Considerations for enabling Authentication in MongoDB Shard mode

Start Configsvr

1. Ensure that the configsvr of the MONGDB is started in service mode, that is, from the script under/ETC/INIT.D, and that the user is mongod.

2. Ensure that the Mongod configuration files are identical.

3. Ensure that all keyfile file contents of the entire cluster are the same.

Start MONGOs

1. Start with the following command to ensure that the user switches to Mongod:

Runuser-s/bin/bash mongod-c '/usr/bin/mongos--configdb confighost-01:27019,confighost-02:27019,confighost-03 : 27019--port 27021--keyfile/data/mongodb/key.d/mongod.key '

2. If Warning:config servers confighost-01:27019 and confighost-03:27019 differ occur

You can delete the contents of the ConfigDB directory and run the CONFIGSVR service again.

3. After everything is OK, you can write the MONGOs startup configuration to the script/etc/init.d/mongos

4. Service MONGOs Start

adding Shards

Please note that you must add at least one shard before creating any user for the admin database, otherwise you may not be able to join later.

Sh.addshard ("rs-1/host-11.mycloud.com")

Sh.addshard ("rs-2/host-21.mycloud.com")

Create the first user for the admin userThe user's role must be Useradminanydatabase 1. MONGOs Server Native login MONGO--port xxxxx #xxxxx表示mongos的监听端口 use admin show dbs #这时可以列出数据库 DB.CR Eateuser ({User: "SysAdmin", pwd: "123", roles: [{role: "Useradminanydatabase", DB: "Admin"}]});
At this point, after exiting with MONGO--port XXXXX login to execute show DBS is not authorized.

Re-loginYou can choose to log on to your computer or log in from another machine. Native Login: MONGO localhost:27021/admin-u sysadmin-p 123
Other machine login: MONGO mongos-server:xxxxx/admin-u sysadmin-p 123
Create a user for the test databaseLog on to the admin database as an administrator on the MONGOs server: MONGO localhost:27021/admin-u sysadmin-p 123 Create an administrator user for the test database: Db.createuser ({User: " Yc-admin ", pwd:" 123 ", roles: [{role:" Useradmin ", DB:" Test "}]}); Switch to the test database: Use test log on to the database as Test administrator: Db.auth ("Yc-admin", "123") other users who created test: read-only User: Db.createuser ({User: "Yc-read", pwd : "123", roles: [{role: "read", DB: "Test"}]}); Read-Write User: Db.createuser ({User: "Yc-write", pwd: "123", roles: [{role: "ReadWrite", DB: "Test"}]});

Add additional shardsSwitch to the Admin database use Admin to add UserA dmin user and root roles to the admin database (assuming the username is admin-root), see previous step.
Clusteradmin User: Db.createuser ({User: "Yc-cstadmin", pwd: "123", roles: [{role: "Clusteradmin", DB: "admin"}]); Switch to Yc-cstadmin User: Db.auth ("Yc-cstadmin", "123") Add Rs-3 Shard: Sh.addshard ("rs-3/host-31.mycloud.com")

Note:Different roles for the database have different permissions: read: Read-only ReadWrite: Read-write root: All useradmin: User Management Clusteradmin: Cluster management and monitoring
Adding shards can only be done by the root of the admin database, and no other user has this permission.