MongoDB ReplicaSet身份验证问题与辅助

时间:2017-01-17 16:25:41

标签: mongodb mongoid mongoengine

我们有一个MongoDB(v 3.2.8)replicaSet,其配置如下:

replication:
  replSetName: replica
security:
  keyFile: mongo.key

我们的replicaSet状态rs.status()目前如下所示:

{
    "set" : "replica",
    "date" : ISODate("2016-11-11T15:43:29.164Z"),
    "myState" : 1,
    ...
    "members" : [
        {
            "_id" : 4,
            "name" : "mongo_1:27017",
            "health" : 1,
            "state" : 1,
            "stateStr" : "PRIMARY",
            "uptime" : 155,
            ...
            "self" : true
        }
        {
            "_id" : 5,
            "name" : "mongo_2:27017",
            "health" : 1,
            "state" : 1,
            "stateStr" : "SECONDARY",
            "uptime" : 145,
            ...
            "self" : false
        },
        {
            "_id" : 6,
            "name" : "mongo_3:27017",
            "health" : 1,
            "state" : 1,
            "stateStr" : "SECONDARY",
            "uptime" : 150,
            ...
            "self" : false
        }
    ],
    "ok" : 1
}

对于身份验证,我们在db.getUsers()数据库中有以下用户(admin):

[
    {
        "_id" : "admin.user",
        "user" : "user",
        "db" : "admin",
        "roles" : [
            {
                "role" : "clusterManager",
                "db" : "admin"
            },
            {
                "role" : "userAdminAnyDatabase",
                "db" : "admin"
            },
            {
                "role" : "clusterAdmin",
                "db" : "admin"
            },
            {
                "role" : "backup",
                "db" : "admin"
            },
            {
                "role" : "dbOwner",
                "db" : "db_users"
            },
            {
                "role" : "clusterMonitor",
                "db" : "admin"
            },
            {
                "role" : "restore",
                "db" : "admin"
            }
        ]
    }
]

当我们尝试从Rails应用程序进行连接时,我们会在次要成员的日志文件中收到身份验证错误:

I ACCESS   [conn221]  authenticate db: admin
{ authenticate: 1, user: "user", nonce: "xxx", key: "xxx" }
I ACCESS   [conn221] Failed to authenticate user@admin with mechanism
MONGODB-CR: AuthenticationFailed: MONGODB-CR credentials missing in
the user document
I ACCESS   [conn221] Unauthorized: not authorized on db_users
to execute command { aggregate: "mongo_users", pipeline: [...],
                     cursor: {}, allowDiskUse: true }

在从副本集中删除辅助成员时,每个读/写查询在主mongoDB服务器上都能正常工作。另请注意,命令mongo db_users -u user --password password --authenticationDatabase admin在所有三个成员上都可以在本地正常工作。我们的rails应用程序使用'mongoid' v(5.1.1) gem作为MongoDB客户端,mongoid.yml中包含以下设置。

production:
  clients:
    default:
      database: db_users
      hosts:
        - mongo_1:27017
        - mongo_2:27017
        - mongo_2:27017
      options:
        user: 'user'
        password: 'password'
        auth_source: admin
        safe: true
        wait_queue_timeout: 300
        read:
            mode: :secondary_preferred

在尝试使用我们的Flask后端上的mongo_engine进行连接时,我们也遇到类似的身份验证问题,不同之处在于,在security中启用了mongoid.conf选项后,它无法进行身份验证}。想知道我们是否在管理数据库中正确设置用户角色,或者是否有人在设置replicaSet配置时遇到类似问题,以及我们问题的可能解决方案。

0 个答案:

没有答案