Mongo 连接器无法连接到 mongos

Mongo connector unable to connect to mongos

我正在使用具有 clusterAdmin 和备份角色的用户连接到 mongo,但出现错误:

2017-02-09 17:51:23,254 [ERROR] mongo_connector.util:96 - Fatal Exception
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 94, in wrapped
    func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 370, in run
    'listShards')['shards']:
  File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 78, in retry_until_ok
    return func(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 494, in command
    codec_options, **kwargs)
  File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 406, in _command
    parse_write_concern_error=parse_write_concern_error)
  File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 419, in command
    collation=collation)
  File "/usr/lib64/python2.7/site-packages/pymongo/network.py", line 116, in command
    parse_write_concern_error=parse_write_concern_error)
  File "/usr/lib64/python2.7/site-packages/pymongo/helpers.py", line 210, in _check_command_response
    raise OperationFailure(msg % errmsg, code, response)
OperationFailure: not authorized on admin to execute command { listShards: 1 }

Required Permissions 下的这个页面说获取 mongo-connector 运行ning 的最简单方法是创建一个具有备份角色的用户:

https://github.com/mongodb-labs/mongo-connector/wiki/Usage-with-Authentication

db.getSiblingDB("admin").createUser({ user:"backup",pwd:"password_here", roles: ["backup"] })

但我什至无法连接到这样的用户(身份验证错误):

2017-02-10 16:52:01,448 [ERROR] mongo_connector.util:96 - Fatal Exception
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 94, in wrapped
    func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 398, in run
    hosts, replicaSet=repl_set)
  File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 299, in create_authed_client
    client['admin'].authenticate(self.auth_username, self.auth_key)
  File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 1048, in authenticate
    connect=True)
  File "/usr/lib64/python2.7/site-packages/pymongo/mongo_client.py", line 505, in _cache_credentials
    sock_info.authenticate(credentials)
  File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 523, in authenticate
    auth.authenticate(credentials, self)
  File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 470, in authenticate
    auth_func(credentials, sock_info)
  File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 450, in _authenticate_default
    return _authenticate_scram_sha1(credentials, sock_info)
  File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 201, in _authenticate_scram_sha1
    res = sock_info.command(source, cmd)
  File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 419, in command
    collation=collation)
  File "/usr/lib64/python2.7/site-packages/pymongo/network.py", line 116, in command
    parse_write_concern_error=parse_write_concern_error)
  File "/usr/lib64/python2.7/site-packages/pymongo/helpers.py", line 210, in _check_command_response
    raise OperationFailure(msg % errmsg, code, response)
OperationFailure: Authentication failed.

当我使用这些用户和 运行 命令登录 mongos 时 

db.getSiblingDB("admin").runCommand( { listShards: 1 } )

我得到一个分片列表没有问题

 {
        "shards" : [
                {
                        "_id" : "shard001",
                        "host" : "shard001/timgrhlmdb01:27020,timgrhlmdb02:27020",
                        "state" : 1
                },
                {
                        "_id" : "shard002",
                        "host" : "shard002/timgrhlmdb03:27020,timgrhlmdb04:27020",
                        "state" : 1
                }
        ],
        "ok" : 1
}

那么这是什么意思:

OperationFailure:管理员未授权执行命令 { listShards:1 }

更新

我从头开始重建集群,但仍然遇到同样的问题:OperationFailure: 未授权管理员执行命令 { listShards: 1 }

我也试过用户 'backup' 只有角色 'clusterManager' 和 'readAnyDatabase'。这允许用户列出分片,但现在 mongo-connector 失败 'Authentication failed':

{ "_id" : "admin.backup", "user" : "backup", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "pWcEU7uFqfHPgGe8z+E9Wg==", "storedKey" : "k2tapXQPtM2dHlxYnJiWVxO/rtg=", "serverKey" : "EGG8M4i27OYBy+fLYaL13+Nn4mc=" } }, "roles" : [ { "role" : "readAnyDatabase", "db" : "admin" }, { "role" : "clusterManager", "db" : "admin" } ] }

通过 运行 执行此命令检查用户:

db.system.users.find({})

确保您创建的用户具有 backup 角色,如果您可以作为 backup 用户登录并且您也可以 运行这些命令,这意味着 backup 用户已创建并被授予角色及其权限。

确保您具有 clusterManager 的角色来执行此操作。

Provides management and monitoring actions on the cluster. A user with this role can access the config and local databases, which are used in sharding and replication, respectively.

Provides the following actions on the cluster as a whole:

  • addShard
  • appendOplogNote
  • applicationMessage
  • cleanupOrphaned
  • flushRouterConfig
  • listShards
  • removeShard etc

看看built-in-roles

顺便说一下,看看这个 issue。希望这有帮助。

提交给 mongodb-labs/mongo-connector 的错误的响应:

This is indeed a subtle bug introduced in #563. We changed a find on config.shards into a call to listShards assuming that it would have no change in behavior. Unfortunately (and annoyingly), the backup role has privileges to read the list of shards in the config.shards collection but, as you can see, does not have the privilege to run the listShards command. I'll revert this change to fix the problem in the upcoming 2.5.1 bug-fix release.

In the meantime, you will need to grant the mongo-connector user the backup AND clusterMonitor roles.

An important point that is not yet mentioned in the documentation is that the user must be created on a mongos and all the shards. This enables mongo-connector to authenticate to the cluster as a whole and to each shard individually.

现在可以使用了!耶

这将教我遵循手册,哈哈!