参考资料:mongodb副本集添加权限控制
创建keyfile
openssl rand -base64 756 > < path-to-keyfile>
chmod 400 < path-to-keyfile>
# openssl rand -base64 756 > /data/mongodb/keyfile
# chmod 400 /data/mongodb/keyfile
复制keyfile到每一个节点
关闭集群中所有节点
建议先关闭从节点和仲裁节点 最后关闭主节点
强制关闭MongoDB(不建议使用)
service mongod stop
或者,从 mongo shell中关闭
>use admin
switched to db admin
>db.shutdownServer()
server should be down...
或者
#mongod --shutdown
重新启动带有接入控制的mongodb副本集
1.以配置文件启动
在配置文件中(/etc/mongod.conf) 添加
security:
keyFile: < path-to-keyfile>
replication:
replSetName: < replicaSetName>
net:
bindIp: localhost,< ip address>
security:
keyFile: /data/mongodb/keyfile
replication:
replSetName:rs0
net:
bindIp:localhost,192.168.1.2,192.168.1.3
启动
#mongod --config /etc/mongod.conf
2.命令行启动
mongod –keyFile < path-to-keyfile> –replSet < replicaSetName> –bind_ip localhost,< ip address of the mongod host>
#mongod --keyFile /data/mongodb/keyfile --replSet rs0 --bind_ip localhost,192.168.1.2,192.168.1.3
进入主节点的mongo shell
创建管理员账号
MongoDB Enterprise rs0:PRIMARY> use admin
MongoDB Enterprise rs0:PRIMARY> db.createUser(
{
user: "admin",
pwd: "adminadmin",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
创建其它数据库账号
mongodb的用户和授权认证是跟随数据库的,在那个库里面创建的用户,就要在那里授权认证。
创建测试库 test,并给test 库创建只读用户、读写用户
如果是新的库,要先登陆admin库,进行认证后才可以操作。
MongoDB Enterprise rs0:PRIMARY> use admin
MongoDB Enterprise rs0:PRIMARY> db..auth("admin","adminadmin")
MongoDB Enterprise rs0:PRIMARY> use test
MongoDB Enterprise rs0:PRIMARY> db.createUser(
{
user: "readwriteuser",
pwd: "12341234",
roles: [ { role:"readWrite",db:"test" } ]
}
)
MongoDB Enterprise rs0:PRIMARY> db.createUser(
{
user: "readonlyuser",
pwd: "12341234",
roles: [ { role:"read",db:"test" } ]
}
)