1.查找Docker Hub上的mongo镜像
[root@localhost ~]# docker search mongo
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mongo MongoDB document databases provide high avai… 5995 [OK]
mongo-express Web-based MongoDB admin interface, written w… 474 [OK]
tutum/mongodb MongoDB Docker image – listens in port 27017… 226 [OK]
bitnami/mongodb Bitnami MongoDB Docker Image 87 [OK]
mongoclient/mongoclient Official docker image for Mongoclient, featu… 69 [OK]
mongooseim/mongooseim Small docker image for MongooseIM - robust a… 17
frodenas/mongodb A Docker Image for MongoDB 17 [OK]
cvallance/mongo-k8s-sidecar Kubernetes side car to setup and maintain a … 11 [OK]
centos/mongodb-32-centos7 MongoDB NoSQL database server 7
istepanov/mongodump Docker image with mongodump running as a cro… 5 [OK]
centos/mongodb-26-centos7 MongoDB NoSQL database server 5
centos/mongodb-36-centos7 MongoDB NoSQL database server 4
circleci/mongo CircleCI images for MongoDB 4 [OK]
arm64v8/mongo MongoDB document databases provide high avai… 4
eses/mongodb_exporter mongodb exporter for prometheus 4 [OK]
requilence/mongodb-backup mongo backup container 3 [OK]
webhippie/mongodb Docker images for MongoDB 3 [OK]
neowaylabs/mongodb-mms-agent This Docker image with MongoDB Monitoring Ag… 2 [OK]
centos/mongodb-34-centos7 MongoDB NoSQL database server 2
openshift/mongodb-24-centos7 DEPRECATED: A Centos7 based MongoDB v2.4 ima… 1
ekesken/mongo docker image for mongo that is configurable … 1 [OK]
ansibleplaybookbundle/mongodb-apb An APB to deploy MongoDB. 0 [OK]
martel/mongo-replica-ctrl A dockerized controller for a Mongo db repli… 0 [OK]
andreasleicher/mongo-azure-backup a docker container to backup a mongodb using… 0 [OK]
fuww/mongo-connector mongo-connector + alpine + docker 0 [OK]
[root@localhost ~]#
2.拉取官方的镜像
[root@localhost ~]# docker pull mongo
Using default tag: latest
latest: Pulling from library/mongo
35b42117c431: Pull complete
ad9c569a8d98: Pull complete
293b44f45162: Pull complete
0c175077525d: Pull complete
4e73525b52ba: Pull complete
a22695a3f5e9: Pull complete
420eb4b7be5d: Pull complete
017ec49b70bf: Pull complete
26470656e2db: Pull complete
6fec56c7382a: Pull complete
12f574d1345c: Pull complete
7102859c924d: Pull complete
555c1275dd6f: Pull complete
Digest: sha256:01dc9fb0b7aae875678047e2d8550beb6fc34b7e76c60a1e7d7048f6700dead0
Status: Downloaded newer image for mongo:latest
[root@localhost ~]#
3.等待下载完成后,我们就可以在本地镜像列表里查到REPOSITORY为mongo
[root@localhost ~]# docker images mongo
REPOSITORY TAG IMAGE ID CREATED SIZE
mongo latest a3639b2a0f13 12 days ago 412MB
[root@localhost ~]#
4.运行容器
[root@localhost ~]# docker run --name mongo-master -p 27017:27017 -v /java/mongo/db:/data/db -d mongo --auth
f34b1a667daa97299f52b131cdab3916341fac60985a240a98cd8fbd8b0eb485
默认情况下,mongo数据库没有添加认证约束,为了增强数据库的安全性,我们需要对数据库添加授权认证
在运行mongo容器命令中添加--auth参数
命令说明:
–name:自定义别名
-p 27017:27017 :将容器的27017 端口映射到主机的27017 端口
-v /java/mongo/db:/data/db :将主机中 /home/mongo/db 挂载到容器的 /data/db,作为mongo数据存储目录
–antu:开启密码授权访问
5.创建用户管理员,首先进入mongo容器
[root@localhost ~]# docker exec -it mongo-master bash
root@f34b1a667daa:/#
5.1创建用户管理员
# 进入mongo数据库
mongo
# 首先切换到admin数据库下
use admin;
# 创建一个用户admin, 密码是admin
# 此用户即为管理员
# user: 用户名
# pwd: 密码明文
# role: 用户角色 db: 该用户将创建到哪个数据库中
db.createUser({
user: 'admin',
pwd: 'admin',
roles: [{role: 'userAdminAnyDatabase', db: 'admin'}]
});
# 测试下是否正确
db.auth("admin", "admin");
1 # 返回1表示正确
# 退出
exit;
role角色参数参考:
Read:允许用户读取指定数据库
readWrite:允许用户读写指定数据库
dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户
clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限
readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限
root:只在admin数据库中可用。超级账号,超级权限
5.2 管理员已经创建成功后,我们需要重新连接mongo数据库,用管理员进行登录,并为目标数据库创建目标用户,先退出容器,从新进入容器
[root@localhost ~]# docker exec -it mongo-master mongo admin
MongoDB shell version v4.0.10
connecting to: mongodb://127.0.0.1:27017/admin?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("29cab242-eee7-4365-ab09-fb5ab9099686") }
MongoDB server version: 4.0.10
>
5.3.授权admin登录
> db.auth("admin", "admin");
1
5.4创建访问指定数据库的用户
假设我们为 test 库创建一个用户,用户名为 test,密码为 test
> use test;
switched to db test
> db.createUser({ user: 'test', pwd:'test', roles: [ {role:"readWrite",db:"student"}]});
Successfully added user: {
"user" : "test",
"roles" : [
{
"role" : "readWrite",
"db" : "student"
}
]
}
> db.auth("test","test");
1
创建成功并exit
退出,test 用户可以对(也只能对) student 库进行操作
注: