https://docs.mongodb.com/manual/tutorial/enable-authentication/

Overview

Enabling access control on a MongoDB deployment enforces authentication, requiring users to identify themselves. When accessing a MongoDB deployment that has access control enabled, users can only perform actions as determined by their roles.

For authentication, MongoDB supports various Authentication Mechanisms.

The following tutorial enables access control on a standalone mongod instance and uses the default authentication mechanism.

Replica sets and sharded clusters

Replica sets and sharded clusters require internal authentication between members when access control is enabled. For more details, please see Internal Authentication.

User Administrator

With access control enabled, ensure you have a user with userAdmin or userAdminAnyDatabase role in the admin database. This user can administrate user and roles such as: create users, grant or revoke roles from users, and create or modify customs roles.

You can create users either before or after enabling access control. If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in theadmin database. Once created, you must authenticate as the user administrator to create additional users as needed.

Procedure

The following procedure first adds a user administrator to a MongoDB instance running without access control and then enables access control.

1

Start MongoDB without access control.

For example, the following starts a standalone mongod instance without access control.

mongod --port 27017 --dbpath /data/db1
2

Connect to the instance.

For example, connect a mongo shell to the instance.

mongo --port 27017

Specify additional command line options as appropriate to connect the mongo shell to your deployment, such as --host.

3

Create the user administrator.

In the admin database, add a user with the userAdminAnyDatabase role. For example, the following creates the user myUserAdmin in the admin database:

NOTE

The database where you create the user (in this example, admin) is the user’s authentication database. Although the user would authenticate to this database, the user can have roles in other databases; i.e. the user’s authentication database does not limit the user’s privileges.

use admin

db.createUser(

  {

    user: "myUserAdmin",

    pwd: "abc123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

  }

)

Disconnect the mongo shell.

4

Re-start the MongoDB instance with access control.

Re-start the mongod instance with the --auth command line option or, if using a configuration file, thesecurity.authorization setting.

mongod --auth --port 27017 --dbpath /data/db1

Clients that connect to this instance must now authenticate themselves as a MongoDB user. Clients can only perform actions as determined by their assigned roles.

5

Connect and authenticate as the user administrator.

Using the mongo shell, you can:

  • Connect with authentication by passing in user credentials, or
  • Connect first withouth authentication, and then issue the db.auth() method to authenticate.

To authenticate during connection

Start a mongo shell with the -u <username>-p <password>, and the --authenticationDatabase <database> command line options:

mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

To authenticate after connecting

Connect the mongo shell to the mongod:

mongo --port 27017

Switch to the authentication database (in this case, admin), and use db.auth(<username>,<pwd>) method to authenticate:

use admin

db.auth("myUserAdmin", "abc123" )
 
https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

wget wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.10.tgz;

tar xf mongodb* -C /usr/local/;

ln -sf /usr/local/mongodb-linux-x86_64-3.4.10 /usr/local/mongodb;

cd /usr/local/mongodb/bin; ll -a;

mkdir -p /data/db1;

now=$(date +"%H_%I_%S_%m_%d_%Y");

echo $now;

echo 123 > $now.now;

./mongod  --port 27017  --dbpath /data/db1 --logpath /data/db1.$now.log--logappend;

ps -aux | grep mongo;

./mongo --port 27017;

use admin

db.createUser(

  {

    user: "admin",

    pwd: "admin123",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ,"clusterAdmin"]

  }

)

db.shutdownServer()

exit

ps -aux | grep mongo;

echo 'mykeyfksdfjjsjf>2<1024' > mykeyf;

chmod 600;

scp mykeyf hadoop2:/usr/local/mongodb/bin;

scp mykeyf bigdata-server-02:/usr/local/mongodb/bin;scp mykeyf bigdata-server-03:/usr/local/mongodb/bin;

	[

		Use rs.initiate() on one and only one member of the replica set

		https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

		https://docs.mongodb.com/manual/core/security-internal-authentication/

		https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterAuthMode

	]

./mongod --auth  --port 27017 --keyFile /usr/local/mongodb/bin/mykeyf --replSet myreplSet  --dbpath /data/db1 --logpath  /data/db1.$now.log;

./mongo --port 27017;

use admin;

db.auth("admin","admin123");

##

rs.status();

rs.add("hadoop2:27017");

  

 
> rs.initiate();

{

	"info2" : "no configuration specified. Using a default configuration for the set",

	"me" : "hadoop1:27017",

	"ok" : 1

}

myreplSet:SECONDARY> rs.add("hadoop2:27017");

{ "ok" : 1 }

myreplSet:PRIMARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T08:59:42.246Z"),

	"myState" : 1,

	"term" : NumberLong(1),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511341175, 2),

			"t" : NumberLong(1)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 118,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511341163, 2),

			"electionDate" : ISODate("2017-11-22T08:59:23Z"),

			"configVersion" : 2,

			"self" : true

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 6,

			"optime" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511341175, 2),

				"t" : NumberLong(1)

