https://docs.mongodb.com/manual/tutorial/enable-authentication/

Overview

Enabling access control on a MongoDB deployment enforces authentication, requiring users to identify themselves. When accessing a MongoDB deployment that has access control enabled, users can only perform actions as determined by their roles.

For authentication, MongoDB supports various Authentication Mechanisms.

The following tutorial enables access control on a standalone mongod instance and uses the default authentication mechanism.

Replica sets and sharded clusters

Replica sets and sharded clusters require internal authentication between members when access control is enabled. For more details, please see Internal Authentication.

User Administrator

With access control enabled, ensure you have a user with userAdmin or userAdminAnyDatabase role in the admin database. This user can administrate user and roles such as: create users, grant or revoke roles from users, and create or modify customs roles.

You can create users either before or after enabling access control. If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in theadmin database. Once created, you must authenticate as the user administrator to create additional users as needed.

Procedure

The following procedure first adds a user administrator to a MongoDB instance running without access control and then enables access control.

1

Start MongoDB without access control.

For example, the following starts a standalone mongod instance without access control.

mongod --port 27017 --dbpath /data/db1
2

Connect to the instance.

For example, connect a mongo shell to the instance.

mongo --port 27017

Specify additional command line options as appropriate to connect the mongo shell to your deployment, such as --host.

3

Create the user administrator.

In the admin database, add a user with the userAdminAnyDatabase role. For example, the following creates the user myUserAdmin in the admin database:

NOTE

The database where you create the user (in this example, admin) is the user’s authentication database. Although the user would authenticate to this database, the user can have roles in other databases; i.e. the user’s authentication database does not limit the user’s privileges.

use admin

db.createUser(

  {

    user: "myUserAdmin",

    pwd: "abc123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

  }

)

Disconnect the mongo shell.

4

Re-start the MongoDB instance with access control.

Re-start the mongod instance with the --auth command line option or, if using a configuration file, thesecurity.authorization setting.

mongod --auth --port 27017 --dbpath /data/db1

Clients that connect to this instance must now authenticate themselves as a MongoDB user. Clients can only perform actions as determined by their assigned roles.

5

Connect and authenticate as the user administrator.

Using the mongo shell, you can:

  • Connect with authentication by passing in user credentials, or
  • Connect first withouth authentication, and then issue the db.auth() method to authenticate.

To authenticate during connection

Start a mongo shell with the -u <username>-p <password>, and the --authenticationDatabase <database> command line options:

mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

To authenticate after connecting

Connect the mongo shell to the mongod:

mongo --port 27017

Switch to the authentication database (in this case, admin), and use db.auth(<username>,<pwd>) method to authenticate:

use admin

db.auth("myUserAdmin", "abc123" )
 
https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

wget wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.10.tgz;

tar xf mongodb* -C /usr/local/;

ln -sf /usr/local/mongodb-linux-x86_64-3.4.10 /usr/local/mongodb;

cd /usr/local/mongodb/bin; ll -a;

mkdir -p /data/db1;

now=$(date +"%H_%I_%S_%m_%d_%Y");

echo $now;

echo 123 > $now.now;

./mongod  --port 27017  --dbpath /data/db1 --logpath /data/db1.$now.log--logappend;

ps -aux | grep mongo;

./mongo --port 27017;

use admin

db.createUser(

  {

    user: "admin",

    pwd: "admin123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ,"clusterAdmin"]

  }

)

db.shutdownServer()

exit

ps -aux | grep mongo;

echo 'mykeyfksdfjjsjf>2<1024' > mykeyf;

chmod 600;

scp mykeyf hadoop2:/usr/local/mongodb/bin;

scp mykeyf bigdata-server-02:/usr/local/mongodb/bin;scp mykeyf bigdata-server-03:/usr/local/mongodb/bin;

	[

		Use rs.initiate() on one and only one member of the replica set

		https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

		https://docs.mongodb.com/manual/core/security-internal-authentication/

		https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterAuthMode

	]

./mongod --auth  --port 27017 --keyFile /usr/local/mongodb/bin/mykeyf --replSet myreplSet  --dbpath /data/db1 --logpath  /data/db1.$now.log;

