mongodb6rc10 增加密码认证

2022-06-19

1、sed -i ‘s/fork: true/fork: false/g’ /data1/mongodb/config/*.conf;sed -i ‘s|\/log|\/logs|g’ /data1/mongodb/config/*.conf

2,旧版本是在配置文件中添加auth=true配置,开启安全认证。
config.conf
auth: true

3、现在是在所有config.conf和shard.conf中增加两项安全认证配置:

#生成key,# 该key的权限必须是600

openssl rand -base64 745 > /data1/mongodb/config/keyfile
chmod 600 /data1/mongodb/config/keyfile

security:
keyFile: /data1/mongodb/config/keyfile
authorization: enabled

4、在所有mongos.conf添加,去掉authorization: enabled:
security:
keyFile: /data1/mongodb/config/keyfile

5、切换admin数据库创建需要的角色权限以方便对数据库进行管理,注:第一个创建的用户必须在admin库中创建。
db.auth(“admin”,”password1″);

use admin
db.createUser({user:”admin”,pwd:”password1″,
roles:[
{
“role”: “dbAdminAnyDatabase”,
“db”:”admin”
},
{
“role”: “userAdminAnyDatabase”,
“db”:”admin”
},
{
“role”: “readWriteAnyDatabase”,
“db”:”admin”
}
]
})

show users;

6、MongoServerError: Invalid replication write concern. User management write commands may only use w:1 or w:’majority’, got: { w: 2, wtimeout: 0, provenance: “customDefault” }

db.adminCommand({ “setDefaultRWConcern”: 1, “defaultWriteConcern”: { “w”: 1 } })

7、use crmdb
db.createCollection(‘test’)
db.createUser(
{
user:”crmuser”,
pwd:”password2″,
roles:[{role:”dbOwner”,db:”crmdb”}]
})

8、mongosh
https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-6.0.0-rc10.tgz
https://downloads.mongodb.com/compass/mongodb-mongosh-shared-openssl11-1.5.0.x86_64.rpm

IP=172.20.90.88
port=7000
mongosh –quiet ${IP}:${port}/db –authenticationDatabase db -u user -p password2

分类:Linux数据库 | 标签: |

相关日志

评论被关闭!