MongoDB數據庫添加用戶驗證

安裝mongodb的方法參考此文檔：https://blog.csdn.net/ywd1992/article/details/81947357

1、登錄config server添加用戶（primary節點）

/usr/local/mongodb/bin/mongo --port 21000

切換到admin用戶下，添加一個新的用戶

use admin

• 其中user及pwd按自己需求修改

db.createUser(
   {
     user: "csdn",
     pwd: "123456",
     roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
   }
 )

可以看到如下成功提示

Successfully added user: {
	"user" : "csdn",
	"roles" : [
		"userAdminAnyDatabase",
		"dbAdminAnyDatabase",
		"readWriteAnyDatabase",
		"clusterAdmin"
	]
}

2、登錄shard server1添加用戶（primary節點）

/usr/local/mongodb/bin/mongo --port 27001

切換到admin用戶下，添加一個新的用戶

use admin

• 其中user及pwd按自己需求修改

db.createUser(
   {
     user: "csdn",
     pwd: "123456",
     roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
   }
 )

可以看到如下成功提示

Successfully added user: {
	"user" : "csdn",
	"roles" : [
		"userAdminAnyDatabase",
		"dbAdminAnyDatabase",
		"readWriteAnyDatabase",
		"clusterAdmin"
	]
}

3、登錄shard server2添加用戶（primary節點）

/usr/local/mongodb/bin/mongo --port 27002

切換到admin用戶下，添加一個新的用戶

use admin

• 其中user及pwd按自己需求修改

db.createUser(
   {
     user: "csdn",
     pwd: "123456",
     roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
   }
 )

可以看到如下成功提示

Successfully added user: {
	"user" : "csdn",
	"roles" : [
		"userAdminAnyDatabase",
		"dbAdminAnyDatabase",
		"readWriteAnyDatabase",
		"clusterAdmin"
	]
}

4、登錄shard server3添加用戶（primary節點）

/usr/local/mongodb/bin/mongo --port 27003

切換到admin用戶下，添加一個新的用戶

use admin

• 其中user及pwd按自己需求修改

db.createUser(
   {
     user: "csdn",
     pwd: "123456",
     roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
   }
 )

可以看到如下成功提示

Successfully added user: {
	"user" : "csdn",
	"roles" : [
		"userAdminAnyDatabase",
		"dbAdminAnyDatabase",
		"readWriteAnyDatabase",
		"clusterAdmin"
	]
}

5、生成並配置密鑰文件

• 任意節點生成，發送到集羣中其他節點

• 所有節點創建密鑰目錄

mkdir /usr/local/mongodb/key

• 集羣中任意找一個節點生成祕鑰文件並分發到其他節點

openssl rand -base64 756 >/usr/local/mongodb/key/mongo_auth.key

scp /usr/local/mongodb/key/mongo_auth.key [email protected]:/usr/local/mongodb/key/
scp /usr/local/mongodb/key/mongo_auth.key [email protected]:/usr/local/mongodb/key/

• 所有節點密鑰文件加權限

chmod 0600 /usr/local/mongodb/key/mongo_auth.key

• 配置文件中添加security配置

mongos配置文件添加配置（所有節點）

vim /usr/local/mongodb/conf/mongos.conf

注意yml文件格式，前面寫了兩個空格

  keyFile=/usr/local/mongodb/key/mongo_auth.key

config和shard配置文件分別添加（所有節點）

vim /usr/local/mongodb/conf/config.conf
vim /usr/local/mongodb/conf/shard1.conf
vim /usr/local/mongodb/conf/shard2.conf
vim /usr/local/mongodb/conf/shard3.conf

auth=true
  keyFile=/usr/local/mongodb/key/mongo_auth.key

6、驗證

• 修改了配置之後需要先將原有所有服務殺掉重啓，使配置生效

/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/config.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard1.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard2.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard3.conf
/usr/local/mongodb/bin/mongos -f /usr/local/mongodb/conf/mongos.conf

• 任意節點登錄mongo

mongo --host 192.168.0.101 --port 20000

• 切換到admin用戶下先show一下數據庫，發現什麼都沒有，或者發現會報錯

use admin
show dbs

• 此時我們以剛纔添加的用戶登錄進去，再次show一下數據庫，發現已經可以看到所有的數據庫了

db.auth("csdn","123456")

• 或者以後登錄方式直接改爲帶用戶密碼的方式即可：

mongo 192.168.0.101:20000/admin -u csdn -p123456

• 創建一個普通的庫供使用，庫需要寫了數據才能看到，所以創建完直接show dbs看不到是正常的：

use my_database;

• 爲這個庫創建一個讀寫用戶：

db.createUser({
 user:"zhangsan",
 pwd:"123456",
 roles: [ { role: "readWrite",db:"my_database"}]
})