1.启动分片集群的所有节点 2.登录路由节点添加一个管理员帐号 1 2 3 4 mongos> use admin switched to db admin mongos> db.createUser({user:"myroot",pwd:"123456",roles:["root"]}) Successfully added user: { "user" : "myroot", "roles" : [ "root" ] }
3.创建副本集认证的key文件 (1) 生成一个 key 文件
1 2 3 4 5 [root@localhost sharded_cluster]# openssl rand -base64 90 -out ./mongo.keyfile [root@localhost sharded_cluster]# chmod 400 ./mongo.keyfile [root@localhost sharded_cluster]# ls -l total 4 -r--------. 1 root root 122 Mar 27 17:16 mongo.keyfile
(2) 将 key 文件分别拷贝到每个节点中
1 2 3 4 5 6 7 8 9 10 11 12 13 14 [root@localhost sharded_cluster]# cp mongo.keyfile myshardrs01_27018/ [root@localhost sharded_cluster]# cp mongo.keyfile myshardrs01_27118/ [root@localhost sharded_cluster]# scp mongo.keyfile root@192.168.76.132:/mongodb/sharded_cluster/myshardrs01_27218/ [root@localhost sharded_cluster]# cp mongo.keyfile myshardrs02_27318/ [root@localhost sharded_cluster]# cp mongo.keyfile myshardrs02_27418/ [root@localhost sharded_cluster]# scp mongo.keyfile root@192.168.76.132:/mongodb/sharded_cluster/myshardrs02_27518/ [root@localhost sharded_cluster]# cp mongo.keyfile myconfigrs_27019/ [root@localhost sharded_cluster]# cp mongo.keyfile myconfigrs_27119/ [root@localhost sharded_cluster]# cp mongo.keyfile myconfigrs_27219/ [root@localhost sharded_cluster]# cp mongo.keyfile mymongos_27017/ [root@localhost sharded_cluster]# cp mongo.keyfile mymongos_27117/
4.修改配置文件指定keyfile 1 2 3 4 5 6 7 8 9 10 11 12 13 14 [root@localhost sharded_cluster]# vim myshardrs01_27018/mongod.conf [root@localhost sharded_cluster]# vim myshardrs01_27118/mongod.conf [root@localhost sharded_cluster]# vim myshardrs01_27218/mongod.conf [root@localhost sharded_cluster]# vim myshardrs02_27318/mongod.conf [root@localhost sharded_cluster]# vim myshardrs02_27418/mongod.conf [root@localhost sharded_cluster]# vim myshardrs02_27518/mongod.conf [root@localhost sharded_cluster]# vim myconfigrs_27019/mongod.conf [root@localhost sharded_cluster]# vim myconfigrs_27119/mongod.conf [root@localhost sharded_cluster]# vim myconfigrs_27219/mongod.conf [root@localhost sharded_cluster]# vim mymongos_27017/mongos.conf [root@localhost sharded_cluster]# vim mymongos_27117/mongos.conf
添加配置
数据分片节点 和 配置节点 的配置
1 2 3 4 5 security: #KeyFile鉴权文件 keyFile: /mongodb/sharded_cluster/myshardrs01_27018/mongo.keyfile #开启认证方式运行 authorization: enabled
路由节点的配置
1 2 3 security: #KeyFile鉴权文件 keyFile: /mongodb/sharded_cluster/mymongos_27017/mongo.keyfile
路由节点 mongos 比 mongod 少了 authorization:enabled 的配置,mongos 只做路由,不保存数据
5.依次启动节点 依次启动配置节点、分片节点、路由节点
1 2 3 4 5 6 7 8 9 10 11 12 13 [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myconfigrs_27019/mongod.conf [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myconfigrs_27119/mongod.conf [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myconfigrs_27219/mongod.conf [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myshardrs01_27018/mongod.conf [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myshardrs01_27118/mongod.conf [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myshardrs01_27218/mongod.conf [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myshardrs02_27318/mongod.conf [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myshardrs02_27418/mongod.conf [root@localhost bin]# ./mongod -f /mongodb/sharded_cluster/myshardrs02_27518/mongod.conf [root@localhost bin]# ./mongos -f /mongodb/sharded_cluster/mymongos_27017/mongos.conf [root@localhost bin]# ./mongos -f /mongodb/sharded_cluster/mymongos_27117/mongos.conf
6.创建账号和认证 (1) 创建一个普通账号
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [root@localhost bin]# ./mongo --host=192.168.76.128 --port=27017 mongos> use admin switched to db admin mongos> db.auth("myroot", "123456") 1 mongos> use articledb switched to db articledb mongos> show collections author comment mongos> db.createUser({ user: "denial", pwd: "123456", roles: [{ role: "readWrite", db: "articledb"}] }) Successfully added user: { "user" : "denial", "roles" : [ { "role" : "readWrite", "db" : "articledb" } ] }
通过mongos添加的账号信息,只会保存到配置节点的服务中,具体的数据节点不保存账号信息,因此,分片中的账号信息不涉及到同步问题
(2) 退出登录,使用普通账号登录
1 2 3 4 5 6 7 8 9 10 11 [root@localhost bin]# ./mongo --host=192.168.76.128 --port=27017 mongos> use articledb switched to db articledb mongos> db.auth("denial", "123456") 1 mongos> show collections author comment mongos> db.comment.count() 1000
7.SpringDataMongoDB连接认证 application.yml
1 2 3 4 spring: data: mongodb: uri: mongodb://denial:123456@192.168.76.128:27017,192.168.76.128:27117/articledb
8.Compass 连接认证 (1) 登录 myroot 用户
(2) 登录普通用户
