跳到主要内容

MongoDB 添加认证

提示
  • 添加认证会创建两个用户,分别为 admin 库的 root 用户 及 所有业务库的 hap 用户

  • 下列步骤以 root 密码为 hTkfDMYJ7ZLs,hap 密码为 tC9S86SFWxga 示例,实际配置中务必对 root 与 hap 密码修改

    • 为确保兼容性,自定义密码时避免使用 "$"、"&"、"!" 或 "@" 等特殊字符,这些字符可能会干扰正则表达式解析,请改用连字符 "-" 或下划线 "_"
  • 操作前建议提前数据备份

  • 微服务版本需要大于 v3.7.0 以上才可以进行此操作

  • 如果启用了聚合表功能,请参考对应文档完成创建聚合表数据库与对应角色和用户,以及调整副本集相关参数

    先通过 docker ps 命令找到 mingdaoyun-sc 容器

    然后通过 docker exec -it $(docker ps | grep mingdaoyun-sc | awk '{print $1}') bash 命令进入 mingdaoyun-sc 容器

    在 mingdaoyun-sc 容器中,执行 mongo 命令登录到 mongo shll 中

  1. 在 mongo shell 中创建 admin 库的 root 用户 及 所有业务库的 hap 用户

    use admin
    db.createUser({user:"root",pwd:"hTkfDMYJ7ZLs",roles:[{role:"root",db:"admin"}]})
    use MDLicense
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDLicense"}]})
    use ClientLicense
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"ClientLicense"}]})
    use commonbase
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"commonbase"}]})
    use MDAlert
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDAlert"}]})
    use mdactionlog
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdactionlog"}]})
    use mdapproles
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapproles"}]})
    use mdapprove
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapprove"}]})
    use mdapps
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapps"}]})
    use mdattachment
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdattachment"}]})
    use mdcalendar
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcalendar"}]})
    use mdcategory
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcategory"}]})
    use MDChatTop
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDChatTop"}]})
    use mdcheck
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcheck"}]})
    use mddossier
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mddossier"}]})
    use mdemail
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdemail"}]})
    use mdform
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdform"}]})
    use MDGroup
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDGroup"}]})
    use mdgroups
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdgroups"}]})
    use MDHistory
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDHistory"}]})
    use mdIdentification
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdIdentification"}]})
    use mdinbox
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdinbox"}]})
    use mdkc
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdkc"}]})
    use mdmap
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmap"}]})
    use mdmobileaddress
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmobileaddress"}]})
    use MDNotification
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDNotification"}]})
    use mdpost
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdpost"}]})
    use mdreportdata
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdreportdata"}]})
    use mdroles
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdroles"}]})
    use mdsearch
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsearch"}]})
    use mdservicedata
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdservicedata"}]})
    use mdsms
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsms"}]})
    use MDSso
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDSso"}]})
    use mdtag
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtag"}]})
    use mdtransfer
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtransfer"}]})
    use MDUser
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDUser"}]})
    use mdworkflow
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkflow"}]})
    use mdworksheet
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworksheet"}]})
    use mdworkweixin
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkweixin"}]})
    use mdwsrows
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdwsrows"}]})
    use pushlog
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"pushlog"}]})
    use taskcenter
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"taskcenter"}]})
    use mdintegration
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdintegration"}]})
    use mdworksheetlog
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetlog"}]})
    use mdworksheetsearch
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetsearch"}]})
    use mddatapipeline
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mddatapipeline"}]})
    use mdwfplugin
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdwfplugin"}]})
  2. 修改 docker-compose.yaml 文件,添加环境变量与端口映射

    docker-compose.yaml 文件默认路径:/data/mingdao/script/docker-compose.yaml

    在 app 服务下新增环境变量 ENV_MONGODB_DAEMON_ARGSENV_MONGODB_URI

    ENV_MONGODB_DAEMON_ARGS: "--auth"
    ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017"

    在 sc 服务下新增端口映射,将容器内的 27017 端口映射出 (如果外部不需要访问 mongodb 则无需添加此端口映射)

    - 27017:27017
    docker-compose.yaml 配置文件修改示例
    version: '3'

    services:
    app:
    image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.8.1
    environment:
    ENV_ADDRESS_MAIN: "https://hap.domain.com"
    ENV_APP_VERSION: "5.8.1"
    ENV_API_TOKEN: "******"
    ENV_MONGODB_DAEMON_ARGS: "--auth" # 新增变量
    ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017" # 新增变量,注意修改为实际的 hap 用户密码。
    ports:
    - 8880:8880
    volumes:
    - ./volume/data/:/data/
    - ../data:/data/mingdao/data

    sc:
    image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-sc:3.0.0
    environment:
    <<: *app-environment
    ports:
    - 27017:27017 # 新增 mongodb 端口映射,如果外部不需要访问 mongodb,则无需添加此端口映射
    volumes:
    - ./volume/data/:/data/
  3. 在安装管理器所在目录下重启微服务生效配置

    bash service.sh restartall