Mongodb 折腾笔记

简介：

Mongodb 是一个由 C++ 语言编写的基于分布式文件存储的数据库，是目前最像关系型数据库的非关系型数据库。

下载地址：https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel62-3.6.3.tgz

1、直接安装吧，CentOS 6.8 x86_64

shell > tar zxf mongodb-linux-x86_64-rhel62-3.6.3.tgz

shell > mv mongodb-linux-x86_64-rhel62-3.6.3 /usr/local/mongodb

# 设置环境变量，export PATH=$PATH:/usr/local/mongodb/bin && source /etc/profile

2、启动、客户端链接

shell > mkdir -p /data/{mongo_data,logs}

# 建立一个数据目录跟日志目录

shell > mongod --dbpath /data/mongo_data --logpath /data/logs/mongo.log --fork
about to fork child process, waiting until server is ready for connections.
forked process: 8659
child process started successfully, parent exiting

# --fork 后台启动 mongod 进程，--dbpath、--logpath 分别指定数据目录跟日志文件

shell > mongo
MongoDB shell version v3.6.3
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.3
Welcome to the MongoDB shell.
For interactive help, type "help".

# 链接本机 mongodb，--bind_ip 指定要监听的地址，--help 查看帮助信息

3、基本操做

> help
    db.help()                    help on db methods
    db.mycoll.help()             help on collection methods
    sh.help()                    sharding helpers
    rs.help()                    replica set helpers
    help admin                   administrative help
    help connect                 connecting to a db help
    help keys                    key shortcuts
    help misc                    misc things to know
    help mr                      mapreduce

    show dbs                     show database names
    show collections             show collections in current database
    show users                   show users in current database
    show profile                 show most recent system.profile entries with time >= 1ms
    show logs                    show the accessible logger names
    show log [name]              prints out the last segment of log in memory, 'global' is default
    use <db_name>                set current database
    db.foo.find()                list objects in collection foo
    db.foo.find( { a : 1 } )     list objects in foo where a == 1
    it                           result of the last line evaluated; use to further iterate
    DBQuery.shellBatchSize = x   set default number of items to display on shell
    exit                         quit the mongo shell

# 输入 help 显示帮助信息

一、数据库、数据表

# 都是不须要事先建立的

> db
test
> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB

# 默认链接到了 test 库，目前这台 mongo 中有三个数据库：admin、config、local

二、切换数据库，直接插入数据

> use spider_db
switched to db spider_db
> db
spider_db
> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB

# 数据库中没有数据，是不会显示的 ( 尚未正式生成数据文件 )

> db.spider_resource.insert({"id": 1, "name": "wang", "age": 28})
WriteResult({ "nInserted" : 1 })
> db.spider_resource.find()
{ "_id" : ObjectId("5ab0ba99090d8464fa486775"), "id" : 1, "name" : "wang", "age" : 28 }

# 成功插入一条数据

> db.spider_resource.update({"name": "wang"}, {$set: {"QQ": "25152069"}})
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
> db.spider_resource.find({"id": 1})
{ "_id" : ObjectId("5ab0ba99090d8464fa486775"), "id" : 1, "name" : "wang", "age" : 28, "QQ" : "25152069" }

# 更新数据成功

> db.spider_resource.deleteMany({"age": 28})
{ "acknowledged" : true, "deletedCount" : 1 }

# 删除全部 Age = 28 的数据

4、权限验证

# Mongodb 的权限验证跟其他的数据库，例如: MySQL、Redis 等都不一样，不是统一权限验证，而是基于数据库的权限验证。

# 例如，当你在 A 库建立用户后，你只能在 A 库验证，即便你建立用户时给该用户分配的数据库不是 A 库。

# MongoDB 内置角色：

>、数据库用户角色：read(对指定数据库只读)、readWrite(对指定数据库读写)
>、数据库管理角色：dbAdmin(对指定数据库执行管理函数)、dbOwner(对指定数据库有全部权)、userAdmin(对指定数据库具备用户管理权限)
>、集群管理角色：clusterAdmin、clusterManager、clusterMonitor、hostManager

# 只容许在 admin 数据库中使用，授予用户对集群的管理权限

>、备份恢复角色：backup、restore
>、全部数据库角色：readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase

# 只容许在 admin 数据库中使用，授予用户对全部数据库相应的权限

>、超级用户角色：root(只容许在 admin 数据库中使用，全局权限最高)

一、建立用户、分配角色

> use admin
switched to db admin
> db.createUser({user: "dba", pwd: "dba", roles: [{role: "userAdminAnyDatabase", db: "admin"}]})
Successfully added user: {
    "user" : "dba",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}

# 切换到 admin 数据库，建立了一个具备管理全部数据库用户的角色用户

# 执行 db.shutdownServer() 关闭 mongodb 后，以验证方式从新启动。

shell > mongod --dbpath /data/mongo_data --logpath /data/logs/mongo.log --fork --auth
about to fork child process, waiting until server is ready for connections.
forked process: 15886
child process started successfully, parent exiting

二、用户身份认证、权限验证

> show dbs
2018-03-20T05:15:23.327-0400 E QUERY    [thread1] Error: listDatabases failed:{
    "ok" : 0,
    "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, $db: \"admin\" }",
    "code" : 13,
    "codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:65:1
shellHelper.show@src/mongo/shell/utils.js:816:19
shellHelper@src/mongo/shell/utils.js:706:15
@(shellhelp2):1:1

# 从新链接后，输入 show dbs 报错，提示认证失败

> use admin
switched to db admin
> db.auth("dba", "dba")
1
> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB

