Mongodb使用debian包中的安装后脚本创建root用户

时间:2014-09-16 09:13:31

标签: linux bash mongodb shell dpkg

我成功地从mongodb预编译的二进制文件创建了一个包。我想在安装后直接将用户添加到mongodb。所以我创建了以下安装后脚本:

~$ cat /var/lib/dpkg/info/mongodb-pc.postinst
#!/bin/sh
set -x
# script version: 20

cp -r /srv/mongodb/etc/sv/mongodb /etc/sv/
if [ ! -L  /etc/service/mongodb ] ; then
    ln -s /etc/sv/mongodb /etc/service/mongodb
fi
count=`egrep -c "^mongo:" /etc/group`
if [ $count -eq 0 ] ; then
    echo "No mongo group found ... adding ..."
    groupadd mongo
fi

/usr/bin/id -u mongo > /dev/null 2>&1
if [ $? -eq 1 ]; then
  echo "No mongo user found ... adding ..."
  useradd -s /dev/null -g mongo mongo
fi


chown -R mongo:mongo /srv/mongodb/data/
chown -R mongo:mongo /srv/mongodb/run/
chown -R mongo:mongo /srv/mongodb/log/

sv stop mongodb
auth_file=/srv/mongodb/etc/mongodb.auth
auth_script=/srv/mongodb/etc/get_or_create_admin.js
if [ ! -f $auth_file ] ; then
chpst -umongo /srv/mongodb/bin/mongod --config /srv/mongodb/etc/mongodb.conf --fork
echo "Waiting for 4 seconds for mongo to start up ..."
sleep 4
RANDKEY=`head -c 32 /dev/urandom | tr -dc 'a-zA-Z0-9'`
RANDKEY2=`head -c 32 /dev/urandom | tr -dc 'a-zA-Z0-9'`

umask 0277 # make sure only root can read this file!
cat <<EOF > $auth_script
conn = new Mongo();
db = conn.getDB("admin");

// query the systme.users collection to find if admin exists
var admin = db['system.users'].find( {"user": "admin"} )
var root = db['system.users'].find( {"user": "root"} )

if ( ! admin.hasNext()) {
// do the magic here:
    db.createUser(
                   {
                     user: "manager",
                     pwd: "${RANDKEY}",
                     roles : [ "userAdminAnyDatabase" ]
                   }
                 )
} else {
print(admin)
}
if ( ! root.hasNext()) {
// do the magic here:
    db.createUser(
                   {
                     user: "uebermanager",
                     pwd: "${RANDKEY2}",
                     roles : [ "root" ]
                   }
                 )
} else {
print(root)
}
EOF
umask 0022
chown root:mongo $auth_script
/srv/mongodb/bin/mongo admin $auth_script

umask 0277 # make sure only root can read this file!
cat <<EOF > $auth_file
manager:${RANDKEY}
uebermanager:${RANDKEY2}
EOF
umask 0022
kill -9 `cat /srv/mongodb/data/mongod.lock`
echo "Waiting for 4 seconds for mongo to shutdown ..."
sleep 4
fi

/usr/bin/sv up mongodb  > /dev/null 2>&1

似乎脚本运行得很好。这是输出:

