zoukankan      html  css  js  c++  java

  • Mongo集群设置认证

    本文主要基于已经搭建好的未认证集群

    1.在分片集群环境中,副本集内成员之间需要用keyFile认证,mongos与配置服务器,副本集之间也要keyFile认证,集群所有mongod和mongos实例使用内容相同的keyFile文件

    在其中一台机器上生成keyfile

    openssl rand -base64 753  > keyfile
    chmod 600 ./keyfile  #权限必须是600
    [root@centos01 ~]# openssl rand -base64 753  > keyfile
[root@centos01 ~]# ll
总用量 64
-rw-------. 1 root root  1484 6月  16 2018 anaconda-ks.cfg
-rw-r--r--. 1 root root 28412 6月  16 2018 install.log
-rw-r--r--. 1 root root  8105 6月  16 2018 install.log.syslog
-rw-r--r--. 1 root root  1020 4月  15 20:23 keyfile
-rwxr-xr-x. 1 root root   357 7月   8 2018 mongo_start.sh
-rwxr-xr-x. 1 root root   348 7月   8 2018 mongo_stop.sh
-rwxr-xr-x. 1 root root    78 8月   2 2018 redis_link.sh
-rwxr-xr-x. 1 root root   140 8月  10 2018 redis_start.sh

    [root@centos01 ~]# chmod 600 ./keyfile
    [root@centos01 ~]#

     复制文件到其他节点

    scp -r  /root/keyfile  root@192.168.96.202:/root/
scp -r  /root/keyfile  root@192.168.96.203:/root/
    [root@centos01 ~]# scp -r  /root/keyfile  root@192.168.96.202:/root/
keyfile                                                    100% 1020     1.0KB/s   00:00    
[root@centos01 ~]# scp -r  /root/keyfile  root@192.168.96.203:/root/
keyfile                                                    100% 1020     1.0KB/s   00:00    
[root@centos01 ~]#

    2、登陆到mongo的config节点

    ./mongo --port 21000

    [root@centos01 bin]# pwd/mysys/mongodb/bin[root@centos01 bin]# /mysys/mongodb/bin/mongo --port 21000
    MongoDB shell version v3.6.1 connecting to: mongodb://127.0.0.1:21000/ 
    MongoDB server version: 3.6.1 Server has startup warnings: 
    2020-04-15T20:04:01.342+0800 I STORAGE [initandlisten] 
    2020-04-15T20:04:01.342+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
    2020-04-15T20:04:01.342+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem 
    2020-04-15T20:04:03.307+0800 I CONTROL [initandlisten] 
    2020-04-15T20:04:03.314+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 
    2020-04-15T20:04:03.314+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 
    2020-04-15T20:04:03.314+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 
    2020-04-15T20:04:03.314+0800 I CONTROL [initandlisten] configs:PRIMARYARY>

    3、建立管理员账号,赋所有权限(admin和config数据库),必须在  PRIMARY 节点执行 

    use admin
db.createUser({user: "admin",pwd: "123456",roles: [ { role: "root", db: "admin" } ]}) 
db.auth("admin","123456")

use config
db.createUser({user: "admin",pwd: "123456",roles: [ { role: "root", db: "admin" } ]}) 
db.auth("admin","123456")
    configs:PRIMARY> use admin
switched to db admin
configs:PRIMARY> db.createUser({user: "admin",pwd: "123456",roles: [ { role: "root", db: "admin" } ]}) 
Successfully added user: {
    "user" : "admin",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ]
}
configs:PRIMARY> db.auth("admin","123456")
1
configs:PRIMARY> 
configs:PRIMARY> use config
switched to db config
configs:PRIMARY> db.createUser({user: "admin",pwd: "123456",roles: [ { role: "root", db: "admin" } ]}) 
Successfully added user: {
    "user" : "admin",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ]
}
configs:PRIMARY> db.auth("admin","123456")
1
configs:PRIMARY>

    4、关闭所有mongod、mongos、configsvr,编辑配置文件,重新启动每台服务器每个实例
          为每一个mongod、mongos、配置服务器的实例其中的配置文件添加认证属性或者在启动实例时添加--authorization、--keyFile选项

           Shard和Configserver配置文件添加相关配置信息

    #开启权限验证
auth=true
keyFile=/root/keyfile

          mongos配置文件中添加如下配置

    #指向keyFile
keyFile=/root/keyfile

    执行添加

    echo 'auth=true' >> config.conf
echo 'keyFile=/root/keyfile' >> config.conf
echo 'auth=true' >> shard1.conf
echo 'keyFile=/root/keyfile' >> shard1.conf
echo 'auth=true' >> shard2.conf
echo 'keyFile=/root/keyfile' >> shard2.conf
echo 'auth=true' >> shard3.conf
echo 'keyFile=/root/keyfile' >> shard3.conf

echo 'keyFile=/root/keyfile' >> mongos.conf

    创建用户

    db.createUser( 
{
  user: "admin",
  pwd: "123456",
  roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]}
)


登陆mongo后创建程序使用的数据库
  use tps
创建用户
db.createUser(
  {
    user: "test",
    pwd: "123456",
    roles: [ { role: "readWrite", db: "testdb" } ]
  }
)

    5、重启后验证

     show user 查看用户

    方法二

    一、生成keyfile文件
1、openssl rand -base64 753  > keyfile
2、chmod 600 ./keyfile  #权限必须是600
3、把生成好的文件放到 /mydata/mongodb/keyfile
分发到各个节点
scp -r  /root/keyfile  root@192.168.96.202:/mydata/mongodb

二、无验证登陆mongo   ./mongod -port [端口]
1、创建管理用户
db.createUser( {user: "admin",pwd: "12345",roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
三修改配置文件
1、在config  shard配置文件末尾加入如下
auth=true
keyFile=/mydata/mongodb/keyfile
2、在mongods配置文件末尾加入
keyFile=/mydata/mongodb/keyfile
四、重启服务
1、killall mongod
2、killall mongos
重启每个节点的mongo
五、创建程序使用的数据库和用户
1、登陆mongo后创建程序使用的数据库
  use tps
2、创建用户
db.createUser(
  {
    user: "test",
    pwd: "12345",
    roles: [ { role: "readWrite", db: "testdb" } ]
  }
)

    结束
  • 相关阅读:
    【HDU1698】 Just a Hook 【线段树入门】
    【转载】线段树 区间合并 小结
    Codeforces 1138B(列方程枚举)
    Codeforces 1132G(关系转化树+dfn+线段树)
    Codeforces 1132E(转化+dp)
    Codeforces 1132D(二分模拟)
    Codeforces 1131G(dp)
    洛谷1941(dp)
    洛谷2758(字符串dp)
    Codeforces 1143B(思维、技巧)
  • 原文地址:https://www.cnblogs.com/xuchen0117/p/12757985.html
Copyright © 2011-2022 走看看