Centos7-based nanny MongoDB installation and configuration guide

preface

MongoDB is a database based on distributed file storage. Written in C++ language. Designed to provide scalable high-performance data storage solutions for WEB applications

It is characterized by high performance, easy deployment, easy use, and very convenient data storage.

A, install,

To install mongodb on centos7, take Ali Cloud server as an example, there are two ways

1, pagoda panel installation

Now ali cloud server, when initializing the server, you can choose pagoda mirror, so you can access the pagoda panel through IP/ domain name + port 8888 after the server initialization

Then search Mongodb in the app store to install it, and then go to the security policy to open port 27017 to use it.

However, mongodb installed in this method has great limitations. Many paths and configurations cannot be customized, so it is not recommended.

2. Run the yum command to download the corresponding package and install it

2.1. Configure the yum source

Create the mongodb-org-4.2.repo file in /etc/yum.repos.d/ and add the following command

[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https:/ / repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https:/ / www.mongodb.org/static/pgp/server-4.2.asc
Copy the code

2.2 start downloading

Full install

yum install  -y mongodb-org
Copy the code

Installing specified components

Mongodb can also install specified components by specifying the component name and version number

yum install  -y mongodb-org-4.22. mongodb-org-server-4.22. mongodb-org-shell-4.22. mongodb-org-mongos-4.22. mongodb-org-tools-4.22.
Copy the code

2.3. Create a default directory

By default, MongoDB is run as user mongod and the default directory is as follows:

/var/lib/mongo (data directory)
/var/log/mongodb (log directory)

If not, we need to create it manually

mkdir -p  /var/lib/mongo
mkdir -p  /var/log/mongodb
Copy the code

3. Run mongodb

3.1 start

systemctl start mongod
Copy the code

3.2 restart

systemctl restart mongod
Copy the code

3.3 stop

systemctl stop mongod
Copy the code

3.4 Setting automatic startup

chkconfig  mongod on
Copy the code

3.5 the use of

mongo

exit
Copy the code

Set up remote access

Check out the Mongodb installation directory whereis Mongod

The default mongodb installation directory is as follows:

mongod: /usr/bin/mongod /etc/mongod.conf /usr/share/man/man1/mongod1.
Copy the code

Conf file, change bindIP: 127.0.0.1 to 0.0.0.0

Finally, turn off the firewall or add Mongodb port 27017 to the security group.

Centos7 Run the following command to disable the firewall:

Systemctl stop firewalld. Service # stop firewall systemctl disable firewalldCopy the code

Next, you can use some visual connection tools to manipulate the database using IP/ domain name :27017. (Robo3t is recommended.

3. Database access

By default, mongodb allows free access to each library once remote access is enabled. However, from the point of view of security, there are great hidden dangers in this way, so we configure permission restrictions on database and collection access.

Mongodb has a user management mechanism, which is simply described as: there is a management user group. The users in this group are specially designed for managing ordinary users, which is temporarily called administrators.

Administrators usually do not have read and write rights to the database, but only have operation rights, so we only need to give the administrator the userAdminAnyDatabase role.

In addition, the administrator account must be created under the admin database. After 3.0, there is no admin database, but we can use one manually. Note: MongodDB automatically creates a database that does not exist when using the use command.

First enter the database operation with the command sudo mongo or mongo. Then use admin to access the admin library

You can view all user information in the admin library using the db.system.users.find() function

1. Create an administrator user

db.createUser({
  user:"root"./ / user name
  pwd:"root"./ / password
  roles: [// Specific permissions
    {
      role:"userAdminAnyDatabase" 
     ,db:"admin"
    },
    {
      role:"readWriteAnyDatabase".db:"admin"}]})// db: specifies the database of the user. Admin is the database for permission control. If not, create a new database
// Roles: Specifies the user's role. You can assign an empty array to a new user. In the Roles field, you can specify built-in roles and user-defined roles. You can select the roles in role:Roles Built In:1.Database user roles: read and readWrite.2.Database management roles: dbAdmin, dbOwner, and userAdmin.3.Cluster management roles: clusterAdmin, clusterManager, clusterMonitor, and hostManager.4.Backup and restoration roles: Backup and restore.5.All database roles: readAnyDatabase, readWriteAnyDatabase, userAdminAnyDatabase, and dbAdminAnyDatabase6.Super user role: root7.Internal roles: __system Functions of specific roles: Read: allows users to Read and write data from the specified database. ReadWrite: allows users to Read and write data from the specified database. DbAdmin: Profile userAdmin: Allows users to write to the System. Users collection. Users can create, delete, and manage users in the specified database. It is available only in the admin database, giving the user management rights over all sharding and replication set-related functions. ReadAnyDatabase: only available in the Admin database, granting the user read and write permissions on all databases readWriteAnyDatabase: Only available in the admin database, granting the user read and write permissions on all databases userAdminAnyDatabase: DbAdminAnyDatabase: This parameter is available only in the admin database and is granted to the user with the dbAdmin permission for all databases. Root: available only in the admin database. Super account, super permissionCopy the code

You’ll see when you succeed

Exit and restart the database

2. Enable permission verification

Open the mongodb configuration file sudo vim /etc/mongod.conf to add authorization configuration

// /etc/mongod.conf. # network interfacesnet:
  port: 27017
  bindIp: 0.0. 0. 0  # Enter 0.0. 0. 0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
 
 
security:
 authorization: enabled // endable enable Disable Disable.Copy the code

Different configurations may vary, but another way is to add auth=true

After the modification, restart the database

3. User authentication

After entering the admin database, users will be prompted that they have no permission

Use db. Auth (user name and password) for authentication

4. Create a common user

First log in as an administrator, and then use show DBS to see what databases are available

Next we create users in the Test database

First switch to the test database (automatically created when the test database does not exist)

Then create the user with createUser

After the database is created successfully, open TAB again and enter the test database

Let’s verify the permission and try again so we can do it successfully

5. Modify user roles

If we need to change the role of an existing user, we can use the db.updateUser() function to update the user role. Note that this function requires the current user to have userAdminAnyDatabase privileges or higher.

The updateUser (" username ", {roles: [{" role ":" existing authority ", "db" : "operation database"}, {" role ":" update permissions ", "db" : "database"}})

The test user has only userAdminAnyDatabase privileges, so let’s add dbAdmin privileges

If no information is displayed, the update succeeds. Exit and re-link the database to take effect. Now the test user has the dbAdmin permission

6. Change the user password

There are two methods for updating user passwords:

1) Use db.updateuser () to update the password.

Db.updateuser (” username “,{” PWD “:” new password “})

2) Update the password with db.changeUserPassword()

Db.changeuserpassword (” username “,” new password “)

7. Delete the user

You can use the db.dropuser () function to delete a specified user. True is returned after successful deletion. To delete a user, switch to the database specified by the user. Note: You need to use the administrator user with the userAdminAnyDatabse role to delete other users.

Refer to the article: www.cnblogs.com/yucongblog/…