Set up
https://blog.csdn.net/zzti_erlie/article/details/90675559
Begin configuring
1. Generate a secret key file, modify the permissions
openssl rand -base64 756 > /home/edison/mongodb/conf/auth_20000.conf
chmod 400 /home/edison/mongodb/conf/auth_20000.conf
2. distributed to other machines
scp /home/edison/mongodb/conf/auth_20000.conf edison@of-ad-dev-002:/home/edison/mongodb/conf/
scp /home/edison/mongodb/conf/auth_20000.conf edison@of-ad-dev-003:/home/edison/mongodb/conf/
3. Create an administrator account
Log Renyiyitai mongo
mongo of-ad-dev-001:20000
use admin
db.createUser(
{
user:"root",
pwd:"5KvQosdn8U9mdgY2",
roles:[{role:"root",db:"admin"}]
}
)
Three servers in the cluster, shut down the server mongod and mongos
killall mongod
killall mongos
4. reconfiguration and mongos mongod
4.1 mongod turn on each machine (note that not all mongod mongos) configuration file by adding the following paragraph configuration. As I of-ad-dev-001 config server on, and finally add the following statement shard1, shard2, shard3 profile
security:
keyFile: /home/edison/mongodb/conf/auth_20000.conf
authorization: enabled
4.2 In the last mongos configuration file on each machine will add the following statement
security:
keyFile: /home/edison/mongodb/conf/auth_20000.conf
mongos 4.3 restart each node, config server, shard server
5 clusters connected mongodb
mongo of-ad-dev-001:20000 -u root -p 5KvQosdn8U9mdgY2 --authenticationDatabase admin
Common user roles
character name | Explanation |
---|---|
read | It allows the user to specify the database to read |
readWrite | It allows the user to specify the database to read and write |
dbAdmin | It allows users to perform the specified database management functions, such as indexing to create, delete, view statistics or access system.profile |
userAdmin | Allowing a user to write to system.users, you can find specify the database to create, delete, and manage users |
clusterAdmin | Admin only available in the database, the user gives all privileges fragmentation and replication sets correlation function |
readAnyDatabase | Admin is only available in the database, giving users read access to all databases |
readWriteAnyDatabase | Admin is only available in the database, giving users read and write access to all databases |
userAdminAnyDatabase | Admin is only available in the database, the user gives permission to all databases userAdmin |
dbAdminAnyDatabase | Admin is only available in the database, the user gives permission to all databases dbAdmin |
root | Admin is only available in the database. Super accounts, super powers |
Reference blog
[1]https://www.cnblogs.com/pl-boke/p/10064489.html
[2]https://blog.csdn.net/jeanette_zlj/article/details/79563954