./mongo --port 27017;

use admin;

db.auth("admin","admin123");

##

rs.status();

rs.add("hadoop2:27017");

  

 
> rs.initiate();

{

	"info2" : "no configuration specified. Using a default configuration for the set",

	"me" : "hadoop1:27017",

	"ok" : 1

}

myreplSet:SECONDARY> rs.add("hadoop2:27017");

{ "ok" : 1 }

myreplSet:PRIMARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T08:59:42.246Z"),

	"myState" : 1,

	"term" : NumberLong(1),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 118,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511341163, 2),

			"electionDate" : ISODate("2017-11-22T08:59:23Z"),

			"configVersion" : 2,

			"self" : true

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 6,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"optimeDurableDate" : ISODate("2017-11-22T08:59:35Z"),

			"lastHeartbeat" : ISODate("2017-11-22T08:59:41.891Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T08:59:37.663Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY>

  

 
 主备自动切换
当其中一个执行db.shutdownServer()后:
myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:20:43.349Z"),

	"myState" : 2,

	"term" : NumberLong(3),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:20:42.871Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:20:26.990Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 179,

			"optime" : {

				"ts" : Timestamp(1511345737, 1),

				"t" : NumberLong(3)

			},

			"optimeDate" : ISODate("2017-11-22T10:15:37Z"),

			"infoMessage" : "could not find member to sync from",

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

  

 
 
先启动2,后启动1,2成了主节点
 
[root@hadoop2 bin]# ./mongo --port 27017;

MongoDB shell version v3.4.7

connecting to: mongodb://127.0.0.1:27017/

MongoDB server version: 3.4.7

myreplSet:SECONDARY> use admin

switched to db admin

myreplSet:SECONDARY> db.auth("admin","admin123")

1

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:41:45.652Z"),

	"myState" : 2,

	"term" : NumberLong(4),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:41:45.036Z"),

			"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 186,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:42:04.885Z"),

	"myState" : 1,

	"term" : NumberLong(5),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 9,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"optimeDurableDate" : ISODate("2017-11-22T10:32:56Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:42:04.303Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:42:00.050Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 205,

			"optime" : {

				"ts" : Timestamp(1511346776, 3),

				"t" : NumberLong(5)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511346776, 2),

			"electionDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY> db.getRoles()

[

	{

		"role" : "myClusterwideAdmin",

		"db" : "admin",

		"isBuiltin" : false,

		"roles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		],

		"inheritedRoles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY> db.getUsers()

[

	{

		"_id" : "admin.admin",

		"user" : "admin",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			}

		]

	},

	{

		"_id" : "admin.myClusterwideAdmin_user",

		"user" : "myClusterwideAdmin_user",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			},

			{

				"role" : "myClusterwideAdmin",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY>

2个节点,谁先启动,谁就是可以充当主节点;

  

Deploy a Replica Set — MongoDB Manual https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

monggodb 复制集 集群 搭建的更多相关文章

  1. Redis复制与可扩展集群搭建

    抄自:http://www.infoq.com/cn/articles/tq-redis-copy-build-scalable-cluster 讨论了Redis的常用数据类型与存储机制,本文会讨论一 ...

  2. (转)Redis复制与可扩展集群搭建

    讨论了Redis的常用数据类型与存储机制,本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过 ...

  3. Redis复制与可扩展集群搭建【转】

    本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过的基于内存快照的持久化策略基础上的,也就是 ...

  4. RocketMQ学习笔记(16)----RocketMQ搭建双主双从(异步复制)集群

    1. 修改RocketMQ默认启动端口 由于只有两台机器,部署双主双从需要四个节点,所以只能修改rocketmq的默认启动端口,从官网下载rocketmq的source文件,解压后使用idea打开,全 ...

  5. MongoDB高可用复制集分片集群搭建

    1     逻辑架构 1.1     逻辑架构图 1.2     组件说明 一.mongos(query routers):查询路由,负责client的连接,并把任务分给shards,然后收集结果.一 ...

  6. 【Data Cluster】真机环境下MySQL数据库集群搭建

    真机环境下MySQL-Cluster搭建文档  摘要:本年伊始阶段,由于实验室对不同数据库性能测试需求,才出现MySQL集群搭建.购置主机,交换机,双绞线等一系列准备工作就绪,也就开始集群搭建.起初笔 ...

