mongodb3.2 Cluster Authentication Login

Source: Internet
Author: User
Tags file permissions

After the mongodb3.2 replica set and the Shard cluster user authentication login.

1: About MONGOs login Rights authentication Configuration

[[email protected] keyfile]$ OpenSSL rand-base64 741 >/data/keyfile/zxl[[email protected] keyfile]$ chmod 600/data/k Eyfile/zxl

2: Copy the/DATA/KEYFILE/ZXL file to each machine/data/keyfile/directory

Remember the owner and group and file permissions 600

3: Create user

[[email protected] config]$ mongo --port  10005mongodb shell version: 3.2.3connecting to: 127.0.0.1:10005/testmongos>  Use adminswitched to db admindb.createuser (  {    user:   "ZXL",    pwd:  "123",     roles: [ { role:   "Useradminanydatabase", db:  "admin"  } ]  }) Db.createuser ( {     user:  "ZXL",    pwd:  "123",     roles:  [ { role:  "root", db:  "admin"  } ]}); Mongos> db.auth (' Zxl ', ' 123 ') 1 

Note:useradminanydatabase: Only available in the Admin database, giving the user useradmin permissions for all databases,root: Only available in the admin database. Super account, super privilege, actually create a useradminanydatabase role, then you can create n user roles ...

4: Shut down the Mongod and Configsvr and MONGOs services on three machines

[[email protected] keyfile]$ netstat-ntpl|grep Mongo|awk ' {print $NF} ' |awk-f '/' {print '} ' |xargs kill

5: Modify the contents of shard1.conf, shard2.conf, shard3.conf, configsvr.conf, mongos.conf configuration files on three machines, and remove the comments separately

#security: # keyfile: "/DATA/KEYFILE/ZXL" # Clusterauthmode: "keyfile" Remove comment security:keyfile: "/DATA/KEYFILE/ZXL" Cluste Rauthmode: "KeyFile"

Start the Shard1, Shard2, Shard3, and Configsvr and MONGOs nodes on three machines

[Email protected] ~]$ mongod-f/data/config/shard1.conf[[email protected] ~]$ mongod-f/data/config/shard2.conf[[ Email protected] ~]$ mongod-f/data/config/shard3.conf[[email protected] logs]$ mongod-f/data/config/configsvr.conf[[ Email protected] logs]$ mongos-f/data/config/mongos.conf

Login MONGOs

[[email protected] config]$ MONGO--port 10005MongoDB shell version:3.2.3connecting to:127.0.0.1:10005/testmongos> u Se adminswitched to DB adminmongos> db.auth (' zxl ', ' 123 ') 1mongos> sh.enablesharding ("AV")//Enable Shard Shard {"OK": 1} Mongos> sh.shardcollection ("Av.xxoo", {name:1})//Set the name and field of the collection, default automatically indexed, AV library, xxoo collection {"collectionsharded": "Av.xxoo "," OK ": 1}

The summary reads as follows:

System time and firewall, remember

#security. KeyFile: The same format as security.authorization, with the same functionality as--keyfile.

--auth: After the Mongod boot entry is added--AUTH,MONGODB boot, the authorization module can be enabled);

PS: Although the Auth module is enabled, the machine can log in to the database, but does not have permission to delete and change the check, so start the Auth module before you should create a super user

--keyfile <file>: Mainly used for the authorization between the partition cluster and the replica set, in the case of single-machine use only auth, if it is in the cluster (shard + replica set) environment, it is necessary to use this parameter;

Because I created a useradminanydatabase role before, I created an account of the root role. As follows

[Email protected] config]$ MONGO 192.168.75.128:10005/admin-u zxl-p 123--authenticationdatabase Adminmongodb Shell ver Sion:3.2.3connecting to:192.168.75.128:10005/adminmongos> show Dbsad 0.000GBadmin 0.000GBconfig 0.001GBmongos > Db.createuser ({User: "root", pwd: "123456", Roles: ["Root"]}) successfully added User: {"user": "Root", "roles": [ "Root"]}mongos> Db.auth ("root", "123456") 1mongos> bye

Certification Login

[Email protected] config]$ MONGO 192.168.75.128:10005/admin-u root-p 123456--authenticationdatabasemongodb shell vers  Ion:3.2.3connecting to:192.168.75.128:10005/adminmongos> show Dbsad 0.000GBadmin 0.000GBav 0.000GBconfig 0.001GB


This article is from the "Village Boys" blog, please make sure to keep this source http://noodle.blog.51cto.com/2925423/1750532

mongodb3.2 Cluster Authentication Login

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.