https://docs.mongodb.com/manual/tutorial/enable-authentication/

Overview

Enabling access control on a MongoDB deployment enforces authentication, requiring users to identify themselves. When accessing a MongoDB deployment that has access control enabled, users can only perform actions as determined by their roles.

For authentication, MongoDB supports various Authentication Mechanisms.

The following tutorial enables access control on a standalone mongod instance and uses the default authentication mechanism.

Replica sets and sharded clusters

Replica sets and sharded clusters require internal authentication between members when access control is enabled. For more details, please see Internal Authentication.

User Administrator

With access control enabled, ensure you have a user with userAdmin or userAdminAnyDatabase role in the admin database. This user can administrate user and roles such as: create users, grant or revoke roles from users, and create or modify customs roles.

You can create users either before or after enabling access control. If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in theadmin database. Once created, you must authenticate as the user administrator to create additional users as needed.

Procedure

The following procedure first adds a user administrator to a MongoDB instance running without access control and then enables access control.

1

Start MongoDB without access control.

For example, the following starts a standalone mongod instance without access control.

mongod --port 27017 --dbpath /data/db1
2

Connect to the instance.

For example, connect a mongo shell to the instance.

mongo --port 27017

Specify additional command line options as appropriate to connect the mongo shell to your deployment, such as --host.

3

Create the user administrator.

In the admin database, add a user with the userAdminAnyDatabase role. For example, the following creates the user myUserAdmin in the admin database:

NOTE

The database where you create the user (in this example, admin) is the user’s authentication database. Although the user would authenticate to this database, the user can have roles in other databases; i.e. the user’s authentication database does not limit the user’s privileges.

use admin

db.createUser(

  {

    user: "myUserAdmin",

    pwd: "abc123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

  }

)

Disconnect the mongo shell.

4

Re-start the MongoDB instance with access control.

Re-start the mongod instance with the --auth command line option or, if using a configuration file, thesecurity.authorization setting.

mongod --auth --port 27017 --dbpath /data/db1

Clients that connect to this instance must now authenticate themselves as a MongoDB user. Clients can only perform actions as determined by their assigned roles.

5

Connect and authenticate as the user administrator.

Using the mongo shell, you can:

  • Connect with authentication by passing in user credentials, or
  • Connect first withouth authentication, and then issue the db.auth() method to authenticate.

To authenticate during connection

Start a mongo shell with the -u <username>-p <password>, and the --authenticationDatabase <database> command line options:

mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

To authenticate after connecting

Connect the mongo shell to the mongod:

mongo --port 27017

Switch to the authentication database (in this case, admin), and use db.auth(<username>,<pwd>) method to authenticate:

use admin

db.auth("myUserAdmin", "abc123" )
 
https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

wget wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.10.tgz;

tar xf mongodb* -C /usr/local/;

ln -sf /usr/local/mongodb-linux-x86_64-3.4.10 /usr/local/mongodb;

cd /usr/local/mongodb/bin; ll -a;

mkdir -p /data/db1;

now=$(date +"%H_%I_%S_%m_%d_%Y");

echo $now;

echo 123 > $now.now;

./mongod  --port 27017  --dbpath /data/db1 --logpath /data/db1.$now.log--logappend;

ps -aux | grep mongo;

./mongo --port 27017;

use admin

db.createUser(

  {

    user: "admin",

    pwd: "admin123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ,"clusterAdmin"]

  }

)

db.shutdownServer()

exit

ps -aux | grep mongo;

echo 'mykeyfksdfjjsjf>2<1024' > mykeyf;

chmod 600;

scp mykeyf hadoop2:/usr/local/mongodb/bin;

scp mykeyf bigdata-server-02:/usr/local/mongodb/bin;scp mykeyf bigdata-server-03:/usr/local/mongodb/bin;

	[

		Use rs.initiate() on one and only one member of the replica set

		https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

		https://docs.mongodb.com/manual/core/security-internal-authentication/

		https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterAuthMode

	]

./mongod --auth  --port 27017 --keyFile /usr/local/mongodb/bin/mykeyf --replSet myreplSet  --dbpath /data/db1 --logpath  /data/db1.$now.log;

