开启mongodb认证总结:
目录:
一、开启mongodb认证总结:
二、开启mongodb认证操作步骤日志
三 参考文档:https://rokin.yuque.com/hes7tf/zv11ll/uw2fve
四、mongodb命令
一、开启mongodb认证总结:
1 、备份配置文件(查找:[root@mongo-uat02 ~]# ps aux|grep mongo 备份:# cp /opt/data/apps/mongodb/conf/mongodb.conf /opt/data/apps/mongodb/conf/mongodb.conf.20230302bak)
2 、修改配置文件 (security: keyFile: /opt/data/apps/mongodb/conf/keyfile authorization: enabled)
3、登录mongodb,逐个关闭mongodb服务(关闭顺序:SECONDARY、PRIMARY、仲裁;启动顺序:仲裁、PRIMARY、SECONDARY)
4、登录各节点检查集群状态 rs.status()
[root@mongo-uat02 conf]# cat mongodb.conf
processManagement:
fork: true
net:
bindIp: 172.16.87.26
port: 27017
storage:
dbPath: /opt/data/apps/mongodb/data
systemLog:
destination: file
path: "/opt/data/apps/mongodb/logs/mongod.log"
logAppend: true
logRotate: rename
replication:
replSetName: rs_mongo-uat
security:
keyFile: /opt/data/apps/mongodb/conf/keyfile
authorization: enabled
# security:
# keyFile: "/opt/data/apps/mongodb/conf/keyfile"
[root@mongo-uat02 conf]#
二、开启mongodb认证操作步骤日志
1 备份配置文件
2 修改配置文件
3 登录mongodb,逐个关闭mongodb服务(SECONDARY、PRImary),:/opt/data/apps/mongodb/bin/mongo 172.16.87.26:27017
&&&&&&&&&&&&&&&&&&&&&&&&&&&仲裁节点登录认证失败&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
rs_mongo-uat:ARBITER> use admin
switched to db admin
rs_mongo-uat:ARBITER> db.auth("admin","password01");
Error: Authentication failed.
0
rs_mongo-uat:ARBITER>
&&&&&&&&&&&&&&&&&&&&&&&&&&&仲裁节点登录认证失败&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
#############关闭SECONDARY节点后,primary节点由Primary变更为secondary#############
rs_mongo-uat:PRIMARY> use admin
switched to db admin
rs_mongo-uat:PRIMARY> db.auth("admin","password01");
1
rs_mongo-uat:PRIMARY> db.shutdownServer();
uncaught exception: SyntaxError: illegal character :
@(shell):1:19
rs_mongo-uat:RECOVERING>
rs_mongo-uat:RECOVERING> db.shutdownServer()
server should be down...
>
#############关闭SECONDARY节点后,primary节点由Primary变更为secondary#############
db.shutdownServer()
****************关闭仲裁节点 失败***********************
rs_mongo-uat:ARBITER> db.shutdownServer()
Error: shutdownServer failed: {
"ok" : 0,
"errmsg" : "shutdown must run from localhost when running db without auth",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.shutdownServer@src/mongo/shell/db.js:426:19
@(shell):1:1
rs_mongo-uat:ARBITER>
rs_mongo-uat:ARBITER> db.shutdownServer()
uncaught exception: Error: shutdownServer failed: {
"ok" : 0,
"errmsg" : "shutdown must run from localhost when running db without auth",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.shutdownServer@src/mongo/shell/db.js:426:19
@(shell):1:1
rs_mongo-uat:ARBITER>
****************关闭仲裁节点 失败***********************
@@@@@@@@@@@@@@@@@不关闭仲裁节点,启动主节点 节点状态:OTHER@@@@@@@@@@@@@@@@@@@@@@@
/opt/data/apps/mongodb/bin/mongod -f /opt/data/apps/mongodb/conf/mongodb.conf
[root@mongo-uat01 conf]# /opt/data/apps/mongodb/bin/mongod -f /opt/data/apps/mongodb/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 9588
child process started successfully, parent exiting
[root@mongo-uat01 conf]# ps aux|grep mongo
root 9588 7.3 2.1 1790624 82576 ? SLl 16:24 0:01 /opt/data/apps/mongodb/bin/mongod -f /opt/data/apps/mongodb/conf/mongodb.conf
root 9696 0.0 0.0 112824 988 pts/0 S+ 16:24 0:00 grep --color=auto mongo
[root@mongo-uat01 conf]# /opt/data/apps/mongodb/bin/mongo 172.16.87.25:27017
