我已按照How do I add an admin user to Mongo in 2.6?
中提到的步骤进行操作首先," auth = true"在/etc/mongod.conf文件中注释掉,以便不进行身份验证,我可以在各自的dbs中创建以下用户。
管理员:
use admin;
db.createUser({user: "mongoRoot", pwd: "password", roles: [{role: "root", db: "admin"}]});
db.createUser({user: "mongoAdmin", pwd: "password", roles: ["readWrite"]});
db.createUser({user: "siteUserAdmin", pwd: "password", roles: [{role: "userAdminAnyDatabase", db: "admin"}]});
db.createUser({user: "mongoDBAdmin", pwd: "password", roles: [{role: "dbAdmin", db: "admin"}]});
db.createUser({user: "mongoDBOwner", pwd: "password", roles: [{role: "dbOwner", db: "admin"}]});
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]}); (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin', the user mongoWrite is able to login as done in https://gist.github.com/tamoyal/10441108)
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]}); (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin', the user mongoRead is able to login as done in https://gist.github.com/tamoyal/10441108)
配置:
use config;
db.createUser({user: "mongoConfig", pwd: "password", roles: [{role: "readWrite", db: "config"}]});
测试:
use test;
db.createUser({user: "mongoTest", pwd: "password", roles: [{role: "readWrite", db: "test"}]});
mongo_database:
use mongo_database;
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]});
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]});
db.createUser({user: "mongoAdmin", pwd: "password", roles: [{role: "readWrite", db: "mongo_database"}]});
确保添加了所有必需的用户后,通过取消注释" auth = true"打开身份验证。在/etc/mongod.conf文件中并重新启动mongodb。
[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({ "nInserted" : 1 })
rs0:PRIMARY> exit
bye
[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on mongo_database to execute command { insert: \"test\", documents: [ { _id: ObjectId('559bba6ead81843e121c5ac7'), Hello: \"World\" } ], ordered: true }"
}
})
rs0:PRIMARY>
到目前为止,一切正常。遇到的唯一问题是我的日志文件被每分钟几万行的以下2行轰炸,并且在很短的时间内,我的磁盘空间不足。
2015-07-07T11:40:28.340+0000 [conn3] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55913d82b47aa336e4f971c2') }
2015-07-07T11:40:28.340+0000 [conn2] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55923232e292bbe6ca406e4e') }
只是提出一个想法,在10秒的时间内,生成10 MB的日志文件,仅包含上面提到的2行。
[ec2-user@ip-xxx-xx-xx-xx ~]$ date
Tue Jul 7 11:44:01 UTC 2015
[ec2-user@ip-xxx-xx-xx-xx ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvdh 4.8G 388M 4.2G 9% /log
[ec2-user@ip-xxx-xx-xx-xx ~]$ date
Tue Jul 7 11:44:14 UTC 2015
[ec2-user@ip-xxx-xx-xx-xx ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvdh 4.8G 398M 4.2G 9% /log
据我所知,身份验证似乎运行正常。只是日志以超音速加速。我究竟做错了什么?请帮忙。在此先感谢。
答案 0 :(得分:1)
过多的日志记录来自配置服务器,即使在启用了身份验证的情况下将身份验证添加到配置服务器之后,它也不会停止。升级到mongo 3.0.4用于副本集,打开副本集上的身份验证并在配置服务器上将mongo升级到3.0.4并且它开始正常工作没有任何问题(mongo 2.6.x上的相同步骤会导致我提到的问题以上)。因此,我们计划升级到3.0.4以绕过此问题。希望,对某人有所帮助。