导航：首页 > 数据库 >

mongodb之replSet复制集 + auth

发表于：2024-09-22 作者：千家信息网编辑

千家信息网最后更新 2024年09月22日，### 开启auth认证的mongodb的复制集### 注意点- 服务器节点之前时间要同步- 开启防火墙的一定要允许通过- 开启selinux的也要进行设置- 建立双击互信模式最好不过### 提前要做

千家信息网最后更新 2024年09月22日mongodb之replSet复制集 + auth

### 开启auth认证的mongodb的复制集

### 注意点

- 服务器节点之前时间要同步

- 开启防火墙的一定要允许通过

- 开启selinux的也要进行设置

- 建立双击互信模式最好不过

### 提前要做的事情

生产高端大气上档次的keyFile文件

[root@redis journal]# openssl rand -base64 7533LC/EZGPOLXdVBQInqeKVglqNNWo2Et93ib51BQJZRAUB2gRUovi4b6ZkAeNAQxcvu3UEOLWA9IyWvHy6g3rAQ8lAWqVX+dIJ52Lf5EKiUp9uTwqlzGd6FKgtheN6hNLHV1YhwdzHLN7itmUgcTSe5qCSNJJijQh+OtKipkPH3laE+UxvC4rafPqNtzcBBjU7P2GOAq7zyHqT68IBysNzcdribb9qVQ35Q+kFG3sB4ne26pgk2qjnUYAK2r42BLmec6VfKw0LnemJsSCB1d2M+5fLMvBe8w59lOL7/n8IHeeT4jiTmFhrWcgyTATK7D316Zbf8DJOkHobfnW7v0eUJINAS7BrVLjItSR51qQ4nqQAQpWd5DyNCsycDcNIzQju9pGO2OzBiroOlo/tz/tLjS8jPHaa7GamOI+L+OF1sn9ytpSq0T0BswItbaNIFjrg97Nj6iwL86zblDY1U2380qBqKZdBP/yZdYi9Mj05328PdjPvF32vPt3wAHmkxTWzHXMELO6AO4q4LxTPUbIGuLzbeGoLF/ZZia5ndXWzJxVaLNUxxdzrCtcoCXvfwXwNXiN6Gg2Ep/IwkVZtNILtmbUZG51q45bb7afvS7p27P89WTk0TZ4rWNdnpNNJ1ryNwz8jMUFe9DdAY50KYUqYiIEDFltICYycnXwtmKYTpaun/6gXLKKp6PwHtfdid1tv6dkv1FHB0fU0bReOBTTSfaFkwbdKcxHcLV2p6xiFdRKLMGDrgCQNXlJN0SaUUgPU55DrScsWT3A6Pzx2Ga6yl/xnGaJpXBHb+g2gWFhSL64oo58KB4e1TQT5z/pkI0YOw+GLv8m82K2epU7hpTB6ks0PZcalGlGPy4OBxu7tNQqJIY/pLa60Gtqbs5KBCIXp7MV9JxCnOML68JU3ZKqlZUIkZeNSLpFXbnHNsuRtXWRuARdb3WM6BxsNS6uOfjA/iYa0dsUtz5w8z6CQOEJ0bPo5GjpA95WSjXnwiCY8Hvf[root@redis journal]#

- 把生产的key复制到/usr/local/mongodb/key
- 设置key文件的权限为600
- 修改key文件的属主属组

[root@redis mongodb]# lltotal 72drwxr-xr-x 2 mongodb mongodb  4096 Jul 19 12:58 bin-rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0-rw-r--r-- 1 root    root     1020 Jul 21 08:26 key-rw-r--r-- 1 mongodb mongodb     5 Jul 21 07:54 mongo.pid-rw-r--r-- 1 mongodb mongodb  1359 Jun 19 22:41 README-rw-r--r-- 1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES[root@redis mongodb]# chmod 600 key [root@redis mongodb]# lltotal 72drwxr-xr-x 2 mongodb mongodb  4096 Jul 19 12:58 bin-rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0-rw------- 1 mongodb mongodb  1020 Jul 21 08:26 key-rw-r--r-- 1 mongodb mongodb     5 Jul 21 07:54 mongo.pid-rw-r--r-- 1 mongodb mongodb  1359 Jun 19 22:41 README-rw-r--r-- 1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES[root@redis mongodb]#

### 把key文件复制到另外一个节点上去

- 注意属组属主
- 创建一个全局账户

> > show dbsadmin  (empty)local  1.078GBtest   (empty)> use adminswitched to db admin> db.addUser("zhuima","zhuima")WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' insteadSuccessfully added user: { "user" : "zhuima", "roles" : [ "root" ] }>

### 主服务器配置文件

[root@redis mongodb]# sed -e '/^$/d;/^#/d' /etc/mongod.confport=27017dbpath=/mongo/data/mongodb_data/logpath=/mongo/data/mongodb_log/mongodb.logpidfilepath=/usr/local/mongodb/mongo.pidfork=truelogappend=trueshardsvr=truedirectoryperdb=truereplSet=zhuimakeyFile=/usr/local/mongodb/keybind_ip=192.168.58.30

### 从服务器上配置文件

[root@mongo1 data]# vim /etc/mongod.conf [root@mongo1 data]# sed -e '/^$/d;/^#/d' /etc/mongod.conflogpath=/var/log/mongodb/mongod.loglogappend=truefork=truedbpath=/mongo/datapidfilepath=/var/run/mongodb/mongod.pidbind_ip=192.168.58.10replSet = zhuimakeyFile = /mongo/data/key

### 重启mongodb服务观察结果

- 初始化副本集

> rs.initiate()

- 由下面的可以看出，keyFile默认就包含了开启auth功能

zhuima:SECONDARY> show dbs2014-07-21T08:52:44.617+0200 listDatabases failed:{"ok" : 0,"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }","code" : 13} at src/mongo/shell/mongo.js:47zhuima:SECONDARY>

### 验证信息

- 主节点上

zhuima:PRIMARY> show dbsadmin  0.078GBlocal  1.078GBzhuima:PRIMARY> use zhuimaswitched to db zhuimazhuima:PRIMARY> info = {Name:"zhuima",Age:26,Gender:"F",Address:"Beijing China"}{"Name" : "zhuima","Age" : 26,"Gender" : "F","Address" : "Beijing China"}zhuima:PRIMARY> db.person.insert(info)WriteResult({ "nInserted" : 1 })zhuima:PRIMARY> db.person.find(){ "_id" : ObjectId("53ccb955f09dbb6f5a213faf"), "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China" }zhuima:PRIMARY>

- 从节点上

zhuima:SECONDARY> show dbsadmin   0.078GBlocal   1.078GBzhuima  0.078GBzhuima:SECONDARY> use zhuimaswitched to db zhuimazhuima:SECONDARY> show collections2014-07-21T08:55:40.267+0200 error: { "$err" : "not master and slaveOk=false", "code" : 13435 } at src/mongo/shell/query.js:131zhuima:SECONDARY> rs.slaveOk()zhuima:SECONDARY> rs.slaveOk()zhuima:SECONDARY> show collectionspersonsystem.indexeszhuima:SECONDARY> db.person.find(){ "_id" : ObjectId("53ccb955f09dbb6f5a213faf"), "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China" }zhuima:SECONDARY>

### 关于mongodb 复制集 + auth的配置要感谢灿哥的指点

灿哥博客：http://www.shencan.net/

### 后记：