蒙戈連接器無法連接到mongos

Question

我連接與clusterAdmin和備份角色的用戶來蒙戈，但我得到的錯誤：

2017-02-09 17:51:23,254 [ERROR] mongo_connector.util:96 - Fatal Exception 
Traceback (most recent call last): 
    File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 94, in wrapped 
    func(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 370, in run 
    'listShards')['shards']: 
    File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 78, in retry_until_ok 
    return func(*args, **kwargs) 
    File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 494, in command 
    codec_options, **kwargs) 
    File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 406, in _command 
    parse_write_concern_error=parse_write_concern_error) 
    File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 419, in command 
    collation=collation) 
    File "/usr/lib64/python2.7/site-packages/pymongo/network.py", line 116, in command 
    parse_write_concern_error=parse_write_concern_error) 
    File "/usr/lib64/python2.7/site-packages/pymongo/helpers.py", line 210, in _check_command_response 
    raise OperationFailure(msg % errmsg, code, response) 
OperationFailure: not authorized on admin to execute command { listShards: 1 } 

下所需的權限這一頁說讓mongo-最簡單的方法連接器運行的方法是創建一個備份角色的用戶：

https://github.com/mongodb-labs/mongo-connector/wiki/Usage-with-Authentication

db.getSiblingDB("admin").createUser({ user:"backup",pwd:"password_here", roles: ["backup"] }) 

，但我不能，甚至連這樣的用戶（認證錯誤）：

2017-02-10 16:52:01,448 [ERROR] mongo_connector.util:96 - Fatal Exception 
Traceback (most recent call last): 
    File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 94, in wrapped 
    func(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 398, in run 
    hosts, replicaSet=repl_set) 
    File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 299, in create_authed_client 
    client['admin'].authenticate(self.auth_username, self.auth_key) 
    File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 1048, in authenticate 
    connect=True) 
    File "/usr/lib64/python2.7/site-packages/pymongo/mongo_client.py", line 505, in _cache_credentials 
    sock_info.authenticate(credentials) 
    File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 523, in authenticate 
    auth.authenticate(credentials, self) 
    File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 470, in authenticate 
    auth_func(credentials, sock_info) 
    File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 450, in _authenticate_default 
    return _authenticate_scram_sha1(credentials, sock_info) 
    File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 201, in _authenticate_scram_sha1 
    res = sock_info.command(source, cmd) 
    File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 419, in command 
    collation=collation) 
    File "/usr/lib64/python2.7/site-packages/pymongo/network.py", line 116, in command 
    parse_write_concern_error=parse_write_concern_error) 
    File "/usr/lib64/python2.7/site-packages/pymongo/helpers.py", line 210, in _check_command_response 
    raise OperationFailure(msg % errmsg, code, response) 
OperationFailure: Authentication failed. 

當我登錄到與這兩個用戶mongos，並運行命令

db.getSiblingDB("admin").runCommand({ listShards: 1 }) 

我得到一個碎片上市沒有probs

{ 
     "shards" : [ 
       { 
         "_id" : "shard001", 
         "host" : "shard001/timgrhlmdb01:27020,timgrhlmdb02:27020", 
         "state" : 1 
       }, 
       { 
         "_id" : "shard002", 
         "host" : "shard002/timgrhlmdb03:27020,timgrhlmdb04:27020", 
         "state" : 1 
       } 
     ], 
     "ok" : 1 
} 

那麼這是什麼意思：

操作失敗：管理員未授權執行命令{listShards：1}

更新

我重建從頭集羣，仍然有同樣的問題：OperationFailure：未授權的管理員執行命令{listShards：1}

我也曾嘗試用戶「備份「只有角色'clusterManager'和'readAnyDatabase'。這允許用戶列出碎片，但現在蒙戈連接器失敗，「驗證失敗」：通過運行此命令

{ "_id" : "admin.backup", "user" : "backup", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "pWcEU7uFqfHPgGe8z+E9Wg==", "storedKey" : "k2tapXQPtM2dHlxYnJiWVxO/rtg=", "serverKey" : "EGG8M4i27OYBy+fLYaL13+Nn4mc=" } }, "roles" : [ { "role" : "readAnyDatabase", "db" : "admin" }, { "role" : "clusterManager", "db" : "admin" } ] } 

Answer 1

應對提交的MongoDB，實驗室/蒙戈連接器：

This is indeed a subtle bug introduced in #563. We changed a find on config.shards into a call to listShards assuming that it would have no change in behavior. Unfortunately (and annoyingly), the backup role has privileges to read the list of shards in the config.shards collection but, as you can see, does not have the privilege to run the listShards command. I'll revert this change to fix the problem in the upcoming 2.5.1 bug-fix release.

In the meantime, you will need to grant the mongo-connector user the backup AND clusterMonitor roles.

An important point that is not yet mentioned in the documentation is that the user must be created on a mongos and all the shards. This enables mongo-connector to authenticate to the cluster as a whole and to each shard individually.

這就是現在的作品！ yay

這會教我跟隨手動大聲笑！

Answer 2

退房用戶：

db.system.users.find({}) 

確保您創建的用戶是具有backup角色，如果您可以登錄爲備份用戶，並且您也可以運行這些命令，這意味着備份用戶已創建並授予角色及其權限。

---

確保您的角色爲clusterManager來執行此操作。

Provides management and monitoring actions on the cluster. A user with this role can access the config and local databases, which are used in sharding and replication, respectively.

Provides the following actions on the cluster as a whole:

• addShard
• appendOplogNote
• applicationMessage
• cleanupOrphaned
• flushRouterConfig
• listShards
• removeShard etc

看看built-in-roles。

順便說一下，看看這個issue。希望這可以幫助。從錯誤