[英]Mongodb create root user using post-install script in a debian package
I successfully created a package from the mongodb precompiled binaries. 我从mongodb预编译的二进制文件成功创建了一个程序包。 I would like to add a user to the mongodb directly after the installation.
我想在安装后直接向mongodb添加用户。 So I created the following post-installation script:
因此,我创建了以下安装后脚本:
~$ cat /var/lib/dpkg/info/mongodb-pc.postinst
#!/bin/sh
set -x
# script version: 20
cp -r /srv/mongodb/etc/sv/mongodb /etc/sv/
if [ ! -L /etc/service/mongodb ] ; then
ln -s /etc/sv/mongodb /etc/service/mongodb
fi
count=`egrep -c "^mongo:" /etc/group`
if [ $count -eq 0 ] ; then
echo "No mongo group found ... adding ..."
groupadd mongo
fi
/usr/bin/id -u mongo > /dev/null 2>&1
if [ $? -eq 1 ]; then
echo "No mongo user found ... adding ..."
useradd -s /dev/null -g mongo mongo
fi
chown -R mongo:mongo /srv/mongodb/data/
chown -R mongo:mongo /srv/mongodb/run/
chown -R mongo:mongo /srv/mongodb/log/
sv stop mongodb
auth_file=/srv/mongodb/etc/mongodb.auth
auth_script=/srv/mongodb/etc/get_or_create_admin.js
if [ ! -f $auth_file ] ; then
chpst -umongo /srv/mongodb/bin/mongod --config /srv/mongodb/etc/mongodb.conf --fork
echo "Waiting for 4 seconds for mongo to start up ..."
sleep 4
RANDKEY=`head -c 32 /dev/urandom | tr -dc 'a-zA-Z0-9'`
RANDKEY2=`head -c 32 /dev/urandom | tr -dc 'a-zA-Z0-9'`
umask 0277 # make sure only root can read this file!
cat <<EOF > $auth_script
conn = new Mongo();
db = conn.getDB("admin");
// query the systme.users collection to find if admin exists
var admin = db['system.users'].find( {"user": "admin"} )
var root = db['system.users'].find( {"user": "root"} )
if ( ! admin.hasNext()) {
// do the magic here:
db.createUser(
{
user: "manager",
pwd: "${RANDKEY}",
roles : [ "userAdminAnyDatabase" ]
}
)
} else {
print(admin)
}
if ( ! root.hasNext()) {
// do the magic here:
db.createUser(
{
user: "uebermanager",
pwd: "${RANDKEY2}",
roles : [ "root" ]
}
)
} else {
print(root)
}
EOF
umask 0022
chown root:mongo $auth_script
/srv/mongodb/bin/mongo admin $auth_script
umask 0277 # make sure only root can read this file!
cat <<EOF > $auth_file
manager:${RANDKEY}
uebermanager:${RANDKEY2}
EOF
umask 0022
kill -9 `cat /srv/mongodb/data/mongod.lock`
echo "Waiting for 4 seconds for mongo to shutdown ..."
sleep 4
fi
/usr/bin/sv up mongodb > /dev/null 2>&1
It seems that the script is running perfectly fine. 看来脚本运行得很好。 Here is the output:
这是输出:
$ sudo dpkg -i mongodb-plan-net_2.6.4-28_amd64.deb
Selecting previously unselected package mongodb-plan-net.
(Reading database ... 17378 files and directories currently installed.)
Unpacking mongodb-plan-net (from mongodb-pc_2.6.4-28_amd64.deb) ...
Setting up mongodb-plan-net (2.6.4-28) ...
+ cp -r /srv/mongodb/etc/sv/mongodb /etc/sv/
+ [ ! -L /etc/service/mongodb ]
+ egrep -c ^mongo: /etc/group
+ count=0
+ [ 0 -eq 0 ]
+ echo No mongo group found ... adding ...
No mongo group found ... adding ...
+ groupadd mongo
+ /usr/bin/id -u mongo
+ [ 1 -eq 1 ]
+ echo No mongo user found ... adding ...
No mongo user found ... adding ...
