MongoDB 添加认证
提示
-
- 微服务版本>=5.1.0
- 微服务版本<5.1.0
先通过
docker ps
命令找到 mingdaoyun-sc 容器然后通过
docker exec -it $(docker ps | grep mingdaoyun-sc | awk '{print $1}') bash
命令进入 mingdaoyun-sc 容器在 mingdaoyun-sc 容器中,执行
mongo
命令登录到 mongo shll 中进入 mingdaoyun-community 容器,登陆 mongo
docker exec -it $(docker ps | grep mingdaoyun-community | awk '{print $1}') mongo
-
在 mongo shell 中创建 admin 库的 root 用户 及 所有业务库的 hap 用户
use admin
db.createUser({user:"root",pwd:"hTkfDMYJ7ZLs",roles:[{role:"root",db:"admin"}]})
use MDLicense
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDLicense"}]})
use ClientLicense
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"ClientLicense"}]})
use commonbase
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"commonbase"}]})
use MDAlert
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDAlert"}]})
use mdactionlog
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdactionlog"}]})
use mdapproles
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapproles"}]})
use mdapprove
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapprove"}]})
use mdapps
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapps"}]})
use mdattachment
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdattachment"}]})
use mdcalendar
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcalendar"}]})
use mdcategory
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcategory"}]})
use MDChatTop
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDChatTop"}]})
use mdcheck
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcheck"}]})
use mddossier
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mddossier"}]})
use mdemail
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdemail"}]})
use mdform
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdform"}]})
use MDGroup
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDGroup"}]})
use mdgroups
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdgroups"}]})
use MDHistory
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDHistory"}]})
use mdIdentification
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdIdentification"}]})
use mdinbox
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdinbox"}]})
use mdkc
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdkc"}]})
use mdmap
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmap"}]})
use mdmobileaddress
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmobileaddress"}]})
use MDNotification
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDNotification"}]})
use mdpost
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdpost"}]})
use mdreportdata
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdreportdata"}]})
use mdroles
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdroles"}]})
use mdsearch
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsearch"}]})
use mdservicedata
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdservicedata"}]})
use mdsms
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsms"}]})
use MDSso
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDSso"}]})
use mdtag
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtag"}]})
use mdtransfer
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtransfer"}]})
use MDUser
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDUser"}]})
use mdworkflow
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkflow"}]})
use mdworksheet
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworksheet"}]})
use mdworkweixin
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkweixin"}]})
use mdwsrows
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdwsrows"}]})
use pushlog
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"pushlog"}]})
use taskcenter
db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"taskcenter"}]})
use mdintegration
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdintegration"}]})
use mdworksheetlog
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetlog"}]})
use mdworksheetsearch
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetsearch"}]})
use mddatapipeline
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mddatapipeline"}]})
use mdwfplugin
db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdwfplugin"}]}) -
修改 docker-compose.yaml 文件,添加环境变量与端口映射
docker-compose.yaml 文件默认路径:/data/mingdao/script/docker-compose.yaml
- 微服务版本>=5.1.0
- 微服务版本<5.1.0
在 app 服务下新增环境变量
ENV_MONGODB_DAEMON_ARGS
与ENV_MONGODB_URI
ENV_MONGODB_DAEMON_ARGS: "--auth"
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017"在 sc 服务下新增端口映射,将容器内的 27017 端口映射出 (如果外部不需要访问 mongodb 则无需添加此端口映射)
- 27017:27017
docker-compose.yaml 配置文件修改示例
version: '3'
services:
app:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.8.1
environment:
ENV_ADDRESS_MAIN: "https://hap.domain.com"
ENV_APP_VERSION: "5.8.1"
ENV_API_TOKEN: "******"
ENV_MONGODB_DAEMON_ARGS: "--auth" # 新增变量
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017" # 新增变量,注意修改为实际的 hap 用户密码。
ports:
- 8880:8880
volumes:
- ./volume/data/:/data/
- ../data:/data/mingdao/data
sc:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-sc:3.0.0
environment:
<<: *app-environment
ports:
- 27017:27017 # 新增 mongodb 端口映射,如果外部不需要访问 mongodb,则无需添加此端口映射
volumes:
- ./volume/data/:/data/在 app 服务下新增环境变量
ENV_MONGODB_DAEMON_ARGS
与ENV_MONGODB_URI
ENV_MONGODB_DAEMON_ARGS: "--auth"
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017"在 app 服务下新增端口映射,将容器内的 27017 端口映射出 (如果外部不需要访问 mongodb 则无需添加此端口 映射)
- 27017:27017
docker-compose.yaml 配置文件修改示例
version: '3'
services:
app:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.8.1
environment:
ENV_ADDRESS_MAIN: "https://hap.domain.com"
ENV_APP_VERSION: "5.8.1"
ENV_API_TOKEN: "******"
ENV_MONGODB_DAEMON_ARGS: "--auth" # 新增变量
ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@127.0.0.1:27017" # 新增变量,注意修改为实际的 hap 用户密码。
ports:
- 8880:8880
- 27017:27017 # 新增 mongodb 端口映射,如果外部不需要访问 mongodb,则无需添加此端口映射
volumes:
- ./volume/data/:/data/
- ../data:/data/mingdao/data -
在安装管理器所在目录下重启微服务生效配置
bash service.sh restartall