MongoDB安装

一、关闭防火墙

systemctl status firewalld.service
systemctl stop firewalld.service
systemctl disable firewalld.service

二、关闭SeLinux

sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config

setenforce 0
getenforce 

三、关闭avahi-daemon

ps -ef|grep avahi-daemon

systemctl stop avahi-daemon.socket
systemctl stop avahi-daemon.service

systemctl disable avahi-daemon.socket
systemctl disable avahi-daemon.service

四、关闭NOZEROCONF

配置NOZEROCONF:
cat >> /etc/sysconfig/network <<EOF

NOZEROCONF=yes

EOF

五、关闭透明页/禁用numa

批量执行:
sed -i 's/quiet/quiet transparent_hugepage=never numa=off/' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot

六、安装操作系统依赖包

yum -y install libcurl openssl xz-libs

七、创建用户

groupadd -g 2000 mongod
useradd -u 2000 -g 2000 mongod 

八、配置资源限额

---设置mongodb ulimit

cat >> /etc/security/limits.conf <<EOF

mongod soft nofile 64000
mongod hard nofile 64000
mongod soft nproc 32000
mongod hard nproc 32000

EOF





[mongod@server01 ~]$ mongo
MongoDB shell version v4.4.29
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("fd9f2bcd-e37e-434e-b66b-917cbf15ddd2") }
MongoDB server version: 4.4.29
---
The server generated these startup warnings when booting: 
        2024-04-09T08:36:54.075+08:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
        2024-04-09T08:36:54.075+08:00: Soft rlimits too low
        2024-04-09T08:36:54.075+08:00:         currentValue: 1024
        2024-04-09T08:36:54.075+08:00:         recommendedMinimum: 64000
---
> 


如果资源限制没有配置或配置不正确，登录mongo会提示:
2024-04-09T08:36:54.075+08:00: Soft rlimits too low


mongodb当前限制：1024 processes, 64000 files

mongodb建议要求：processes = 0.5*files=32000（至少）, 所以需要将 processes  从1024 改为 32000 或更多



[root@server01 ~]# ps -ef | grep mongod
mongod     1215      1  0 08:36 ?        00:00:02 /usr/local/mongodb/bin/mongod --config /etc/mongod.conf

可以看到限制：Max processes，Max open files 

[root@server01 ~]# cat /proc/1215/limits
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             14950                14950                processes 
Max open files            1024                 4096                 files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       14950                14950                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        



解决方法:
vim /etc/security/limits.d/90-nproc.conf

*          soft    nproc     1024
改为:
*          soft    nproc     32000

或者

cat >> /etc/security/limits.conf <<EOF

mongod soft nofile 64000
mongod hard nofile 64000
mongod soft nproc 32000
mongod hard nproc 32000

EOF





2024-04-09T08:36:54.075+08:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted

[mongod@server01 ~]$ vim /etc/mongod.conf 

取消#security:的注释，并在下面添加：
authorization: enabled

[mongod@server01 ~]$ vim /etc/mongod.conf 


storage:
   dbPath: /data/mongodb
   journal:
      enabled: true
systemLog:
   destination: file
   path: "/usr/local/mongodb/mongod.log"
   logAppend: true
processManagement:
   fork: true
   pidFilePath: /var/run/mongodb/mongod.pid
net:
   bindIp: 127.0.0.1,192.168.1.111
   port: 27017
security:
   authorization: enabled
   
   

九、创建目录及分配权限

mkdir -p /data/mongodb
chown -R mongod.mongod /data/mongodb


注意：/var/run下面创建文件，服务器重启后会自动删除,除非是root用户执行mongod启动脚本

十、下载

https://www.mongodb.com/try/download/community

十一、安装

两种安装版本: 免安装版和安装版本. https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-red-hat-tarball/

[root@mongodb ~]# cd /opt/soft
[root@mongodb soft]# tar xvf mongodb-linux-x86_64-rhel70-6.0.14.tgz -C /usr/local/
[root@mongodb soft]# cd /usr/local/
[root@mongodb local]# ln -s mongodb-linux-x86_64-rhel70-6.0.14/  mongodb
[root@mongodb local]# chown -R mongod.mongod /usr/local/mongodb/


--批量
cd /opt/soft && tar xvf mongodb-linux-x86_64* -C /usr/local/ && cd /usr/local/ && ln -s mongodb-linux-x86_64-*  mongodb && chown -R mongod.mongod /usr/local/mongodb/ && echo $?

