MongoDB未經授權：replSetGetConfig

Question

我想用mongodb 3.4建立一個副本集，並面臨以下錯誤。已嘗試搜索一下，但無法找到解決方案。

root@mongo-db-1:~# mongo MongoDB shell version v3.4.0 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.0 
> use admin 
switched to db admin 
> db.auth('admin','****'); 
1 
> db.system.users.find(); 
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "DKkxOnMHCSSPwJCJyLA9Eg==", "storedKey" : "9aD//lm3eyeBN2LqZeTdqvvKXlU=", "serverKey" : "OX07H3FVQ447OqGMD7mCmX0WU0M=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] } 
> rs.conf() 
2016-12-20T09:58:45.579+0530 E QUERY [main] Error: Could not retrieve replica set config: { 
    "ok" : 0, 
    "errmsg" : "not authorized on admin to execute command { replSetGetConfig: 1.0 }", 
    "code" : 13, 
    "codeName" : "Unauthorized" 
} : 
rs.conf@src/mongo/shell/utils.js:1262:11 
@(shell):1:1 

MongoDB的日誌

2016-12-20T09:58:01.278+0530 I NETWORK [thread1] connection accepted from 127.0.0.1:60804 #2 (1 connection now open) 
2016-12-20T09:58:01.279+0530 I NETWORK [conn2] received client metadata from 127.0.0.1:60804 conn2: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.0" }, os: { type: "Linux", name: "Ubuntu", architecture: "x86_64", version: "14.04" } } 
2016-12-20T09:58:01.282+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" } 
2016-12-20T09:58:01.285+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 } 
2016-12-20T09:58:19.044+0530 I ACCESS [conn2] Successfully authenticated as principal admin on admin 
2016-12-20T09:58:19.046+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 } 
2016-12-20T09:58:45.578+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetConfig: 1.0 } 

有我丟失的東西嗎？

蒙戈配置

root@mongo-db-1:~# cat /etc/mongod.conf 
storage: 
    dbPath: /var/lib/mongodb 
    journal: 
     enabled: true 
# where to write logging data. 
systemLog: 
    destination: file 
    logAppend: true 
    path: /var/log/mongodb/mongod.log 
# network interfaces 
net: 
    port: 27017 
    bindIp: 127.0.0.1 
security: 
    authorization: enabled 
    keyFile: /thefile 
processManagement: 
    fork: true 
replication: 
    replSetName: rs0 

Answer 1

你的 「管理員」 數據庫用戶只擁有userAdminAnyDatabase作用。

但是，需要clusterManager角色執行replSetGetConfig命令： https://docs.mongodb.com/manual/reference/privilege-actions/#authr.replSetGetConfig

您需要授予此角色添加到您的用戶才能夠執行此命令。這可以使用db.grantRolesToUser()完成。

Answer 2

您必須爲您的「管理員」用戶授予clusterMagnager權限。要將clusterManager角色添加到管理員用戶，您必須在進行身份驗證後執行以下功能。

db.grantRolesToUser(
    "admin", 
    [ "clusterManager" ] 
)