ReplSet replication set of mongodb + auth 03/18 Update SLTechnology News&Howtos

ReplSet replication set of mongodb + auth

2025-03-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Shulou(Shulou.com)06/01 Report--

# replication set of mongodb with auth authentication enabled

# points for attention

-synchronize the time before the server node

-those who turn on the firewall must be allowed to pass.

-if you enable selinux, you should also set it

-it is best to establish a double-click mutual trust model.

# what to do in advance

Production of high-end atmospheric keyFile files

[root@redis journal] # openssl rand-base64 7533LC/EZGPOLXdVBQInqeKVglqNNWo2Et93ib51BQJZRAUB2gRUovi4b6ZkAeNAQxcvu3UEOLWA9IyWvHy6g3rAQ8lAWqVX+dIJ52Lf5EKiUp9uTwqlzGd6FKgtheN6hNLHV1YhwdzHLN7itmUgcTSe5qCSNJJijQh+OtKipkPH3laE+UxvC4rafPqNtzcBBjU7P2GOAq7zyHqT68IBysNzcdribb9qVQ35Q+kFG3sB4ne26pgk2qjnUYAK2r42BLmec6VfKw0LnemJsSCB1d2M+5fLMvBe8w59lOL7/n8IHeeT4jiTmFhrWcgyTATK7D316Zbf8DJOkHobfnW7v0eUJINAS7BrVLjItSR51qQ4nqQAQpWd5DyNCsycDcNIzQju9pGO2OzBiroOlo/tz/tLjS8jPHaa7GamOI+L+OF1sn9ytpSq0T0BswItbaNIFjrg97Nj6iwL86zblDY1U2380qBqKZdBP/yZdYi9Mj05328PdjPvF32vPt3wAHmkxTWzHXMELO6AO4q4LxTPUbIGuLzbeGoLF/ZZia5ndXWzJxVaLNUxxdzrCtcoCXvfwXwNXiN6Gg2Ep/IwkVZtNILtmbUZG51q45bb7afvS7p27P89WTk0TZ4rWNdnpNNJ1ryNwz8jMUFe9DdAY50KYUqYiIEDFltICYycnXwtmKYTpaun/6gXLKKp6PwHtfdid1tv6dkv1FHB0fU0bReOBTTSfaFkwbdKcxHcLV2p6xiFdRKLMGDrgCQNXlJN0SaUUgPU55DrScsWT3A6Pzx2Ga6yl/xnGaJpXBHb+g2gWFhSL64oo58KB4e1TQT5z/pkI0YOw+GLv8m82K2epU7hpTB6ks0PZcalGlGPy4OBxu7tNQqJIY/pLa60Gtqbs5KBCIXp7MV9JxCnOML68JU3ZKqlZUIkZeNSLpFXbnHNsuRtXWRuARdb3WM6BxsNS6uOfjA/iYa0dsUtz5w8z6CQOEJ0bPo5GjpA95WSjXnwiCY8Hvf [root@redis journal] #

-copy the produced key to / usr/local/mongodb/key

-set the permissions of the key file to 600

-modify the master group of the key file

[root@redis mongodb] # lltotal 72drwxr-xr-x 2 mongodb mongodb 4096 Jul 19 12:58 bin-rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0-rw-r--r-- 1 root root 1020 Jul 21 08:26 key-rw-r--r-- 1 mongodb mongodb 5 Jul 21 07:54 mongo.pid-rw-r--r-- 1 mongodb mongodb 1359 Jun 19 22:41 README-rw-r--r- -1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES [root@redis mongodb] # chmod 34520 key [root@redis mongodb] # lltotal 72drwxr-xr-x 2 mongodb mongodb 4096 Jul 19 12:58 bin-rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0-rw- 1 mongodb mongodb 1020 Jul 21 08:26 key-rw-r--r-- 1 mongodb mongodb 5 Jul 21 07:54 mongo.pid-rw-r- -mongodb mongodb-1 mongodb mongodb 1359 Jun 19 22:41 README-rw-r--r-- 1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES [root@redis mongodb] #

# copy the key file to another node

-pay attention to the group owner

-create a global account

> show dbsadmin (empty) local 1.078GBtest (empty) > use adminswitched to db admin > db.addUser ("zhuima", "zhuima") WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' insteadSuccessfully added user: {"user": "zhuima", "roles": ["root"]} >

# Master server configuration file

[root@redis mongodb] # sed-e'/ ^ $/ d Ting / ^ # / d'/ etc/mongod.confport=27017dbpath=/mongo/data/mongodb_data/logpath=/mongo/data/mongodb_log/mongodb.logpidfilepath=/usr/local/mongodb/mongo.pidfork=truelogappend=trueshardsvr=truedirectoryperdb=truereplSet=zhuimakeyFile=/usr/local/mongodb/keybind_ip=192.168.58.30

# configure files from the server

[root@mongo1 data] # vim / etc/mongod.conf [root@mongo1 data] # sed-e'/ ^ $/ mongo/data/key / ^ # / d' / etc/mongod.conflogpath=/var/log/mongodb/mongod.loglogappend=truefork=truedbpath=/mongo/datapidfilepath=/var/run/mongodb/mongod.pidbind_ip=192.168.58.10replSet = zhuimakeyFile = / mongo/data/key

# observation results of restarting mongodb service

-initialize the replica set

> rs.initiate ()

-as can be seen from the following, keyFile includes enabling the auth function by default

Zhuima:SECONDARY > show dbs2014-07-21T08:52:44.617+0200 listDatabases failed: {"ok": 0, "errmsg": "not authorized on admin to execute command {listDatabases: 1.0}", "code": 13} at src/mongo/shell/mongo.js:47zhuima:SECONDARY >

# Verification information

-on the primary node

Zhuima:PRIMARY > show dbsadmin 0.078GBlocal 1.078GBzhuima:PRIMARY > use zhuimaswitched to db zhuimazhuima:PRIMARY > info = {Name: "zhuima", Age:26,Gender: "F", Address: "Beijing China"} {"Name": "zhuima", "Age": 26, "Gender": "F" "Address": "Beijing China"} zhuima:PRIMARY > db.person.insert (info) WriteResult ({"nInserted": 1}) zhuima:PRIMARY > db.person.find () {"id": ObjectId ("53ccb955f09dbb6f5a213faf"), "Name": "zhuima", "Age": 26, "Gender": "F", "Address": "Beijing China"} zhuima:PRIMARY >

-from the node

Zhuima:SECONDARY > show dbsadmin 0.078GBlocal 1.078GBzhuima 0.078GBzhuima:SECONDARY > use zhuimaswitched to db zhuimazhuima:SECONDARY > show collections2014-07-21T08:55:40.267+0200 error: {"$err": "not master and slaveOk=false", "code": 13435} at src/mongo/shell/query.js:131zhuima:SECONDARY > rs.slaveOk () zhuima:SECONDARY > rs.slaveOk () zhuima:SECONDARY > show collectionspersonsystem.indexeszhuima:SECONDARY > db.person.find () {"_ id": ObjectId ("53ccb955f09dbb6f5a213faf"), "Name": "zhuima" "Age": 26, "Gender": "F", "Address": "Beijing China"} zhuima:SECONDARY >

# thanks to brother Chan's advice on the configuration of mongodb replication set + auth

Brother Chan blog: http://www.shencan.net/

# postscript:

Although mongdb does not provide external services in a production environment, it is always beneficial to add auth certification.

Do you still remember the pain once exploded by dark clouds?

Follow-up blogs will talk about indexed memory fragmentation operations.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.