十二、安装mongodb Shell

https://www.mongodb.com/try/download/shell

[root@mongodb ~]# cd /opt/soft
[root@mongodb soft]# yum -y install mongodb-mongosh-2.2.2.x86_64.rpm

十三、创建配置文件

官方配置文件文档: https://www.mongodb.com/zh-cn/docs/v6.0/reference/configuration-options/#configuration-file

---使用配置文件启动
mongod --help

[root@mongodb ~]# vim /etc/mongod.conf


storage:
   dbPath: /data/mongodb
   journal:
      enabled: true
systemLog:
   destination: file
   path: "/usr/local/mongodb/mongod.log"
   logAppend: true
processManagement:
   fork: true
   pidFilePath: /usr/local/mongodb/mongod.pid
net:
   bindIp: 127.0.0.1,192.168.1.111
   port: 27017


[root@mongodb ~]# chown -R mongod.mongod /etc/mongod.conf

注意：
1.dbPath中p必须大写, pidFilePath, bindIp中也有字母需要大写，参数journal是指事务日志
2.如果需要将pid文件放置在/var/run/mongodb/mongod.pid，由于重启服务器，/var/run下面创建的文件夹会自动消失，则需要创建使用systemd参数ExecStartPre，提示创建mongodb文件夹，然后再授权给mongod, 如下面所示：


[root@mongodb ~]# cat > /etc/mongod.conf  <<EOF


storage:
   dbPath: /data/mongodb
   journal:
      enabled: true
systemLog:
   destination: file
   path: "/usr/local/mongodb/mongod.log"
   logAppend: true
processManagement:
   fork: true
   pidFilePath: /var/run/mongodb/mongod.pid
net:
   bindIp: 127.0.0.1,192.168.1.111
   port: 27017


EOF




[root@mongodb ~]# chown -R mongod.mongod /etc/mongod.conf

[root@mongodb ~]# cat > /lib/systemd/system/mongod.service <<EOF

[Unit]
Description=MongoDB Database Service
Wants=network.target
After=network.target

[Service]
Type=forking
PermissionsStartOnly=true
ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb
ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb
ExecStart=/usr/local/mongodb/bin/mongod --config /etc/mongod.conf
ExecReload=/bin/kill -HUP \$MAINPID
PIDFile=/var/run/mongodb/mongod.pid
Restart=always
User=mongod
Group=mongod
StandardOutput=syslog
StandardError=syslog

[Install]
WantedBy=multi-user.target


EOF


或者


[root@mongodb ~]# cat > /lib/systemd/system/mongod.service <<EOF

[Unit]
Description=MongoDB Database Service
Wants=network.target
After=network.target

[Service]
Type=forking
PermissionsStartOnly=true
Environment="PID_HOME=/var/run/mongodb"
ExecStartPre=/usr/bin/mkdir -p \$PID_HOME
ExecStartPre=/usr/bin/chown mongod:mongod \$PID_HOME
ExecStart=/usr/local/mongodb/bin/mongod --config /etc/mongod.conf
ExecReload=/bin/kill -HUP \$MAINPID
PIDFile=\$PID_HOME/mongod.pid
Restart=always
User=mongod
Group=mongod
StandardOutput=syslog
StandardError=syslog

[Install]
WantedBy=multi-user.target


EOF




加载服务:
# systemctl daemon-reload
# systemctl enable mongod
# systemctl start mongod
# systemctl status mongod
---停止服务
# systemctl stop redis

十四、配置环境变量

1.配置Mongo PATH环境变量

[root@mongodb ~]# su - mongod

[mongod@mongodb ~]$ cat >> .bash_profile <<EOF

export MONGODB_HOME=/usr/local/mongodb 
export PATH=\$PATH:\$MONGODB_HOME/bin

EOF

[mongod@mongodb ~]$ source .bash_profile

2.自定义mongo Shell prompt

---样式一:
su - mongod
cat >  .mongorc.js  <<EOF

cmdCount = 1;
prompt = function() {
             return (cmdCount++) + "> ";
         }

