首页 > 其他 > 详细

Mongo集群设置认证

时间:2020-04-23 13:40:29      阅读:73      评论:0      收藏:0      [点我收藏+]

本文主要基于已经搭建好的未认证集群

1.在分片集群环境中,副本集内成员之间需要用keyFile认证,mongos与配置服务器,副本集之间也要keyFile认证,集群所有mongod和mongos实例使用内容相同的keyFile文件

在其中一台机器上生成keyfile

openssl rand -base64 753  > keyfile
chmod 600 ./keyfile #权限必须是600
[root@centos01 ~]# openssl rand -base64 753  > keyfile
[root@centos01 ~]# ll
总用量 64
-rw-------. 1 root root  1484 6月  16 2018 anaconda-ks.cfg
-rw-r--r--. 1 root root 28412 6月  16 2018 install.log
-rw-r--r--. 1 root root  8105 6月  16 2018 install.log.syslog
-rw-r--r--. 1 root root  1020 4月  15 20:23 keyfile
-rwxr-xr-x. 1 root root   357 7月   8 2018 mongo_start.sh
-rwxr-xr-x. 1 root root   348 7月   8 2018 mongo_stop.sh
-rwxr-xr-x. 1 root root    78 8月   2 2018 redis_link.sh
-rwxr-xr-x. 1 root root   140 8月  10 2018 redis_start.sh

[root@centos01 ~]# chmod 600 ./keyfile
[root@centos01 ~]#

 复制文件到其他节点

scp -r  /root/keyfile  root@192.168.96.202:/root/
scp -r  /root/keyfile  root@192.168.96.203:/root/
[root@centos01 ~]# scp -r  /root/keyfile  root@192.168.96.202:/root/
keyfile                                                    100% 1020     1.0KB/s   00:00    
[root@centos01 ~]# scp -r  /root/keyfile  root@192.168.96.203:/root/
keyfile                                                    100% 1020     1.0KB/s   00:00    
[root@centos01 ~]#

2、登陆到mongo

./mongo --port 21000[root@centos01 bin]# pwd/mysys/mongodb/bin[root@centos01 bin]# /mysys/mongodb/bin/mongo --port 21000
MongoDB shell version v3.6.1 connecting to: mongodb://127.0.0.1:21000/ 
MongoDB server version: 3.6.1 Server has startup warnings:
2020-04-15T20:04:01.342+0800 I STORAGE [initandlisten]
2020-04-15T20:04:01.342+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2020-04-15T20:04:01.342+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
2020-04-15T20:04:03.307+0800 I CONTROL [initandlisten]
2020-04-15T20:04:03.314+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2020-04-15T20:04:03.314+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2020-04-15T20:04:03.314+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2020-04-15T20:04:03.314+0800 I CONTROL [initandlisten] configs:SECONDARY>

3、建立管理员账号,赋所有权限(admin和config数据库),必须在  PRIMARY 节点执行 

use admin
db.createUser({user: "admin",pwd: "123456",roles: [ { role: "root", db: "admin" } ]}) 
db.auth("admin","123456")

use config
db.createUser({user: "admin",pwd: "123456",roles: [ { role: "root", db: "admin" } ]}) 
db.auth("admin","123456")
configs:PRIMARY> use admin
switched to db admin
configs:PRIMARY> db.createUser({user: "admin",pwd: "123456",roles: [ { role: "root", db: "admin" } ]}) 
Successfully added user: {
    "user" : "admin",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ]
}
configs:PRIMARY> db.auth("admin","123456")
1
configs:PRIMARY> 
configs:PRIMARY> use config
switched to db config
configs:PRIMARY> db.createUser({user: "admin",pwd: "123456",roles: [ { role: "root", db: "admin" } ]}) 
Successfully added user: {
    "user" : "admin",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ]
}
configs:PRIMARY> db.auth("admin","123456")
1
configs:PRIMARY>

4、关闭所有mongod、mongos、configsvr,编辑配置文件,重新启动每台服务器每个实例
      为每一个mongod、mongos、配置服务器的实例其中的配置文件添加认证属性或者在启动实例时添加--authorization、--keyFile选项

       Shard和Configserver配置文件添加相关配置信息

#开启权限验证
auth=true
keyFile=/root/keyfile

      mongos配置文件中添加如下配置

#指向keyFile
keyFile=/root/keyfile

执行添加

echo auth=true >> config.conf
echo keyFile=/root/keyfile >> config.conf
echo auth=true >> shard1.conf
echo keyFile=/root/keyfile >> shard1.conf
echo auth=true >> shard2.conf
echo keyFile=/root/keyfile >> shard2.conf
echo auth=true >> shard3.conf
echo keyFile=/root/keyfile >> shard3.conf

echo keyFile=/root/keyfile >> mongos.conf

5、重启后验证

 

结束

Mongo集群设置认证

原文:https://www.cnblogs.com/xuchen0117/p/12757985.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!