Permission authentication_MongoDBreplset permission authentication configuration steps

Preface: This article is organized by the editor of Programming Notes# and mainly introduces the knowledge related to the MongoDB repl set permission authentication configuration steps. I hope it will be of certain reference value to you.

replica setPermission authentication

To generate a keyfile file for permissions between nodes Certified

1. mkdir -p /mnt/mongodb/rs/config

2. cd /mnt/mongodb/rs/config

3. openssl rand -base64 741 > mongodb-keyfile

4. chmod 300 mongodb-keyfile

The one on the official website is 600, it must be changed to 300, if If not, will be written in mongodb.log during startup because the permissions are too open, causing startupmongodb to fail! (First make sure you have installed openssl, if not , yum install openssl)

Copy mongodb-keyfile to the directory corresponding to each node. If mongodb has been started before, , use mongoAfter entering the terminal, first check which node is the primary node, rs.status(); Go to the primary node and execute:

1. use admin #Select the data that requires authentication

2. db.addUser(&#39 ;name','password');

Of course, you can also use a self-built library for permission authentication

1. use test1

2. db.addUser('test&#39 ;,'123456');

After the prompt is added successfully, everything stops and each node executesdb.shutdownServer();Then add the following two lines to the mongod.conf file:

1. auth=true

2. keyFile=/mnt/mongodb/rs/confile/mongodb-keyfile

Finally restart them all!

Enter the master node terminal and enter

db.runCommand({getLastError:1, w: N });

If there is no N, or less than 2, the command will return immediately. If N Equal to 2, the master node will respond to the command until at least one slave node has copied the previous operation (the master node itself is also included in N). The master node uses the “syncedTo” information stored in local.slaves to track the updates of the slave nodes.

When the “w” option is specified, the “wtimeout” option can also be used, indicating the unit is milliseconds. timeout. getLastErrorwill return an error when the previous operation times out when copying to N nodes(By default, the command does not timeout ).

Blocking replication will cause the write operation to be significantly slower, especially when the value of “w” is relatively large. In fact, setting its value to 2 or 3 for important operations can achieve both efficiency and security.