			},

			"optimeDate" : ISODate("2017-11-22T08:59:35Z"),

			"optimeDurableDate" : ISODate("2017-11-22T08:59:35Z"),

			"lastHeartbeat" : ISODate("2017-11-22T08:59:41.891Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T08:59:37.663Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY>

  

 
 主备自动切换
当其中一个执行db.shutdownServer()后:
myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:20:43.349Z"),

	"myState" : 2,

	"term" : NumberLong(3),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511345737, 1),

			"t" : NumberLong(3)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:20:42.871Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:20:26.990Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 179,

			"optime" : {

				"ts" : Timestamp(1511345737, 1),

				"t" : NumberLong(3)

			},

			"optimeDate" : ISODate("2017-11-22T10:15:37Z"),

			"infoMessage" : "could not find member to sync from",

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

  

 
 
先启动2,后启动1,2成了主节点
 
[root@hadoop2 bin]# ./mongo --port 27017;

MongoDB shell version v3.4.7

connecting to: mongodb://127.0.0.1:27017/

MongoDB server version: 3.4.7

myreplSet:SECONDARY> use admin

switched to db admin

myreplSet:SECONDARY> db.auth("admin","admin123")

1

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:41:45.652Z"),

	"myState" : 2,

	"term" : NumberLong(4),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 1),

			"t" : NumberLong(4)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 0,

			"state" : 8,

			"stateStr" : "(not reachable/healthy)",

			"uptime" : 0,

			"optime" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDurable" : {

				"ts" : Timestamp(0, 0),

				"t" : NumberLong(-1)

			},

			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:41:45.036Z"),

			"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),

			"pingMs" : NumberLong(0),

			"lastHeartbeatMessage" : "Connection refused",

			"configVersion" : -1

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 186,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:SECONDARY> rs.status()

{

	"set" : "myreplSet",

	"date" : ISODate("2017-11-22T02:42:04.885Z"),

	"myState" : 1,

	"term" : NumberLong(5),

	"heartbeatIntervalMillis" : NumberLong(2000),

	"optimes" : {

		"lastCommittedOpTime" : {

			"ts" : Timestamp(0, 0),

			"t" : NumberLong(-1)

		},

		"appliedOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		},

		"durableOpTime" : {

			"ts" : Timestamp(1511346776, 3),

			"t" : NumberLong(5)

		}

	},

	"members" : [

		{

			"_id" : 0,

			"name" : "hadoop1:27017",

			"health" : 1,

			"state" : 2,

			"stateStr" : "SECONDARY",

			"uptime" : 9,

			"optime" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDurable" : {

				"ts" : Timestamp(1511346776, 1),

				"t" : NumberLong(4)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"optimeDurableDate" : ISODate("2017-11-22T10:32:56Z"),

			"lastHeartbeat" : ISODate("2017-11-22T02:42:04.303Z"),

			"lastHeartbeatRecv" : ISODate("2017-11-22T02:42:00.050Z"),

			"pingMs" : NumberLong(0),

			"configVersion" : 2

		},

		{

			"_id" : 1,

			"name" : "hadoop2:27017",

			"health" : 1,

			"state" : 1,

			"stateStr" : "PRIMARY",

			"uptime" : 205,

			"optime" : {

				"ts" : Timestamp(1511346776, 3),

				"t" : NumberLong(5)

			},

			"optimeDate" : ISODate("2017-11-22T10:32:56Z"),

			"infoMessage" : "could not find member to sync from",

			"electionTime" : Timestamp(1511346776, 2),

			"electionDate" : ISODate("2017-11-22T10:32:56Z"),

			"configVersion" : 2,

			"self" : true

		}

	],

	"ok" : 1

}

myreplSet:PRIMARY> db.getRoles()

[

	{

		"role" : "myClusterwideAdmin",

		"db" : "admin",

		"isBuiltin" : false,

		"roles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		],

		"inheritedRoles" : [

			{

				"role" : "read",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY> db.getUsers()

[

	{

		"_id" : "admin.admin",

		"user" : "admin",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			}

		]

	},

	{

		"_id" : "admin.myClusterwideAdmin_user",

		"user" : "myClusterwideAdmin_user",

		"db" : "admin",

		"roles" : [

			{

				"role" : "userAdminAnyDatabase",

				"db" : "admin"

			},

			{

				"role" : "clusterAdmin",

				"db" : "admin"

			},

			{

				"role" : "myClusterwideAdmin",

				"db" : "admin"

			}

		]

	}

]

myreplSet:PRIMARY>

2个节点,谁先启动,谁就是可以充当主节点;

  

Deploy a Replica Set — MongoDB Manual https://docs.mongodb.com/manual/tutorial/deploy-replica-set/

monggodb 复制集 集群 搭建的更多相关文章

  1. Redis复制与可扩展集群搭建

    抄自:http://www.infoq.com/cn/articles/tq-redis-copy-build-scalable-cluster 讨论了Redis的常用数据类型与存储机制,本文会讨论一 ...

  2. (转)Redis复制与可扩展集群搭建

    讨论了Redis的常用数据类型与存储机制,本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过 ...

