0

我已经成功部署了一个 mongo 复制集,在我的三个节点之间共享一个密钥文件。它工作正常,问题是当我尝试启动 ops manager 服务时:

[root@xxx:/etc]# service mongodb-mms start
Starting pre-flight checks
Failure to connect to configured mongo instance: 
Config{loadBalance=false, encryptedCredentials=false, ssl='false', 
dbNames='[mmsdb, mmsdbprovisionlog, mmsdbautomation, mmsdbserverlog, 
mmsdbpings, mmsdbprofile, mmsdbrrd, mmsdbconfig, mmsdblogcollection, 
mmsdbjobs, mmsdbagentlog, mmsdbbilling, backuplogs, automationcore, 
monitoringstatus, mmsdbautomationlog, automationstatus, cloudconf, backupdb, 
mmsdbprovisioning, mmsdbqueues]', uri=mongodb://xxx1:27017,xxx2:27017,xxx3:27017} Error: Command failed with 
error 13: 'not authorized on admin to execute command { listDatabases: 1, 
$db: "admin" }' on server xxx1:27017. The full response is { "operationTime" 
: { "$timestamp" : { "t" : 1517416044, "i" : 1 } }, "ok" : 0.0, "errmsg" : 
"not authorized on admin to execute command { listDatabases: 1, $db: 
\"admin\" }", "code" : 13, "codeName" : "Unauthorized", "$clusterTime" : { 
"clusterTime" : { "$timestamp" : { "t" : 1517416044, "i" : 1 } }, "signature" : { "hash" : { "$binary" : "fh+qyjJ0L8c8zCx0U672aJdZdUw=", "$type" : "00" }, "keyId" : { "$numberLong" : "6516848947321896961" } } } }
Pre-flight checks failed. Service can not start.

我没有数据库管理员的授权..

我试图配置另一个 repl 集,我在其中评论了 mongod.conf 文件的这一部分

security:
  keyFile: /opt/mongo/mongo-keyfile

我可以正确启动服务。怎么了?

4

1 回答 1

1

您的 MongoDB 服务器开始时启用了身份验证,但 ops 管理器服务正在尝试连接和管理服务器(从 listDatabases 命令开始)而不经过身份验证。

MongoDB 文档包括一个有用的教程Enforce Keyfile Access Control in a Replica Set,其中包括以下相关评论:

使用 --keyFile 命令行选项或security.keyFile配置文件设置运行mongod会强制执行Internal AuthenticationRole-Based Access Control

于 2018-01-31T17:22:38.183 回答