./mongo --port 27017;

use admin;

db.auth("admin","admin123");

##

rs.status();

rs.add("hadoop2:27017");

  

 
> rs.initiate();

{

	"info2" : "no configuration specified. Using a default configuration for the set",

	"me" : "hadoop1:27017",

	"ok" : 1

}

myreplSet:SECONDARY> rs.add("hadoop2:27017");

{ "ok" : 1 }

myreplSet:PRIMARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T08:59:42.246Z"),

	"myState" : 1,

	"term" : NumberLong(1),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 118,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511341163, 2),

			"electionDate" : ISODate("2017-11-22T08:59:23Z"),

			"configVersion" : 2,

			"self" : true

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 6,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"optimeDurableDate" : ISODate("2017-11-22T08:59:35Z"),

			"lastHeartbeat" : ISODate("2017-11-22T08:59:41.891Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T08:59:37.663Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY>

  

 
 主备自动切换
当其中一个执行db.shutdownServer()后:
myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:20:43.349Z"),

	"myState" : 2,

	"term" : NumberLong(3),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:20:42.871Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:20:26.990Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 179,

			"optime" : {

				"ts" : Timestamp(1511345737, 1),

				"t" : NumberLong(3)

			},

			"optimeDate" : ISODate("2017-11-22T10:15:37Z"),

			"infoMessage" : "could not find member to sync from",

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

  

 
 
先启动2,后启动1,2成了主节点
 
[root@hadoop2 bin]# ./mongo --port 27017;

MongoDB shell version v3.4.7

connecting to: mongodb://127.0.0.1:27017/

MongoDB server version: 3.4.7

myreplSet:SECONDARY> use admin

switched to db admin

myreplSet:SECONDARY> db.auth("admin","admin123")

1

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:41:45.652Z"),

	"myState" : 2,

	"term" : NumberLong(4),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:41:45.036Z"),

			"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 186,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:42:04.885Z"),

	"myState" : 1,

	"term" : NumberLong(5),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 9,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"optimeDurableDate" : ISODate("2017-11-22T10:32:56Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:42:04.303Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:42:00.050Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 205,

			"optime" : {

				"ts" : Timestamp(1511346776, 3),

				"t" : NumberLong(5)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511346776, 2),

			"electionDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY> db.getRoles()

[

	{

		"role" : "myClusterwideAdmin",

		"db" : "admin",

		"isBuiltin" : false,

		"roles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		],

		"inheritedRoles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY> db.getUsers()

[

	{

		"_id" : "admin.admin",

		"user" : "admin",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			}

		]

	},

	{

		"_id" : "admin.myClusterwideAdmin_user",

		"user" : "myClusterwideAdmin_user",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			},

			{

				"role" : "myClusterwideAdmin",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY>

2个节点,谁先启动,谁就是可以充当主节点;

  

Deploy a Replica Set — MongoDB Manual https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

monggodb 复制集 集群 搭建的更多相关文章

  1. Redis复制与可扩展集群搭建

    抄自:http://www.infoq.com/cn/articles/tq-redis-copy-build-scalable-cluster 讨论了Redis的常用数据类型与存储机制,本文会讨论一 ...

  2. (转)Redis复制与可扩展集群搭建

    讨论了Redis的常用数据类型与存储机制,本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过 ...

  3. Redis复制与可扩展集群搭建【转】

    本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过的基于内存快照的持久化策略基础上的,也就是 ...

  4. RocketMQ学习笔记(16)----RocketMQ搭建双主双从(异步复制)集群

    1. 修改RocketMQ默认启动端口 由于只有两台机器,部署双主双从需要四个节点,所以只能修改rocketmq的默认启动端口,从官网下载rocketmq的source文件,解压后使用idea打开,全 ...

  5. MongoDB高可用复制集分片集群搭建

    1     逻辑架构 1.1     逻辑架构图 1.2     组件说明 一.mongos(query routers):查询路由,负责client的连接,并把任务分给shards,然后收集结果.一 ...

