In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
# replication set of mongodb with auth authentication enabled
# points for attention
-synchronize the time before the server node
-those who turn on the firewall must be allowed to pass.
-if you enable selinux, you should also set it
-it is best to establish a double-click mutual trust model.
# what to do in advance
Production of high-end atmospheric keyFile files
[root@redis journal] # openssl rand-base64 7533LC/EZGPOLXdVBQInqeKVglqNNWo2Et93ib51BQJZRAUB2gRUovi4b6ZkAeNAQxcvu3UEOLWA9IyWvHy6g3rAQ8lAWqVX+dIJ52Lf5EKiUp9uTwqlzGd6FKgtheN6hNLHV1YhwdzHLN7itmUgcTSe5qCSNJJijQh+OtKipkPH3laE+UxvC4rafPqNtzcBBjU7P2GOAq7zyHqT68IBysNzcdribb9qVQ35Q+kFG3sB4ne26pgk2qjnUYAK2r42BLmec6VfKw0LnemJsSCB1d2M+5fLMvBe8w59lOL7/n8IHeeT4jiTmFhrWcgyTATK7D316Zbf8DJOkHobfnW7v0eUJINAS7BrVLjItSR51qQ4nqQAQpWd5DyNCsycDcNIzQju9pGO2OzBiroOlo/tz/tLjS8jPHaa7GamOI+L+OF1sn9ytpSq0T0BswItbaNIFjrg97Nj6iwL86zblDY1U2380qBqKZdBP/yZdYi9Mj05328PdjPvF32vPt3wAHmkxTWzHXMELO6AO4q4LxTPUbIGuLzbeGoLF/ZZia5ndXWzJxVaLNUxxdzrCtcoCXvfwXwNXiN6Gg2Ep/IwkVZtNILtmbUZG51q45bb7afvS7p27P89WTk0TZ4rWNdnpNNJ1ryNwz8jMUFe9DdAY50KYUqYiIEDFltICYycnXwtmKYTpaun/6gXLKKp6PwHtfdid1tv6dkv1FHB0fU0bReOBTTSfaFkwbdKcxHcLV2p6xiFdRKLMGDrgCQNXlJN0SaUUgPU55DrScsWT3A6Pzx2Ga6yl/xnGaJpXBHb+g2gWFhSL64oo58KB4e1TQT5z/pkI0YOw+GLv8m82K2epU7hpTB6ks0PZcalGlGPy4OBxu7tNQqJIY/pLa60Gtqbs5KBCIXp7MV9JxCnOML68JU3ZKqlZUIkZeNSLpFXbnHNsuRtXWRuARdb3WM6BxsNS6uOfjA/iYa0dsUtz5w8z6CQOEJ0bPo5GjpA95WSjXnwiCY8Hvf [root@redis journal] #
-copy the produced key to / usr/local/mongodb/key
-set the permissions of the key file to 600
-modify the master group of the key file
[root@redis mongodb] # lltotal 72drwxr-xr-x 2 mongodb mongodb 4096 Jul 19 12:58 bin-rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0-rw-r--r-- 1 root root 1020 Jul 21 08:26 key-rw-r--r-- 1 mongodb mongodb 5 Jul 21 07:54 mongo.pid-rw-r--r-- 1 mongodb mongodb 1359 Jun 19 22:41 README-rw-r--r- -1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES [root@redis mongodb] # chmod 34520 key [root@redis mongodb] # lltotal 72drwxr-xr-x 2 mongodb mongodb 4096 Jul 19 12:58 bin-rw-r--r-- 1 mongodb mongodb 34520 Jun 19 22:41 GNU-AGPL-3.0-rw- 1 mongodb mongodb 1020 Jul 21 08:26 key-rw-r--r-- 1 mongodb mongodb 5 Jul 21 07:54 mongo.pid-rw-r- -mongodb mongodb-1 mongodb mongodb 1359 Jun 19 22:41 README-rw-r--r-- 1 mongodb mongodb 17793 Jun 19 22:41 THIRD-PARTY-NOTICES [root@redis mongodb] #
# copy the key file to another node
-pay attention to the group owner
-create a global account
> show dbsadmin (empty) local 1.078GBtest (empty) > use adminswitched to db admin > db.addUser ("zhuima", "zhuima") WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' insteadSuccessfully added user: {"user": "zhuima", "roles": ["root"]} >
# Master server configuration file
[root@redis mongodb] # sed-e'/ ^ $/ d Ting / ^ # / d'/ etc/mongod.confport=27017dbpath=/mongo/data/mongodb_data/logpath=/mongo/data/mongodb_log/mongodb.logpidfilepath=/usr/local/mongodb/mongo.pidfork=truelogappend=trueshardsvr=truedirectoryperdb=truereplSet=zhuimakeyFile=/usr/local/mongodb/keybind_ip=192.168.58.30
# configure files from the server
[root@mongo1 data] # vim / etc/mongod.conf [root@mongo1 data] # sed-e'/ ^ $/ mongo/data/key / ^ # / d' / etc/mongod.conflogpath=/var/log/mongodb/mongod.loglogappend=truefork=truedbpath=/mongo/datapidfilepath=/var/run/mongodb/mongod.pidbind_ip=192.168.58.10replSet = zhuimakeyFile = / mongo/data/key
# observation results of restarting mongodb service
-initialize the replica set
> rs.initiate ()
-as can be seen from the following, keyFile includes enabling the auth function by default
Zhuima:SECONDARY > show dbs2014-07-21T08:52:44.617+0200 listDatabases failed: {"ok": 0, "errmsg": "not authorized on admin to execute command {listDatabases: 1.0}", "code": 13} at src/mongo/shell/mongo.js:47zhuima:SECONDARY >
# Verification information
-on the primary node
Zhuima:PRIMARY > show dbsadmin 0.078GBlocal 1.078GBzhuima:PRIMARY > use zhuimaswitched to db zhuimazhuima:PRIMARY > info = {Name: "zhuima", Age:26,Gender: "F", Address: "Beijing China"} {"Name": "zhuima", "Age": 26, "Gender": "F" "Address": "Beijing China"} zhuima:PRIMARY > db.person.insert (info) WriteResult ({"nInserted": 1}) zhuima:PRIMARY > db.person.find () {"id": ObjectId ("53ccb955f09dbb6f5a213faf"), "Name": "zhuima", "Age": 26, "Gender": "F", "Address": "Beijing China"} zhuima:PRIMARY >
-from the node
Zhuima:SECONDARY > show dbsadmin 0.078GBlocal 1.078GBzhuima 0.078GBzhuima:SECONDARY > use zhuimaswitched to db zhuimazhuima:SECONDARY > show collections2014-07-21T08:55:40.267+0200 error: {"$err": "not master and slaveOk=false", "code": 13435} at src/mongo/shell/query.js:131zhuima:SECONDARY > rs.slaveOk () zhuima:SECONDARY > rs.slaveOk () zhuima:SECONDARY > show collectionspersonsystem.indexeszhuima:SECONDARY > db.person.find () {"_ id": ObjectId ("53ccb955f09dbb6f5a213faf"), "Name": "zhuima" "Age": 26, "Gender": "F", "Address": "Beijing China"} zhuima:SECONDARY >
# thanks to brother Chan's advice on the configuration of mongodb replication set + auth
Brother Chan blog: http://www.shencan.net/
# postscript:
Although mongdb does not provide external services in a production environment, it is always beneficial to add auth certification.
Do you still remember the pain once exploded by dark clouds?
Follow-up blogs will talk about indexed memory fragmentation operations.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.