https://docs.mongodb.com/manual/tutorial/enable-authentication/

Overview

Enabling access control on a MongoDB deployment enforces authentication, requiring users to identify themselves. When accessing a MongoDB deployment that has access control enabled, users can only perform actions as determined by their roles.

For authentication, MongoDB supports various Authentication Mechanisms.

The following tutorial enables access control on a standalone mongod instance and uses the default authentication mechanism.

Replica sets and sharded clusters

Replica sets and sharded clusters require internal authentication between members when access control is enabled. For more details, please see Internal Authentication.

User Administrator

With access control enabled, ensure you have a user with userAdmin or userAdminAnyDatabase role in the admin database. This user can administrate user and roles such as: create users, grant or revoke roles from users, and create or modify customs roles.

You can create users either before or after enabling access control. If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in theadmin database. Once created, you must authenticate as the user administrator to create additional users as needed.

Procedure

The following procedure first adds a user administrator to a MongoDB instance running without access control and then enables access control.

1

Start MongoDB without access control.

For example, the following starts a standalone mongod instance without access control.

mongod --port 27017 --dbpath /data/db1
2

Connect to the instance.

For example, connect a mongo shell to the instance.

mongo --port 27017

Specify additional command line options as appropriate to connect the mongo shell to your deployment, such as --host.

3

Create the user administrator.

In the admin database, add a user with the userAdminAnyDatabase role. For example, the following creates the user myUserAdmin in the admin database:

NOTE

The database where you create the user (in this example, admin) is the user’s authentication database. Although the user would authenticate to this database, the user can have roles in other databases; i.e. the user’s authentication database does not limit the user’s privileges.

use admin

db.createUser(

  {

    user: "myUserAdmin",

    pwd: "abc123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

  }

)

Disconnect the mongo shell.

4

Re-start the MongoDB instance with access control.

Re-start the mongod instance with the --auth command line option or, if using a configuration file, thesecurity.authorization setting.

mongod --auth --port 27017 --dbpath /data/db1

Clients that connect to this instance must now authenticate themselves as a MongoDB user. Clients can only perform actions as determined by their assigned roles.

5

Connect and authenticate as the user administrator.

Using the mongo shell, you can:

  • Connect with authentication by passing in user credentials, or
  • Connect first withouth authentication, and then issue the db.auth() method to authenticate.

To authenticate during connection

Start a mongo shell with the -u <username>-p <password>, and the --authenticationDatabase <database> command line options:

mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

To authenticate after connecting

Connect the mongo shell to the mongod:

mongo --port 27017

Switch to the authentication database (in this case, admin), and use db.auth(<username>,<pwd>) method to authenticate:

use admin

db.auth("myUserAdmin", "abc123" )
 
https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

wget wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.10.tgz;

tar xf mongodb* -C /usr/local/;

ln -sf /usr/local/mongodb-linux-x86_64-3.4.10 /usr/local/mongodb;

cd /usr/local/mongodb/bin; ll -a;

mkdir -p /data/db1;

now=$(date +"%H_%I_%S_%m_%d_%Y");

echo $now;

echo 123 > $now.now;

./mongod  --port 27017  --dbpath /data/db1 --logpath /data/db1.$now.log--logappend;

ps -aux | grep mongo;

./mongo --port 27017;

use admin

db.createUser(

  {

    user: "admin",

    pwd: "admin123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ,"clusterAdmin"]

  }

)

db.shutdownServer()

exit

ps -aux | grep mongo;

echo 'mykeyfksdfjjsjf>2<1024' > mykeyf;

chmod 600;

scp mykeyf hadoop2:/usr/local/mongodb/bin;

scp mykeyf bigdata-server-02:/usr/local/mongodb/bin;scp mykeyf bigdata-server-03:/usr/local/mongodb/bin;

	[

		Use rs.initiate() on one and only one member of the replica set

		https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

		https://docs.mongodb.com/manual/core/security-internal-authentication/

		https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterAuthMode

	]

./mongod --auth  --port 27017 --keyFile /usr/local/mongodb/bin/mykeyf --replSet myreplSet  --dbpath /data/db1 --logpath  /data/db1.$now.log;

