问题
I am trying to create a admin user. I've tried several different ways.
I realize that authorization is enabled, and if I turned it off, then back on it would allow me to create the first user. However I am trying to create the first user while authorization is enabled.
I have wiped the data directory and I am dealing with a fresh database.
I've been able to use
rs.initiate()anddb.createUser()from the console, but what I'm discovering is that it's impossible for me to run a script that both 1)initiates the replica set and 2) creates the admin user using--evalat the same time.
My config looks like this:
storage:
dbPath: /var/mongodb/db/1
net:
bindIp: localhost,192.168.103.100
port: 27001
security:
authorization: enabled
keyFile: /var/mongodb/pki/m103-keyfile
systemLog:
destination: file
path: /var/mongodb/db/mongod1.log
logAppend: true
processManagement:
fork: true
replication:
replSetName: m103-repl
Then I connect with this:
mongo --host localhost:27001
The within the mongo console I tried this:
use admin
db.createUser({
user: "m103-admin",
pwd: "m103-pass",
roles: [
{role: "root", db: "admin"}
]
})
and I get this error:
2020-03-16T19:57:36.796+0000 E QUERY [thread1] Error: couldn't add user: not master :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1437:15
@(shell):1:1
Update, I've tried starting the mongod then running rs.initiate, however I am still getting and issue when I try and create a user.
# ------------------------------------------------------------------------------------------
echo "\nchanging the directory to home dir\n"
cd ~/
# ------------------------------------------------------------------------------------------
echo "\nkilling all running mongo processes\n"
sleep 3
kill $(ps aux | grep '[m]ongod' | awk '{print $2}')
sleep 3
# ------------------------------------------------------------------------------------------
echo "\nremoving all data directories\n"
rm -rf /var/mongodb/db/1
# ------------------------------------------------------------------------------------------
echo "\nremoving all log files\n"
rm -rf /var/mongodb/db/mongod1.log
# ------------------------------------------------------------------------------------------
echo "\nremoving all log files\n"
rm -rf /var/mongodb/pki/m103-keyfile
# ------------------------------------------------------------------------------------------
echo "\ncreating the keyfile\n"
sudo mkdir -p /var/mongodb/pki
sudo chown vagrant:vagrant -R /var/mongodb
openssl rand -base64 741 > /var/mongodb/pki/m103-keyfile
chmod 600 /var/mongodb/pki/m103-keyfile
# ------------------------------------------------------------------------------------------
echo "\ncreating data directories\n"
mkdir -p /var/mongodb/db/1
# ------------------------------------------------------------------------------------------
echo "\ntouching the logs\n"
touch /var/mongodb/db/mongod1.log
# ------------------------------------------------------------------------------------------
echo "\nstarting up mongo repl 1\n"
mongod --config /shared/replica-sets/mongod-repl-1.conf
sleep 3
# ------------------------------------------------------------------------------------------
echo "\nreplicaSet initiate\n"
mongo --port 27001 --eval='rs.initiate()'
# ------------------------------------------------------------------------------------------
echo "\ncreating the user\n"
mongo mongodb://localhost:27001/admin?replicaSet=m103-repl --eval='db.createUser({user:"m103-admin",pwd:"m103-pass",roles:[{role:"userAdminAnyDatabase",db:"admin"}]});'
Here's what the script returns:
MongoDB shell version v3.6.17
connecting to: mongodb://localhost:27001/admin?gssapiServiceName=mongodb&replicaSet=m103-repl
2020-03-16T20:41:39.786+0000 I NETWORK [thread1] Starting new replica set monitor for m103-repl/localhost:27001
2020-03-16T20:41:39.787+0000 I NETWORK [thread1] Successfully connected to localhost:27001 (1 connections now open to localhost:27001 with a 5 second timeout)
2020-03-16T20:41:39.788+0000 I NETWORK [thread1] Successfully connected to 192.168.103.100:27001 (1 connections now open to 192.168.103.100:27001 with a 5 second timeout)
2020-03-16T20:41:39.788+0000 W NETWORK [thread1] Unable to reach primary for set m103-repl
2020-03-16T20:41:39.788+0000 W NETWORK [thread1] Unable to reach primary for set m103-repl
2020-03-16T20:41:40.333+0000 W NETWORK [thread1] Unable to reach primary for set m103-repl
2020-03-16T20:41:40.933+0000 I NETWORK [thread1] changing hosts to m103-repl/192.168.103.100:27001 from m103-repl/localhost:27001
Implicit session: session { "id" : UUID("bb96245e-3187-4b01-923f-a1a7d7533159") }
MongoDB server version: 3.6.17
2020-03-16T20:41:40.938+0000 E QUERY [thread1] Error: couldn't add user: there are no users authenticated :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1437:15
@(shell eval):1:1
回答1:
In a Replica Set you first have to initialize the Replica Set with
rs.initiate()
Then connect to the PRIMARY host, there you can create the admin user.
Follow the Deploy Replica Set With Keyfile Authentication tutorial, it describes the deployment step-by-step.
For Sharded Cluster follow Deploy Sharded Cluster with Keyfile Authentication
Follow these tutorials carefully, have a particular look which commands are executed on each host or only once or just on Primary Hosts, etc.
来源:https://stackoverflow.com/questions/60712530/how-do-i-create-a-the-first-mongodb-user-with-authorization-enabled