Deploying fragmented clusters using keyfile

Posted by esfisher on Thu, 16 May 2019 10:52:31 +0200

Deploy Sharded Cluster with Keyfile Access Control

1. Create a configuration server replication set

1.1 Create database folders

mkdir -p /configdb/{conf,data,log}

1.2 Generate keyfile file

openssl rand -base64 756 > /db/conf/keyfile
chmod 400 /db/conf/keyfile

After generation, all nodes in the cluster use the same keyfile

1.3 Edit Profile

storage:
  dbPath: "/configdb/data"
  journal:
    enabled: true
systemLog:
  destination: file
  path: "/configdb/log/mongod.log"
  logAppend: true
processManagement:
  fork: true
net:
  bindIp: 192.168.3.103,127.0.0.1
  port: 27020
security:
  keyFile: "/configdb/conf/keyfile"
sharding:
  clusterRole: configsvr
replication:
  replSetName: "config"

1.4 Start mongod

mongod -f /configdb/conf/mongod.conf

1.5 Connect to a node in the replication set

Currently, no user has been created, and can only be connected to the mongo shell through the localhost interface. When the first user is created, the localhost interface closes.

6. Initialization of replication sets

rs.initiate(
  {
    _id: "config",
    configsvr: true,
    members: [
      { _id : 0, host : "192.168.3.103:27020" },
      { _id : 1, host : "192.168.3.104:27020" },
      { _id : 2, host : "192.168.3.105:27020" }
    ]
  }
)

2. Create a configuration server replication set

2.1 Create a database file directory

mkdir -p /sharddb/{conf,data,log}

2.2 keyfile file file

All nodes in the cluster use the same keyfile, using the keyfile file above

2.3 Edit mongodb configuration file mongod.conf

storage:
  dbPath: "/sharddb/data"
  engine: wiredTiger
  wiredTiger:
    engineConfig:
      cacheSizeGB: 4
    indexConfig:
      prefixCompression: true
  journal:
    enabled: true
systemLog:
  destination: file
  path: "/sharddb/log/mongod.log"
  logAppend: true
processManagement:
  fork: true
net:
  bindIp: 192.168.3.103,127.0.0.1
  port: 27018
security:
  keyFile: "/sharddb/conf/keyfile"
replication:
  oplogSizeMB: 5000
  replSetName: "rs1"
sharding:
  clusterRole: shardsvr

Each mongod instance modifies the above parameters according to the actual situation

2.4 Start mongod

mongod -f /sharddb/conf/mongod.conf

2.5 Connect to a node in the replication set

Currently, no user has been created, and can only be connected to the mongo shell through the localhost interface. When the first user is created, the localhost interface closes.

2.6 Initialization of replication sets

rs.initiate(
  {
    _id : "rs1",
    members: [
      { _id : 0, host : "192.168.3.103:27018" },
      { _id : 1, host : "192.168.3.104:27018" },
      { _id : 2, host : "192.168.3.105:27018" }
    ]
  }
)

2.7 Create a fragmented local user administrator (optional operation)

  1. When the first user is created, the localhost exception is not available, so the first user (e.g. user AdminAnyDatabase) must have the right to create the user.
  2. Users must be created on the primary node
use admin
db.createUser(
  {
    user: "admin",
    pwd: "R00t@123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

2.8 Create Fragmented Replication Set for Local Cluster Administrator Users (optional operation)

Cluster administrator users can modify replication set configuration

use admin
db.createUser(
    {
        user: 'cluster_admin',
        pwd: 'R00t@123',
        roles: [
            {role: 'clusterAdmin', db: 'admin'}
        ]
    }
)

3. Create a mongos connection to the cluster

3.1 Create a mongos folder

mkdir -p /mongos/{conf,data,log}

3.2 Generate keyfile file

All nodes in the cluster use the same keyfile, using the keyfile file above

3.3 Edit Profile

systemLog:
  destination: file
  path: "/mongos/log/mongos.log"
  logAppend: true
processManagement:
  fork: true
net:
  bindIp: 192.168.3.103,127.0.0.1
  port: 27019
security:
  keyFile: "/mongos/conf/keyfile"
sharding:
  configDB: config/192.168.3.103:27020, 192.168.3.104:27020, 192.168.3.105:27020

3.4 Start mongod

mongos -f /mongos/conf/mongos.conf

3.5 Connect to a mongos in the cluster

Currently, no user has been created, and can only be connected to the mongo shell through the localhost interface. When the first user is created, the localhost interface closes.

3.6 Create User Administrator on mongos

use admin
db.createUser(
  {
    user: "admin",
    pwd: "R00t@123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

3.6 Creating Cluster Administrators on mongos

use admin
db.createUser(
    {
        user: 'cluster_admin',
        pwd: 'R00t@123',
        roles: [
            {role: 'clusterAdmin', db: 'admin'}
        ]
    }
)

4. Add fragmentation to the cluster

The following operations must be performed by the Cluster Administrator

4.1 Adding Fragmentation

sh.addShard('rs1/192.168.3.103:27018')

4.2 Open Fragmentation for Database

sh.enableSharding('test')

4.3 Open Collection Fragmentation

sh.shardCollection("<database>.<collection>", { <key> : <direction> } )

The slice key must be an index, and if the collection is empty, the index will be built automatically.

Topics: Database shell OpenSSL MongoDB

Hot Topics

©2024 Programmer Think