https://docs.mongodb.com/manual/tutorial/enable-authentication/

Overview

Enabling access control on a MongoDB deployment enforces authentication, requiring users to identify themselves. When accessing a MongoDB deployment that has access control enabled, users can only perform actions as determined by their roles.

For authentication, MongoDB supports various Authentication Mechanisms.

The following tutorial enables access control on a standalone mongod instance and uses the default authentication mechanism.

Replica sets and sharded clusters

Replica sets and sharded clusters require internal authentication between members when access control is enabled. For more details, please see Internal Authentication.

User Administrator

With access control enabled, ensure you have a user with userAdmin or userAdminAnyDatabase role in the admin database. This user can administrate user and roles such as: create users, grant or revoke roles from users, and create or modify customs roles.

You can create users either before or after enabling access control. If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in theadmin database. Once created, you must authenticate as the user administrator to create additional users as needed.

Procedure

The following procedure first adds a user administrator to a MongoDB instance running without access control and then enables access control.

1

Start MongoDB without access control.

For example, the following starts a standalone mongod instance without access control.

mongod --port 27017 --dbpath /data/db1
2

Connect to the instance.

For example, connect a mongo shell to the instance.

mongo --port 27017

Specify additional command line options as appropriate to connect the mongo shell to your deployment, such as --host.

3

Create the user administrator.

In the admin database, add a user with the userAdminAnyDatabase role. For example, the following creates the user myUserAdmin in the admin database:

NOTE

The database where you create the user (in this example, admin) is the user’s authentication database. Although the user would authenticate to this database, the user can have roles in other databases; i.e. the user’s authentication database does not limit the user’s privileges.

use admin

db.createUser(

  {

    user: "myUserAdmin",

    pwd: "abc123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

  }

)

Disconnect the mongo shell.

4

Re-start the MongoDB instance with access control.

Re-start the mongod instance with the --auth command line option or, if using a configuration file, thesecurity.authorization setting.

mongod --auth --port 27017 --dbpath /data/db1

Clients that connect to this instance must now authenticate themselves as a MongoDB user. Clients can only perform actions as determined by their assigned roles.

5

Connect and authenticate as the user administrator.

Using the mongo shell, you can:

  • Connect with authentication by passing in user credentials, or
  • Connect first withouth authentication, and then issue the db.auth() method to authenticate.

To authenticate during connection

Start a mongo shell with the -u <username>-p <password>, and the --authenticationDatabase <database> command line options:

mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

To authenticate after connecting

Connect the mongo shell to the mongod:

mongo --port 27017

Switch to the authentication database (in this case, admin), and use db.auth(<username>,<pwd>) method to authenticate:

use admin

db.auth("myUserAdmin", "abc123" )
 
https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

wget wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.10.tgz;

tar xf mongodb* -C /usr/local/;

ln -sf /usr/local/mongodb-linux-x86_64-3.4.10 /usr/local/mongodb;

cd /usr/local/mongodb/bin; ll -a;

mkdir -p /data/db1;

now=$(date +"%H_%I_%S_%m_%d_%Y");

echo $now;

echo 123 > $now.now;

./mongod  --port 27017  --dbpath /data/db1 --logpath /data/db1.$now.log--logappend;

ps -aux | grep mongo;

./mongo --port 27017;

use admin

db.createUser(

  {

    user: "admin",

    pwd: "admin123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ,"clusterAdmin"]

  }

)

db.shutdownServer()

exit

ps -aux | grep mongo;

echo 'mykeyfksdfjjsjf>2<1024' > mykeyf;

chmod 600;

scp mykeyf hadoop2:/usr/local/mongodb/bin;

scp mykeyf bigdata-server-02:/usr/local/mongodb/bin;scp mykeyf bigdata-server-03:/usr/local/mongodb/bin;

	[

		Use rs.initiate() on one and only one member of the replica set

		https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

		https://docs.mongodb.com/manual/core/security-internal-authentication/

		https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterAuthMode

	]

./mongod --auth  --port 27017 --keyFile /usr/local/mongodb/bin/mykeyf --replSet myreplSet  --dbpath /data/db1 --logpath  /data/db1.$now.log;

