无法在 Swarm 上使用 Auth 构建 MongoDB replcaset
Fail to build MongoDB replcaset with Auth on Swarm
我正在尝试在具有身份验证的 docker 集群上创建一个 MongoDB 集群。
(我的进程在禁用身份验证时工作)
所以我在同一个加密覆盖网络上有 3 个 mongo 实例(从选项 --auth --replicaset REPLICASET_NAME 开始)。 (mongo1, mongo2 和 mongo3)
在具有 mongo1 个容器的节点上,我启动了副本集并创建了数据库管理员
docker exec -ti $(docker ps -f "name=mongo1" -q) mongo
> rs.initiate()
{
"info2" : "no configuration specified. Using a default configuration for the set",
"me" : "84ab8d1609c8:27017",
"ok" : 1
}
REPLICASET_NAME:SECONDARY> use admin
switched to db admin
REPLICASET_NAME:PRIMARY> db.createUser({ user: "myUserAdmin", pwd: "123456", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
Successfully added user: {
"user" : "myUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
REPLICASET_NAME:PRIMARY> exit
之后我创建了 clusterAdmin
docker exec -ti $(docker ps -f "name=mongo1" -q) mongo -u myUserAdmin --authenticationDatabase "admin" -p
MongoDB shell version v3.4.1
Enter password:
connecting to: mongodb://127.0.0.1:27017/admin
MongoDB server version: 3.4.1
REPLICASET_NAME:PRIMARY> db.createUser({user: "myClusterAdmin", pwd: "123456", roles: [ { role: "clusterAdmin", db: "admin" } ]})
Successfully added user: {
"user" : "myClusterAdmin",
"roles" : [
{
"role" : "clusterAdmin",
"db" : "admin"
}
]
}
REPLICASET_NAME:PRIMARY> exit
现在使用clusterAdmin添加replicaset成员时出现错误
docker exec -ti $(docker ps -f "name=mongo1" -q) mongo -u myClusterAdmin -p
MongoDB shell version v3.4.1
Enter password:
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.1
REPLICASET_NAME:PRIMARY>rs.add("mongo2")
{
"ok" : 0,
"errmsg" : "Quorum check failed because not enough voting nodes responded; required 2 but only the following 1 voting nodes responded: c4fe398cc7b8:27017;
the following nodes did not respond affirmatively: mongo2:27017 failed with not authorized on admin to execute command { replSetHeartbeat: \"REPLICASET_NAME\", pv:
1, v: 2, from: \"c4fe398cc7b8:27017\", fromId: 0, checkEmpty: false }",
"code" : 74,
"codeName" : "NodeNotFound"
}
所以我有一个 "NodeNotFound" 错误,但我可以从 mongo1 ping mongo2 并且 mongo2 响应
docker exec -ti $(docker ps -f "name=mongo1" -q) mongo --host mongo2 -u myUserAdmin -p
MongoDB shell version v3.4.1
Enter password:
connecting to: mongodb://mongo2:27017/
MongoDB server version: 3.4.1
2017-01-12T16:09:34.043+0000 E QUERY [main] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1459:20
@(auth):6:1
@(auth):1:2
exception: login failed
所以你知道为什么它不起作用吗?
我做了一些蠢事 :p ?
在此先感谢您的帮助 ;)
所以我找到了解决办法。
只是我使用一个密钥文件来验证每个 mongo 节点。
https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/
但这没有用,因为 swarm 创建的加密网络覆盖。
我正在尝试在具有身份验证的 docker 集群上创建一个 MongoDB 集群。 (我的进程在禁用身份验证时工作)
所以我在同一个加密覆盖网络上有 3 个 mongo 实例(从选项 --auth --replicaset REPLICASET_NAME 开始)。 (mongo1, mongo2 和 mongo3)
在具有 mongo1 个容器的节点上,我启动了副本集并创建了数据库管理员
docker exec -ti $(docker ps -f "name=mongo1" -q) mongo
> rs.initiate()
{
"info2" : "no configuration specified. Using a default configuration for the set",
"me" : "84ab8d1609c8:27017",
"ok" : 1
}
REPLICASET_NAME:SECONDARY> use admin
switched to db admin
REPLICASET_NAME:PRIMARY> db.createUser({ user: "myUserAdmin", pwd: "123456", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
Successfully added user: {
"user" : "myUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
REPLICASET_NAME:PRIMARY> exit
之后我创建了 clusterAdmin
docker exec -ti $(docker ps -f "name=mongo1" -q) mongo -u myUserAdmin --authenticationDatabase "admin" -p
MongoDB shell version v3.4.1
Enter password:
connecting to: mongodb://127.0.0.1:27017/admin
MongoDB server version: 3.4.1
REPLICASET_NAME:PRIMARY> db.createUser({user: "myClusterAdmin", pwd: "123456", roles: [ { role: "clusterAdmin", db: "admin" } ]})
Successfully added user: {
"user" : "myClusterAdmin",
"roles" : [
{
"role" : "clusterAdmin",
"db" : "admin"
}
]
}
REPLICASET_NAME:PRIMARY> exit
现在使用clusterAdmin添加replicaset成员时出现错误
docker exec -ti $(docker ps -f "name=mongo1" -q) mongo -u myClusterAdmin -p
MongoDB shell version v3.4.1
Enter password:
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.1
REPLICASET_NAME:PRIMARY>rs.add("mongo2")
{
"ok" : 0,
"errmsg" : "Quorum check failed because not enough voting nodes responded; required 2 but only the following 1 voting nodes responded: c4fe398cc7b8:27017;
the following nodes did not respond affirmatively: mongo2:27017 failed with not authorized on admin to execute command { replSetHeartbeat: \"REPLICASET_NAME\", pv:
1, v: 2, from: \"c4fe398cc7b8:27017\", fromId: 0, checkEmpty: false }",
"code" : 74,
"codeName" : "NodeNotFound"
}
所以我有一个 "NodeNotFound" 错误,但我可以从 mongo1 ping mongo2 并且 mongo2 响应
docker exec -ti $(docker ps -f "name=mongo1" -q) mongo --host mongo2 -u myUserAdmin -p
MongoDB shell version v3.4.1
Enter password:
connecting to: mongodb://mongo2:27017/
MongoDB server version: 3.4.1
2017-01-12T16:09:34.043+0000 E QUERY [main] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1459:20
@(auth):6:1
@(auth):1:2
exception: login failed
所以你知道为什么它不起作用吗? 我做了一些蠢事 :p ?
在此先感谢您的帮助 ;)
所以我找到了解决办法。 只是我使用一个密钥文件来验证每个 mongo 节点。 https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/
但这没有用,因为 swarm 创建的加密网络覆盖。