./mongo --port 27017;

use admin;

db.auth("admin","admin123");

##

rs.status();

rs.add("hadoop2:27017");

  

 
> rs.initiate();

{

	"info2" : "no configuration specified. Using a default configuration for the set",

	"me" : "hadoop1:27017",

	"ok" : 1

}

myreplSet:SECONDARY> rs.add("hadoop2:27017");

{ "ok" : 1 }

myreplSet:PRIMARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T08:59:42.246Z"),

	"myState" : 1,

	"term" : NumberLong(1),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 118,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511341163, 2),

			"electionDate" : ISODate("2017-11-22T08:59:23Z"),

			"configVersion" : 2,

			"self" : true

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 6,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"optimeDurableDate" : ISODate("2017-11-22T08:59:35Z"),

			"lastHeartbeat" : ISODate("2017-11-22T08:59:41.891Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T08:59:37.663Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY>

  

 
 主备自动切换
当其中一个执行db.shutdownServer()后:
myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:20:43.349Z"),

	"myState" : 2,

	"term" : NumberLong(3),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:20:42.871Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:20:26.990Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 179,

			"optime" : {

				"ts" : Timestamp(1511345737, 1),

				"t" : NumberLong(3)

			},

			"optimeDate" : ISODate("2017-11-22T10:15:37Z"),

			"infoMessage" : "could not find member to sync from",

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

  

 
 
先启动2,后启动1,2成了主节点
 
[root@hadoop2 bin]# ./mongo --port 27017;

MongoDB shell version v3.4.7

connecting to: mongodb://127.0.0.1:27017/

MongoDB server version: 3.4.7

myreplSet:SECONDARY> use admin

switched to db admin

myreplSet:SECONDARY> db.auth("admin","admin123")

1

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:41:45.652Z"),

	"myState" : 2,

	"term" : NumberLong(4),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:41:45.036Z"),

			"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 186,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:42:04.885Z"),

	"myState" : 1,

	"term" : NumberLong(5),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 9,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"optimeDurableDate" : ISODate("2017-11-22T10:32:56Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:42:04.303Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:42:00.050Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 205,

			"optime" : {

				"ts" : Timestamp(1511346776, 3),

				"t" : NumberLong(5)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511346776, 2),

			"electionDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY> db.getRoles()

[

	{

		"role" : "myClusterwideAdmin",

		"db" : "admin",

		"isBuiltin" : false,

		"roles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		],

		"inheritedRoles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY> db.getUsers()

[

	{

		"_id" : "admin.admin",

		"user" : "admin",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			}

		]

	},

	{

		"_id" : "admin.myClusterwideAdmin_user",

		"user" : "myClusterwideAdmin_user",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			},

			{

				"role" : "myClusterwideAdmin",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY>

2个节点,谁先启动,谁就是可以充当主节点;

  

Deploy a Replica Set — MongoDB Manual https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

monggodb 复制集 集群 搭建的更多相关文章

  1. Redis复制与可扩展集群搭建

    抄自:http://www.infoq.com/cn/articles/tq-redis-copy-build-scalable-cluster 讨论了Redis的常用数据类型与存储机制,本文会讨论一 ...

  2. (转)Redis复制与可扩展集群搭建

    讨论了Redis的常用数据类型与存储机制,本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过 ...

  3. Redis复制与可扩展集群搭建【转】

    本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过的基于内存快照的持久化策略基础上的,也就是 ...

  4. RocketMQ学习笔记(16)----RocketMQ搭建双主双从(异步复制)集群

    1. 修改RocketMQ默认启动端口 由于只有两台机器,部署双主双从需要四个节点,所以只能修改rocketmq的默认启动端口,从官网下载rocketmq的source文件,解压后使用idea打开,全 ...

  5. MongoDB高可用复制集分片集群搭建

    1     逻辑架构 1.1     逻辑架构图 1.2     组件说明 一.mongos(query routers):查询路由,负责client的连接,并把任务分给shards,然后收集结果.一 ...

  6. 【Data Cluster】真机环境下MySQL数据库集群搭建

    真机环境下MySQL-Cluster搭建文档  摘要:本年伊始阶段,由于实验室对不同数据库性能测试需求,才出现MySQL集群搭建.购置主机,交换机,双绞线等一系列准备工作就绪,也就开始集群搭建.起初笔 ...

