Docker + MongoDB分片集群+集群keyfile验证
2019-04-11 本文已影响0人
GongZH丶
环境:
三台服务器
- ubuntu1:172.17.252.85
- ubuntu2:172.17.252.89
- ubuntu3:172.17.252.94
在三台服务器上总共运行容器13个:
每个复制集的节点分布在不同服务器上
- 1个配置服务(Config Servers)复制集(replica set ),有三个节点 3*1 = 3个
- 3个分片(Shard)复制集 (replica set),每个复制集有2个data节点,1个Arbiter节点。 3*3 =9个
- 1个路由服务(mongos) (也可以是复制集) 1*1 =1个
image.png
创建Docker网络
首先,在三个主机上分别创建Docker网络:
//docker默认网络是为容器动态分配IP的,这里我们自定义网段,不与docker网段冲突即可,后面启动容器的时候需要自己指定IP
docker network create —subnet 172.100.100.0/24 mongodb
configsvr复制集配置文件
在三台服务器上分别建立,ubuntu路径为 ~/configOne/config1.conf
storage:
dbPath: /data/db
journal:
enabled: true
systemLog:
destination: file
path: /var/log/mongodb/mongod.log
net:
bindIp: 0.0.0.0
replication:
replSetName: configOne
sharding:
clusterRole: configsvr
#security:
# authorization: enabled
# keyFile: /mongodb/security/mongodbkeyfile
在三个主机上分别运行这几个容器
//第一个主机
docker run -p 28101:27019 --name mongoconfig_1 --net=mongodb --ip=172.100.100.20 -v ~/configOne:/etc/mongo -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/config1.conf
//第二个主机
docker run -p 28102:27019 --name mongoconfig_2 --net=mongodb --ip=172.100.100.21 -v ~/configOne:/etc/mongo -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/config1.conf
//第三个主机
docker run -p 28103:27019 --name mongoconfig_3 --net=mongodb --ip=172.100.100.22 -v ~/configOne:/etc/mongo -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/config1.conf
在其中的任意一个节点中:
//初始化复制集
//注意,3.4版本后,config复制集不能加Arbiter节点
rs.initiate(
{
_id: "configOne",
members: [
{ _id : 1, host : "172.17.252.85:28101"},
{ _id : 2, host : "172.17.252.89:28102"},
{ _id : 3, host : "172.17.252.94:28103"}
]
}
)
Shard1
Shard1复制集文件:
在三台服务器上分别建立,ubuntu路径为 ~/shard1/shard1.conf
storage:
dbPath: /data/db
journal:
enabled: true
systemLog:
destination: file
path: /var/log/mongodb/mongod.log
net:
bindIp: 0.0.0.0
replication:
replSetName: shardOne
sharding:
clusterRole: shardsvr
#security:
# authorization: enabled
# keyFile: /mongodb/security/mongodbkeyfile
在三个主机上分别运行:
//第一个主机
docker run -p 28001:27018 --name mongoshard_one_1 --net=mongodb --ip=172.100.100.11 -v ~/shard1:/etc/mongo -v ~/shard1/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
//第二个主机
docker run -p 28002:27018 --name mongoshard_one_2 --net=mongodb --ip=172.100.100.12 -v ~/shard1:/etc/mongo -v ~/shard1/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
//第三个主机
docker run -p 28003:27018 --name mongoshard_one_3 --net=mongodb --ip=172.100.100.13 -v ~/shard1:/etc/mongo -v ~/shard1/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
docker exec -it mongoshard_one_1 bash
mongo --port 27018
rs.initiate(
{
_id: "shardOne",
members: [
{ _id : 1, host : "172.17.252.85:28001"},
{ _id : 2, host : "172.17.252.89:28002"}
]
}
)
rs.addArb("172.17.252.94:28003")
rs.status()
## Shard2
Shard2复制集配置文件:
在三台服务器上分别建立,ubuntu路径为 ~/shard2/shard1.conf
storage:
dbPath: /data/db
journal:
enabled: true
systemLog:
destination: file
path: /var/log/mongodb/mongod.log
net:
bindIp: 0.0.0.0
replication:
replSetName: shardTwo
sharding:
clusterRole: shardsvr
#security:
# authorization: enabled
# keyFile: /mongodb/security/mongodbkeyfile
分别在三个主机上运行容器
//第一个主机
