【MongoDB】MongoDB 仲裁节点默认只允许从本机登录执

2024-04-29  本文已影响0人  Bogon

MongoDB集群为 1主1从1仲裁架构。

image.png 
主: 192.168.1.90:27017
从:192.168.1.86:27017
仲裁:192.168.1.104:37017

$  echo -e 'rs.addArb("192.168.1.104:37017");\n'| mongo -u "XXX" -p "XXX" --host 192.168.1.90 --port 27017 --authenticationDatabase "admin"

{
    "msg": [
        "----->test<-----",
        "\t\t\t\"_id\" : 0,",
        "\t\t\t\"name\" : \"192.168.1.86:27017\",",
        "\t\t\t\"health\" : 1,",
        "\t\t\t\"state\" : 2,",
        "\t\t\t\"stateStr\" : \"SECONDARY\",",
        "\t\t\t\"uptime\" : 5340104,",
        "--",
        "\t\t\t\"_id\" : 1,",
        "\t\t\t\"name\" : \"192.168.1.90:27017\",",
        "\t\t\t\"health\" : 1,",
        "\t\t\t\"state\" : 1,",
        "\t\t\t\"stateStr\" : \"PRIMARY\",",
        "\t\t\t\"uptime\" : 5340104,",
        "--",
        "\t\t\t\"_id\" : 2,",
        "\t\t\t\"name\" : \"192.168.1.104:37017\",",
        "\t\t\t\"health\" : 1,",
        "\t\t\t\"state\" : 7,",
        "\t\t\t\"stateStr\" : \"ARBITER\",",
        "\t\t\t\"uptime\" : 5340105,"
    ]
}

在主从节点:

$ mongo  --host  192.168.1.90   --port 27017     -u username  -p 'XXX'   --authenticationDatabase admin
$ mongo  --host  192.168.1.86   --port 27017     -u username  -p 'XXX'   --authenticationDatabase admin

$ echo "rs.status();" |   mongo   --quiet  --host  192.168.1.90   --port 27017     -u username  -p 'XXX'   --authenticationDatabase admin
$ echo "rs.status();" |   mongo   --quiet  --host  192.168.1.86   --port 27017     -u username  -p 'XXX'   --authenticationDatabase admin




{
        "set" : "test",
        "date" : ISODate("2024-04-30T05:39:55.523Z"),
        "myState" : 1,
        "term" : NumberLong(9),
        "syncingTo" : "",
        "syncSourceHost" : "",
        "syncSourceId" : -1,
        "heartbeatIntervalMillis" : NumberLong(2000),
        "optimes" : {
                "lastCommittedOpTime" : {
                        "ts" : Timestamp(1714455585, 1),
                        "t" : NumberLong(9)
                },
                "appliedOpTime" : {
                        "ts" : Timestamp(1714455585, 1),
                        "t" : NumberLong(9)
                },
                "durableOpTime" : {
                        "ts" : Timestamp(1714455585, 1),
                        "t" : NumberLong(9)
                }
        },
        "members" : [
                {
                        "_id" : 0,
                        "name" : "192.168.1.86:27017",
                        "health" : 1,
                        "state" : 2,
                        "stateStr" : "SECONDARY",
                        "uptime" : 5348143,
                        "optime" : {
                                "ts" : Timestamp(1714455585, 1),
                                "t" : NumberLong(9)
                        },
                        "optimeDurable" : {
                                "ts" : Timestamp(1714455585, 1),
                                "t" : NumberLong(9)
                        },
                        "optimeDate" : ISODate("2024-04-30T05:39:45Z"),
                        "optimeDurableDate" : ISODate("2024-04-30T05:39:45Z"),
                        "lastHeartbeat" : ISODate("2024-04-30T05:39:54.377Z"),
                        "lastHeartbeatRecv" : ISODate("2024-04-30T05:39:54.169Z"),
                        "pingMs" : NumberLong(0),
                        "lastHeartbeatMessage" : "",
                        "syncingTo" : "192.168.1.90:27017",
                        "syncSourceHost" : "192.168.1.90:27017",
                        "syncSourceId" : 1,
                        "infoMessage" : "",
                        "configVersion" : 3
                },
                {
                        "_id" : 1,
                        "name" : "192.168.1.90:27017",
                        "health" : 1,
                        "state" : 1,
                        "stateStr" : "PRIMARY",
                        "uptime" : 5348164,
                        "optime" : {
                                "ts" : Timestamp(1714455585, 1),
                                "t" : NumberLong(9)
                        },
                        "optimeDate" : ISODate("2024-04-30T05:39:45Z"),
                        "syncingTo" : "",
                        "syncSourceHost" : "",
                        "syncSourceId" : -1,
                        "infoMessage" : "",
                        "electionTime" : Timestamp(1709107452, 1),
                        "electionDate" : ISODate("2024-02-28T08:04:12Z"),
                        "configVersion" : 3,
                        "self" : true,
                        "lastHeartbeatMessage" : ""
                },
                {
                        "_id" : 2,
                        "name" : "192.168.1.104:37017",
                        "health" : 1,
                        "state" : 7,
                        "stateStr" : "ARBITER",
                        "uptime" : 1136881,
                        "lastHeartbeat" : ISODate("2024-04-30T05:39:54.915Z"),
                        "lastHeartbeatRecv" : ISODate("2024-04-30T05:39:55.497Z"),
                        "pingMs" : NumberLong(0),
                        "lastHeartbeatMessage" : "",
                        "syncingTo" : "",
                        "syncSourceHost" : "",
                        "syncSourceId" : -1,
                        "infoMessage" : "",
                        "configVersion" : 3
                }
        ],
        "ok" : 1
}

在仲裁节点:

$ echo "rs.status();"   |   mongo    --host    192.168.1.104   --port 37017
MongoDB shell version v3.4.19
connecting to: mongodb://172.22.203.104:37017/
MongoDB server version: 3.4.19
{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { replSetGetStatus: 1.0 }",
        "code" : 13,
        "codeName" : "Unauthorized"
}
bye


$ echo "rs.status();"   |  mongo   --host  127.0.0.1    --port 37017

MongoDB shell version v3.4.19
connecting to: mongodb://127.0.0.1:37017/
MongoDB server version: 3.4.19

$ ss -tan | grep  37017

LISTEN     0      128          *:37017                    *:*
ESTAB      0      0      192.168.1.104:37017              192.168.192.160:23990
ESTAB      0      0      192.168.1.104:37017              192.168.192.158:48497
ESTAB      0      0      192.168.1.104:37017              192.168.192.160:27536
ESTAB      0      0      192.168.1.104:37017              192.168.192.159:42723
ESTAB      0      0      192.168.1.104:37017              192.168.192.158:19563

从上面的测试可以看出: MongoDB主从仲裁架构,仲裁节点如果没有开启认证,登陆无需用户名密码,但是只能从本机登陆,无法远程登录,这一定程度上保障了安全性,避免集群信息被泄露!

参考

Replica Set Arbiter
https://www.mongodb.com/docs/manual/core/replica-set-arbiter/#authentication

Localhost Exception
https://www.mongodb.com/docs/manual/core/localhost-exception/#std-label-localhost-exception

上一篇下一篇

猜你喜欢

热点阅读