一、环境说明
1、centos7.8 x86_64位最小化安装系统 2、二进制包安装mongodb7.0.15 3、关闭服务器selinux 4、关闭服务器系统透明大叶(mongodb安装内存优化要求) 5、采用二进制包方式安装mongodb7.0.15
二、mongodb安装部署过程
2.1、下载软件包
wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-7.0.15.tgz
wget https://repo.mongodb.org/yum/redhat/7/mongodb-org/7.0/x86_64/RPMS/mongodb-org-server-7.0.15-1.el7.x86_64.rpm
wget https://repo.mongodb.org/yum/redhat/7/mongodb-org/7.0/x86_64/RPMS/mongodb-org-mongos-7.0.15-1.el7.x86_64.rpm
wget https://downloads.mongodb.com/compass/mongosh-2.0.1-linux-x64.tgz
wget https://downloads.mongodb.com/compass/mongosh-2.3.4-linux-x64.tgz
2.2、安装指令及软件包说明
mongodb-org-server: 服务端,包含mongod启动命令和mongos配置分配命令
mongodb-org-mongos: 配置分片用
mongosh-2.0.1-linux-x64.tgz:mongo shell客户端命令
tar xf /root/mongodb-linux-x86_64-rhel70-7.0.15.tgz -C /usr/local/
ln -sv /usr/local/mongodb-linux-x86_64-rhel70-7.0.15 /usr/local/mongodb
rpm -ivh mongodb-org-mongos-7.0.15-1.el7.x86_64.rpm
rpm -ivh mongodb-org-server-7.0.15-1.el7.x86_64.rpm
tar xf mongosh-2.0.1-linux-x64.tgz -C /usr/local/
cp /usr/local/mongosh-2.0.1-linux-x64/bin/mongosh /usr/local/sbin/mongosh
2.3、创建相关数据存放目录
id mongod
mkdir /data/mongodb/{data,logs,tmp,key} -p
cd /data/
chown -R mongod.mongod mongodb
mkdir /usr/local/mongodb/etc -p
2.4、创建密钥认证
openssl rand -base64 232 > /data/mongodb/key/mongo-keyfile
chmod 400 /data/mongodb/key/mongo-keyfile
chown mongod:mongod /data/mongodb/key/mongo-keyfile
2.5、mongod.conf 配置文件参数
cat > /usr/local/mongodb/etc/mongod.conf <<EOF
systemLog:
traceAllExceptions: true
destination: file
logAppend: true
logRotate: rename
timeStampFormat: iso8601-local
path: /data/mongodb/logs/mongod.log
component:
accessControl:
verbosity: 1
command:
verbosity: 1
storage:
dbPath: /data/mongodb/data
directoryPerDB: true
syncPeriodSecs: 60
engine: wiredTiger
wiredTiger:
engineConfig:
cacheSizeGB: 3
directoryForIndexes: true
journalCompressor: zlib
zstdCompressionLevel: 10
operationProfiling:
slowOpThresholdMs: 100
processManagement:
fork: true ## fork and run in background
pidFilePath: /data/mongodb/tmp/mongod.pid
timeZoneInfo: /usr/share/zoneinfo
net:
port: 27017
bindIp: 10.0.0.8,localhost,master-db02 # Enter 0.0.0.0,:: to bind
maxIncomingConnections: 5000
unixDomainSocket:
enabled: true
pathPrefix: /data/mongodb/tmp
listenBacklog: 4096
#sharding: 配置分片参数
# clusterRole: configsvr
#replication: 配置副本集参数
# replSetName: repset
# oplogSizeMB: 10240
#security: 开启安全登陆密码认证和密钥认证
# keyFile: /data/mongodb/key/mongo-keyfile
# authorization: enabled
EOF
2.6、mongodb启动配置文件
cat > /usr/lib/systemd/system/mongod.service <<EOF
[Unit]
Description=MongoDB Database Server
Documentation=https://docs.mongodb.org/manual
After=network-online.target
Wants=network-online.target
[Service]
User=mongod
Group=mongod
Environment="OPTIONS=-f /usr/local/mongodb/etc/mongod.conf"
Environment="MONGODB_CONFIG_OVERRIDE_NOFORK=1"
EnvironmentFile=-/etc/sysconfig/mongod
ExecStart=/usr/local/mongodb/bin/mongod --config /usr/local/mongodb/etc/mongod.conf
PermissionsStartOnly=true
PIDFile=/data/mongodb/tmp/mongod.pid
RuntimeDirectory=mongodb
#Type=forking
# file size
LimitFSIZE=infinity
# cpu time
LimitCPU=infinity
# virtual memory size
LimitAS=infinity
# open files
LimitNOFILE=64000
# processes/threads
LimitNPROC=64000
# locked memory
LimitMEMLOCK=infinity
# total threads (user+kernel)
TasksMax=infinity
TasksAccounting=false
# Recommended limits for mongod as specified in
# https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings
[Install]
WantedBy=multi-user.target
EOF
2.7、启动mongodb-server服务
systemctl daemon-reload
systemctl enable mongod
systemctl start mongod
systemctl status mongod
2.8、mongosh登陆
提示要关闭透明大页
三、关闭透明大叶
3.1、临时关闭透明大叶
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
3.2、永久关闭透明大页
要永久禁用透明大页,需要修改/etc/default/grub文件。在GRUB_CMDLINE_LINUX参数中后面增加如下内容:
transparent_hugepage=never
