Mongodb集群配置登录认证跟单节点的不一样,本文主要介绍一下配置的流程
1. 启动mongodb集群,不开启auth,配置admin数据库用户
use admin
db.createUser( {
user: "admin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
});2. 停止mongodb集群
3. 在其中一个replica 节点上,配置 keyfile,keyfile用于各个节点之间验证
openssl rand -base64 741 > mongodb-keyfile
chmod 600 mongodb-keyfile4. 将keyfile 拷贝到 replica 节点,mongo config,mongos 节点上
5. 启动mongod,mongo config ,mongos
集群配置,本文不具体介绍,每个服务都需要加上
--keyFile /mysecretdirectory/mongodb-keyfile
mongod --keyFile /mysecretdirectory/mongodb-keyfile --replSet "rs0"
mongod --keyFile /mysecretdirectory/mongodb-keyfile -f /etc/mongod-config.conf
mongos --keyFile /mysecretdirectory/mongodb-keyfile ...6. 启动mongodb 集群
7. mongos连接,创建用户和测试结果
[root@packone18 ~]# mongo --port 30000 -u admin -p abc123 --authenticationDatabase admin
mongos >> use testdb
mongos >> db.createUser(
{
user: "test_user",
pwd: "abc123",
roles: [ { role: "readWrite", db: "testdb" } ]
}
);
mongos >> db.auth(‘test_user’,’abc123’)
测试结果
[root@packone18 ~]# mongo --port 30000 -u test_user -p abc123 --authenticationDatabase testdb
MongoDB shell version: 3.2.10
connecting to: 127.0.0.1:30000/test
mongos> show collections;
2016-11-03T10:44:56.655+0800 E QUERY [thread1] Error: listCollections failed: {
"ok" : 0,
"errmsg" : "not authorized on test to execute command { listCollections: 1.0, filter: {} }",
"code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:773:1
DB.prototype.getCollectionInfos@src/mongo/shell/db.js:785:19
DB.prototype.getCollectionNames@src/mongo/shell/db.js:796:16
shellHelper.show@src/mongo/shell/utils.js:754:9
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1
mongos> use testdb;
switched to db testdb
mongos> show collections;
mongos> db.t1.insert({'name':'jake'});
WriteResult({ "nInserted" : 1 })
mongos> db.t1.find();
{ "_id" : ObjectId("581aa4bc38ffdf457e2e2c30"), "name" : "jake" }
1119
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
