Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to turn on set authentication in mongodb

2025-03-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)05/31 Report--

This article is to share with you about how to turn on set authentication in mongodb, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Environment:

All systems are Centos 7.

Mongodb-linux-x86_64-rhel70-3.4.5.tgz

Node:

Node0:Primary

Node1:Secondary

Node2:Secondary

Node3:Arbiter

Node0:

Extract the mongodb package to / usr/local/mongodb

Create etc and log directories under / usr/local/mongodb

Add / usr/local/mongodb/bin to the / etc/profile system environment variable

Create and place in the data directory / var/lib/mongodb/data

Create a service startup script

Vi / usr/lib/systemd/system/mongodb.service adds the following

[Unit]

Description=Mongodb Monitoring and Control Daemon

After=Network.target

# Network must be start before this service

[Service]

Type=forking

ExecStart=/usr/local/mongodb/bin/mongod-f / usr/local/mongodb/etc/mongodb.conf

ExecStop=/usr/local/mongodb/bin/mongod-shutdown

KillMode=process

Restart=on-failure

# Restart=always

# always mean restart service even this service stop by yourself,using pkill or kill to stop a service.

RestartSec=15s

[Install]

WantedBy=multi-user.target

#

Set up boot boot

Systemctl enable mongodb

The other three nodes are the same as above.

Node0:

Generate SSL KEY file

Openssl rand-base64 741 > / usr/local/mongodb/mongodb.key

Copy the / usr/local/mongodb/mongodb.key file to the other three nodes

Configure mongodb

Node0:

Cat / usr/local/mongodb/etc/mongodb.conf

Dbpath=/var/lib/mongodb/datalogpath=/usr/local/mongodb/log/mongodb.log pidfilepath=/usr/local/mongodb/mongodb.piddirectoryperdb=truelogappend=true#replSet=mggroup1bind_ip=0.0.0.0port=27017oplogSize=10000fork=true#noprealloc=true#keyFile=/usr/local/mongodb/mongodb.keymaxConns=10000

If you need to execute mongod-f config_file_path directly, comment fork=true

Create a user

Start mongodb

Systemctl start mongodb

Open mongodb shell

Mongo-port 27017

Use admindb.createUser ({user: "mgpai", pwd: "passwd", roles: [{role: "userAdminAnyDatabase", db: "admin"}]}); db.createUser ({user: "mgroot", pwd: "passwd", roles: [{role: "root", db: "admin"]}) # exit quit () # View user db.system.users.find () # Delete user db.system.users.remove ({user:'username'})

Stop the node0 mongodb service

Systemctl stop mongodb

Cancel the following two comments in the / usr/local/mongodb/etc/mongodb.conf configuration file

# replSet=mggroup1

# keyFile=/usr/local/mongodb/mongodb.key

Node0 restarts the mongodb service

Systemctl start mongodb

The other 3 node profiles: cat / usr/local/mongodb/etc/mongodb.conf

Dbpath=/var/lib/mongodb/datalogpath=/usr/local/mongodb/log/mongodb.log pidfilepath=/usr/local/mongodb/mongodb.piddirectoryperdb=truelogappend=truereplSet=mggroup1bind_ip=0.0.0.0port=27017oplogSize=10000fork=true#noprealloc=truekeyFile=/usr/local/mongodb/mongodb.keymaxConns=10000

Mongodb service is enabled on the other three nodes.

Replica set configuration

Node0: log in to mongodb

Mongo 127.0.0.1 mgroot 27017 / admin-u mgroot-p

Enter password

Cfg = {_ id: 'mggroup1', members: [{_ id:0, host:'192.168.1.13:1707', priority:2}, {_ id:1, host:'192.168.1.16:1707', priority:1}, {_ id:2, host:'192.168.1.17:1707', priority:1}, {_ id:3, host:'192.168.1.19:1707', arbiterOnly:true} ]} # cfg variable can have a different name Initialization can only be performed once without conflicts with the main keywords of mongodb. If you want to cancel, delete the file under dbpath, restart the service rs.initiate (cfg) # to view the replica set status rs.status () # myState the status of this node, 1 for Primary, 2 for Secondary, 7 for Arbiter

Attachment: let the secondary of mongodb set support read operation

The secondary node in replica set is unreadable by default. In applications where there is more writing and less reading, Replica Sets is used to achieve the separation of reading and writing. By specifying the slaveOk at connection time or in the main library, the Secondary shares the read pressure, and the Primary only takes on the write operation.

If you access mongo through shell, query it in secondary. The following error occurs:

P_w_picpathSet:SECONDARY > db.fs.files.find ()

Error: {"$err": "not master and slaveOk=false", "code": 13435}

There are two ways to implement slave query:

The first method: db.getMongo (). SetSlaveOk ()

The second method: rs.slaveOk ()

But one drawback of this approach is that the next time you enter the instance through mongo, the query will still report an error, which can be done in the following ways

Vi / .mongorc.js

Add a line rs.slaveOk ()

In this way, you can query it every time you enter it through the mongo command.

The following exception will be reported if you are accessing secondary through java

Com.mongodb.MongoException: not talking to master and retries used up

There are many solutions.

The first method: call dbFactory.getDb (). SlaveOk () in the java code

The second method: call in the java code

DbFactory.getDb () .setReadPreference (ReadPreference.secondaryPreferred ()); / / read the secondary first in the replication set, and read from the master if the secondary cannot be accessed

Or

DbFactory.getDb () .setReadPreference (ReadPreference.secondary ()); / / read only from secondary, and cannot query if secondary cannot be accessed

The third method: when configuring mongo, add slave-ok= "true" to also support reading directly from secondary.

The above is how to turn on set authentication in mongodb. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Database

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report