Mongodb 集群配置用户名密码认证

Mongodb集群配置登陆认证跟单节点的不同，本文主要介绍一下配置的流程

1. 启动mongodb集群，不开启auth，配置admin数据库用户

use admin
db.createUser( {
    user: "admin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  });

2. 中止mongodb集群

3. 在其中一个replica 节点上，配置 keyfile，keyfile用于各个节点之间验证

openssl rand -base64 741 > mongodb-keyfile
chmod 600 mongodb-keyfile

 4. 将keyfile 拷贝到 replica 节点，mongo config，mongos 节点上

5. 启动mongod，mongo config ，mongos 

 集群配置，本文不具体介绍，每一个服务都须要加上

--keyFile /mysecretdirectory/mongodb-keyfile

mongod --keyFile /mysecretdirectory/mongodb-keyfile --replSet "rs0"
mongod --keyFile /mysecretdirectory/mongodb-keyfile -f /etc/mongod-config.conf
mongos --keyFile /mysecretdirectory/mongodb-keyfile ...

6. 启动mongodb 集群

7. mongos链接，建立用户和测试结果

[root@packone18 ~]# mongo --port 30000 -u admin -p abc123 --authenticationDatabase admin
mongos >> use testdb
mongos >> db.createUser(
  {
    user: "test_user",
    pwd: "abc123",
    roles: [ { role: "readWrite", db: "testdb" } ]
  }
);
mongos >> db.auth(‘test_user’,’abc123’)
   测试结果
[root@packone18 ~]# mongo --port 30000 -u test_user -p abc123 --authenticationDatabase testdb
MongoDB shell version: 3.2.10
connecting to: 127.0.0.1:30000/test
mongos> show collections;
2016-11-03T10:44:56.655+0800 E QUERY    [thread1] Error: listCollections failed: {
	"ok" : 0,
	"errmsg" : "not authorized on test to execute command { listCollections: 1.0, filter: {} }",
	"code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:773:1
DB.prototype.getCollectionInfos@src/mongo/shell/db.js:785:19
DB.prototype.getCollectionNames@src/mongo/shell/db.js:796:16
shellHelper.show@src/mongo/shell/utils.js:754:9
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1

mongos> use testdb;
switched to db testdb
mongos> show collections;
mongos> db.t1.insert({'name':'jake'});
WriteResult({ "nInserted" : 1 })
mongos> db.t1.find();
{ "_id" : ObjectId("581aa4bc38ffdf457e2e2c30"), "name" : "jake" }