[root@master-db02 ~]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet transparent_hugepage=never"
GRUB_DISABLE_RECOVERY="true"
完成后,更新GRUB配置文件并重启系统:
# grub2-mkconfig -o /boot/grub2/grub.cfg
# reboot
[root@master-db03 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-1127.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-1127.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-1201807ccfc740b4bd230c987f47e586
Found initrd image: /boot/initramfs-0-rescue-1201807ccfc740b4bd230c987f47e586.img
done
[root@master-db03 ~]# reboot
系统重启后,再次执行以下命令以确认透明大页被禁用:
cat /sys/kernel/mm/transparent_hugepage/enabled 输出为always madvise [never]即可确认关闭成功。 此时登陆mongodb 不再提示关闭透明大叶
[root@master-db03 ~]# mongosh mongodb://127.0.0.1:27017
Current Mongosh Log ID: 6765690916c15886a24c0e6f
Connecting to: mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+2.0.1
Using MongoDB: 7.0.15
Using Mongosh: 2.0.1
mongosh 2.3.7 is available for download: https://www.mongodb.com/try/download/shell
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
------
The server generated these startup warnings when booting
2024-12-20T20:53:41.370+08:00: The configured WiredTiger cache size is more than 80% of available RAM. See http://dochub.mongodb.org/core/faq-memory-diagnostics-wt
2024-12-20T20:53:44.288+08:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
------
test>
关于透明大叶的介绍: https://www.henghost.com/news/article/188999/?rdmc=692e23eaea&rdme=1734516890 https://www.modb.pro/db/1789819758162022400 https://mp.weixin.qq.com/s/Z5ktp3uZdkE9WfOi28bfow
四、创建管理员账户和密码
use admin
db.createUser({user: 'root', pwd:'TShLQd3tr74', roles:[{role: 'root', db: 'admin'}]});
show users;
test> use admin
switched to db admin
admin> db.createUser({user: 'root', pwd:'TShLQd3tr74', roles:[{role: 'root', db: 'admin'}]});
{ ok: 1 }
admin> show users
[
{
_id: 'admin.root',
userId: new UUID("903a8a74-fb4f-4a12-b4de-27b319fd6d09"),
user: 'root',
db: 'admin',
roles: [ { role: 'root', db: 'admin' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
]
admin> show users;
[
{
_id: 'admin.root',
userId: new UUID("903a8a74-fb4f-4a12-b4de-27b319fd6d09"),
user: 'root',
db: 'admin',
roles: [ { role: 'root', db: 'admin' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
]
五、开启认证登陆
5.1、修改配置文件开启参数并重启mongo服务
[root@master-db03 ~]# tail -3 /usr/local/mongodb/etc/mongod.conf
security:
#keyFile: /data/mongodb/key/mongo-keyfile
authorization: enabled
重启mongo服务
systemctl restart mongod
5.2、密码方式登陆
mongosh mongodb://127.0.0.1:27017/admin -u root -p 'TShLQd3tr74'
mongosh mongodb://127.0.0.1:27017/admin -u root -p 'TShLQd3tr74' --quiet
[root@master-db03 ~]# mongosh mongodb://127.0.0.1:27017/admin -u root -p 'TShLQd3tr74' --quiet
admin> show users;
[
{
_id: 'admin.root',
userId: new UUID("903a8a74-fb4f-4a12-b4de-27b319fd6d09"),
user: 'root',
db: 'admin',
roles: [ { role: 'root', db: 'admin' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
]
admin> show dbs;
admin 132.00 KiB
config 108.00 KiB
local 72.00 KiB
admin>
手动输入密码登陆:
mongosh -u "root" -p --authenticationDatabase "admin" --quiet
[root@master-db03 ~]# mongosh -u "root" -p --authenticationDatabase "admin" --quiet
Enter password: ***********
test> show dbs;
admin 132.00 KiB
config 72.00 KiB
local 72.00 KiB
test> show databases;
admin 132.00 KiB
config 72.00 KiB
local 72.00 KiB
test>
5.3、写入指令到文本进行执行
[root@master-db03 ~]# cat /root/1.txt
show databases;
show users;
[root@master-db03 ~]# mongosh mongodb://127.0.0.1:27017/admin -u root -p 'TShLQd3tr74' --quiet < 1.txt
admin> show databases;
admin 132.00 KiB
config 108.00 KiB
local 72.00 KiB
admin> show users;
[
{
_id: 'admin.root',
userId: new UUID("903a8a74-fb4f-4a12-b4de-27b319fd6d09"),
user: 'root',
db: 'admin',
roles: [ { role: 'root', db: 'admin' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
]
admin> [root@master-db03 ~]#