  3. Redis复制与可扩展集群搭建【转】

    本文会讨论一下Redis的复制功能以及Redis复制机制本身的优缺点以及集群搭建问题. Redis复制流程概述 Redis的复制功能是完全建立在之前我们讨论过的基于内存快照的持久化策略基础上的,也就是 ...

  4. RocketMQ学习笔记(16)----RocketMQ搭建双主双从(异步复制)集群

    1. 修改RocketMQ默认启动端口 由于只有两台机器,部署双主双从需要四个节点,所以只能修改rocketmq的默认启动端口,从官网下载rocketmq的source文件,解压后使用idea打开,全 ...

  5. MongoDB高可用复制集分片集群搭建

    1     逻辑架构 1.1     逻辑架构图 1.2     组件说明 一.mongos(query routers):查询路由,负责client的连接,并把任务分给shards,然后收集结果.一 ...

  6. 【Data Cluster】真机环境下MySQL数据库集群搭建

    真机环境下MySQL-Cluster搭建文档  摘要:本年伊始阶段,由于实验室对不同数据库性能测试需求,才出现MySQL集群搭建.购置主机,交换机,双绞线等一系列准备工作就绪,也就开始集群搭建.起初笔 ...

  7. RabbitMQ 高可用集群搭建及电商平台使用经验总结

    面向EDA(事件驱动架构)的方式来设计你的消息 AMQP routing key的设计 RabbitMQ cluster搭建 Mirror queue policy设置 两个不错的RabbitMQ p ...

  8. kafka集群搭建和使用Java写kafka生产者消费者

    1 kafka集群搭建 1.zookeeper集群  搭建在110, 111,112 2.kafka使用3个节点110, 111,112 修改配置文件config/server.properties ...

  9. Kafka 0.9+Zookeeper3.4.6集群搭建、配置,新Client API的使用要点,高可用性测试,以及各种坑 (转载)

    Kafka 0.9版本对java client的api做出了较大调整,本文主要总结了Kafka 0.9在集群搭建.高可用性.新API方面的相关过程和细节,以及本人在安装调试过程中踩出的各种坑. 关于K ...

  10. 28.zookeeper单机(Standalones模式)和集群搭建笔记

    zookeeper单机(Standalones模式)和集群搭建: 前奏: (1).zookeeper也可以在windows下使用,和linux一样可以单机也可以集群,具体就是解压zookeeper-3 ...

随机推荐

  1. 自动化运维之shell引号和正则表达式(二)

    1 shell引号 1)反斜线\ 转译 echo * 显示当前目录中所有的文件列表 echo \* 显示*字符 换行 find / \ 换行输入多行命令 > -name "test.t ...

  2. 【bzoj3671】[Noi2014]随机数生成器 贪心

    题目描述 输入 第1行包含5个整数,依次为 x_0,a,b,c,d ,描述小H采用的随机数生成算法所需的随机种子.第2行包含三个整数 N,M,Q ,表示小H希望生成一个1到 N×M 的排列来填入她 N ...

  3. 【Luogu】P1280尼克的任务(DP)

    做顺序DP做惯了,死活没想到这是个倒序DP. f[i]表示时刻i的最大空闲时.有以下两种可能. 1.时刻i没有任务.此时f[i]=f[i+1]+1; 2.时刻i有许多任务.此时f[i]=max(f[i ...

  4. BZOJ 2134 单选错位 ——期望DP

    发现概率是∑1/两道题答案相同的概率, 稍加化简 #include <map> #include <ctime> #include <cmath> #include ...

  5. VS的一些错误解决方法记录

    1.errorC2664 "bool CMarkup::AddElem(MCD_CSTR,MCD_CSTR,int)":不能将参数1从“constchar [7]” 转换位&quo ...

  6. poj1930 数论

    Dead Fraction Time Limit: 1000MS   Memory Limit: 30000K Total Submissions: 1258   Accepted: 379 Desc ...

  7. oracle 当中,(+)是什么意思

    SELECT A.id, B.IDDFROM A, BWHERE A.id(+)=B.IDD等价于SELECT A.id, B.IDDFROM A RIGHT OUTER JOIN B ON ( A. ...

  8. 济南学习 Day 5 T1 am

    炮(cannon)[题目描述]众所周知,双炮叠叠将是中国象棋中很厉害的一招必杀技.炮吃子时必须隔一个棋子跳吃,即俗称“炮打隔子”. 炮跟炮显然不能在一起打起来,于是rly一天借来了许多许多的炮在棋盘上 ...

  9. Delphi中Indy 10的安装和老版本的卸载

    http://www.cnblogs.com/railgunman/archive/2010/08/31/1814112.html Indy 10的安装和老版本的卸载 Indy 10下载地址: htt ...

  10. python和linux的环境设置/PATH

    一.python的环境设置 1.输出path列表: pi@raspberrypi:~$ pythonPython 3.4.0 (default, Jul 1 2014, 09:37:01) [GCC ...