Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of how to deploy the replica set of MongoDB access control, the content is detailed and easy to understand, the operation is simple and quick, and has a certain reference value. I believe you will gain something after reading this article on how to deploy the replica set of MongoDB access control. Let's take a look.

Version and environment MongoDB4.4 Centos6.5

Download MongoDB Server and MongoDB Shell

MongoDB Server provides database services. Mongo Shell can be understood as a command-line client program.

Download address: https://www.mongodb.com/try/download/community

Select the corresponding version, platform, Package type (server / shell) here

RMP installation

Rpm-ivh mongodb-org-server-4.4.12-1.el6.x86_64.rpm

Rpm-ivh mongodb-org-shell-4.4.12-1.el6.x86_64.rpm

II. Initialization of replica set

A replica set (replica set) is a set of mongod processes that maintain the same data, providing high availability. If some nodes fail, you can automatically select the master node and continue to provide services.

Because the replica set is linked differently from a single point, the test environment is also deployed as a replica set.

1. First of all, create the following database data storage directory to store the data. The environment is a stand-alone, three-node directory, all created on a single machine, pseudo-distributed.

Mkdir-p / srv/mongodb/rs0-0 / srv/mongodb/rs0-1 / srv/mongodb/rs0-2

two。 Start three mongod instances in turn

Mongod-- replSet rs0-- fork-- logpath / srv/mongodb/0-- logappend-- port 27017-- bind_ip 0.0.0.0 oplogSize 128mongod oplogSize 128mongod-- replSet rs0-- fork-- logpath / srv/mongodb/1-- logappend-- port 27018-- bind_ip 0.0.0.0 :-- dbpath / srv/mongodb/rs0-1-- oplogSize 128mongod-- replSet rs0-- fork-- logpath / srv/mongodb/2-- logappend-- port 27019-- bind_ip 0.0.0.0 dbpath / srv/mongodb/rs0-2-- oplogSize 128

After startup, ps-axu | grep mongo to see if all three processes mongod are ok.

3. Use mongo shell to connect to one of the nodes. Initialize the replica set.

Mongo-port 27017

After entering shell, execute the following command. Note that "10.13.50.40" is replaced with the actual IP

Rsconf = {_ id: "rs0", members: [{_ id: 0, host: "10.13.50.40 rs0 27017"}, {_ id: 1, host: "10.13.50.40 rs0 27018"}, {_ id: 2, host: "10.13.50.40 rs0 27019"}]} rs.initiate (rsconf)

After initialization is complete, you can use the

Rs.conf ()

View the replica set configuration.

The copy set of the 3 nodes has been configured here. You can connect to read and write.

At present, however, there is no access control for the connection, so let's add access control.

Third, increase access control

Enabling access control in the replica set requires two configurations.

1. Security authentication among replica set node members, supporting keyfiles or x.509 certificate authentication.

two。 Security authentication, user name and password between replica set service and database connection client. Permissions are based on the role to which the user belongs.

Internal authentication between replica set nodes, where keyfiles is used. Generally speaking, all nodes share the same keyfile as password. Only when the keyfile is correct can you join the replica set and realize the authentication between the nodes of the replica set.

Create a keyfile, make three copies, and use it for three nodes. According to the official manual, use openssl to generate random passwords and modify permissions to 400. Copy to 3 directories for backup.

Openssl rand-base64 756 > keychmod 400 keymkdir-p / srv/mongodb/k0/ srv/mongodb/k1/ srv/mongodb/k2cp key / srv/mongodb/k0/cp key / srv/mongodb/k1/cp key / srv/mongodb/k2/

Let's create a user and specify a role. As mentioned earlier, use mongo shell to connect to the database. The creation of the user needs to be carried out on the primary node. If the connected node is not the current primary node. You can use rs.status (); look at the ip port of the primary node and connect. After entering mongo shell, enter the following command.

Admin = db.getSiblingDB ("admin") admin.createUser ({user: "admin", pwd: "admingly beautiful $", roles: [{role: "userAdminAnyDatabase", db: "admin"}]})

Create a user whose username is not userAdminAnyDatabase and whose admin role is userAdminAnyDatabase, with a password of adminstration roles. More information about built-in roles can be found here.

Https://docs.mongodb.com/v4.4/reference/built-in-roles/

When you're ready. The mongo server service needs to be restarted to enable the access control mechanism. Next, close all nodes.

Mongo-port 27017-eval 'db.adminCommand ("shutdown")' mongo-port 27018-eval 'db.adminCommand ("shutdown")' mongo-port 27019-eval 'db.adminCommand ("shutdown")'

Restart mongod to enable access control-auth-keyFile

Mongod-- replSet rs0-- fork-- auth-- keyFile / srv/mongodb/k0/key-- logpath / srv/mongodb/0-- logappend-- port 27017-- bind_ip 0.0.0.0 dbpath / srv/mongodb/rs0-0-- oplogSize 128mongod-- replSet rs0-- fork-- auth-keyFile / srv/mongodb/k1/key-- logpath / srv/mongodb/1-- logappend-port 27018-- bind_ip 0.0.0.0 :-- dbpath / srv/mongodb/rs0-1-- oplogSize 128mongod-- replSet rs0-- fork-- auth-- keyFile / srv/mongodb/k2/key-- logpath / srv/mongodb/2-- logappend-- port 27019-- bind_ip 0.0.0.0 oplogSize:-- dbpath / srv/mongodb/rs0-2-- oplogSize 128

At this point, access control has been enabled, users cannot read or write to the database, and new users cannot be added. Log in with authentication below. -username and-password

Mongo admin-- username admin-password'admingly beautiful people-- host rs0/10.13.50.40:27017,10.13.50.40:27018,10.13.50.40:27019

The role of admin, userAdminAnyDatabase, has user administrative privileges, but no database read and write permissions. After logging in, create a database in mongo shell to read and write users, read and write specific databases. The test user has read and write access to the database mytest and belongs to the built-in readWrite role.

Db.createUser ({user: "test", pwd: "testworthy clients $", roles: [{role: "readWrite", db: "mytest"}]})

Mongo shell then uses test login authentication.

Mongo test-- username test-password's testfully qualified customers'--host rs0/10.13.50.40:27017,10.13.50.40:27018,10.13.50.40:27019

After test login, test read and write in mongo shell

Use mytestdb.col.insert ({name:' Test', age:1}) db.col.find ()

Query result

{"_ id": ObjectId ("61f3da65e72c3f10edef9a78"), "name": "Test", "age": 1}

This is the end of the article on "how to deploy a copy set of MongoDB access controls". Thank you for reading! I believe you all have a certain understanding of the knowledge of "how to deploy the copy set of MongoDB access control". If you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.