EOF

效果:
1> 
2> 
3>


---样式二:
su - mongod
cat >  .mongorc.js  <<EOF

host = db.serverStatus().host;
prompt = function() {
             return db+"@"+host+"$ ";
         }

EOF

效果:
test@server$ use admin
switched to db admin
admin@server$ 



---样式三:
su - mongod
cat >  .mongorc.js  <<EOF

host = db.serverStatus().host;
prompt = function() {
           return "Uptime:"+db.serverStatus().uptime+" Documents:"+db.stats().objects+" > ";
         }

EOF

效果:
Uptime:399 Documents:0 > 
Uptime:403 Documents:0 > db
test




---综合样式四
host = db.serverStatus().host;
prompt = function() {
           return "Time:"+db.serverStatus().uptime+" Docs:"+db.stats().objects + " " + db +" -> ";
         }

Time:2361 Docs:4 admin -> 

十五、启动 mongodb

[root@mongodb ~]# su - mongod
[mongod@mongodb ~]$ mongod -f /etc/mongod.conf

about to fork child process, waiting until server is ready for connections.
forked process: 5873
child process started successfully, parent exiting



---如果不使用配置文件启动，可以在命令行启动
$ mongod --help

$ mongod --dbpath /data/mongodb --logpath /usr/local/mongodb/mongod.log --logappend --pidfilepath /usr/local/mongodb/mongod.pid --fork

about to fork child process, waiting until server is ready for connections.
forked process: 2039
child process started successfully, parent exiting

十六、连接mongdb

mongosh
mongo
[mongod@server01 ~]$ mongo --host 192.168.1.111 admin --eval "printjson(db.getMongo())"
MongoDB shell version v4.4.29
connecting to: mongodb://192.168.1.111:27017/admin?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("73cf509e-6cca-4128-9a96-f8674f0267d0") }
MongoDB server version: 4.4.29
connection to 192.168.1.111:27017

十七、关闭mongodb

方式一:
[root@mongodb ~]# mongod  --shutdown --dbpath /data/mongodb

方式二:
> use admin;
switched to db admin
> db.shutdownServer();

方式三:
kill

十八、设置开机自动启动

[root@mongodb ~]# cat > /lib/systemd/system/mongod.service <<EOF

[Unit]
Description=MongoDB Database Service
Wants=network.target
After=network.target

[Service]
Type=forking
PIDFile=/usr/local/mongodb/mongod.pid
ExecStart=/usr/local/mongodb/bin/mongod -f /etc/mongod.conf
ExecReload=/bin/kill -HUP \$MAINPID
Restart=always
User=mongod
Group=mongod
StandardOutput=syslog
StandardError=syslog

[Install]
WantedBy=multi-user.target

EOF




加载服务:
# systemctl daemon-reload
# systemctl enable mongod
# systemctl start mongod
# systemctl status mongod
---停止服务
# systemctl stop redis

十九、安装命令行工具

从4.2.29版本开始，类似mongodump、mongostat、mongotop需要单独安装，完了将下载好的对应工具复制到对应下载目录下的bin目录下即可
https://www.mongodb.com/try/download/database-tools

[root@mongodb soft]# tar -tf mongodb-database-tools-rhel70-x86_64-100.9.4.tgz
mongodb-database-tools-rhel70-x86_64-100.9.4/LICENSE.md
mongodb-database-tools-rhel70-x86_64-100.9.4/README.md
mongodb-database-tools-rhel70-x86_64-100.9.4/THIRD-PARTY-NOTICES
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/bsondump
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongodump
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongoexport
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongofiles
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongoimport
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongorestore
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongostat
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongotop

[root@mongodb soft]# tar xvf mongodb-database-tools-rhel70-x86_64-100.9.4.tgz
mongodb-database-tools-rhel70-x86_64-100.9.4/LICENSE.md
mongodb-database-tools-rhel70-x86_64-100.9.4/README.md
mongodb-database-tools-rhel70-x86_64-100.9.4/THIRD-PARTY-NOTICES
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/bsondump
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongodump
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongoexport
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongofiles
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongoimport
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongorestore
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongostat
mongodb-database-tools-rhel70-x86_64-100.9.4/bin/mongotop

