mongodb做有验证(auth)的主从
前言:
我的版本是2.6.9,有auth的主从,在网上找了好久都没有找到,最后在官网上找到做主从的方法,其实很简单
如果是做有验证的主从,那么需要用到keyFile的验证,官方是这样说的
When running with authorization enabled, in master-slave deployments configure a keyFile so that slave mongod instances can authenticate and communicate with the master mongod instance.
To enable authentication and configure the keyFile add the following option to your configuration file:
keyFile=/srv/mongodb/keyfile
因此我们需要配置keyFile,配置是非常简单的(但如果不知道就蛋疼了)
1、可以使用openssl生成一个随机的key
openssl rand -base64 741 >>key1
[root@localhost data2]# openssl rand -base64 741
MkME0hJ8TiIKy9+Dm/jkgYEzbC4ZdrGYVFkFQc48pkxiVW+3icmeVPWhbdjv9xR/
RzTkpwYf8idP9qmpujTOHl2hSDAh72r+5DK7Ap0LzYmIEU1ySIQAv1g6VPbfIiwF
XFwZwklp6Fss6YWBoyHOs4YaQWycr20O6mRwUtWC3YmuiIY5UU9go+8xWS+UUBBP
IyM8ZAAWub7USE51nKipi+W+zH2LVMf3NKHjpxuJLsS4iuVJJbA4UbriiE+lQTYR
71xQpZ5hCQw2pywwZsDmQV69FukaLGUcePodGuy8dT8vey9oD/SG0+LolrZTqSv2
IWbP2TYuqVsTQ80stLQAO5LofgC4NZ3mTGn5IVfNVcVuXhu4y0YBE246RdPp83ia
5XbZMDDavuoOoKft87G7mq169GsVJ/4KS0NErfrwPWkGLaCBfkrD2H8/YSs3PnTH
xzXs9xSuhxnGalR7a2S0Gho+NieO4/MIMfiflYuiCxH4SpoHtC+enyNaAEukKKRv
wUvI9+OCBDiB1JHDwK/Lq4edAbb1CLeAsLyLWhRnxWJz+3y+NfixWyrlOB1VAe3s
jqd15d59t3x82h7tilUmVDqTHL4DipuVsztLHvSjUUlyPGISPwmxYzuItGbuDqVP
4dS/grvJR3Eb94623rFxiZX98U3p6SaPQIyFiOu7RUhHtNzjiMm5FOhu1Hjl42yR
FGGwJG9yZKenEoQOscPgBRENkv08nxiScyFr2tw6YkRdYRxcZWLNcCO36eKlvZRk
49SgUUz8KVxB7kxakztth/dkzAMbqraWoaUzjvj5h565Wdln9cnixxznk85SXLPV
bJuN9KI5ShFRXF1FtDuVmiD2Ibudr6pb08xEtHQYYHHLcmRZmSdYyOUjd9wHBbX5
o3VAs83rsdAhQkwLKgXDYERcveRjRGgu681Ksj5Rc0VZthhpkrhZN4w+tTddm2LR
Y6xaKo22SoW4B/SS67C63hwM1GQh
2、将key放在mongodb目录下,并设置0600权限
[root@localhost mongodb]# ll
total 76
drwxr-xr-x. 2 root root 4096 May 5 01:20 bin
-rw-r--r--. 1 1046 1046 34520 Mar 23 07:49 GNU-AGPL-3.0
-rw-------. 1 root root 1004 May 6 04:43 key1
-rw-r--r--. 1 root root 1620 May 6 04:55 mongodb.conf
-rw-r--r--. 1 1046 1046 1359 Mar 23 07:49 README
-rw-r--r--. 1 1046 1046 17793 Mar 23 07:49 THIRD-PARTY-NOTICES
3、修改mongodb.conf的配置文件,将keyFile选项注释去掉,并填写现在的key1路径
keyFile=/usr/local/services/mongodb/key1
4、现在就可以开始做主从了
1)修改从库mongodb.conf配置文件
master=false
slave=true
source=主库IP
slavedelay=60
autoresync=true
2)启动从库