SCRAM-SHA-1校验方式改为 MONGODB-CR校验方式

SCRAM-SHA-1校验方式改为 MONGODB-CR校验方式

1. 关闭服务器，关闭认证，重新启动mongodb（全部服务器）

# su mongo
# pkill -15 mongos && pkill -15 mongod
# ps aux | grep mongo
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/config.conf
# /usr/local/webserver/mongodb/bin/mongos -f /data/mongodb/conf_init/mongos.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/shard1.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/shard2.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/shard3.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/shard4.conf
# ps aux | grep mongo

2. 连接到其中一台mongos，修改system.version文档里面的authSchema版本为3，初始安装时候应该是5，命令行如下：

# /usr/local/webserver/mongodb/bin/mongo 192.168.1.101:20000/admin
mongos> use admin;
switched to db admin 
mongos> var schema = db.system.version.findOne({"_id" : "authSchema"});
mongos> schema.currentVersion = 3;
3 
mongos> db.system.version.save(schema);
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 }) 

3. 删除用户并重新创建用户

mongos> use admin;
mongos> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "oz2XLTiQUp6CCRBBuYsKaA==", "storedKey" : "6YziqMkcQUMxjNA2QqB6TAQoHDQ=", "serverKey" : "5USz2KGPYsVxegVikgZd9XW7g9E=" } }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
mongos> db.dropUser("admin");
true
mongos> db.createUser({user:"admin",pwd:"123456",roles:["root"]});
Successfully added user: { "user" : "admin", "roles" : [ "root" ] }
mongos> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "95ec4261124ba5951720b199908d892b" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }

mongoDB内置的管理全部数据的角色：
readAnyDatabase：在admin数据库下建立，可以读取所有数据库的信息
readWriteAnyDatabase：在admin数据库下建立，可以读写所有数据库的信息
userAdminAnyDatabase：在admin数据库下建立，可以管理所有数据库的用户
dbAdminAnyDatabase：在admin数据库下建立，可以管理所有数据库的信息（类似于所有数据库的dbAdmin账户）
要让admin用户能够读写所有数据库，则需要做如下授权：

mongos> use admin;
mongos> db.grantRolesToUser("admin", [{ role: "readWriteAnyDatabase", db: "admin" }]);

取消授权的命令如下：

mongos> db.revokeRolesFromUser("<username>", [{ role: "<role-name>", db: "<db-name>"}]);

解决方式就是删除刚刚创建的用户，重新重建即可：

mongos> use testdb;
switched to db testdb 
mongos> db.dropUser("testdb");
true 
mongos>db.createUser({user:"testdb",pwd:"123456",roles:[{role:"dbOwner",db:"testdb"}]});
mongos> exit;

4. 关闭服务器，开启认证，重启服务器，用mongovue连接

# pkill -15 mongos && pkill -15 mongod
# ps aux | grep mongo
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/config.conf
# /usr/local/webserver/mongodb/bin/mongos -f /data/mongodb/conf/mongos.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/shard1.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/shard2.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/shard3.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/shard4.conf
# ps aux | grep mongo
# /usr/local/webserver/mongodb/bin/mongo 192.168.1.101:20000/admin -uadmin -p123456