# 用户认证后，再次执行则不报错

> use spider_db
switched to db spider_db
> db.tmdb.insert({"id": 1, "name": "wang"})
WriteResult({
    "writeError" : {
        "code" : 13,
        "errmsg" : "not authorized on spider_db to execute command { insert: \"tmdb\", ordered: true, $db: \"spider_db\" }"
    }
})

# 切换到 spider_db 数据库，插入数据的时候报错，提示认证失败，先前建立的 userAdminAnyDatabase 角色用户只有用户管理权限

> use admin
switched to db admin
> db.createUser({user: "user01", pwd: "user01", roles: [{role: "read", db: "spider_db"}]})
Successfully added user: {
    "user" : "user01",
    "roles" : [
        {
            "role" : "read",
            "db" : "spider_db"
        }
    ]
}
> use spider_db
switched to db spider_db
> db.createUser({user: "user02", pwd: "user02", roles: [{role: "readWrite", db: "spider_db"}]})
Successfully added user: {
    "user" : "user02",
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "spider_db"
        }
    ]
}

# 咱们在 admin 数据库中建立了一个只读用户 user01，在 spider_db 数据库中建立了一个读写用户 user02。

> db.auth("user02", "user02")
1
> db.tmdb.insert({"id": 1, "name": "wang"})
WriteResult({ "nInserted" : 1 })
> db.tmdb.find()
{ "_id" : ObjectId("5ab0d35d0c6513083da7387c"), "id" : 1, "name" : "wang" }
> show collections
tmdb
> show dbs
admin      0.000GB
config     0.000GB
local      0.000GB
spider_db  0.000GB

# 咱们在 spider_db 数据库中切换了用户 user02，成功建立了一条记录，也能够读到该记录，而且也显示出了集合(表)、跟数据库

> db.auth("user01", "user01")
Error: Authentication failed.
0
> use admin
switched to db admin
> db.auth("user01", "user01")
1
> use spider_db
switched to db spider_db
> db.tmdb.find()
{ "_id" : ObjectId("5ab0d35d0c6513083da7387c"), "id" : 1, "name" : "wang" }

# 咱们在 spider_db 数据库中切换用户 user01 时，提示认证失败，当切换到 admin 数据库中再次切换用户时，成功了。

# 这是我用 user01 这个只读用户插入数据竟然成功了！！！而后我退出客户端，从新登陆认证后，仍是用这个 user01 只读用户建立数据提示失败。

> use admin
switched to db admin
> db.auth("user01", "user01")
1
> use spider_db
switched to db spider_db
> db.tmdb.find()
{ "_id" : ObjectId("5ab0d35d0c6513083da7387c"), "id" : 1, "name" : "wang" }
{ "_id" : ObjectId("5ab0d5300c6513083da7387d"), "id" : 2, "name" : "xiao" }
{ "_id" : ObjectId("5ab0e1e6e1f734cf6e1f6373"), "id" : 3, "name" : "qiang" }
{ "_id" : ObjectId("5ab0e259e1f734cf6e1f6374"), "id" : 4, "name" : "king" }
> db.tmdb.insert({"id": 5, "name": "baby"})
WriteResult({
    "writeError" : {
        "code" : 13,
        "errmsg" : "not authorized on spider_db to execute command { insert: \"tmdb\", ordered: true, $db: \"spider_db\" }"
    }
})

# 可见，这个切换用户是否是有点问题呢 ？？？

三、查看当前全部用户

> use admin
switched to db admin
> db.auth("dba", "dba")
1
> db.system.users.find().pretty()
{
    "_id" : "admin.dba",
    "user" : "dba",
    "db" : "admin",
    "credentials" : {
        "SCRAM-SHA-1" : {
            "iterationCount" : 10000,
            "salt" : "xZe7OF09184eRzmIrYah4A==",
            "storedKey" : "BW+tDxhWucq8OtgsndNIkTIg3go=",
            "serverKey" : "zWd0pqb1fyRlNdknJlOBjzfgf/k="
        }
    },
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}
{
    "_id" : "admin.user01",
    "user" : "user01",
    "db" : "admin",
    "credentials" : {
        "SCRAM-SHA-1" : {
            "iterationCount" : 10000,
            "salt" : "gBT2977goyNF5lYTJrufxw==",
            "storedKey" : "UuuMWuQUEi5GgxAYHbwAxBDjbGY=",
            "serverKey" : "Lv79GMQSgNGqRR8R4LNzgCOWcd0="
        }
    },
    "roles" : [
        {
            "role" : "read",
            "db" : "spider_db"
        }
    ]
}
{
    "_id" : "spider_db.user02",
    "user" : "user02",
    "db" : "spider_db",
    "credentials" : {
        "SCRAM-SHA-1" : {
            "iterationCount" : 10000,
            "salt" : "UxsTe1hRECOvCqL4f4uB8A==",
            "storedKey" : "kf/SHhtTzSZzQDjHwszrR2wHu/c=",
            "serverKey" : "rXC9p41rGwyo9QyhkZWY1gTliAc="
        }
    },
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "spider_db"
        }
    ]
}
{
    "_id" : "spider_db.user03",
    "user" : "user03",
    "db" : "spider_db",
    "credentials" : {
        "SCRAM-SHA-1" : {
            "iterationCount" : 10000,
            "salt" : "Mem9nRSILHK7ZWQBIqP9yA==",
            "storedKey" : "o8uGPAL4aNIFNT1Y2MWyST8NUe8=",
            "serverKey" : "TWo+f+QmO0AqGg1L83tku/hpM+Y="
        }
    },
    "roles" : [
        {
            "role" : "read",
            "db" : "spider_db"
        }
    ]
}

# 对 就是这样

> db.system.users.find().count()
4

# 统计咯