1
我有運行(副本集)與以下mongodb.conf文件爲每個實例的mongodb的4個實例:身份驗證mongodb的副本集
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /root/mongodata/log/mongod.log
# Where and how to store data.
storage:
dbPath: /root/mongodata/db1 # also have db2 and so on for rest of the instances
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /root/mongodata/db1/mongod.pid # location of pidfile, different for 4 instances
# network interfaces
net:
port: 30000 #port different for 4 different instances
bindIp: 12.123.321.432(example ip, same for all 4 .conf files)
# security
security:
KeyFile: /path to my keyfile location
# authorization: enabled
#operationProfiling:
replication:
replSetName: testReplica #have this same for all 4
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
我還創建內部認證密鑰文件如下:
openssl rand -base64 756 > <path-to-keyfile>
chmod 400 <path-to-keyfile>
所有的實例運行後,我打開mongoShell如下:
mongo --host 12.123.321.432 --port 30000
我能打開外殼,但是當我嘗試創建一個用戶,我得到以下異常:
2016-12-22T20:55:38.396-0500 E QUERY [thread1] Error: couldn't add user: not authorized on test to execute command { createUser: "root", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } } :
[email protected]/mongo/shell/utils.js:23:13
[email protected]/mongo/shell/db.js:1230:11
@(shell):1:1
我嘗試切換到管理數據庫,但仍擅自說,我也想跑rs.initiate( )命令來定義主要和次要數據庫,說未經授權的。即使我啓動了mongod,但我認爲通過身份驗證禁用內部身份驗證通過keyfile將強制基於角色的身份驗證。我在這裏錯過了什麼,我將如何解決它?提前致謝。
你幾乎是正確的,但對於副本集訣竅是從空的'db'文件夾開始,並在'.conf'文件中,你不應該提供''keyFile'參數。只要你放入'keyFile',內部認證+基於角色的訪問就被強制執行。所以,從'keyfile'開始,創建必要的用戶,然後使用'keyFile'重新啓動到'.conf'文件。注意:當你提供'keyFile'參數時,你不需要使用'--auth'來啓用認證。請更新您的答案,以便我可以標記爲正確的答案。謝謝! – Gurkha
@Gurkha是的,沒錯,答案已經更新,希望這對你有所幫助。 – kext