MongoDB数据库添加用户验证

安装mongodb的方法参考此文档：https://blog.csdn.net/ywd1992/article/details/81947357

1、登录config server添加用户（primary节点）

/usr/local/mongodb/bin/mongo --port 21000

切换到admin用户下，添加一个新的用户

use admin

• 其中user及pwd按自己需求修改

db.createUser(
   {
     user: "csdn",
     pwd: "123456",
     roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
   }
 )

可以看到如下成功提示

Successfully added user: {
	"user" : "csdn",
	"roles" : [
		"userAdminAnyDatabase",
		"dbAdminAnyDatabase",
		"readWriteAnyDatabase",
		"clusterAdmin"
	]
}

2、登录shard server1添加用户（primary节点）

/usr/local/mongodb/bin/mongo --port 27001

切换到admin用户下，添加一个新的用户

use admin

• 其中user及pwd按自己需求修改

db.createUser(
   {
     user: "csdn",
     pwd: "123456",
     roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
   }
 )

可以看到如下成功提示

Successfully added user: {
	"user" : "csdn",
	"roles" : [
		"userAdminAnyDatabase",
		"dbAdminAnyDatabase",
		"readWriteAnyDatabase",
		"clusterAdmin"
	]
}

3、登录shard server2添加用户（primary节点）

/usr/local/mongodb/bin/mongo --port 27002

切换到admin用户下，添加一个新的用户

use admin

• 其中user及pwd按自己需求修改

db.createUser(
   {
     user: "csdn",
     pwd: "123456",
     roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
   }
 )

可以看到如下成功提示

Successfully added user: {
	"user" : "csdn",
	"roles" : [
		"userAdminAnyDatabase",
		"dbAdminAnyDatabase",
		"readWriteAnyDatabase",
		"clusterAdmin"
	]
}

4、登录shard server3添加用户（primary节点）

/usr/local/mongodb/bin/mongo --port 27003

切换到admin用户下，添加一个新的用户

use admin

• 其中user及pwd按自己需求修改

db.createUser(
   {
     user: "csdn",
     pwd: "123456",
     roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
   }
 )

可以看到如下成功提示

Successfully added user: {
	"user" : "csdn",
	"roles" : [
		"userAdminAnyDatabase",
		"dbAdminAnyDatabase",
		"readWriteAnyDatabase",
		"clusterAdmin"
	]
}

5、生成并配置密钥文件

• 任意节点生成，发送到集群中其他节点

• 所有节点创建密钥目录

mkdir /usr/local/mongodb/key

• 集群中任意找一个节点生成秘钥文件并分发到其他节点

openssl rand -base64 756 >/usr/local/mongodb/key/mongo_auth.key

scp /usr/local/mongodb/key/mongo_auth.key [email protected]:/usr/local/mongodb/key/
scp /usr/local/mongodb/key/mongo_auth.key [email protected]:/usr/local/mongodb/key/

• 所有节点密钥文件加权限

chmod 0600 /usr/local/mongodb/key/mongo_auth.key

• 配置文件中添加security配置

mongos配置文件添加配置（所有节点）

vim /usr/local/mongodb/conf/mongos.conf

注意yml文件格式，前面写了两个空格

  keyFile=/usr/local/mongodb/key/mongo_auth.key

config和shard配置文件分别添加（所有节点）

vim /usr/local/mongodb/conf/config.conf
vim /usr/local/mongodb/conf/shard1.conf
vim /usr/local/mongodb/conf/shard2.conf
vim /usr/local/mongodb/conf/shard3.conf

auth=true
  keyFile=/usr/local/mongodb/key/mongo_auth.key

6、验证

• 修改了配置之后需要先将原有所有服务杀掉重启，使配置生效

/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/config.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard1.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard2.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard3.conf
/usr/local/mongodb/bin/mongos -f /usr/local/mongodb/conf/mongos.conf

• 任意节点登录mongo

mongo --host 192.168.0.101 --port 20000

• 切换到admin用户下先show一下数据库，发现什么都没有，或者发现会报错

use admin
show dbs

• 此时我们以刚才添加的用户登录进去，再次show一下数据库，发现已经可以看到所有的数据库了

db.auth("csdn","123456")

• 或者以后登录方式直接改为带用户密码的方式即可：

mongo 192.168.0.101:20000/admin -u csdn -p123456

• 创建一个普通的库供使用，库需要写了数据才能看到，所以创建完直接show dbs看不到是正常的：

use my_database;

• 为这个库创建一个读写用户：

db.createUser({
 user:"zhangsan",
 pwd:"123456",
 roles: [ { role: "readWrite",db:"my_database"}]
})