When deploying a mongodb cluster, in some places with high security requirements, you need to enable password authentication to log in to the mongo cluster.
The following method is set up in a 3-node cluster based on mongodb version 3.6.
1. Generate a cluster verification key file
1) Enter the data directory of mongodb and create a keyfile directory
2) Use openssl to generate a key file
3) Modify the key file permission to 400
4) Copy the key file to the corresponding directory of each mongodb node
The command is as follows:
#cd /home/memdb/mongodb/conf #openssl rand -base64 741 > /home/mongodb/data/mongo-keyfile #chmod 400 ./ mongo-keyfile |
2. Create an authenticated user
Before authentication is enabled, create a user:
1) Use mongo to connect to the mongos port:
$bin/mongo IP:mongos port
2) Switch to the admin library and create a user:
use admin db.createUser( { user: "cluster", pwd: "cluster", roles: [ { role: "clusterAdmin", db: "admin" } ] }); db.createUser( { user: "super", pwd: "super", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] }); use test db.createUser( { user: "admin", pwd: "admin", roles: [ { role: "dbOwner", db: "test" } ] } ) |
3. Increase the verification attribute of the configuration file
1) Mongo.conf file:
security: keyFile: "/home/mongodb/data/mongodb-keyfile" clusterAuthMode: "keyFile" authorization: "enabled"
|
config and mongos only need to add the above two attributes.
4. Restart the cluster
After the above is completed, restart the entire mongodb cluster.
Start up in the original order. If there is an error, the startup order can be changed to
1) Start all config components first
2) Restart all mongod components
3) Finally start the mongos component