* 注意：生产中一定要备份好数据，防止扩容过程中操作失误，导致数据丢失 *
## 单节点配置信息
```txt
# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# Where and how to store data.
storage:
#  dbPath: /var/lib/mongo
  dbPath: /DATAQIKU/mongodata
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfo

# network interfaces
net:
  port: 27017
#  bindIp: 127.0.0.1  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
  bindIp: 10.100.21.89

security:
  authorization: enabled

#operationProfiling:

# replication:

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:
```
## 修改配置文件
```txt
# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# Where and how to store data.
storage:
#  dbPath: /var/lib/mongo
  dbPath: /DATAQIKU/mongodata
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfo

# network interfaces
net:
  port: 27017
#  bindIp: 127.0.0.1  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
  bindIp: 10.100.21.89

# 暂时注释安全配置
#security:
#  authorization: enabled

#operationProfiling:

# 副本配置，增加如下配置项
replication:
  oplogSizeMB: 4096
  replSetName: rs0

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:
```
## 备机配置
    安装与主机版本一致的mongo。
### 备机1
配置文件如下：
```txt
# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /data/mongo-1/mongod.log

# Where and how to store data.
storage:
  dbPath: /data/mongo-1/data
  journal:
    enabled: true
#  engine:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /data/mongo-1/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfo

# network interfaces
net:
  port: 27018
  bindIp: 0.0.0.0  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.


security:
  keyFile: /data/mongo.keyfile
  authorization: enabled

#operationProfiling:

replication:
  oplogSizeMB: 4096
  replSetName: rs0

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:
```
### 备机2
配置文件如下：
```txt
# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /data/mongo-2/mongod.log

# Where and how to store data.
storage:
  dbPath: /data/mongo-2/data
  journal:
    enabled: true
#  engine:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /data/mongo-2/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfo

# network interfaces
net:
  port: 27019
  bindIp: 0.0.0.0  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.


#security:
#  authorization: enabled

#operationProfiling:

replication:
  oplogSizeMB: 4096
  replSetName: rs0

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:
```
## 启动mongo
```txt
mongod -f /etc/mongod.conf
```
## 初始化副本
### 登录mongo
    三节点之一
```shell
# 以原节点为例
mongo --host 10.100.21.89
```
### 初始化rs
```shell
# 切换到admin
use admin
# 节点配置
conf={"_id":"rs0","members":[{"_id":0,"host":"10.100.21.89:27017"},{"_id":1,"host": "10.100.21.43:27018"},{"_id":2,"host": "10.100.21.44:27019"}]}
# 初始化
rs.initiate(conf) 
# 查看集群状态
rs.status()
# 查看延时从库信息
rs.printSlaveReplicationInfo()
# 查看集群与主节点
rs.isMaster()
```
## 集群开启认证
### 创建超级管理用户
    需要在主节点创建一个超级管理用户，若已创建，可以忽略
```shell
# 假设已登录主节点
use admin
db.createUser({user: "admin",pwd: "mDBAmgdb@",roles:[ { role: "root", db:"admin"}]})
```
### 创建keyfil文件
    keyfile文件复制到三个节点上
```shell
$ openssl rand -base64 90 -out /data/mongo.keyfile
```
## 修改如下配置
```txt
security:
  keyFile: /data/mongo.keyfile
  authorization: enabled
```
## 重启各节点mongo