mongodb - root密码找回

mongodb复制集root 账号密码忘记找回

环境要求：

可以登录部署机器

原理

mongodb的配置文件中

security:
authorization: enabled # enabled/disabled 控制客户端认证开关
transitionToAuth: true # 是否启用中间状态登录， 开启可以使用空密码登录， 默认关闭，打开auth建议关闭或者注释
方法：（1）、使用 transitionToAuth来空密码root登录，默认不加user和密码会以root登录
（2）、使用 authorization 关闭认证，同上
建议使用方法1

步骤

1.登录复制集，关闭sever

登录 shell ： mongo "mongodb://mongodb0.example.com.local:27017,mongodb1.example.com.local:27017,mongodb2.example.com.local:27017/?replicaSet=replA&authSource=admin"

查看复制集conf：

> rs.status() //需要数据库admin权限，其他看不到复制集信息

or

> rs.isMaster() // 普通user可见

{

"hosts" : [

"10.38.164.243:27017",

"10.38.164.210:27017"

],

"setName" : "your",

"setVersion" : 13,

"ismaster" : true,

"secondary" : false,

"primary" : "10.38.164.243:27017",

"tags" : {

"state" : "online",

"online" : "rack-1",

"env" : "staging"

},

"me" : "10.38.164.243:27017",

"electionId" : ObjectId("5d3ab964963dfa5ce2c63564"),

"lastWrite" : {

"opTime" : {

"ts" : Timestamp(1566992731, 3),

"t" : NumberLong(-1)

},

"lastWriteDate" : ISODate("2019-08-28T11:45:31Z")

},

"maxBsonObjectSize" : 16777216,

"maxMessageSizeBytes" : 48000000,

"maxWriteBatchSize" : 1000,

"localTime" : ISODate("2019-08-28T11:45:34.133Z"),

"maxWireVersion" : 5,

"minWireVersion" : 0,

"readOnly" : false,

"ok" : 1

}

可以看到本机是主，列出了复制集机器列表

关闭server：

1 登录客户端关闭 (需要root权限)

> use admin

> db.shutdownServer()

2 直接在机器上kill master进程

> ps -ef | grep mongod

> kill -9 $pid

2 修改conf文件，重启server

添加 transitionToAuth: true

重启server： ../ mongod -f config.conf

3.登录primary机器修改或者添加root账户密码

./mongo 10.38.164.243:27017 # 使用root账户登录数据库

> use admin

> db.getUsers() # 同 show users

[

{

"_id" : "admin.your_wr",

"user" : "your_wr",

"db" : "admin",

"roles" : [

{

"role" : "rwyour",

"db" : "admin"

}

]

},

{

"_id" : "admin.sys_admin",

"user" : "sys_admin",

"db" : "admin",

"roles" : [

{

"role" : "root",

"db" : "admin"

}

]

}

]

or

> db.system.users.find()

{

"_id" : "admin.sys_admin",

"user" : "sys_admin",

"db" : "admin",

"credentials" : {

"SCRAM-SHA-1" : {

"iterationCount" : 10000,

"salt" : "9jEggysaAxzKk/j5KQfErg==",

"storedKey" : "536K7n6PZw8fvlqvu4ntUpeucVU=",

"serverKey" : "drAbbTwLO2mPF+oh1BuyeBZK+AA="

}

},

"roles" : [

{

"role" : "root",

"db" : "admin"

}

]

}

{

"_id" : "admin.your_wr",

"user" : "your_wr",

"db" : "admin",

"credentials" : {

"SCRAM-SHA-1" : {

"iterationCount" : 10000,

"salt" : "l5mTQBZCoXpJGzJxfLlUyQ==",

"storedKey" : "FRnQUOKLdrhRJOaqjmgHXC9vhWI=",

"serverKey" : "EeDZz5oBhsLOSKz5+0qRFK/p3oU="

}

},

"roles" : [

{

"role" : "rwyour",

"db" : "admin"

}

]

}

修改sys_admin 的密码

> db.changeUserPassword('sys_admin', '123456')

新增用户

db.createUser(

{

user: "reportsUser",

pwd: passwordPrompt(), // or cleartext password

roles: [

{ role: "read", db: "reporting" },

{ role: "read", db: "products" },

{ role: "read", db: "sales" },

{ role: "readWrite", db: "accounts" }

]

}

)

db.createUser({user: "your_admin", pwd: "123456", roles: [{"role": "root", "db": "admin"}]})

添加权限

db.grantRolesToUser("your_wr", [{"role": "dbAdminAnyDatabase", "db": "admin"}])

4 关server

> use admin

> db.auth("your_admin", "123456")

> db.shutdownServer()
or 
kill 方法 同上

5、修改conf 开区复制集，启动server

./mongod -f /home/work/mongod/conf/mongod.conf

使用root用户登录，查看复制集状态

> rs.status()

mongo "mongodb://your_admin:[123456@10.38.164.243](mailto:123456@10.38.164.243):27017,10.38.164.210:27017/?authSource=admin&replicaSet=your"

{

"set" : "your",

"date" : ISODate("2019-08-28T12:55:48.870Z"),

"myState" : 1,

"term" : NumberLong(-1),

"heartbeatIntervalMillis" : NumberLong(2000),

"optimes" : {

"lastCommittedOpTime" : {

"ts" : Timestamp(1566996947, 3),

"t" : NumberLong(-1)

},

"appliedOpTime" : Timestamp(1566996947, 3),

"durableOpTime" : Timestamp(1566996947, 3)

},

"members" : [

{

"_id" : 2,

"name" : "10.38.164.243:27017",

"health" : 1,

"state" : 1,

"stateStr" : "PRIMARY",

"uptime" : 301,

"optime" : Timestamp(1566996947, 3),

"optimeDate" : ISODate("2019-08-28T12:55:47Z"),

"electionTime" : Timestamp(1566996650, 1),

"electionDate" : ISODate("2019-08-28T12:50:50Z"),

"configVersion" : 13,

"self" : true

},

{

"_id" : 3,

"name" : "10.38.164.210:27017",

"health" : 1,

"state" : 2,

"stateStr" : "SECONDARY",

"uptime" : 300,

"optime" : Timestamp(1566996947, 3),

"optimeDurable" : Timestamp(1566996947, 3),

"optimeDate" : ISODate("2019-08-28T12:55:47Z"),

"optimeDurableDate" : ISODate("2019-08-28T12:55:47Z"),

"lastHeartbeat" : ISODate("2019-08-28T12:55:48.723Z"),

"lastHeartbeatRecv" : ISODate("2019-08-28T12:55:47.232Z"),

"pingMs" : NumberLong(0),

"syncingTo" : "10.38.164.243:27017",

"configVersion" : 13

}

],

"ok" : 1

}

ok!!! 是不是很全了