Mongodb 折腾笔记

简介：

Mongodb 是一个由 C++ 语言编写的基于分布式文件存储的数据库，是目前最像关系型数据库的非关系型数据库。

下载地址：https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel62-3.6.3.tgz

一、直接安装吧，CentOS 6.8 x86_64

shell > tar zxf mongodb-linux-x86_64-rhel62-3.6.3.tgz

shell > mv mongodb-linux-x86_64-rhel62-3.6.3 /usr/local/mongodb

# 设置环境变量，export PATH=$PATH:/usr/local/mongodb/bin && source /etc/profile

二、启动、客户端连接

shell > mkdir -p /data/{mongo_data,logs}

# 创建一个数据目录跟日志目录

shell > mongod --dbpath /data/mongo_data --logpath /data/logs/mongo.log --fork
about to fork child process, waiting until server is ready for connections.
forked process: 8659
child process started successfully, parent exiting

# --fork 后台启动 mongod 进程，--dbpath、--logpath 分别指定数据目录跟日志文件

shell > mongo
MongoDB shell version v3.6.3
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.3
Welcome to the MongoDB shell.
For interactive help, type "help".

# 连接本机 mongodb，--bind_ip 指定要监听的地址，--help 查看帮助信息

三、基本操作

> help
    db.help()                    help on db methods
    db.mycoll.help()             help on collection methods
    sh.help()                    sharding helpers
    rs.help()                    replica set helpers
    help admin                   administrative help
    help connect                 connecting to a db help
    help keys                    key shortcuts
    help misc                    misc things to know
    help mr                      mapreduce

    show dbs                     show database names
    show collections             show collections in current database
    show users                   show users in current database
    show profile                 show most recent system.profile entries with time >= 1ms
    show logs                    show the accessible logger names
    show log [name]              prints out the last segment of log in memory, 'global' is default
    use <db_name>                set current database
    db.foo.find()                list objects in collection foo
    db.foo.find( { a : 1 } )     list objects in foo where a == 1
    it                           result of the last line evaluated; use to further iterate
    DBQuery.shellBatchSize = x   set default number of items to display on shell
    exit                         quit the mongo shell

# 输入 help 显示帮助信息

1、数据库、数据表

# 都是不需要事先创建的

> db
test
> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB

# 默认连接到了 test 库，目前这台 mongo 中有三个数据库：admin、config、local

2、切换数据库，直接插入数据

> use spider_db
switched to db spider_db
> db
spider_db
> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB

# 数据库中没有数据，是不会显示的 ( 还没有正式生成数据文件 )

> db.spider_resource.insert({"id": 1, "name": "wang", "age": 28})
WriteResult({ "nInserted" : 1 })
> db.spider_resource.find()
{ "_id" : ObjectId("5ab0ba99090d8464fa486775"), "id" : 1, "name" : "wang", "age" : 28 }

# 成功插入一条数据

> db.spider_resource.update({"name": "wang"}, {$set: {"QQ": "25152069"}})
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
> db.spider_resource.find({"id": 1})
{ "_id" : ObjectId("5ab0ba99090d8464fa486775"), "id" : 1, "name" : "wang", "age" : 28, "QQ" : "25152069" }

# 更新数据成功

> db.spider_resource.deleteMany({"age": 28})
{ "acknowledged" : true, "deletedCount" : 1 }

# 删除所有 Age = 28 的数据

四、权限验证

# Mongodb 的权限验证跟其余的数据库，例如: MySQL、Redis 等都不同，不是统一权限验证，而是基于数据库的权限验证。

# 例如，当你在 A 库创建用户后，你只能在 A 库验证，即使你创建用户时给该用户分配的数据库不是 A 库。

# MongoDB 内置角色：

>、数据库用户角色：read(对指定数据库只读)、readWrite(对指定数据库读写)
>、数据库管理角色：dbAdmin(对指定数据库执行管理函数)、dbOwner(对指定数据库有所有权)、userAdmin(对指定数据库具有用户管理权限)
>、集群管理角色：clusterAdmin、clusterManager、clusterMonitor、hostManager

# 只允许在 admin 数据库中使用，授予用户对集群的管理权限

>、备份恢复角色：backup、restore
>、所有数据库角色：readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase

# 只允许在 admin 数据库中使用，授予用户对所有数据库相应的权限

>、超级用户角色：root(只允许在 admin 数据库中使用，全局权限最高)

1、创建用户、分配角色

> use admin
switched to db admin
> db.createUser({user: "dba", pwd: "dba", roles: [{role: "userAdminAnyDatabase", db: "admin"}]})
Successfully added user: {
    "user" : "dba",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}

# 切换到 admin 数据库，创建了一个具有管理所有数据库用户的角色用户

# 执行 db.shutdownServer() 关闭 mongodb 后，以验证方式重新启动。

shell > mongod --dbpath /data/mongo_data --logpath /data/logs/mongo.log --fork --auth
about to fork child process, waiting until server is ready for connections.
forked process: 15886
child process started successfully, parent exiting

2、用户身份认证、权限验证

> show dbs
2018-03-20T05:15:23.327-0400 E QUERY    [thread1] Error: listDatabases failed:{
    "ok" : 0,
    "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, $db: "admin" }",
    "code" : 13,
    "codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:65:1
shellHelper.show@src/mongo/shell/utils.js:816:19
shellHelper@src/mongo/shell/utils.js:706:15
@(shellhelp2):1:1

# 重新连接后，输入 show dbs 报错，提示认证失败

> use admin
switched to db admin
> db.auth("dba", "dba")
1
> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB

