1), "$clusterTime" : { "clusterTime" : Timestamp(1539057016, 1), "signature" : { "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="), "keyId" : NumberLong(0) } }}CrystalTest:PRIMARY> 

登录10.0.0.102和10.0.0.103主机的MongoDB查看角色都变成了SECONDARY：

[root@test102 mongodb]# mongo -u"root" -p"root" --authenticationDatabase "admin"MongoDB shell version v4.0.2connecting to: mongodb://127.0.0.1:27017MongoDB server version: 4.0.2Server has startup warnings: 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is ‘always‘.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to ‘never‘2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] 2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is ‘always‘.2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to ‘never‘2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] > CrystalTest:SECONDARY> CrystalTest:SECONDARY> CrystalTest:SECONDARY> 

至此，集群搭建完毕