  7. RabbitMQ 高可用集群搭建及电商平台使用经验总结

    面向EDA(事件驱动架构)的方式来设计你的消息 AMQP routing key的设计 RabbitMQ cluster搭建 Mirror queue policy设置 两个不错的RabbitMQ p ...

  8. kafka集群搭建和使用Java写kafka生产者消费者

    1 kafka集群搭建 1.zookeeper集群  搭建在110, 111,112 2.kafka使用3个节点110, 111,112 修改配置文件config/server.properties ...

  9. Kafka 0.9+Zookeeper3.4.6集群搭建、配置,新Client API的使用要点,高可用性测试,以及各种坑 (转载)

    Kafka 0.9版本对java client的api做出了较大调整,本文主要总结了Kafka 0.9在集群搭建.高可用性.新API方面的相关过程和细节,以及本人在安装调试过程中踩出的各种坑. 关于K ...

  10. 28.zookeeper单机(Standalones模式)和集群搭建笔记

    zookeeper单机(Standalones模式)和集群搭建: 前奏: (1).zookeeper也可以在windows下使用,和linux一样可以单机也可以集群,具体就是解压zookeeper-3 ...

随机推荐

  1. 【bzoj4804】欧拉心算 欧拉函数

    题目描述 给出一个数字N 输入 第一行为一个正整数T,表示数据组数. 接下来T行为询问,每行包含一个正整数N. T<=5000,N<=10^7 输出 按读入顺序输出答案. 样例输入 1 1 ...

  2. URAL Formula 1 ——插头DP

    [题目分析] 一直听说这是插头DP入门题目. 难到爆炸. 写了2h,各种大常数,ural垫底. [代码] #include <cstdio> #include <cstring> ...

  3. Spring-IOC源码解读2.3-BeanDefinition的注册

    在DefaultListAbleBeanFactory中通过一个HashMap持有载入的BeanDefinition信息 ,这个HashMap的定义在DefaultListAbleBeanFactor ...

  4. JSP表单提交中文乱码

    简要笔记:由于jsp默认表单提交编码方式是:ISO-8859-1,而我们需要的是utf-8或者是gbk码,故需要转化. 具体方法是:在表单处理文件中,将获取到的变量进行转换. String userN ...

  5. Perl语言--一些关于赋值、引用的东西

    引用详解 一.定义引用有两种: 1.用斜线“\” 2.匿名引用 1.用反斜线的引用:数组.哈希.标量 数组的引用 my @array = (1,2,3); my $aref = \@array; 哈希 ...

  6. MongoDB增删改查操作详解(命令行)

    一.插入 MongoDB的插入操作很简单,使用insert方法,这里演示从创建数据库.创建集合到插入文档.查询文档. 集合创建方法参数说明: size:集合最大空间 max:集合最多文档数量 (超出s ...

  7. 在 Windows 下用 TDM-GCC(MinGW)开发 DLL 涉及到数据同步锁及 DLL 初始化终止化函数的问题

    在 Windows 下用 TDM-GCC(MinGW)开发 DLL 如果要用到数据同步锁,理论上可以采用 Windows API 提供的临界区实现(需要用到的函数有 InitializeCritica ...

  8. AC日记——栈 洛谷 P1044

    题目背景 栈是计算机中经典的数据结构,简单的说,栈就是限制在一端进行插入删除操作的线性表. 栈有两种最重要的操作,即pop(从栈顶弹出一个元素)和push(将一个元素进栈). 栈的重要性不言自明,任何 ...

  9. FIREDAC字段类型映射

    为什么需要字段类型映射? 作为通用型数据引擎的FIREDAC或者UNIDAC,驱动某一种数据库以后,总有一些数据库的一些字段类型,数据引擎不能识别,反应到程序中就是数据引擎不能正确地读取该字段的值 . ...

  10. BUPT复试专题—串查找(?)

    https://www.nowcoder.com/practice/a988eda518f242c29009f8620f654ede?tpId=67&tqId=29642&rp=0&a ...