安裝mongodb的方法參考此文檔:https://blog.csdn.net/ywd1992/article/details/81947357
1、登錄config server添加用戶(primary節點)
/usr/local/mongodb/bin/mongo --port 21000
切換到admin用戶下,添加一個新的用戶
use admin
- 其中user及pwd按自己需求修改
db.createUser(
{
user: "csdn",
pwd: "123456",
roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
}
)
可以看到如下成功提示
Successfully added user: {
"user" : "csdn",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase",
"clusterAdmin"
]
}
2、登錄shard server1添加用戶(primary節點)
/usr/local/mongodb/bin/mongo --port 27001
切換到admin用戶下,添加一個新的用戶
use admin
- 其中user及pwd按自己需求修改
db.createUser(
{
user: "csdn",
pwd: "123456",
roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
}
)
可以看到如下成功提示
Successfully added user: {
"user" : "csdn",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase",
"clusterAdmin"
]
}
3、登錄shard server2添加用戶(primary節點)
/usr/local/mongodb/bin/mongo --port 27002
切換到admin用戶下,添加一個新的用戶
use admin
- 其中user及pwd按自己需求修改
db.createUser(
{
user: "csdn",
pwd: "123456",
roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
}
)
可以看到如下成功提示
Successfully added user: {
"user" : "csdn",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase",
"clusterAdmin"
]
}
4、登錄shard server3添加用戶(primary節點)
/usr/local/mongodb/bin/mongo --port 27003
切換到admin用戶下,添加一個新的用戶
use admin
- 其中user及pwd按自己需求修改
db.createUser(
{
user: "csdn",
pwd: "123456",
roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
}
)
可以看到如下成功提示
Successfully added user: {
"user" : "csdn",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase",
"clusterAdmin"
]
}
5、生成並配置密鑰文件
-
任意節點生成,發送到集羣中其他節點
-
所有節點創建密鑰目錄
mkdir /usr/local/mongodb/key
- 集羣中任意找一個節點生成祕鑰文件並分發到其他節點
openssl rand -base64 756 >/usr/local/mongodb/key/mongo_auth.key
scp /usr/local/mongodb/key/mongo_auth.key [email protected]:/usr/local/mongodb/key/
scp /usr/local/mongodb/key/mongo_auth.key [email protected]:/usr/local/mongodb/key/
- 所有節點密鑰文件加權限
chmod 0600 /usr/local/mongodb/key/mongo_auth.key
- 配置文件中添加security配置
mongos配置文件添加配置(所有節點)
vim /usr/local/mongodb/conf/mongos.conf
注意yml文件格式,前面寫了兩個空格
keyFile=/usr/local/mongodb/key/mongo_auth.key
config和shard配置文件分別添加(所有節點)
vim /usr/local/mongodb/conf/config.conf
vim /usr/local/mongodb/conf/shard1.conf
vim /usr/local/mongodb/conf/shard2.conf
vim /usr/local/mongodb/conf/shard3.conf
auth=true
keyFile=/usr/local/mongodb/key/mongo_auth.key
6、驗證
- 修改了配置之後需要先將原有所有服務殺掉重啓,使配置生效
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/config.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard1.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard2.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard3.conf
/usr/local/mongodb/bin/mongos -f /usr/local/mongodb/conf/mongos.conf
- 任意節點登錄mongo
mongo --host 192.168.0.101 --port 20000
- 切換到admin用戶下先show一下數據庫,發現什麼都沒有,或者發現會報錯
use admin
show dbs
- 此時我們以剛纔添加的用戶登錄進去,再次show一下數據庫,發現已經可以看到所有的數據庫了
db.auth("csdn","123456")
- 或者以後登錄方式直接改爲帶用戶密碼的方式即可:
mongo 192.168.0.101:20000/admin -u csdn -p123456
- 創建一個普通的庫供使用,庫需要寫了數據才能看到,所以創建完直接show dbs看不到是正常的:
use my_database;
- 爲這個庫創建一個讀寫用戶:
db.createUser({
user:"zhangsan",
pwd:"123456",
roles: [ { role: "readWrite",db:"my_database"}]
})