[root@mongodb soft]# mv mongodb-database-tools-rhel70-x86_64-100.9.4/bin/* /usr/local/mongodb/bin/

[root@mongodb soft]# chown -R mongod.mongod /usr/local/mongodb/bin


[mongod@mongodb ~]$ mongostat -n 5
insert query update delete getmore command dirty used flushes vsize   res qrw arw net_in net_out conn                time
    *0    *0     *0     *0       0     0|0  0.0% 0.0%       0 2.52G 75.0M 0|0 0|0   111b   61.5k    3 Apr  5 09:25:58.455
    *0    *0     *0     *0       0     1|0  0.0% 0.0%       0 2.52G 75.0M 0|0 0|0   112b   61.7k    3 Apr  5 09:25:59.453
    *0    *0     *0     *0       0     1|0  0.0% 0.0%       0 2.52G 75.0M 0|0 0|0   112b   61.6k    3 Apr  5 09:26:00.453
    *0    *0     *0     *0       0     1|0  0.0% 0.0%       0 2.52G 75.0M 0|0 0|0   112b   61.6k    3 Apr  5 09:26:01.452
    *0    *0     *0     *0       0     1|0  0.0% 0.0%       0 2.52G 75.0M 0|0 0|0   112b   61.6k    3 Apr  5 09:26:02.452

二十、创建用户

1.创建管理员用户

---创建管理用户
use admin
db.createUser(
  {
    user: "admin", //用户名
    pwd: "admin123", //密码
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] //权限
  }
)



db.createUser({
  user: "<name>",
  pwd: passwordPrompt(),      // Or  "<cleartext password>"
  customData: { <any information> },
  roles: [
    { role: "<role>", db: "<database>" } | "<role>",
    ...
  ],
  authenticationRestrictions: [
     {
       clientSource: ["<IP>" | "<CIDR range>", ...],
       serverAddress: ["<IP>" | "<CIDR range>", ...]
     },
     ...
  ],
  mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
  passwordDigestor: "<server|client>"
})

user文档字段介绍：

user字段，为新用户的名字；
pwd字段，用户的密码；
cusomData字段，为任意内容，例如可以为用户全名介绍；
roles字段，指定用户的角色，可以用一个空数组给新用户设定空角色；
在roles字段,可以指定内置角色和用户定义的角色。

MongoDB内置角色有如下：

数据库用户角色：read、readWrite;
数据库管理角色：dbAdmin、dbOwner、userAdmin；
集群管理角色：clusterAdmin、clusterManager、clusterMonitor、hostManager；
备份恢复角色：backup、restore；
所有数据库角色：readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
超级用户角色：root
// 这里还有几个角色间接或直接提供了系统超级用户的访问（dbOwner 、userAdmin、userAdminAnyDatabase）
内部角色：__system






---创建用户

> db.createUser({user:'admin', pwd:'admin', roles:[{role:'userAdminAnyDatabase', db:'admin'}]})
Successfully added user: {
        "user" : "admin",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}


---密码安全创建，隐藏密码明文显示
db.createUser({
	user:'admin', 
	pwd: passwordPrompt(), 
	roles: [{role:'userAdminAnyDatabase', db:'admin'}]
})








---查看用户
> show tables
system.users
system.version
 
> db.system.users.find()
{ "_id" : "admin.admin", "userId" : UUID("b1ab097f-9529-4529-8c00-bb68196f45a1"), "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "c4hGe+qnYR8+ik9dLGvAbw==", "storedKey" : "4MpXzwRfpNSketCneHywv4lFVXg=", "serverKey" : "CuQ0I8bUBRZq5HoqZZo/A72OFD4=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "gBG6Q2kc/jzYJFB0QQMAYgpQY1PMAvK6NdzvCQ==", "storedKey" : "phSxuVeYCX7+V4u+wT/fT/pfbVsA1ikJbwsm2mKzhTM=", "serverKey" : "c/OTe1V4RWRyuNulGeW0eTQanskI9OFxzPwdS2qwpfU=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
> 



---添加权限认证
vim /etc/mogod.conf

security:
  authorization: enabled   //添加权限设置
  
如果没有使用/etc/mongod.conf参数启动mongoDB,而是在命令行启动mongoDB，则在命令行加入--auth参数即可:
[mongod@mongodb ~]$ mongod --auth --dbpath /data/mongodb
[mongod@mongodb ~]$ mongod --auth --dbpath /data/mongodb --logpath /usr/local/mongodb/mongod.log --fork
 
