Mongodb4.2.6使用keyfile认证副本集安装in Centos7
destination: file
path: /data/mongodb/27017/log/mongodb.log
logAppend: true
storage:
journal:
enabled: true
dbPath: /data/mongodb/27017/data
directoryPerDB: true
wiredTiger:
engineConfig:
directoryForIndexes: true
collectionConfig:
blockCompressor: zlib
indexConfig:
prefixCompression: true
processManagement:
fork: true
net:
port: 27017
bindIp: 192.168.0.1
replication:
oplogSizeMB: 2048
replSetName: rep001
#security:
#keyFile: "/data/mongodb/27017/conf/mongo.key"
#authorization: enabled
#clusterAuthMode: keyFile
##初始化副本集
config = {_id: 'rep1', members: [
{_id: 0, host: '192.168.0.1:27017'},
{_id: 1, host: '192.168.0.1:27018'},
{_id: 2, host: '192.168.0.1:27019'}]
}
rs.initiate(config)
如果中途没有报错则可以使用
use admin
rs.status() #查看状态是不是3个角色分别为Primary/Secondary,记录下为Primary角色的端口号
三.新建用户分别建立管理员/集群管理员/普通用户(按需指定db上的权限)
##在主节点执行 仅在主节点执行,进入Primary角色命令行
mongo 192.168.0.1:27017
use admin
##管理员
db.createUser(
{
user:"admin",
pwd:"yyss2020",
roles:[{role:"readWriteAnyDatabase",db:"admin"},{role:"dbAdminAnyDatabase",db:"admin"},{role:"userAdminAnyDatabase",db:"admin"}]
}
)
##集群管理员
db.createUser(
{
user:"clusteradmin",
pwd:"yyss2020",
roles:[{role:"clusterAdmin",db:"admin"},{role:"clusterManager",db:"admin"},{role:"clusterMonitor",db:"admin"}]
}
)
##普通使用用户
use testdb
db.createUser(
{
user:"dev",
pwd:"devmm2020",
roles:[{role:"readWrite",db:"testdb"},{role:"dbAdmin",db:"testdb"},{role:"userAdmin",db:"testdb"}]
}
)
cd /data/mongodb/27017/conf
openssl rand -base64 2048 > mongo.key #如果是不同机器分别拷到相应目录