./mongo --port 27017;

use admin;

db.auth("admin","admin123");

##

rs.status();

rs.add("hadoop2:27017");

  

 
> rs.initiate();

{

	"info2" : "no configuration specified. Using a default configuration for the set",

	"me" : "hadoop1:27017",

	"ok" : 1

}

myreplSet:SECONDARY> rs.add("hadoop2:27017");

{ "ok" : 1 }

myreplSet:PRIMARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T08:59:42.246Z"),

	"myState" : 1,

	"term" : NumberLong(1),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 118,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511341163, 2),

			"electionDate" : ISODate("2017-11-22T08:59:23Z"),

			"configVersion" : 2,

			"self" : true

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 6,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"optimeDurableDate" : ISODate("2017-11-22T08:59:35Z"),

			"lastHeartbeat" : ISODate("2017-11-22T08:59:41.891Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T08:59:37.663Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY>

  

 
 主备自动切换
当其中一个执行db.shutdownServer()后:
myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:20:43.349Z"),

	"myState" : 2,

	"term" : NumberLong(3),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:20:42.871Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:20:26.990Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 179,

			"optime" : {

				"ts" : Timestamp(1511345737, 1),

				"t" : NumberLong(3)

			},

			"optimeDate" : ISODate("2017-11-22T10:15:37Z"),

			"infoMessage" : "could not find member to sync from",

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

  

 
 
先启动2,后启动1,2成了主节点
 
[root@hadoop2 bin]# ./mongo --port 27017;

MongoDB shell version v3.4.7

connecting to: mongodb://127.0.0.1:27017/

MongoDB server version: 3.4.7

myreplSet:SECONDARY> use admin

switched to db admin

myreplSet:SECONDARY> db.auth("admin","admin123")

1

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:41:45.652Z"),

	"myState" : 2,

	"term" : NumberLong(4),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:41:45.036Z"),

			"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 186,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:42:04.885Z"),

	"myState" : 1,

	"term" : NumberLong(5),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 9,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"optimeDurableDate" : ISODate("2017-11-22T10:32:56Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:42:04.303Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:42:00.050Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 205,

			"optime" : {

				"ts" : Timestamp(1511346776, 3),

				"t" : NumberLong(5)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511346776, 2),

			"electionDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY> db.getRoles()

[

	{

		"role" : "myClusterwideAdmin",

		"db" : "admin",

		"isBuiltin" : false,

		"roles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		],

		"inheritedRoles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY> db.getUsers()

[

	{

		"_id" : "admin.admin",

		"user" : "admin",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			}

		]

	},

	{

		"_id" : "admin.myClusterwideAdmin_user",

		"user" : "myClusterwideAdmin_user",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			},

			{

				"role" : "myClusterwideAdmin",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY>

2个节点,谁先启动,谁就是可以充当主节点;

  

Deploy a Replica Set — MongoDB Manual https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

monggodb 复制集 集群 搭建的更多相关文章

  1. Redis复制与可扩展集群搭建

    抄自:http://www.infoq.com/cn/articles/tq-redis-copy-build-scalable-cluster 讨论了Redis的常用数据类型与存储机制,本文会讨论一 ...

  2. (转)Redis复制与可扩展集群搭建

    讨论了Redis的常用数据类型与存储机制,本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过 ...

  3. Redis复制与可扩展集群搭建【转】

    本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过的基于内存快照的持久化策略基础上的,也就是 ...

  4. RocketMQ学习笔记(16)----RocketMQ搭建双主双从(异步复制)集群

    1. 修改RocketMQ默认启动端口 由于只有两台机器,部署双主双从需要四个节点,所以只能修改rocketmq的默认启动端口,从官网下载rocketmq的source文件,解压后使用idea打开,全 ...

  5. MongoDB高可用复制集分片集群搭建

    1     逻辑架构 1.1     逻辑架构图 1.2     组件说明 一.mongos(query routers):查询路由,负责client的连接,并把任务分给shards,然后收集结果.一 ...

