0.1. Win10 安装 MongoDB Community 3.4
0.1.1. 安装位置及文件信息
从官网上下载 mongodb community 3.4 版,安装(略)。
这里假设安装目录为: C:\Program Files\MongoDB\Server\3.4\.
目录中文件的含义:
| 组件 | 程序 |
|---|---|
| 服务端 | mongod.exe |
| 路由 | mongos.exe |
| 客户端 | mongo.exe |
| 监视工具 | mongostat.exe, mongotop.exe |
| 导入导出工具 | mongodump.exe, mongorestore.exe, mongoexport.exe, mongoimport.exe |
| 其他工具 | bsondump.exe, mongofiles.exe, mongooplog.exe, mongoperf.exe |
0.1.2. 测试运行 MongoDB
- 新建数据库目录
$ mkdir d:\data\db
- 运行数据库守护进程(服务端)
$ "C:\Program Files\MongoDB\Server\3.4\bin\mongod.exe" --dbpath d:\data\db
- 连接数据库(客户端)
$ "C:\Program Files\MongoDB\Server\3.4\bin\mongo.exe"
如果成功终端会显示连接成功,但是没有验证机制。
0.1.3. 正式配置 Windows 服务
- 新建数据库目录及日志目录
$ mkdir c:\data\db
$ mkdir c:\data\log
- 新建配置文件
新建文件 C:\Program Files\MongoDB\Server\3.4\mongod.cfg 并输入:
systemLog:
destination: file
path: c:\data\log\mongod.log
logAppend: true
storage:
dbPath: c:\data\db
journal:
enabled: true
net:
bindIp: 127.0.0.1
port: 27017
- 安装 windows 服务
$ "C:\Program Files\MongoDB\Server\3.4\bin\mongod.exe" --config "C:\Program Files\MongoDB\Server\3.4\mongod.cfg" --install --serviceName "MongoDB"
或者
sc.exe create MongoDB binPath= "\"C:\Program Files\MongoDB\Server\3.4\bin\mongod.exe\" --service --config=\"C:\Program Files\MongoDB\Server\3.4\mongod.cfg\"" DisplayName= "MongoDB" start= "auto"
- 启动 windows 服务
$ net start MongoDB
- 停止 windows 服务
$ net stop MongoDB
- 删除 windows 服务
$ "C:\Program Files\MongoDB\Server\3.4\bin\mongod.exe" --remove
启动 windows 服务后,使用 mongo 命令即可连接但还没有启用验证机制。
$ mongo
MongoDB shell version v3.4.3
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.3
Server has startup warnings:
......
** WARNING: Access control is not enabled for the database.
Read and write access to data and configuration is unrestricted.
......
0.1.4. 激活授权
- 连接数据库
$ mongo
- 在 admin 数据库中添加一个用户管理账号
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
退出 shell
> exit
- 重新启动数据库守护进程(服务端)
在没有启用 windows 服务时,可使用
mongod命令:mongod --auth --port 27017 --dbpath c:/data/db
使用 windows 服务可简化上述命令, 首先配置 mongodb 的 config 文件, 即文件 C:\Program Files\MongoDB\Server\3.4\mongod.cfg , 添加验证机制:
systemLog:
destination: file
path: c:\data\log\mongod.log
logAppend: true
storage:
dbPath: c:\data\db
journal:
enabled: true
net:
bindIp: 127.0.0.1
port: 27017
security:
authorization: enabled
重新启用 windows 服务:
$ net stop MongoDB
MongoDB 服务正在停止.
MongoDB 服务已成功停止。
$ net start MongoDB
MongoDB 服务正在启动 .
MongoDB 服务已经启动成功。
- 使用用户管理账号登陆
$ mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
- 创建其他账号
内置角色:
- 数据库用户角色
| Role | Short Description |
|---|---|
| read | Provides the ability to read data on all non-system collections and on the following system collections: system.indexes, system.js, and system.namespaces collections. |
| readWrite | Provides all the privileges of the read role and the ability to modify data on all non-system collections and the system.js collection. |
- 数据库管理角色
| Role | Short Description |
|---|---|
| dbAdmin | Provides the ability to perform administrative tasks such as schema-related tasks, indexing, gathering statistics. This role does not grant privileges for user and role management. |
| dbOwner | Provides the ability to perform any administrative action on the database. This role combines the privileges granted by the readWrite, dbAdmin and userAdmin roles. |
| userAdmin | Provides the ability to create and modify roles and users on the current database. Since the userAdmin role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access to either the database or, if scoped to the admin database, the cluster. |
- 所有数据库角色
| Role | Short Description |
|---|---|
| readAnyDatabase | Provides the same read-only permissions as read, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. |
| readWriteAnyDatabase | Provides the same read and write permissions as readWrite, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. |
| userAdminAnyDatabase | Provides the same access to user administration operations as userAdmin, except it applies to all but the local and config databases in the cluster.Since the userAdminAnyDatabase role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access. |
| dbAdminAnyDatabase | Provides the same access to database administration operations as dbAdmin, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. |
- 超级用户角色
- 集群管理角色
- 备份恢复角色
- 内部角色
