mongodb 建立 用户名和密码认证 集群

---

mongo server 添加用户并给 replSet 用户名密码认证

核心参考文章

server 启动

集群的名称(此处我换成了正式环境用的名称 backup,与上面的 copy和copyBk有出入 )

$ mongod.exe --port=27017 --dbpath=./backup1 --replSet=backup 
$ mongod.exe --port=27018 --dbpath=./backup2 --replSet=backup 

从 $ mongod.exe 127.0.0.1:27017 主机 Primary 进入

添加用户

注意:

因是集群，必须在Primary上来新建(子群节点上也会有该用户)

参考文章

$ mongod.exe --port=27017 --dbpath=./backup1 --replSet=backup 
$ mongod.exe 127.0.0.1:27017
> db.createRole({role:'sysadmin',roles:[],privileges:[{resource:{anyResource:true},actions:['anyAction']}]})

{
    "role" : "sysadmin",
    "roles" : [ ],
    "privileges" : [
        {
            "resource" : {
                "anyResource" : true
            },
            "actions" : [
                "anyAction"
            ]
        }
    ]
}

> db.createUser({user:'[email protected]',pwd:'xxxx',roles:[{role:'sysadmin',db:'admin'}]})

Successfully added user: {
    "user" : "[email protected]",
    "roles" : [
        {
            "role" : "sysadmin",
            "db" : "admin"
        }
    ]
}

登录测试

$ mongo.exe 127.0.0.1:27017 
> use admin
> show dbs # 报错了

2017-09-01T14:31:24.411+0800 E QUERY    Error: listDatabases failed:{
"errmsg" : "not authorized on admin to execute command { listDatabases:...

> db.auth('[email protected]',xxxx)
> 1  # 认证成功

查看用户名认证的方式

> use admin
> db.auth('3462...',xxx)
> db.system.users.find() 

生成 keyFile

参考文章

$ openssl rand -base64 1024 > mongodb.key  

如果报错: 有异常的 ‘=’

参考文章

解决办法：手动删除里面末尾的 ‘=’

---

重新启动 集群 replSet，并认证进入

参考文章

$ mongod.exe --port=27017 --dbpath=./backup1 --replSet=backup  --keyFile "mongodb.key"
$ mongod.exe --port=27018 --dbpath=./backup2 --replSet=backup  --keyFile "mongodb.key"

$ mongo.exe 127.0.0.1:27017

> backup:PRIMARY> use admin
switched to db admin

backup:PRIMARY> db.auth('a','a')
1

> backup:PRIMARY> show dbs
admin  0.078GB
local  1.078GB

集群 slave 登录测试

rs.slaveOk() 打开可读权限

$ mongo.exe 127.0.0.1:27018
> use admin
> db.auth('a','a')
> show dbs  # 报错如下
 Error: listDatabases failed:{ "note" : "from execCommand", "ok" : 0, "errmsg" : "not master" }
> rs.slaveOk() # 打开可读权限
> backup:PRIMARY> show dbs
admin  0.078GB
local  1.078GB

—

—

后面的新建用户，权限不够，上面的是正确的

mongodb v.3.xxx 版本

> db.addUser("a","b")
2017-09-01T09:22:37.004+0800 E QUERY    TypeError: Property 'addUser' of object admin is not a function
    at (shell):1:4
> 

原来在mongodb3.0中addUser已被废弃，具体参考：

参考文章

> db.createUser({user:'a',pwd:'a',roles:['readWrite','dbAdmin']})

报错了 :

> db.createUser({user:'a',pwd:'a',roles:['readWrite','dbAdmin']})
2017-09-01T11:24:29.549+0800 E QUERY    Error: couldn't add user: not master
    at Error ()
    at DB.createUser (src/mongo/shell/db.js:1101:11)
    at (shell):1:4 at src/mongo/shell/db.js:1101

集群 新建用户必须是 Primary

查看 rs.status()；发现当前连接的mongo 不是 primary,（是由于我建立了多个 replSet）
切换到 replSet Primary后

> db.createUser({user:'a',pwd:'a',roles:['readWrite','dbAdmin']})
Successfully added user: { "user" : "a", "b" : [ "readWrite", "dbAdmin" ] }
>

连接mongodb slave报错：

2017-09-01T12:29:43.064+0800 E QUERY    Error: listDatabases failed:{ "note" : "from execCommand", "ok" : 0, "errmsg" : "not master" }

参考地址：https://stackoverflow.com/questions/29232821/in-slave-mongodb-3-0-1-when-i-run-show-dbs-command-im-getting-the-below-erro
解决： rs.slaveOk()

—

—