docker-compose搭建mongodb分片集群及安全身份认证(实战)
最近由于项目中设计中有使用mongodb,具体mongodb的优点我就不多说。这篇文章主要是分享下我通过docker-compose搭建mongodb分片集群,并实现安全身份认证访问(mongodb安装后默认是不需要用户名和密码访问的)。下面是我配置的docker-compose.yml文件:version: '2'services:shard_server01:...
·
最近由于项目中设计中有使用mongodb,具体mongodb的优点我就不多说。这篇文章主要是分享下我通过docker-compose搭建mongodb分片集群,并实现安全身份认证访问(mongodb安装后默认是不需要用户名和密码访问的)。
下面是我配置的docker-compose.yml文件:
version: '2'
services:
shard_server01:
container_name: shard_server01
image: mongo:3.6
networks:
mongo:
ipv4_address: 192.168.1.11
ports:
- 27018:27018
volumes:
- /data/docker/mongos/data/shard_server01/data/db:/data/db
- /data/docker/mongos/data/shard_server01/data/configdb:/data/configdb
- /data/docker/mongos/data/shard_server01/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
command: --shardsvr --bind_ip_all
restart: always
depends_on:
- rs_config_server01
- rs_config_server02
ulimits:
nofile:
soft: 300000
hard: 300000
shard_server02:
container_name: shard_server02
image: mongo:3.6
networks:
mongo:
ipv4_address: 192.168.1.12
ports:
- 27028:27018
volumes:
- /data/docker/mongos/data/shard_server02/data/db:/data/db
- /data/docker/mongos/data/shard_server02/data/configdb:/data/configdb
- /data/docker/mongos/data/shard_server02/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
command: --shardsvr --keyFile "/etc/key.file" --bind_ip_all --auth
restart: always
depends_on:
- rs_config_server01
- rs_config_server02
# 配置服务器集群两个节点(mongodb3.4之后的版本需要两个config_server)
rs_config_server01:
container_name: rs_config_server01
image: mongo:3.6
networks:
mongo:
ipv4_address: 192.168.1.13
ports:
- 27019:27019
volumes:
- /data/docker/mongos/data/rs_config_server01/data/db:/data/db
- /data/docker/mongos/data/rs_config_server01/data/configdb:/data/configdb
- /data/docker/mongos/data/rs_config_server01/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
command: --configsvr --replSet "rs_config_server" --bind_ip_all
restart: always
rs_config_server02:
container_name: rs_config_server02
image: mongo:3.6
networks:
mongo:
ipv4_address: 192.168.1.14
ports:
- 27029:27019
volumes:
- /data/docker/mongos/data/rs_config_server02/data/db:/data/db
- /data/docker/mongos/data/rs_config_server02/data/configdb:/data/configdb
- /data/docker/mongos/data/rs_config_server02/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
command: --configsvr --replSet "rs_config_server" --bind_ip_all
restart: always
# 路由节点mongos
mongos:
container_name: mongos
networks:
mongo:
ipv4_address: 192.168.1.15
image: mongo:3.6
ports:
- 27017:27017
volumes:
- /data/docker/mongos/data/data/db:/data/db
- /data/docker/mongos/data/data/configdb:/data/configdb
- /data/docker/mongos/data/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
entrypoint: mongos
command: --configdb rs_config_server/192.168.1.13:27019,192.168.1.14:27019 --bind_ip_all
depends_on:
- shard_server01
- shard_server02
networks:
mongo:
driver: bridge
ipam:
config:
- subnet: 192.168.1.10/24注意:目前是没有增加安全身份认证的。
使用docker-compose启动mongo集群
docker-compose up -d配置服务器设置(config_server)
docker exec -it rs_config_server01 /bin/bash
mongo --host localhost --port 27019rs.initiate({
_id: "rs_config_server",
configsvr: true,
members: [
{ _id : 0, host : "192.168.1.13:27019" },
{ _id : 1, host : "192.168.1.14:27019" }
]
});配置路由mongos服务
docker exec -it mongos /bin/bash
mongo --port 27017将分片集群添加到mongos中
sh.addShard("192.168.1.11:27018")
sh.addShard("192.168.1.12:27018")到目前为止,mongodb分片集群已经搭建完毕。但是mongdb默认是无需账户即可直接访问。故,若是需要增加账号和密码,并强制需要输入正确的账户和密码才能登陆的话,看下文。