  6. 【Data Cluster】真机环境下MySQL数据库集群搭建

    真机环境下MySQL-Cluster搭建文档  摘要:本年伊始阶段,由于实验室对不同数据库性能测试需求,才出现MySQL集群搭建.购置主机,交换机,双绞线等一系列准备工作就绪,也就开始集群搭建.起初笔 ...

  7. RabbitMQ 高可用集群搭建及电商平台使用经验总结

    面向EDA(事件驱动架构)的方式来设计你的消息 AMQP routing key的设计 RabbitMQ cluster搭建 Mirror queue policy设置 两个不错的RabbitMQ p ...

  8. kafka集群搭建和使用Java写kafka生产者消费者

    1 kafka集群搭建 1.zookeeper集群  搭建在110, 111,112 2.kafka使用3个节点110, 111,112 修改配置文件config/server.properties ...

  9. Kafka 0.9+Zookeeper3.4.6集群搭建、配置,新Client API的使用要点,高可用性测试,以及各种坑 (转载)

    Kafka 0.9版本对java client的api做出了较大调整,本文主要总结了Kafka 0.9在集群搭建.高可用性.新API方面的相关过程和细节,以及本人在安装调试过程中踩出的各种坑. 关于K ...

  10. 28.zookeeper单机(Standalones模式)和集群搭建笔记

    zookeeper单机(Standalones模式)和集群搭建: 前奏: (1).zookeeper也可以在windows下使用,和linux一样可以单机也可以集群,具体就是解压zookeeper-3 ...

随机推荐

  1. 九度oj 题目1048:判断三角形类型

    题目描述: 给定三角形的三条边,a,b,c.判断该三角形类型. 输入: 测试数据有多组,每组输入三角形的三条边. 输出: 对于每组输入,输出直角三角形.锐角三角形.或是钝角三角形. 样例输入: 3 4 ...

  2. vue 使用Echarts 环形图 自定义legend formatter 富文本标签

    main.js 引入echarts // 引入echarts import Echarts from 'echarts' Vue.prototype.$echarts = Echarts   < ...

  3. 【Luogu】P1602Sramoc问题(堆)

    题目链接 很巧妙的想法.一开始将1~k-1加入堆中,然后每次从堆里取出一个最小的,判断是不是答案,如果不是,那么就枚举新数的末一位加上. 代码如下 #include<cstdio> #in ...

  4. BZOJ 1015: [JSOI2008]星球大战starwar【并查集】

    题目可以表述成:给定一个无向图G,每次删除它的一个点和与点相关的边集,每次询问该操作后图G的连通度(连通分量的个数).和上一题一样都是考察逆向思维,虽然删除点的做法不会,但是每次加点后询问连通度却是并 ...

  5. 算法复习——求最长不下降序列长度(dp算法)

    题目: 题目背景 161114-练习-DAY1-AHSDFZ T2 题目描述 有 N 辆列车,标记为 1,2,3,…,N.它们按照一定的次序进站,站台共有 K 个轨道,轨道遵从先进先出的原则.列车进入 ...

  6. 【二叉搜索树】hdu 3791

    http://acm.hdu.edu.cn/showproblem.php?pid=3791 [注意] 是看树的形态是否一样,而不是中序遍历的结果 [Accepted] #include<ios ...

  7. 多线程-java并发编程实战笔记

    线程安全性 编写线程安全的代码实质上就是管理对状态的访问,而且通常都是共享的,可变的状态. 一个对象的状态就是他的数据,存储在状态变量中,比如实例域或静态域.所谓共享是指一个对象可以被多个线程访问:所 ...

  8. Python脚本实现值更新事件赋值过程记录日志监控

    #LogWatch 实现值更新事件赋值过程记录日志监控 clr.AddReference('System') clr.AddReference('Kingdee.BOS') clr.AddRefere ...

  9. oracle 连接数据库以及查看当前用户、当前数据库实例

    sql>show user;查看当前用户 sql>show parameter instance_name;查看当前数据库实例 例如: sqlplus登录:用sys用户登录(密码是1234 ...

  10. css3 画半圆和1/4圆

    半圆: #circle1 { width: 100px; height: 200px; background-color: #a72525; -webkit-border-radius: 100px ...