$ sudo dpkg -i mongodb-plan-net_2.6.4-28_amd64.deb
Selecting previously unselected package mongodb-plan-net.
(Reading database ... 17378 files and directories currently installed.)
Unpacking mongodb-plan-net (from mongodb-pc_2.6.4-28_amd64.deb) ...
Setting up mongodb-plan-net (2.6.4-28) ...
+ cp -r /srv/mongodb/etc/sv/mongodb /etc/sv/
+ [ ! -L /etc/service/mongodb ]
+ egrep -c ^mongo: /etc/group
+ count=0
+ [ 0 -eq 0 ]
+ echo No mongo group found ... adding ...
No mongo group found ... adding ...
+ groupadd mongo
+ /usr/bin/id -u mongo
+ [ 1 -eq 1 ]
+ echo No mongo user found ... adding ...
No mongo user found ... adding ...
+ useradd -s /dev/null -g mongo mongo
+ chown -R mongo:mongo /srv/mongodb/data/
+ chown -R mongo:mongo /srv/mongodb/run/
+ chown -R mongo:mongo /srv/mongodb/log/
+ sv stop mongodb
ok: down: mongodb: 0s, normally up, want up
+ auth_file=/srv/mongodb/etc/mongodb.auth
+ auth_script=/srv/mongodb/etc/get_or_create_admin.js
+ [ ! -f /srv/mongodb/etc/mongodb.auth ]
+ chpst -umongo /srv/mongodb/bin/mongod --config /srv/mongodb/etc/mongodb.conf --fork
about to fork child process, waiting until server is ready for connections.
forked process: 20104
child process started successfully, parent exiting
+ echo Waiting for 4 seconds for mongo to start up ...
Waiting for 4 seconds for mongo to start up ...
+ sleep 4
+ head -c 32 /dev/urandom
+ tr -dc a-zA-Z0-9
+ RANDKEY=qMu2Tg
+ head -c 32 /dev/urandom
+ tr -dc a-zA-Z0-9
+ RANDKEY2=wG5DT61EK
+ umask 0277
+ cat
+ umask 0022
+ chown root:mongo /srv/mongodb/etc/get_or_create_admin.js
+ /srv/mongodb/bin/mongo admin /srv/mongodb/etc/get_or_create_admin.js
MongoDB shell version: 2.6.4
connecting to: admin
Successfully added user: { "user" : "manager", "roles" : [ "userAdminAnyDatabase" ] }
Successfully added user: { "user" : "uebermanager", "roles" : [ "root" ] }
+ umask 0277
+ cat
+ umask 0022
+ cat /srv/mongodb/data/mongod.lock
+ kill -9 20104
+ echo Waiting for 4 seconds for mongo to shutdown ...
Waiting for 4 seconds for mongo to shutdown ...
+ sleep 4
+ /usr/bin/sv up mongodb

脚本末尾的runit作业(/usr/bin/sv up mongodb使用--auth lauches mongodb)

问题:

请注意mongodb如何报告它添加了用户?但是,如果我在添加包后尝试直接连接,我就无法直接连接。 这是对事物的描述:

$ sudo cat /srv/mongodb/etc/mongodb.auth
 manager:k4YEzu
 uebermanager:7CquZ

$ sudo /srv/mongodb/bin/mongo  admin -u manager -p k4YEzu
MongoDB shell version: 2.6.4
Enter password:
connecting to: admin
2014-09-16T11:04:05.659+0200 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed

边位:

如果我在安装后在我的bash shell中执行以下步骤,我可以完美地连接到admin数据库

~$ sudo sv down mongodb
~$ sudo chpst -umongo /srv/mongodb/bin/mongod --config /srv/mongodb/etc/mongodb.conf --fork
about to fork child process, waiting until server is ready for connections.
forked process: 20833
child process started successfully, parent exiting
~$ sudo /srv/mongodb/bin/mongo admin /srv/mongodb/etc/get_or_create_admin.js
MongoDB shell version: 2.6.4
connecting to: admin
Successfully added user: { "user" : "manager", "roles" : [ "userAdminAnyDatabase" ] }
Successfully added user: { "user" : "uebermanager", "roles" : [ "root" ] }
~$ sudo kill -9 20833
~$ sudo sv up mongodb
~$ sudo /srv/mongodb/bin/mongo  admin -u manager -pk4YEzu
MongoDB shell version: 2.6.4
connecting to: admin
> exit
bye

问题:

如何使我的安装后脚本工作,以便我在安装后不必执行手动步骤?

1 个答案:

答案 0 :(得分:0)

嗯,解决方案发现:

mongodb文档声明:

  

警告

     

永远不要使用kill -9(即SIGKILL)来终止mongod实例。

在安装后的脚本中完成了哪些操作。我将违规行更改为:

/srv/mongodb/bin/mongod --shutdown --config /srv/mongodb/etc/mongodb.conf

这解决了这个问题。