跳到主要内容

MongoDB 添加认证

提示

  • 添加认证会创建两个用户,分别为 admin 库的 root 用户 及 所有业务库的 hap 用户

  • 下列步骤以 root 密码为 hTkfDMYJ7ZLs,hap 密码为 tC9S86SFWxga 示例,实际配置中务必对 root 与 hap 密码修改

    • 为确保兼容性,自定义密码时避免使用 "$"、"&"、"!" 或 "@" 等特殊字符,这些字符可能会干扰正则表达式解析,请改用连字符 "-" 或下划线 "_"

  • 操作前建议提前数据备份

  • 微服务版本需要大于 v3.7.0 以上才可以进行此操作

  • 如果启用了聚合表功能,请参考对应文档完成创建聚合表数据库与对应角色和用户,以及调整副本集相关参数

  1. 连接 MongoDB

    docker exec -it $(docker ps | grep mingdaoyun-sc | awk '{print $1}') mongo

  2. 在 mongo shell 中创建 admin 库的 root 用户 及 所有业务库的 hap 用户

    use admin
    db.createUser({user:"root",pwd:"hTkfDMYJ7ZLs",roles:[{role:"root",db:"admin"}]})
    use MDLicense
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDLicense"}]})
    use ClientLicense
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"ClientLicense"}]})
    use commonbase
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"commonbase"}]})
    use MDAlert
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDAlert"}]})
    use mdactionlog
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdactionlog"}]})
    use mdapproles
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapproles"}]})
    use mdapprove
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapprove"}]})
    use mdapps
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdapps"}]})
    use mdattachment
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdattachment"}]})
    use mdcalendar
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcalendar"}]})
    use mdcategory
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcategory"}]})
    use MDChatTop
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDChatTop"}]})
    use mdcheck
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdcheck"}]})
    use mddossier
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mddossier"}]})
    use mdemail
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdemail"}]})
    use mdform
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdform"}]})
    use MDGroup
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDGroup"}]})
    use mdgroups
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdgroups"}]})
    use MDHistory
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDHistory"}]})
    use mdIdentification
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdIdentification"}]})
    use mdinbox
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdinbox"}]})
    use mdkc
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdkc"}]})
    use mdmap
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmap"}]})
    use mdmobileaddress
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdmobileaddress"}]})
    use MDNotification
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDNotification"}]})
    use mdpost
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdpost"}]})
    use mdreportdata
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdreportdata"}]})
    use mdroles
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdroles"}]})
    use mdsearch
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsearch"}]})
    use mdservicedata
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdservicedata"}]})
    use mdsms
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdsms"}]})
    use MDSso
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDSso"}]})
    use mdtag
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtag"}]})
    use mdtransfer
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdtransfer"}]})
    use MDUser
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"MDUser"}]})
    use mdworkflow
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkflow"}]})
    use mdworksheet
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworksheet"}]})
    use mdworkweixin
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdworkweixin"}]})
    use mdwsrows
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"mdwsrows"}]})
    use pushlog
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"pushlog"}]})
    use taskcenter
    db.createUser({user:"hap",pwd:"tC9S86SFWxga",roles:[{role:"readWrite",db:"taskcenter"}]})
    use mdintegration
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdintegration"}]})
    use mdworksheetlog
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetlog"}]})
    use mdworksheetsearch
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdworksheetsearch"}]})
    use mddatapipeline
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mddatapipeline"}]})
    use mdwfplugin 
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdwfplugin"}]})
    use mdpayment 
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdpayment"}]})
    use mdwfai 
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdwfai"}]})
    use mdopenauth 
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdopenauth"}]})
    use mdaisearch 
    db.createUser({user: "hap",pwd: "tC9S86SFWxga",roles: [{role: "readWrite",db: "mdaisearch"}]})

  3. 修改 docker-compose.yaml 文件,添加环境变量与端口映射

    docker-compose.yaml 文件默认路径:/data/mingdao/script/docker-compose.yaml

    在 app 服务下新增环境变量 ENV_MONGODB_DAEMON_ARGSENV_MONGODB_URI

    ENV_MONGODB_DAEMON_ARGS: "--auth"
    ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017"

    在 sc 服务下新增端口映射,将容器内的 27017 端口映射出 (如果外部不需要访问 mongodb 则无需添加此端口映射)

    - 27017:27017
    docker-compose.yaml 配置文件修改示例
    version: '3'

    services:
      app:
        image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-hap:7.3.5
        environment:
          ENV_ADDRESS_MAIN: "https://hap.domain.com"
          ENV_APP_VERSION: "7.3.5"
          ENV_API_TOKEN: "******"
          ENV_MONGODB_DAEMON_ARGS: "--auth"    # 新增变量
          ENV_MONGODB_URI: "mongodb://hap:tC9S86SFWxga@sc:27017"  # 新增变量,注意修改为实际的 hap 用户密码。
        ports:
          - 8880:8880 
        volumes:
          - ./volume/data/:/data/
          - ../data:/data/mingdao/data

      sc:
        image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-sc:3.2.0
        environment:
          <<: *app-environment
        ports:
          - 27017:27017 # 新增 mongodb 端口映射,如果外部不需要访问 mongodb,则无需添加此端口映射
        volumes:
          - ./volume/data/:/data/

  4. 在安装管理器所在目录下重启微服务生效配置

    bash service.sh restartall