  6. 【Data Cluster】真机环境下MySQL数据库集群搭建

    真机环境下MySQL-Cluster搭建文档  摘要:本年伊始阶段,由于实验室对不同数据库性能测试需求,才出现MySQL集群搭建.购置主机,交换机,双绞线等一系列准备工作就绪,也就开始集群搭建.起初笔 ...

  7. RabbitMQ 高可用集群搭建及电商平台使用经验总结

    面向EDA(事件驱动架构)的方式来设计你的消息 AMQP routing key的设计 RabbitMQ cluster搭建 Mirror queue policy设置 两个不错的RabbitMQ p ...

  8. kafka集群搭建和使用Java写kafka生产者消费者

    1 kafka集群搭建 1.zookeeper集群  搭建在110, 111,112 2.kafka使用3个节点110, 111,112 修改配置文件config/server.properties ...

  9. Kafka 0.9+Zookeeper3.4.6集群搭建、配置,新Client API的使用要点,高可用性测试,以及各种坑 (转载)

    Kafka 0.9版本对java client的api做出了较大调整,本文主要总结了Kafka 0.9在集群搭建.高可用性.新API方面的相关过程和细节,以及本人在安装调试过程中踩出的各种坑. 关于K ...

  10. 28.zookeeper单机(Standalones模式)和集群搭建笔记

    zookeeper单机(Standalones模式)和集群搭建: 前奏: (1).zookeeper也可以在windows下使用,和linux一样可以单机也可以集群,具体就是解压zookeeper-3 ...

随机推荐

  1. web.xml不同的头文件

    <转自:http://blog.csdn.net/qq_16313365/article/details/53783288> 1. Servlet 3.1 Java EE 7 XML sc ...

  2. iOS开发工具篇-AppStore统计工具

    苹果官方的iTunes Connect提供的销售数据统计功能比较弱,例如只能保存最近30天的详细销售数据,界面丑陋, 无法查看App的排名历史变化情况等. 早有一些公司提供了专门的解决方案或工具.这些 ...

  3. 【霍夫曼树】 poj 1521 Entropy

    poj.org/problem?id=1521 注意只有特殊情况:只有一种字母 #include<iostream> #include<cstdio> #include< ...

  4. java面试题之能创建volatile数组吗?

    答:能,只不过只是一个指向数组的引用,而不是整个数组,如果改变了引用指向的数组,将会受到volatile的保护,但是如果多个线程同时改变数组的元素,volatile关键字就不能起到保护的作用.

  5. oracle怎么查看表空间里有哪些表

    select TABLE_NAME,TABLESPACE_NAME from dba_tables where TABLESPACE_NAME='表空间名'; 注意:表空间名要大写

  6. Day 10 Linux nfs && crond(摘)

    (摘) 介绍: NFS 是Network File System的缩写,即网络文件系统.一种使用于分散式文件系统的协定,由Sun公司开发,于1984年向外公布.功能是通过网络让不同的机器.不同的操作系 ...

  7. 关于FileZilla Server的安装问题

    网上很多FileZilla Server教程到最后一步在本机上测试访问成功就没了,实际上还是不完整的,一般情况下外网还是访问不了,外网访问同样很重要. 可能有点童鞋会说安装的时候防火墙提示的时候我也点 ...

  8. 洛谷—— P3375 【模板】KMP字符串匹配

    P3375 [模板]KMP字符串匹配 题目描述 如题,给出两个字符串s1和s2,其中s2为s1的子串,求出s2在s1中所有出现的位置. 为了减少骗分的情况,接下来还要输出子串的前缀数组next. (如 ...

  9. 前端微服务-面向web平台级应用的设计

    从去年开始,前端领域就出现了一个‘微应用’的名词,说的是前端架构的一种设计思路,业内都把它和后端的微服务进行类比,当时忙于公司的项目.没有静下心来好好了解,现在项目结束,再加上最近看的几篇关于前端微服 ...

  10. 使用crontab定时执行脚本时别忘了输出重定向>

    原文:https://blog.csdn.net/solmyr_biti/article/details/50683279 -------------------------------------- ...