我正试图根据OpsManager的文档,在由OpsManager管理的mongodb副本碎片上启用PLAIN身份验证安全性https://docs.opsmanager.mongodb.com/v4.0/tutorial/enable-ldap-authentication-for-group/。
我面临的问题是自动化代理在启用安全性后重新启动时试图获得mongoS状态。请参阅下面的错误输出:
<mongos_5> [09:18:19.711] Failed to compute states :
<mongos_5> [09:18:19.711] Error calling ComputeState : <mongos_5> [09:18:19.632] Error getting current config from running mongo using conn params = mongos01:27017 (local=false) :
<mongos_5> [09:18:19.632] Error getting pid for mongos01:27017 (local=false) :
<mongos_5> [09:18:19.632] Error running command for runCommandWithTimeout(dbName=admin, cmd=[{serverStatus 1} {locks false} {recordStats false}]) :
result={"$clusterTime":{"clusterTime":6808443558471663617,"signature": {"hash":"e44BxV30B7dTpampo4VZsVuio7E=","keyId":6808441655801151517}},"code":13,"codeName":"Unauthorized",
"errmsg":"command serverStatus requires authentication","ok":0,"operationTime":6808443558471663617} connection=&{mongos01:27017 (local=false) 2 true 0xc4207b21a0 2020-03-26 09:18:19.627337419 +0000 UTC 0xc4207bdef0 <nil> }
identityUsed= : command serverStatus requires authentication
我注意到,即使opsmanager无法获得状态,安全性也已成功启用,并且PLAIN身份验证机制可以工作,但状态在处挂起
Start the process ... Start MongoDB process
我在mongoodb-labs repo之后的API上尝试了这一点https://github.com/mongodb-labs/mms-api-examples/blob/master/automation/api_usage_example/configs/security_ldap_cluster.json但也可以手动遵循mongodb文档,但每次我都会遇到同样的错误。
毕竟,我只在mongoconfig文件中为mongo启用了LDAP(PLAIN((请参阅下面的ops-manager API代码段调用示例(,并避免为代理启用opsmanager。
{
"args2_6": {
"net": {
"port": 28001
},
"replication": {
"replSetName": "rs0"
},
"storage": {
"dbPath": "/data/mongo"
},
"systemLog": {
"destination": "file",
"path": "/data/mongo/mongodb.log"
},
"security": {
"authorization": "enabled"
},
"setParameter": {
"saslauthdPath": "",
"authenticationMechanisms": "PLAIN,MONGO-CR,SCRAM-SHA-256",
}
}, ...