서버 구축 방법
Docker 설치
# yum upgrade 및 epel-repo 설치
[ec2-user@ip-172-31-18-132 ~]$ sudo yum -y upgrade
[ec2-user@ip-172-31-18-132 ~]$ sudo amazon-linux-extras install -y epel
# docker 설치
[ec2-user@ip-172-31-18-132 ~]$ sudo yum -y install docker
# docker 버전확인
[ec2-user@ip-172-31-18-132 ~]$ docker -v
Docker version 19.03.6-ce, build 369ce74
# docker 시작
[ec2-user@ip-172-31-18-132 ~]$ sudo systemctl start docker
# docker 실행권한 추가
[ec2-user@ip-172-31-18-132 ~]$ sudo usermod -aG docker ec2-user
# docker-compose 설치
[ec2-user@ip-172-31-18-132 ~]$ sudo curl -L https://github.com/docker/compose/releases/download/1.25.0\
-rc2/docker-compose-`uname -s`-`uname -m` -o \
/usr/local/bin/docker-compose
# docker-compose 실행권한 추가
[ec2-user@ip-172-31-18-132 ~]$ sudo chmod +x /usr/local/bin/docker-compose
# docker-compose 버전확인
[ec2-user@ip-172-31-18-132 ~]$ docker-compose -v
docker-compose version 1.25.0-rc2, build 661ac20e
data 디렉터리 생성
[ec2-user@mongodb-service ~]$ sudo mkdir -p /data/db
[ec2-user@mongodb-service ~]$ sudo mkdir /data/journal
[ec2-user@mongodb-service ~]$ sudo mkdir /data/log
docker-compose.yml
version: "2.4"
services:
mongodb:
image: mongo:4.2
restart: always
network_mode: host
environment:
- TZ=Asia/Seoul
mem_limit: 900m
volumes:
- /etc/mongod.conf:/etc/mongod.conf
- /data/db:/data/db
- /data/journal:/data/db/journal
- /data/log:/var/log/mongodb
entrypoint: ["mongod", "-f", "/etc/mongod.conf"]
container_name: "mongodb"
ulimits:
nproc: 64000
nofile:
soft: 64000
hard: 64000
mongod.conf
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /data/db
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
security:
authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
mongod.conf 파일 위치 변경
[ec2-user@mongodb-service ~]$ sudo mv mongod.conf /etc/
[ec2-user@mongodb-service ~]$ ll /etc/mongod.conf
Container 실행
[ec2-user@mongodb-service ~]$ docker-compose up -d
Container 접속
[ec2-user@mongodb-service ~]$ docker exec -it 컨테이너ID or 네임 /bin/bash
root@mongodb-service ~$
mongodb 접속 및 admin 권한설정
root@mongodb-service ~$ mongo
MongoDB shell version v4.2.10
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("1e0d5ea1-3f09-441d-a3ec-15e3f576d810") }
MongoDB server version: 4.2.10
> use admin
switched to db admin
> db.createUser({ user: 'admin', pwd: '1234', roles:['userAdminAnyDatabase']})
Successfully added user: { "user" : "admin", "roles" : [ "userAdminAnyDatabase" ] }
mongodb 재접속 및 db.auth 추가
root@mongodb-service:/# mongo --port 27017 -u "admin" -p "1234" --authenticationDatabase "admin"
MongoDB shell version v4.2.10
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("b44765e7-67d3-4408-8119-37967f170fb9") }
MongoDB server version: 4.2.10
> use admin
switched to db admin
> db.auth("admin", "1234")
1
기본 작업
# mongodb User 조회
> show users
{
"_id" : "admin.admin",
"userId" : UUID("2a421d80-fe38-40d7-aca7-b7677105103d"),
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
# User 생성
> use test
switched to db test
> db.createUser(
... {
... user: "mytestr",
... pwd: "1234",
... roles: [ { role: "readWrite", db: "test" },
... { role: "read", db: "reporting" } ]
... }
... )
Successfully added user: {
"user" : "mytestr",
"roles" : [
{
"role" : "readWrite",
"db" : "test"
},
{
"role" : "read",
"db" : "reporting"
}
]
}
# admin 역할 변경하기 (기존 "roles" : [ "userAdminAnyDatabase" ] -> root로 변경)
> use admin;
switched to db admin
> db.grantRolesToUser("admin", [{ role: "root", db: "admin"}])
> show users
{
"_id" : "admin.admin",
"userId" : UUID("2a421d80-fe38-40d7-aca7-b7677105103d"),
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
mongod.conf 수정
[ec2-user@mongodb-service ~]$ sudo vi /etc/mongod.conf
security:
authorization: "enabled"
Container 재기동 및 확인
[ec2-user@mongodb-service ~]$ docker-compose up -d
Creating mongodb ... done
[ec2-user@mongodb-service ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88f29141d109 mongo:4.2 "mongod -f /etc/mong…" 6 seconds ago Up 4 seconds mongodb
Container 접속
[ec2-user@mongodb-service ~]$ docker exec -it mongodb /bin/bash
mongodb admin계정 접속
root@mongodb-service:/# mongo --port 27017 -u "admin" -p "1234"
MongoDB shell version v4.2.10
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("d75089f0-4f88-45fd-bf65-925145b88351") }
MongoDB server version: 4.2.10
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
https://docs.mongodb.com/
Questions? Try the MongoDB Developer Community Forums
https://community.mongodb.com
>