1.生成keyfile
openssl rand -base64 741 > /var/mongo/mongodb-keyfile
chmod 600 mongodb-keyfile
2.把keyfile copy到其他节点并修改权限
3.修改配置文件
添加:
keyFile=/var/mongo/mongodb-keyfile
4.重新启动mongodb使认证生效
use admin
db.shutdownServer()
5.连接到mongos 添加用户
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "root001",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
db.createUser( {
user: "siteRootAdmin",
pwd: "root001",
roles: [ { role: "root", db: "admin" } ]
});
创建用户报错
mongos> db.createUser(
... {
... user: "myUserAdmin",
... pwd: "root001",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
2016-02-29T10:58:31.051+0800 E QUERY [thread1] Error: couldn't add user: clock skew of the cluster 192.168.1.74:50000,192.168.1.69:50000,192.168.1.63:50000 is too far out of bounds to allow distributed locking. :
_getErrorWithCode@src/mongo/shell/utils.js:23:13
DB.prototype.createUser@src/mongo/shell/db.js:1225:11
@(shell):1:1
原因是由于各个节点时间不一致导致的,开启服务器的ntp服务同步时间
ntpdate -u 0.centos.pool.ntp.org
时间一致后再次创建用户,问题解决
创建特定数据库的用户
db.createUser(
{
user: "productsDBAdmin",
pwd: "password",
roles:
[
{
role: "dbOwner",
db: "wangwei"
}
]
}
)
认证
db.auth("productsDBAdmin","password")
openssl rand -base64 741 > /var/mongo/mongodb-keyfile
chmod 600 mongodb-keyfile
2.把keyfile copy到其他节点并修改权限
3.修改配置文件
添加:
keyFile=/var/mongo/mongodb-keyfile
4.重新启动mongodb使认证生效
use admin
db.shutdownServer()
5.连接到mongos 添加用户
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "root001",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
db.createUser( {
user: "siteRootAdmin",
pwd: "root001",
roles: [ { role: "root", db: "admin" } ]
});
创建用户报错
mongos> db.createUser(
... {
... user: "myUserAdmin",
... pwd: "root001",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
2016-02-29T10:58:31.051+0800 E QUERY [thread1] Error: couldn't add user: clock skew of the cluster 192.168.1.74:50000,192.168.1.69:50000,192.168.1.63:50000 is too far out of bounds to allow distributed locking. :
_getErrorWithCode@src/mongo/shell/utils.js:23:13
DB.prototype.createUser@src/mongo/shell/db.js:1225:11
@(shell):1:1
原因是由于各个节点时间不一致导致的,开启服务器的ntp服务同步时间
ntpdate -u 0.centos.pool.ntp.org
时间一致后再次创建用户,问题解决
创建特定数据库的用户
db.createUser(
{
user: "productsDBAdmin",
pwd: "password",
roles:
[
{
role: "dbOwner",
db: "wangwei"
}
]
}
)
认证
db.auth("productsDBAdmin","password")