mogodb副本集安全认证(KeyFile)
1.创建KeyFile文件
mkdir -p /opt/servers/key
touch /opt/servers/key/keyfile
2.向KeyFile文件中写入密钥
openssl rand -base64 756 -out /opt/servers/key/keyfile
修改KeyFile文件权限为600,当前用户拥有可读写权限
chmod 600 /opt/servers/key/keyfile
3.同步KeyFile文件
scp -r /opt/servers/key/keyfile nosql02:/opt/servers/
scp -r /opt/servers/key/keyfile nosql03:/opt/servers/
4.创建全局管理用户(nosql02为副本节点的前提下)
use admin
db.createUser({user:"nosqlAdmin",pwd:"123456",roles:[{role:"userAdminAnyDatabase",db:"admin"},{role:"readWriteAnyDatabase",db:"admin"},{role:"dbAdminAnyDatabase",db:"admin"}]})
验证用户是否创建成功
db.auth("nosqlAdmin","123456")
返回信息“1”,说明用户创建成功。
5.启动安全认证
nosql01启动
mongod --replSet nosql --keyFile /opt/servers/key/keyfile --dbpath=/opt/servers/mongodb/data/ --logpath=/opt/servers/mongodb/logs/mongologs.log --port 27017 --bind_ip nosql01 --logappend --fork
nosql02启动
mongod --replSet nosql --keyFile /opt/servers/key/keyfile --dbpath=/opt/servers/mongodb/data/ --logpath=/opt/servers/mongodb/logs/mongologs.log --port 27017 --bind_ip nosql02 --logappend --fork
nosql03启动
mongod --replSet nosql --keyFile /opt/servers/key/keyfile --dbpath=/opt/servers/mongodb/data/ --logpath=/opt/servers/mongodb/logs/mongologs.log --port 27017 --bind_ip nosql03 --logappend --fork
6.身份验证
use admin
db.auth("nosqlAdmin","123456")