# 用户认证后，再次执行则不报错

> use spider_db
switched to db spider_db
> db.tmdb.insert({"id": 1, "name": "wang"})
WriteResult({
    "writeError" : {
        "code" : 13,
        "errmsg" : "not authorized on spider_db to execute command { insert: "tmdb", ordered: true, $db: "spider_db" }"
    }
})

# 切换到 spider_db 数据库，插入数据的时候报错，提示认证失败，先前创建的 userAdminAnyDatabase 角色用户只有用户管理权限

> use admin
switched to db admin
> db.createUser({user: "user01", pwd: "user01", roles: [{role: "read", db: "spider_db"}]})
Successfully added user: {
    "user" : "user01",
    "roles" : [
        {
            "role" : "read",
            "db" : "spider_db"
        }
    ]
}
> use spider_db
switched to db spider_db
> db.createUser({user: "user02", pwd: "user02", roles: [{role: "readWrite", db: "spider_db"}]})
Successfully added user: {
    "user" : "user02",
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "spider_db"
        }
    ]
}

# 我们在 admin 数据库中创建了一个只读用户 user01，在 spider_db 数据库中创建了一个读写用户 user02。

> db.auth("user02", "user02")
1
> db.tmdb.insert({"id": 1, "name": "wang"})
WriteResult({ "nInserted" : 1 })
> db.tmdb.find()
{ "_id" : ObjectId("5ab0d35d0c6513083da7387c"), "id" : 1, "name" : "wang" }
> show collections
tmdb
> show dbs
admin      0.000GB
config     0.000GB
local      0.000GB
spider_db  0.000GB

# 我们在 spider_db 数据库中切换了用户 user02，成功创建了一条记录，也可以读到该记录，并且也显示出了集合(表)、跟数据库

> db.auth("user01", "user01")
Error: Authentication failed.
0
> use admin
switched to db admin
> db.auth("user01", "user01")
1
> use spider_db
switched to db spider_db
> db.tmdb.find()
{ "_id" : ObjectId("5ab0d35d0c6513083da7387c"), "id" : 1, "name" : "wang" }

# 我们在 spider_db 数据库中切换用户 user01 时，提示认证失败，当切换到 admin 数据库中再次切换用户时，成功了。

# 这是我用 user01 这个只读用户插入数据居然成功了！！！然后我退出客户端，重新登录认证后，还是用这个 user01 只读用户创建数据提示失败。

> use admin
switched to db admin
> db.auth("user01", "user01")
1
> use spider_db
switched to db spider_db
> db.tmdb.find()
{ "_id" : ObjectId("5ab0d35d0c6513083da7387c"), "id" : 1, "name" : "wang" }
{ "_id" : ObjectId("5ab0d5300c6513083da7387d"), "id" : 2, "name" : "xiao" }
{ "_id" : ObjectId("5ab0e1e6e1f734cf6e1f6373"), "id" : 3, "name" : "qiang" }
{ "_id" : ObjectId("5ab0e259e1f734cf6e1f6374"), "id" : 4, "name" : "king" }
> db.tmdb.insert({"id": 5, "name": "baby"})
WriteResult({
    "writeError" : {
        "code" : 13,
        "errmsg" : "not authorized on spider_db to execute command { insert: "tmdb", ordered: true, $db: "spider_db" }"
    }
})

# 可见，这个切换用户是不是有点问题呢 ？？？

3、查看当前所有用户

> use admin
switched to db admin
> db.auth("dba", "dba")
1
> db.system.users.find().pretty()
{
    "_id" : "admin.dba",
    "user" : "dba",
    "db" : "admin",
    "credentials" : {
        "SCRAM-SHA-1" : {
            "iterationCount" : 10000,
            "salt" : "xZe7OF09184eRzmIrYah4A==",
            "storedKey" : "BW+tDxhWucq8OtgsndNIkTIg3go=",
            "serverKey" : "zWd0pqb1fyRlNdknJlOBjzfgf/k="
        }
    },
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}
{
    "_id" : "admin.user01",
    "user" : "user01",
    "db" : "admin",
    "credentials" : {
        "SCRAM-SHA-1" : {
            "iterationCount" : 10000,
            "salt" : "gBT2977goyNF5lYTJrufxw==",
            "storedKey" : "UuuMWuQUEi5GgxAYHbwAxBDjbGY=",
            "serverKey" : "Lv79GMQSgNGqRR8R4LNzgCOWcd0="
        }
    },
    "roles" : [
        {
            "role" : "read",
            "db" : "spider_db"
        }
    ]
}
{
    "_id" : "spider_db.user02",
    "user" : "user02",
    "db" : "spider_db",
    "credentials" : {
        "SCRAM-SHA-1" : {
            "iterationCount" : 10000,
            "salt" : "UxsTe1hRECOvCqL4f4uB8A==",
            "storedKey" : "kf/SHhtTzSZzQDjHwszrR2wHu/c=",
            "serverKey" : "rXC9p41rGwyo9QyhkZWY1gTliAc="
        }
    },
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "spider_db"
        }
    ]
}
{
    "_id" : "spider_db.user03",
    "user" : "user03",
    "db" : "spider_db",
    "credentials" : {
        "SCRAM-SHA-1" : {
            "iterationCount" : 10000,
            "salt" : "Mem9nRSILHK7ZWQBIqP9yA==",
            "storedKey" : "o8uGPAL4aNIFNT1Y2MWyST8NUe8=",
            "serverKey" : "TWo+f+QmO0AqGg1L83tku/hpM+Y="
        }
    },
    "roles" : [
        {
            "role" : "read",
            "db" : "spider_db"
        }
    ]
}

# 对 就是这样

> db.system.users.find().count()
4

# 统计咯