mongoDB :用户身份验证工作正常,但在日志中得到 "Unauthorized not authorized on admin to execute command"
mongoDB : Authentication of user is working fine, but getting "Unauthorized not authorized on admin to execute command" in the logs
我已按照 How do I add an admin user to Mongo in 2.6?
中提到的步骤进行操作
首先,/etc/mongod.conf 文件中的 "auth=true" 被注释掉,这样身份验证就没有完成,我可以在各自的数据库中创建以下用户。
管理员:
use admin;
db.createUser({user: "mongoRoot", pwd: "password", roles: [{role: "root", db: "admin"}]});
db.createUser({user: "mongoAdmin", pwd: "password", roles: ["readWrite"]});
db.createUser({user: "siteUserAdmin", pwd: "password", roles: [{role: "userAdminAnyDatabase", db: "admin"}]});
db.createUser({user: "mongoDBAdmin", pwd: "password", roles: [{role: "dbAdmin", db: "admin"}]});
db.createUser({user: "mongoDBOwner", pwd: "password", roles: [{role: "dbOwner", db: "admin"}]});
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]}); (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin', the user mongoWrite is able to login as done in https://gist.github.com/tamoyal/10441108)
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]}); (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin', the user mongoRead is able to login as done in https://gist.github.com/tamoyal/10441108)
配置:
use config;
db.createUser({user: "mongoConfig", pwd: "password", roles: [{role: "readWrite", db: "config"}]});
测试:
use test;
db.createUser({user: "mongoTest", pwd: "password", roles: [{role: "readWrite", db: "test"}]});
mongo_database:
use mongo_database;
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]});
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]});
db.createUser({user: "mongoAdmin", pwd: "password", roles: [{role: "readWrite", db: "mongo_database"}]});
确保添加了所有必需的用户后,通过在 /etc/mongod.conf 文件中取消注释 "auth=true" 并重新启动 mongodb.[=20= 来启用身份验证]
[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({ "nInserted" : 1 })
rs0:PRIMARY> exit
bye
[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on mongo_database to execute command { insert: \"test\", documents: [ { _id: ObjectId('559bba6ead81843e121c5ac7'), Hello: \"World\" } ], ordered: true }"
}
})
rs0:PRIMARY>
到目前为止一切正常。我遇到的唯一问题是我的日志文件正在以每分钟近几万行的速度被以下两行轰炸,并且很快,我的磁盘 运行 超出 space.
2015-07-07T11:40:28.340+0000 [conn3] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55913d82b47aa336e4f971c2') }
2015-07-07T11:40:28.340+0000 [conn2] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55923232e292bbe6ca406e4e') }
举个例子,在 10 秒的时间内,生成了仅包含上述两行的 10 MB 日志文件。
[ec2-user@ip-xxx-xx-xx-xx ~]$ date
Tue Jul 7 11:44:01 UTC 2015
[ec2-user@ip-xxx-xx-xx-xx ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvdh 4.8G 388M 4.2G 9% /log
[ec2-user@ip-xxx-xx-xx-xx ~]$ date
Tue Jul 7 11:44:14 UTC 2015
[ec2-user@ip-xxx-xx-xx-xx ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvdh 4.8G 398M 4.2G 9% /log
据我所知,身份验证似乎工作正常。只是原木正以超音速被填满。我究竟做错了什么?请帮忙。提前致谢。
过多的日志记录来自配置服务器,即使在打开身份验证的情况下将身份验证添加到配置服务器后,它也不会停止。为副本集升级到 mongo 3.0.4,打开副本集的身份验证并在配置服务器上升级 mongo 到 3.0.4,它开始正常工作,没有任何问题([=13 上的相同步骤=] 2.6.x 会导致我上面提到的问题)。因此,我们计划升级到 3.0.4 以绕过此问题。希望对某人有所帮助。
我已按照 How do I add an admin user to Mongo in 2.6?
中提到的步骤进行操作首先,/etc/mongod.conf 文件中的 "auth=true" 被注释掉,这样身份验证就没有完成,我可以在各自的数据库中创建以下用户。
管理员:
use admin;
db.createUser({user: "mongoRoot", pwd: "password", roles: [{role: "root", db: "admin"}]});
db.createUser({user: "mongoAdmin", pwd: "password", roles: ["readWrite"]});
db.createUser({user: "siteUserAdmin", pwd: "password", roles: [{role: "userAdminAnyDatabase", db: "admin"}]});
db.createUser({user: "mongoDBAdmin", pwd: "password", roles: [{role: "dbAdmin", db: "admin"}]});
db.createUser({user: "mongoDBOwner", pwd: "password", roles: [{role: "dbOwner", db: "admin"}]});
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]}); (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin', the user mongoWrite is able to login as done in https://gist.github.com/tamoyal/10441108)
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]}); (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin', the user mongoRead is able to login as done in https://gist.github.com/tamoyal/10441108)
配置:
use config;
db.createUser({user: "mongoConfig", pwd: "password", roles: [{role: "readWrite", db: "config"}]});
测试:
use test;
db.createUser({user: "mongoTest", pwd: "password", roles: [{role: "readWrite", db: "test"}]});
mongo_database:
use mongo_database;
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]});
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]});
db.createUser({user: "mongoAdmin", pwd: "password", roles: [{role: "readWrite", db: "mongo_database"}]});
确保添加了所有必需的用户后,通过在 /etc/mongod.conf 文件中取消注释 "auth=true" 并重新启动 mongodb.[=20= 来启用身份验证]
[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({ "nInserted" : 1 })
rs0:PRIMARY> exit
bye
[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on mongo_database to execute command { insert: \"test\", documents: [ { _id: ObjectId('559bba6ead81843e121c5ac7'), Hello: \"World\" } ], ordered: true }"
}
})
rs0:PRIMARY>
到目前为止一切正常。我遇到的唯一问题是我的日志文件正在以每分钟近几万行的速度被以下两行轰炸,并且很快,我的磁盘 运行 超出 space.
2015-07-07T11:40:28.340+0000 [conn3] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55913d82b47aa336e4f971c2') }
2015-07-07T11:40:28.340+0000 [conn2] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55923232e292bbe6ca406e4e') }
举个例子,在 10 秒的时间内,生成了仅包含上述两行的 10 MB 日志文件。
[ec2-user@ip-xxx-xx-xx-xx ~]$ date
Tue Jul 7 11:44:01 UTC 2015
[ec2-user@ip-xxx-xx-xx-xx ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvdh 4.8G 388M 4.2G 9% /log
[ec2-user@ip-xxx-xx-xx-xx ~]$ date
Tue Jul 7 11:44:14 UTC 2015
[ec2-user@ip-xxx-xx-xx-xx ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvdh 4.8G 398M 4.2G 9% /log
据我所知,身份验证似乎工作正常。只是原木正以超音速被填满。我究竟做错了什么?请帮忙。提前致谢。
过多的日志记录来自配置服务器,即使在打开身份验证的情况下将身份验证添加到配置服务器后,它也不会停止。为副本集升级到 mongo 3.0.4,打开副本集的身份验证并在配置服务器上升级 mongo 到 3.0.4,它开始正常工作,没有任何问题([=13 上的相同步骤=] 2.6.x 会导致我上面提到的问题)。因此,我们计划升级到 3.0.4 以绕过此问题。希望对某人有所帮助。