###开启auth认证的mongodb的复制集

### 注意点

- 服务器节点之前时间要同步

- 开启防火墙的一定要允许通过

- 开启selinux的也要进行设置

- 建立双击互信模式最好不过

### 提前要做的事情

生产高端大气上档次的keyFile文件

[root@redisjournal]#opensslrand-base647533LC/EZGPOLXdVBQInqeKVglqNNWo2Et93ib51BQJZRAUB2gRUovi4b6ZkAeNAQxcvu3UEOLWA9IyWvHy6g3rAQ8lAWqVX+dIJ52Lf5EKiUp9uTwqlzGd6FKgtheN6hNLHV1YhwdzHLN7itmUgcTSe5qCSNJJijQh+OtKipkPH3laE+UxvC4rafPqNtzcBBjU7P2GOAq7zyHqT68IBysNzcdribb9qVQ35Q+kFG3sB4ne26pgk2qjnUYAK2r42BLmec6VfKw0LnemJsSCB1d2M+5fLMvBe8w59lOL7/n8IHeeT4jiTmFhrWcgyTATK7D316Zbf8DJOkHobfnW7v0eUJINAS7BrVLjItSR51qQ4nqQAQpWd5DyNCsycDcNIzQju9pGO2OzBiroOlo/tz/tLjS8jPHaa7GamOI+L+OF1sn9ytpSq0T0BswItbaNIFjrg97Nj6iwL86zblDY1U2380qBqKZdBP/yZdYi9Mj05328PdjPvF32vPt3wAHmkxTWzHXMELO6AO4q4LxTPUbIGuLzbeGoLF/ZZia5ndXWzJxVaLNUxxdzrCtcoCXvfwXwNXiN6Gg2Ep/IwkVZtNILtmbUZG51q45bb7afvS7p27P89WTk0TZ4rWNdnpNNJ1ryNwz8jMUFe9DdAY50KYUqYiIEDFltICYycnXwtmKYTpaun/6gXLKKp6PwHtfdid1tv6dkv1FHB0fU0bReOBTTSfaFkwbdKcxHcLV2p6xiFdRKLMGDrgCQNXlJN0SaUUgPU55DrScsWT3A6Pzx2Ga6yl/xnGaJpXBHb+g2gWFhSL64oo58KB4e1TQT5z/pkI0YOw+GLv8m82K2epU7hpTB6ks0PZcalGlGPy4OBxu7tNQqJIY/pLa60Gtqbs5KBCIXp7MV9JxCnOML68JU3ZKqlZUIkZeNSLpFXbnHNsuRtXWRuARdb3WM6BxsNS6uOfjA/iYa0dsUtz5w8z6CQOEJ0bPo5GjpA95WSjXnwiCY8Hvf[root@redisjournal]#

- 把生产的key复制到/usr/local/mongodb/key

- 设置key文件的权限为600

- 修改key文件的属主属组

[root@redismongodb]#lltotal72drwxr-xr-x2mongodbmongodb4096Jul1912:58bin-rw-r--r--1mongodbmongodb34520Jun1922:41GNU-AGPL-3.0-rw-r--r--1rootroot1020Jul2108:26key-rw-r--r--1mongodbmongodb5Jul2107:54mongo.pid-rw-r--r--1mongodbmongodb1359Jun1922:41README-rw-r--r--1mongodbmongodb17793Jun1922:41THIRD-PARTY-NOTICES[root@redismongodb]#chmod600key[root@redismongodb]#lltotal72drwxr-xr-x2mongodbmongodb4096Jul1912:58bin-rw-r--r--1mongodbmongodb34520Jun1922:41GNU-AGPL-3.0-rw-------1mongodbmongodb1020Jul2108:26key-rw-r--r--1mongodbmongodb5Jul2107:54mongo.pid-rw-r--r--1mongodbmongodb1359Jun1922:41README-rw-r--r--1mongodbmongodb17793Jun1922:41THIRD-PARTY-NOTICES[root@redismongodb]#

### 把key文件复制到另外一个节点上去

- 注意属组属主

- 创建一个全局账户

>>showdbsadmin(empty)local1.078GBtest(empty)>useadminswitchedtodbadmin>db.addUser("zhuima","zhuima")WARNING:The'addUser'shellhelperisDEPRECATED.Pleaseuse'createUser'insteadSuccessfullyaddeduser:{"user":"zhuima","roles":["root"]}>

### 主服务器配置文件

[root@redismongodb]#sed-e'/^$/d;/^#/d'/etc/mongod.confport=27017dbpath=/mongo/data/mongodb_data/logpath=/mongo/data/mongodb_log/mongodb.logpidfilepath=/usr/local/mongodb/mongo.pidfork=truelogappend=trueshardsvr=truedirectoryperdb=truereplSet=zhuimakeyFile=/usr/local/mongodb/keybind_ip=192.168.58.30

### 从服务器上配置文件

[root@mongo1data]#vim/etc/mongod.conf[root@mongo1data]#sed-e'/^$/d;/^#/d'/etc/mongod.conflogpath=/var/log/mongodb/mongod.loglogappend=truefork=truedbpath=/mongo/datapidfilepath=/var/run/mongodb/mongod.pidbind_ip=192.168.58.10replSet=zhuimakeyFile=/mongo/data/key

### 重启mongodb服务观察结果

- 初始化副本集

>rs.initiate()

- 由下面的可以看出，keyFile默认就包含了开启auth功能

zhuima:SECONDARY>showdbs2014-07-21T08:52:44.617+0200listDatabasesfailed:{"ok":0,"errmsg":"notauthorizedonadmintoexecutecommand{listDatabases:1.0}","code":13}atsrc/mongo/shell/mongo.js:47zhuima:SECONDARY>

### 验证信息

- 主节点上

zhuima:PRIMARY>showdbsadmin0.078GBlocal1.078GBzhuima:PRIMARY>usezhuimaswitchedtodbzhuimazhuima:PRIMARY>info={Name:"zhuima",Age:26,Gender:"F",Address:"BeijingChina"}{"Name":"zhuima","Age":26,"Gender":"F","Address":"BeijingChina"}zhuima:PRIMARY>db.person.insert(info)WriteResult({"nInserted":1})zhuima:PRIMARY>db.person.find(){"_id":ObjectId("53ccb955f09dbb6f5a213faf"),"Name":"zhuima","Age":26,"Gender":"F","Address":"BeijingChina"}zhuima:PRIMARY>

- 从节点上

zhuima:SECONDARY>showdbsadmin0.078GBlocal1.078GBzhuima0.078GBzhuima:SECONDARY>usezhuimaswitchedtodbzhuimazhuima:SECONDARY>showcollections2014-07-21T08:55:40.267+0200error:{"$err":"notmasterandslaveOk=false","code":13435}atsrc/mongo/shell/query.js:131zhuima:SECONDARY>rs.slaveOk()zhuima:SECONDARY>rs.slaveOk()zhuima:SECONDARY>showcollectionspersonsystem.indexeszhuima:SECONDARY>db.person.find(){"_id":ObjectId("53ccb955f09dbb6f5a213faf"),"Name":"zhuima","Age":26,"Gender":"F","Address":"BeijingChina"}zhuima:SECONDARY>

### 关于mongodb 复制集 + auth的配置要感谢灿哥的指点

灿哥博客：http://www.shencan.net/

### 后记：

生产环境中虽说mongdb不对外服务，但是加上auth认证总归是有好处的

还记得曾经被乌云爆过的痛么~

后续博客将会讲诉索引记忆分片操作