1、创建mongdb的账户和密码
进入mongos路由服务
docker exec -it mongos /bin/bash
mongo --port 27017切换到admin库,创建用户root
use admin
db.createUser(
{
user:"root",
pwd:"123456",
roles:[{role:"root",db:"admin"}]
}
)2、生成mongo节点之前通讯认证文件(key.file)
openssl rand -base64 741 > key.file
chmod 600 key.file
chown 999 key.file 3、将key.file挂载docker容器里面,启动命令指定key.file,并增加需要认证(--auth)
增加安全认证之后的docker-compose .yml文件如下
version: '2'
services:
shard_server01:
container_name: shard_server01
image: mongo:3.6
networks:
mongo:
ipv4_address: 192.168.1.11
ports:
- 27018:27018
volumes:
- /data/docker/mongos/data/shard_server01/data/db:/data/db
- /data/docker/mongos/data/shard_server01/data/configdb:/data/configdb
- /data/docker/mongos/data/shard_server01/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
command: --shardsvr --keyFile "/etc/key.file" --bind_ip_all --auth
restart: always
depends_on:
- rs_config_server01
- rs_config_server02
ulimits:
nofile:
soft: 300000
hard: 300000
shard_server02:
container_name: shard_server02
image: mongo:3.6
networks:
mongo:
ipv4_address: 192.168.1.12
ports:
- 27028:27018
volumes:
- /data/docker/mongos/data/shard_server02/data/db:/data/db
- /data/docker/mongos/data/shard_server02/data/configdb:/data/configdb
- /data/docker/mongos/data/shard_server02/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
command: --shardsvr --keyFile "/etc/key.file" --bind_ip_all --auth
restart: always
depends_on:
- rs_config_server01
- rs_config_server02
# 配置服务器集群两个节点(mongodb3.4之后的版本需要两个config_server)
rs_config_server01:
container_name: rs_config_server01
image: mongo:3.6
networks:
mongo:
ipv4_address: 192.168.1.13
ports:
- 27019:27019
volumes:
- /data/docker/mongos/data/rs_config_server01/data/db:/data/db
- /data/docker/mongos/data/rs_config_server01/data/configdb:/data/configdb
- /data/docker/mongos/data/rs_config_server01/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
command: --configsvr --keyFile "/etc/key.file" --replSet "rs_config_server" --bind_ip_all --auth
restart: always
rs_config_server02:
container_name: rs_config_server02
image: mongo:3.6
networks:
mongo:
ipv4_address: 192.168.1.14
ports:
- 27029:27019
volumes:
- /data/docker/mongos/data/rs_config_server02/data/db:/data/db
- /data/docker/mongos/data/rs_config_server02/data/configdb:/data/configdb
- /data/docker/mongos/data/rs_config_server02/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
command: --configsvr --keyFile "/etc/key.file" --replSet "rs_config_server" --bind_ip_all --auth
restart: always
# 路由节点mongos
mongos:
container_name: mongos
networks:
mongo:
ipv4_address: 192.168.1.15
image: mongo:3.6
ports:
- 27017:27017
volumes:
- /data/docker/mongos/data/data/db:/data/db
- /data/docker/mongos/data/data/configdb:/data/configdb
- /data/docker/mongos/data/data/backup:/data/backup
- /data/docker/mongos/data/mongod.conf:/etc/mongod.conf
- /data/docker/mongos/data/key.file:/etc/key.file
entrypoint: mongos
command: --configdb rs_config_server/192.168.1.13:27019,192.168.1.14:27019 --keyFile "/etc/key.file" --bind_ip_all --auth
depends_on:
- shard_server01
- shard_server02
networks:
mongo:
driver: bridge
ipam:
config:
- subnet: 192.168.1.10/244、重启docker-compose
docker-compose down
docker-compose up -d到此,增加安全登录已经配置完毕。若不使用账号和密码访问结果如下:
使用账号和密码访问结果如下:
总结:搭建整个mongodb集群花费时间还是比较大的,这里总结一下,希望能对大家有帮助。有疑问欢迎留言。若是帮助到您了,别忘记点个赞哈哈~
权威|前沿|技术|干货|国内首个API全生命周期开发者社区
更多推荐
7
0- 0
已为社区贡献2条内容
所有评论(0)