docker run -p 28011:27018 --name mongoshard_two_1 --net=mongodb --ip=172.100.100.14 -v ~/shard2:/etc/mongo -v ~/shard2/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
//第二个主机
docker run -p 28012:27018 --name mongoshard_two_2 --net=mongodb --ip=172.100.100.15 -v ~/shard2:/etc/mongo -v ~/shard2/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
//第三个主机
docker run -p 28013:27018 --name mongoshard_two_3 --net=mongodb --ip=172.100.100.16 -v ~/shard2:/etc/mongo -v ~/shard2/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
docker exec -it mongoshard_two_2 bash
mongo --port 27018
rs.initiate(
{
_id: "shardTwo",
members: [
{ _id : 1, host : "172.17.252.85:28011"},
{ _id : 2, host : "172.17.252.89:28012"}
]
}
)
rs.addArb("172.17.252.94:28013")
rs.status()
Shard3
Shard3配置文件:
在三台服务器上分别建立,ubuntu路径为 ~/shard3/shard1.conf
storage:
dbPath: /data/db
journal:
enabled: true
systemLog:
destination: file
path: /var/log/mongodb/mongod.log
net:
bindIp: 0.0.0.0
replication:
replSetName: shardThree
sharding:
clusterRole: shardsvr
#security:
# authorization: enabled
# keyFile: /mongodb/security/mongodbkeyfile
//第一个主机
docker run -p 28021:27018 --name mongoshard_three_1 --net=mongodb --ip=172.100.100.17 -v ~/shard3:/etc/mongo -v ~/shard3/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
//第二个主机
docker run -p 28022:27018 --name mongoshard_three_2 --net=mongodb --ip=172.100.100.18 -v ~/shard3:/etc/mongo -v ~/shard3/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
//第三个主机
docker run -p 28023:27018 --name mongoshard_three_3 --net=mongodb --ip=172.100.100.19 -v ~/shard3:/etc/mongo -v ~/shard3/mongodata:/data/db -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 --config /etc/mongo/shard1.conf
rs.initiate(
{
_id: "shardThree",
members: [
{ _id : 1, host : "172.17.252.94:28023"},
{ _id : 2, host : "172.17.252.89:28022"}
]
}
)
rs.addArb("172.17.252.85:28021")
mongos
mongos配置文件:
在第一个主机上建立,ubuntu路径为 ~/mongos/mongos.conf
systemLog:
destination: file
path: /var/log/mongodb/mongos.log
net:
bindIp: 0.0.0.0
sharding:
configDB: configOne/172.17.252.85:28101,172.17.252.89:28102,172.17.252.94:28103
#security:
# keyFile: /mongodb/security/mongodbkeyfile
在第一个主机上运行:
docker run -p 28017:27017 --name mongos1 --net=mongodb --ip=172.100.100.23 -v ~/mongos:/etc/mongo -v ~/mongokeyfile:/mongodb/security -d mongo:4.0 mongos --config /etc/mongo/mongos.conf --bind_ip 0.0.0.0
//通过mongos添加分片关系到configsvr
docker exec -it mongos1 bash
mongo //mongo --port 27017
//添加分片复制集1
sh.addShard("shardOne/172.17.252.85:28001,172.17.252.89:28002")
//添加分片复制集2
sh.addShard("shardTwo/172.17.252.85:28011,172.17.252.89:28012")
//添加分片复制集3
sh.addShard("shardThree/172.17.252.89:28022,172.17.252.94:28023")
sh.enableSharding("test_db") //对test_db数据库进行分片
sh.shardCollection("test_db.test_collection", {"tag": "hashed"}) // 启用hash分片
sh.status()
配置集群身份验证
通过mongos进入集群:
创建用户
use admin
db.createUser(
{
user: "root",
pwd: "root",
roles: [
{ role: "root", db: "admin" }
]
}
)
修改配置文件,将security选项的注释去掉。
在~目录下建立密钥文件( ~/mongokeyfile/keyfile )
mkdir mongokeyfile
cd mongokeyfile
openssl rand -base64 756 > ./keyfile
复制到所有服务器的相同目录下
chmod 400 keyfile
sudo chown 999 keyfile
在三个主机上分别重启所有容器
