After the mongodb3.2 replica set and the Shard cluster user authentication login.
1: About MONGOs login Rights authentication Configuration
[[email protected] keyfile]$ OpenSSL rand-base64 741 >/data/keyfile/zxl[[email protected] keyfile]$ chmod 600/data/k Eyfile/zxl
2: Copy the/DATA/KEYFILE/ZXL file to each machine/data/keyfile/directory
Remember the owner and group and file permissions 600
3: Create user
[[email protected] config]$ mongo --port 10005mongodb shell version: 3.2.3connecting to: 127.0.0.1:10005/testmongos> Use adminswitched to db admindb.createuser ( { user: "ZXL", pwd: "123", roles: [ { role: "Useradminanydatabase", db: "admin" } ] }) Db.createuser ( { user: "ZXL", pwd: "123", roles: [ { role: "root", db: "admin"  } ]}); Mongos> db.auth (' Zxl ', ' 123 ') 1
Note:useradminanydatabase: Only available in the Admin database, giving the user useradmin permissions for all databases,root: Only available in the admin database. Super account, super privilege, actually create a useradminanydatabase role, then you can create n user roles ...
4: Shut down the Mongod and Configsvr and MONGOs services on three machines
[[email protected] keyfile]$ netstat-ntpl|grep Mongo|awk ' {print $NF} ' |awk-f '/' {print '} ' |xargs kill
5: Modify the contents of shard1.conf, shard2.conf, shard3.conf, configsvr.conf, mongos.conf configuration files on three machines, and remove the comments separately
#security: # keyfile: "/DATA/KEYFILE/ZXL" # Clusterauthmode: "keyfile" Remove comment security:keyfile: "/DATA/KEYFILE/ZXL" Cluste Rauthmode: "KeyFile"
Start the Shard1, Shard2, Shard3, and Configsvr and MONGOs nodes on three machines
[Email protected] ~]$ mongod-f/data/config/shard1.conf[[email protected] ~]$ mongod-f/data/config/shard2.conf[[ Email protected] ~]$ mongod-f/data/config/shard3.conf[[email protected] logs]$ mongod-f/data/config/configsvr.conf[[ Email protected] logs]$ mongos-f/data/config/mongos.conf
Login MONGOs
[[email protected] config]$ MONGO--port 10005MongoDB shell version:3.2.3connecting to:127.0.0.1:10005/testmongos> u Se adminswitched to DB adminmongos> db.auth (' zxl ', ' 123 ') 1mongos> sh.enablesharding ("AV")//Enable Shard Shard {"OK": 1} Mongos> sh.shardcollection ("Av.xxoo", {name:1})//Set the name and field of the collection, default automatically indexed, AV library, xxoo collection {"collectionsharded": "Av.xxoo "," OK ": 1}
The summary reads as follows:
System time and firewall, remember
#security. KeyFile: The same format as security.authorization, with the same functionality as--keyfile.
--auth: After the Mongod boot entry is added--AUTH,MONGODB boot, the authorization module can be enabled);
PS: Although the Auth module is enabled, the machine can log in to the database, but does not have permission to delete and change the check, so start the Auth module before you should create a super user
--keyfile <file>: Mainly used for the authorization between the partition cluster and the replica set, in the case of single-machine use only auth, if it is in the cluster (shard + replica set) environment, it is necessary to use this parameter;
Because I created a useradminanydatabase role before, I created an account of the root role. As follows
[Email protected] config]$ MONGO 192.168.75.128:10005/admin-u zxl-p 123--authenticationdatabase Adminmongodb Shell ver Sion:3.2.3connecting to:192.168.75.128:10005/adminmongos> show Dbsad 0.000GBadmin 0.000GBconfig 0.001GBmongos > Db.createuser ({User: "root", pwd: "123456", Roles: ["Root"]}) successfully added User: {"user": "Root", "roles": [ "Root"]}mongos> Db.auth ("root", "123456") 1mongos> bye
Certification Login
[Email protected] config]$ MONGO 192.168.75.128:10005/admin-u root-p 123456--authenticationdatabasemongodb shell vers Ion:3.2.3connecting to:192.168.75.128:10005/adminmongos> show Dbsad 0.000GBadmin 0.000GBav 0.000GBconfig 0.001GB
This article is from the "Village Boys" blog, please make sure to keep this source http://noodle.blog.51cto.com/2925423/1750532
mongodb3.2 Cluster Authentication Login