  7. RabbitMQ 高可用集群搭建及电商平台使用经验总结

    面向EDA(事件驱动架构)的方式来设计你的消息 AMQP routing key的设计 RabbitMQ cluster搭建 Mirror queue policy设置 两个不错的RabbitMQ p ...

  8. kafka集群搭建和使用Java写kafka生产者消费者

    1 kafka集群搭建 1.zookeeper集群  搭建在110, 111,112 2.kafka使用3个节点110, 111,112 修改配置文件config/server.properties ...

  9. Kafka 0.9+Zookeeper3.4.6集群搭建、配置,新Client API的使用要点,高可用性测试,以及各种坑 (转载)

    Kafka 0.9版本对java client的api做出了较大调整,本文主要总结了Kafka 0.9在集群搭建.高可用性.新API方面的相关过程和细节,以及本人在安装调试过程中踩出的各种坑. 关于K ...

  10. 28.zookeeper单机(Standalones模式)和集群搭建笔记

    zookeeper单机(Standalones模式)和集群搭建: 前奏: (1).zookeeper也可以在windows下使用,和linux一样可以单机也可以集群,具体就是解压zookeeper-3 ...

随机推荐

  1. 写给新员工的十点SQL开发建议

    1.建立自己的知识体系 摘抄一句话你所拥有的知识并不取决于你记得多少,而在于它们能否在恰当的时候被回忆起来: 做笔记: 把笔记放在可以随时被找到的地方.个人的笔记可以放在印象笔记之类工具上,单位上的笔 ...

  2. [NOI2001] 食物链 (扩展域并查集)

    题目描述 动物王国中有三类动物 A,B,C,这三类动物的食物链构成了有趣的环形.A 吃 B,B 吃 C,C 吃 A. 现有 N 个动物,以 1 - N 编号.每个动物都是 A,B,C 中的一种,但是我 ...

  3. [TJOI2009]开关 (线段树)

    题目描述 现有N(2 ≤ N ≤ 100000)盏灯排成一排,从左到右依次编号为:1,2,......,N.然后依次执行M(1 ≤ M ≤ 100000)项操作,操作分为两种:第一种操作指定一个区间[ ...

  4. N皇后-位运算优化

    N皇后问题 时间限制: 5 Sec  内存限制: 128 MB 题目描述 魔法世界历史上曾经出现过一个伟大的罗马共和时期,出于权力平衡的目的,当时的政治理论家波利比奥斯指出:“事涉每个人的权利,绝不应 ...

  5. 看 nova

    本节重点介绍 nova-scheduler 的调度机制和实现方法:即解决如何选择在哪个计算节点上启动 instance 的问题. 创建 Instance 时,用户会提出资源需求,例如 CPU.内存.磁 ...

  6. hdu 4849

    简单题,公式计算+最短路.注意点:注意1 取模,2 数组开到n*n+n. #include<iostream> #include<queue> using namespace ...

  7. CODEVS_1033 蚯蚓的游戏问题 网络流 最小费用流 拆点

    原题链接:http://codevs.cn/problem/1033/ 题目描述 Description 在一块梯形田地上,一群蚯蚓在做收集食物游戏.蚯蚓们把梯形田地上的食物堆积整理如下: a(1,1 ...

  8. 洛谷P1865 A % B Problem

    1.洛谷P1865 A % B Problem 题目背景 题目名称是吸引你点进来的 实际上该题还是很水的 题目描述 区间质数个数 输入输出格式 输入格式: 一行两个整数 询问次数n,范围m 接下来n行 ...

  9. Spring Tool Suite (STS) 安装SVN插件

    今天STS安装SVN时遇到很多问题,度娘搜索几个小时才安装成功. 在此记录下安装过程. 我的 STS版本: 安装SVN有两种方式: 方法1:依次选择help->preferences->e ...

  10. TreeView 与 ListView

    ListView: viewStyle icon 大图标 list  列表,单列 report 报表 smallIcon 小图标 largeImage 与icon对应 smallImage 与saml ...