 
 
---重启mongodb
systemctl restart mongod

---登录
mongo -u accountAdmin01 -p yourpassward --authenticationDatabase products

[mongod@test ~]$ mongo -u admin -p admin --host 192.168.1.112 --authenticationDatabase admin
[mongod@test ~]$ mongo -u admin -p admin --host 192.168.1.112 admin
[mongod@test ~]$ mongo -u admin -p admin 192.168.1.112/admin

> show databases
admin   0.000GB
config  0.000GB
local   0.000GB
mydb    0.000GB
 
> use mydb
switched to db mydb
> show tables
dep
orders
user
 
> db.user.find()
Error: error: {
        "ok" : 0,
        "errmsg" : "not authorized on mydb to execute command { find: \"user\", filter: {}, lsid: { id: UUID(\"49bb9445-8cc7-4785-896b-ccb8a61d9250\") }, $db: \"mydb\" }",
        "code" : 13,
        "codeName" : "Unauthorized"
}




---命令行不使用密码，需要连接后进行校验db.auth('admin','admin')
[mongod@mongodb ~]$ mongosh  admin
Current Mongosh Log ID: 6617d234ce397bea4e7b2da8
Connecting to:          mongodb://127.0.0.1:27017/admin?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+2.2.2
Using MongoDB:          6.0.14
Using Mongosh:          2.2.2

For mongosh info see: https://docs.mongodb.com/mongodb-shell/

 
Deprecation warnings:
  - Using mongosh on the current operating system is deprecated, and support may be removed in a future release.
See https://www.mongodb.com/docs/mongodb-shell/install/#supported-operating-systems for documentation on supported platforms.
admin> show tables
MongoServerError[Unauthorized]: command listCollections requires authentication
admin> db.auth('admin','admin')
{ ok: 1 }
admin> show tables
system.users
system.version

2.创建普通应用用户

---创建管理用户
use app
db.createUser(
  {
    user: "app", //用户名
    pwd: "123", //密码
    roles: [ { role: "readWrite", db: "app" }, { role: "read", db: "test" } ] //权限
  }
)



[mongod@test ~]$ mongo -u app -p 123 --host 192.168.1.112 --authenticationDatabase app
[mongod@test ~]$ mongo -u app -p 123 --host 192.168.1.112 app
[mongod@test ~]$ mongo -u app -p 123 192.168.1.112/app

3.修改用户密码

> use admin
switched to db admin

> db.changeUserPassword('admin','239131')
uncaught exception: Error: Updating user failed: command updateUser requires authentication :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.updateUser@src/mongo/shell/db.js:1436:11
DB.prototype.changeUserPassword@src/mongo/shell/db.js:1440:5
@(shell):1:1

> db.auth('admin','111111')
1

> db.changeUserPassword('admin','239131')

4.查看用户

> show users
{
        "_id" : "admin.admin",
        "userId" : UUID("b1ab097f-9529-4529-8c00-bb68196f45a1"),
        "user" : "admin",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ],
        "mechanisms" : [
                "SCRAM-SHA-1",
                "SCRAM-SHA-256"
        ]
}


> db.getUsers()
[
        {
                "_id" : "admin.admin",
                "userId" : UUID("b1ab097f-9529-4529-8c00-bb68196f45a1"),
                "user" : "admin",
                "db" : "admin",
                "roles" : [
                        {
                                "role" : "root",
                                "db" : "admin"
                        }
                ],
                "mechanisms" : [
                        "SCRAM-SHA-1",
                        "SCRAM-SHA-256"
                ]
        }
]


> db.getUser('admin')
{
        "_id" : "admin.admin",
        "userId" : UUID("b1ab097f-9529-4529-8c00-bb68196f45a1"),
        "user" : "admin",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ],
        "mechanisms" : [
                "SCRAM-SHA-1",
                "SCRAM-SHA-256"
        ]
}
> db.getUser('test')
null

Time:2580 Docs:4 admin -> db.system.users.find().pretty()

5.删除用户

db.system.users.remove({user: 'app'})