Mongodb 集群配置用户名密码认证

Mongodb集群配置登录认证跟单节点的不一样，本文主要介绍一下配置的流程

1. 启动mongodb集群，不开启auth，配置admin数据库用户

use admin
db.createUser( {
user: "admin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
});

2. 停止mongodb集群

3. 在其中一个replica 节点上，配置 keyfile，keyfile用于各个节点之间验证

openssl rand -base64 741 > mongodb-keyfile
chmod 600 mongodb-keyfile

4. 将keyfile 拷贝到 replica 节点，mongo config，mongos 节点上

5. 启动mongod，mongo config ，mongos

集群配置，本文不具体介绍，每个服务都需要加上

--keyFile /mysecretdirectory/mongodb-keyfile

mongod --keyFile /mysecretdirectory/mongodb-keyfile --replSet "rs0"
mongod --keyFile /mysecretdirectory/mongodb-keyfile -f /etc/mongod-config.conf
mongos --keyFile /mysecretdirectory/mongodb-keyfile ...

6. 启动mongodb 集群

7. mongos连接，创建用户和测试结果

[root@packone18 ~]# mongo --port 30000 -u admin -p abc123 --authenticationDatabase admin
mongos >> use testdb
mongos >> db.createUser(
{
user: "test_user",
pwd: "abc123",
roles: [ { role: "readWrite", db: "testdb" } ]
}
);
mongos >> db.auth(‘test_user’,’abc123’)
测试结果
[root@packone18 ~]# mongo --port 30000 -u test_user -p abc123 --authenticationDatabase testdb
MongoDB shell version: 3.2.10
connecting to: 127.0.0.1:30000/test
mongos> show collections;
2016-11-03T10:44:56.655+0800 E QUERY    [thread1] Error: listCollections failed: {
"ok" : 0,
"errmsg" : "not authorized on test to execute command { listCollections: 1.0, filter: {} }",
"code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:773:1
DB.prototype.getCollectionInfos@src/mongo/shell/db.js:785:19
DB.prototype.getCollectionNames@src/mongo/shell/db.js:796:16
shellHelper.show@src/mongo/shell/utils.js:754:9
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1

mongos> use testdb;
switched to db testdb
mongos> show collections;
mongos> db.t1.insert({'name':'jake'});
WriteResult({ "nInserted" : 1 })
mongos> db.t1.find();
{ "_id" : ObjectId("581aa4bc38ffdf457e2e2c30"), "name" : "jake" }