MongoDB shell version v4.4.9
connecting to: mongodb://172.16.87.25:27017/test?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("9bd4d0d9-1b35-46f4-a297-e35537698800") }
MongoDB server version: 4.4.9
rs_mongo-uat:OTHER>
@@@@@@@@@@@@@@@@@不关闭仲裁节点,启动主节点 节点状态:OTHER@@@@@@@@@@@@@@@@@@@@@@@
++++++++++++++++++++++++强制关闭仲裁节点(原主节点处于OTHER状态)并启动++++++++++++++++++++++++++
[root@mongo-uat03 conf]# ps aux|grep mongo
root 640 0.0 0.0 112824 984 pts/0 S+ 16:28 0:00 grep --color=auto mongo
mongod 3604 1.8 2.8 1711732 111012 ? Sl 2022 2648:10 /opt/data/apps/mongodb/bin/mongod -f /opt/data/apps/mongodb/conf/mongodb.conf
[root@mongo-uat03 conf]# kill -9 3604
[root@mongo-uat03 conf]# ps aux|grep mongo
root 1023 0.0 0.0 112824 988 pts/0 S+ 16:29 0:00 grep --color=auto mongo
[root@mongo-uat03 conf]# /opt/data/apps/mongodb/bin/mongod -f /opt/data/apps/mongodb/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 1032
child process started successfully, parent exiting
[root@mongo-uat03 conf]# /opt/data/apps/mongodb/bin/mongo 172.16.87.27:27017
MongoDB shell version v4.4.9
connecting to: mongodb://172.16.87.27:27017/test?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("ca3efb4e-e5d9-4072-80de-d1f4baec3126") }
MongoDB server version: 4.4.9
rs_mongo-uat:ARBITER>
++++++++++++++++++++++++强制关闭仲裁节点(原主节点处于OTHER状态)并启动++++++++++++++++++++++++++
————————————————————————————————————————重启仲裁节点后,检查主节点状态 恢复为PRIMARY————————————————————————————————————————
[root@mongo-uat01 conf]# /opt/data/apps/mongodb/bin/mongo 172.16.87.25:27017
MongoDB shell version v4.4.9
connecting to: mongodb://172.16.87.25:27017/test?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("9bd4d0d9-1b35-46f4-a297-e35537698800") }
MongoDB server version: 4.4.9
rs_mongo-uat:OTHER> use admin
switched to db admin
rs_mongo-uat:PRIMARY>
————————————————————————————————————————重启仲裁节点后,检查主节点状态 恢复为PRIMARY————————————————————————————————————————
启动原从节点
[root@mongo-uat02 conf]# /opt/data/apps/mongodb/bin/mongod -f /opt/data/apps/mongodb/conf/mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 25484
child process started successfully, parent exiting
[root@mongo-uat02 conf]#
[root@mongo-uat02 conf]# /opt/data/apps/mongodb/bin/mongo 172.16.87.26:27017
MongoDB shell version v4.4.9
connecting to: mongodb://172.16.87.26:27017/test?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("7bbbdcdc-0523-47ac-b8dd-b184d4b70af3") }
MongoDB server version: 4.4.9
rs_mongo-uat:SECONDARY> use admin
switched to db admin
rs_mongo-uat:SECONDARY>
检查集群状态
rs.status()
状态正常。
三 参考文档
5. 启用认证
生成副本集成员间内部认证所用的 keyfile:
# openssl rand -base64 756 > /opt/mongodb/conf/keyfile
# chmod 400 /opt/mongodb/conf/keyfile
将生成的 keyfile 复制到各成员节点的 /opt/mongodb/conf 目录下,保持权限一致(用户:mongod,组:mongod,权限:400)
chmod 400 /opt/mongodb/conf/keyfile
chown -R mongod:mongod conf/
各成员节点修改 /opt/mongodb/conf/mongodb.conf:
processManagement:
fork: true
net:
bindIp: 172.16.85.44
port: 27017
storage:
dbPath: /opt/mongodb/data
systemLog:
destination: file
path: "/opt/mongodb/logs/mongod.log"
logAppend: true
logRotate: rename
replication:
replSetName: rs0
security:
keyFile: "/opt/mongodb/conf/keyfile"
设置 keyFile 会强制启用 security.authorization。
重启各成员节点,验证认证是否生效。
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
