0.1. Win10 安裝 MongoDB Community 3.4
0.1.1. 安裝位置及文件信息
從官網(wǎng)上下載 mongodb community 3.4 版,安裝(略)。
這里假設(shè)安裝目錄為: C:\Program Files\MongoDB\Server\3.4\.
目錄中文件的含義:
| 組件 | 程序 |
|---|---|
| 服務(wù)端 | mongod.exe |
| 路由 | mongos.exe |
| 客戶端 | mongo.exe |
| 監(jiān)視工具 | mongostat.exe, mongotop.exe |
| 導(dǎo)入導(dǎo)出工具 | mongodump.exe, mongorestore.exe, mongoexport.exe, mongoimport.exe |
| 其他工具 | bsondump.exe, mongofiles.exe, mongooplog.exe, mongoperf.exe |
0.1.2. 測(cè)試運(yùn)行 MongoDB
- 新建數(shù)據(jù)庫(kù)目錄
$ mkdir d:\data\db
- 運(yùn)行數(shù)據(jù)庫(kù)守護(hù)進(jìn)程(服務(wù)端)
$ "C:\Program Files\MongoDB\Server\3.4\bin\mongod.exe" --dbpath d:\data\db
- 連接數(shù)據(jù)庫(kù)(客戶端)
$ "C:\Program Files\MongoDB\Server\3.4\bin\mongo.exe"
如果成功終端會(huì)顯示連接成功,但是沒(méi)有驗(yàn)證機(jī)制。
0.1.3. 正式配置 Windows 服務(wù)
- 新建數(shù)據(jù)庫(kù)目錄及日志目錄
$ mkdir c:\data\db
$ mkdir c:\data\log
- 新建配置文件
新建文件 C:\Program Files\MongoDB\Server\3.4\mongod.cfg 并輸入:
systemLog:
destination: file
path: c:\data\log\mongod.log
logAppend: true
storage:
dbPath: c:\data\db
journal:
enabled: true
net:
bindIp: 127.0.0.1
port: 27017
- 安裝 windows 服務(wù)
$ "C:\Program Files\MongoDB\Server\3.4\bin\mongod.exe" --config "C:\Program Files\MongoDB\Server\3.4\mongod.cfg" --install --serviceName "MongoDB"
或者
sc.exe create MongoDB binPath= "\"C:\Program Files\MongoDB\Server\3.4\bin\mongod.exe\" --service --config=\"C:\Program Files\MongoDB\Server\3.4\mongod.cfg\"" DisplayName= "MongoDB" start= "auto"
- 啟動(dòng) windows 服務(wù)
$ net start MongoDB
- 停止 windows 服務(wù)
$ net stop MongoDB
- 刪除 windows 服務(wù)
$ "C:\Program Files\MongoDB\Server\3.4\bin\mongod.exe" --remove
啟動(dòng) windows 服務(wù)后,使用 mongo 命令即可連接但還沒(méi)有啟用驗(yàn)證機(jī)制。
$ mongo
MongoDB shell version v3.4.3
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.3
Server has startup warnings:
......
** WARNING: Access control is not enabled for the database.
Read and write access to data and configuration is unrestricted.
......
0.1.4. 激活授權(quán)
- 連接數(shù)據(jù)庫(kù)
$ mongo
- 在 admin 數(shù)據(jù)庫(kù)中添加一個(gè)用戶管理賬號(hào)
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
退出 shell
> exit
- 重新啟動(dòng)數(shù)據(jù)庫(kù)守護(hù)進(jìn)程(服務(wù)端)
在沒(méi)有啟用 windows 服務(wù)時(shí),可使用
mongod命令:mongod --auth --port 27017 --dbpath c:/data/db
使用 windows 服務(wù)可簡(jiǎn)化上述命令, 首先配置 mongodb 的 config 文件, 即文件 C:\Program Files\MongoDB\Server\3.4\mongod.cfg , 添加驗(yàn)證機(jī)制:
systemLog:
destination: file
path: c:\data\log\mongod.log
logAppend: true
storage:
dbPath: c:\data\db
journal:
enabled: true
net:
bindIp: 127.0.0.1
port: 27017
security:
authorization: enabled
重新啟用 windows 服務(wù):
$ net stop MongoDB
MongoDB 服務(wù)正在停止.
MongoDB 服務(wù)已成功停止。
$ net start MongoDB
MongoDB 服務(wù)正在啟動(dòng) .
MongoDB 服務(wù)已經(jīng)啟動(dòng)成功。
- 使用用戶管理賬號(hào)登陸
$ mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
- 創(chuàng)建其他賬號(hào)
內(nèi)置角色:
- 數(shù)據(jù)庫(kù)用戶角色
| Role | Short Description |
|---|---|
| read | Provides the ability to read data on all non-system collections and on the following system collections: system.indexes, system.js, and system.namespaces collections. |
| readWrite | Provides all the privileges of the read role and the ability to modify data on all non-system collections and the system.js collection. |
- 數(shù)據(jù)庫(kù)管理角色
| Role | Short Description |
|---|---|
| dbAdmin | Provides the ability to perform administrative tasks such as schema-related tasks, indexing, gathering statistics. This role does not grant privileges for user and role management. |
| dbOwner | Provides the ability to perform any administrative action on the database. This role combines the privileges granted by the readWrite, dbAdmin and userAdmin roles. |
| userAdmin | Provides the ability to create and modify roles and users on the current database. Since the userAdmin role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access to either the database or, if scoped to the admin database, the cluster. |
- 所有數(shù)據(jù)庫(kù)角色
| Role | Short Description |
|---|---|
| readAnyDatabase | Provides the same read-only permissions as read, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. |
| readWriteAnyDatabase | Provides the same read and write permissions as readWrite, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. |
| userAdminAnyDatabase | Provides the same access to user administration operations as userAdmin, except it applies to all but the local and config databases in the cluster.Since the userAdminAnyDatabase role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access. |
| dbAdminAnyDatabase | Provides the same access to database administration operations as dbAdmin, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. |
- 超級(jí)用戶角色
- 集群管理角色
- 備份恢復(fù)角色
- 內(nèi)部角色
