Mongodb 集羣配置用戶名密碼認證

Mongodb集羣配置登陸認證跟單節點的不同，本文主要介紹一下配置的流程

1. 啓動mongodb集羣，不開啓auth，配置admin數據庫用戶

use admin
db.createUser( {
    user: "admin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  });

2. 中止mongodb集羣

3. 在其中一個replica 節點上，配置 keyfile，keyfile用於各個節點之間驗證

openssl rand -base64 741 > mongodb-keyfile
chmod 600 mongodb-keyfile

 4. 將keyfile 拷貝到 replica 節點，mongo config，mongos 節點上

5. 啓動mongod，mongo config ，mongos 

 集羣配置，本文不具體介紹，每一個服務都須要加上

--keyFile /mysecretdirectory/mongodb-keyfile

mongod --keyFile /mysecretdirectory/mongodb-keyfile --replSet "rs0"
mongod --keyFile /mysecretdirectory/mongodb-keyfile -f /etc/mongod-config.conf
mongos --keyFile /mysecretdirectory/mongodb-keyfile ...

6. 啓動mongodb 集羣

7. mongos鏈接，建立用戶和測試結果

[root@packone18 ~]# mongo --port 30000 -u admin -p abc123 --authenticationDatabase admin
mongos >> use testdb
mongos >> db.createUser(
  {
    user: "test_user",
    pwd: "abc123",
    roles: [ { role: "readWrite", db: "testdb" } ]
  }
);
mongos >> db.auth(‘test_user’,’abc123’)
   測試結果
[root@packone18 ~]# mongo --port 30000 -u test_user -p abc123 --authenticationDatabase testdb
MongoDB shell version: 3.2.10
connecting to: 127.0.0.1:30000/test
mongos> show collections;
2016-11-03T10:44:56.655+0800 E QUERY    [thread1] Error: listCollections failed: {
	"ok" : 0,
	"errmsg" : "not authorized on test to execute command { listCollections: 1.0, filter: {} }",
	"code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:773:1
DB.prototype.getCollectionInfos@src/mongo/shell/db.js:785:19
DB.prototype.getCollectionNames@src/mongo/shell/db.js:796:16
shellHelper.show@src/mongo/shell/utils.js:754:9
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1

mongos> use testdb;
switched to db testdb
mongos> show collections;
mongos> db.t1.insert({'name':'jake'});
WriteResult({ "nInserted" : 1 })
mongos> db.t1.find();
{ "_id" : ObjectId("581aa4bc38ffdf457e2e2c30"), "name" : "jake" }