mongo server 添加用户并给 replSet 用户名密码认证
核心参考文章
server 启动
集群的名称(此处我换成了正式环境用的名称 backup,与上面的 copy和copyBk有出入 )
$ mongod.exe --port=27017 --dbpath=./backup1 --replSet=backup
$ mongod.exe --port=27018 --dbpath=./backup2 --replSet=backup
从 $ mongod.exe 127.0.0.1:27017 主机 Primary 进入
添加用户
注意:
因是集群,必须在Primary上来新建(子群节点上也会有该用户)
$ mongod.exe --port=27017 --dbpath=./backup1 --replSet=backup
$ mongod.exe 127.0.0.1:27017
> db.createRole({role:'sysadmin',roles:[],privileges:[{resource:{anyResource:true},actions:['anyAction']}]})
{
"role" : "sysadmin",
"roles" : [ ],
"privileges" : [
{
"resource" : {
"anyResource" : true
},
"actions" : [
"anyAction"
]
}
]
}
> db.createUser({user:'346243440@qq.com',pwd:'xxxx',roles:[{role:'sysadmin',db:'admin'}]})
Successfully added user: {
"user" : "346243440@qq.com",
"roles" : [
{
"role" : "sysadmin",
"db" : "admin"
}
]
}
登录测试
$ mongo.exe 127.0.0.1:27017
> use admin
> show dbs # 报错了
2017-09-01T14:31:24.411+0800 E QUERY Error: listDatabases failed:{
"errmsg" : "not authorized on admin to execute command { listDatabases:...
> db.auth('346243440@qq.com',xxxx)
> 1 # 认证成功
查看用户名认证的方式
> use admin
> db.auth('3462...',xxx)
> db.system.users.find()
生成 keyFile
$ openssl rand -base64 1024 > mongodb.key
如果报错: 有异常的 ‘=’
解决办法:手动删除里面末尾的 ‘=’
重新启动 集群 replSet,并认证进入
$ mongod.exe --port=27017 --dbpath=./backup1 --replSet=backup --keyFile "mongodb.key"
$ mongod.exe --port=27018 --dbpath=./backup2 --replSet=backup --keyFile "mongodb.key"
$ mongo.exe 127.0.0.1:27017
> backup:PRIMARY> use admin
switched to db admin
backup:PRIMARY> db.auth('a','a')
1
> backup:PRIMARY> show dbs
admin 0.078GB
local 1.078GB
集群 slave 登录测试
rs.slaveOk() 打开可读权限
$ mongo.exe 127.0.0.1:27018
> use admin
> db.auth('a','a')
> show dbs # 报错如下
Error: listDatabases failed:{ "note" : "from execCommand", "ok" : 0, "errmsg" : "not master" }
> rs.slaveOk() # 打开可读权限
> backup:PRIMARY> show dbs
admin 0.078GB
local 1.078GB
—
—
后面的新建用户,权限不够,上面的是正确的
mongodb v.3.xxx 版本
> db.addUser("a","b")
2017-09-01T09:22:37.004+0800 E QUERY TypeError: Property 'addUser' of object admin is not a function
at (shell):1:4
>
原来在mongodb3.0中addUser已被废弃,具体参考:
> db.createUser({ user:'a',pwd:'a',roles:['readWrite','dbAdmin']})
报错了 :
> db.createUser({user:'a',pwd:'a',roles:['readWrite','dbAdmin']})
2017-09-01T11:24:29.549+0800 E QUERY Error: couldn't add user: not master at Error (<anonymous>) at DB.createUser (src/mongo/shell/db.js:1101:11) at (shell):1:4 at src/mongo/shell/db.js:1101
集群 新建用户必须是 Primary
查看 rs.status()
;发现当前连接的mongo 不是 primary,(是由于我建立了多个 replSet)
切换到 replSet Primary后
> db.createUser({user:'a',pwd:'a',roles:['readWrite','dbAdmin']})
Successfully added user: { "user" : "a", "b" : [ "readWrite", "dbAdmin" ] }
>
连接mongodb slave报错:
2017-09-01T12:29:43.064+0800 E QUERY Error: listDatabases failed:{ "note" : "from execCommand", "ok" : 0, "errmsg" : "not master" }
参考地址:https://stackoverflow.com/questions/29232821/in-slave-mongodb-3-0-1-when-i-run-show-dbs-command-im-getting-the-below-erro
解决: rs.slaveOk()