+ useradd -s /dev/null -g mongo mongo
+ chown -R mongo:mongo /srv/mongodb/data/
+ chown -R mongo:mongo /srv/mongodb/run/
+ chown -R mongo:mongo /srv/mongodb/log/
+ sv stop mongodb
ok: down: mongodb: 0s, normally up, want up
+ auth_file=/srv/mongodb/etc/mongodb.auth
+ auth_script=/srv/mongodb/etc/get_or_create_admin.js
+ [ ! -f /srv/mongodb/etc/mongodb.auth ]
+ chpst -umongo /srv/mongodb/bin/mongod --config /srv/mongodb/etc/mongodb.conf --fork
about to fork child process, waiting until server is ready for connections.
forked process: 20104
child process started successfully, parent exiting
+ echo Waiting for 4 seconds for mongo to start up ...
Waiting for 4 seconds for mongo to start up ...
+ sleep 4
+ head -c 32 /dev/urandom
+ tr -dc a-zA-Z0-9
+ RANDKEY=qMu2Tg
+ head -c 32 /dev/urandom
+ tr -dc a-zA-Z0-9
+ RANDKEY2=wG5DT61EK
+ umask 0277
+ cat
+ umask 0022
+ chown root:mongo /srv/mongodb/etc/get_or_create_admin.js
+ /srv/mongodb/bin/mongo admin /srv/mongodb/etc/get_or_create_admin.js
MongoDB shell version: 2.6.4
connecting to: admin
Successfully added user: { "user" : "manager", "roles" : [ "userAdminAnyDatabase" ] }
Successfully added user: { "user" : "uebermanager", "roles" : [ "root" ] }
+ umask 0277
+ cat
+ umask 0022
+ cat /srv/mongodb/data/mongod.lock
+ kill -9 20104
+ echo Waiting for 4 seconds for mongo to shutdown ...
Waiting for 4 seconds for mongo to shutdown ...
+ sleep 4
+ /usr/bin/sv up mongodb
The runit job at the end of the script ( /usr/bin/sv up mongodb
lauches mongodb with --auth
) 脚本末尾的runit作业(
/usr/bin/sv up mongodb
mongodb使用--auth
/usr/bin/sv up mongodb
)
Notice how mongodb reports it added the users? 请注意mongodb如何报告它添加了用户? However, if I try to connect directly after added the package I can't directly connect.
但是,如果在添加软件包后尝试直接连接,则无法直接连接。 Here is an account of the things:
这是事情的描述:
$ sudo cat /srv/mongodb/etc/mongodb.auth
manager:k4YEzu
uebermanager:7CquZ
$ sudo /srv/mongodb/bin/mongo admin -u manager -p k4YEzu
MongoDB shell version: 2.6.4
Enter password:
connecting to: admin
2014-09-16T11:04:05.659+0200 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed
If I do the following steps in my bash shell after the installation I can connect to the admin database flawlessly 如果我在安装后在bash shell中执行以下步骤,则可以完美连接至管理数据库
~$ sudo sv down mongodb
~$ sudo chpst -umongo /srv/mongodb/bin/mongod --config /srv/mongodb/etc/mongodb.conf --fork
about to fork child process, waiting until server is ready for connections.
forked process: 20833
child process started successfully, parent exiting
~$ sudo /srv/mongodb/bin/mongo admin /srv/mongodb/etc/get_or_create_admin.js
MongoDB shell version: 2.6.4
connecting to: admin
Successfully added user: { "user" : "manager", "roles" : [ "userAdminAnyDatabase" ] }
Successfully added user: { "user" : "uebermanager", "roles" : [ "root" ] }
~$ sudo kill -9 20833
~$ sudo sv up mongodb
~$ sudo /srv/mongodb/bin/mongo admin -u manager -pk4YEzu
MongoDB shell version: 2.6.4
connecting to: admin
> exit
bye
How do you make my post-install script work so I don't have to do the manual steps after installing? 您如何使我的安装后脚本起作用,所以安装后不必执行手动步骤?
Well, solution found: 好了,找到解决方案:
The mongodb documentation states: mongodb文档指出:
Warning
警告
Never use kill -9 (ie SIGKILL) to terminate a mongod instance.
切勿使用kill -9(即SIGKILL)来终止mongod实例。
Which was done in the post install script. 这是在安装后脚本中完成的。 I changed the offending line to:
我将违规行更改为:
/srv/mongodb/bin/mongod --shutdown --config /srv/mongodb/etc/mongodb.conf
This solved the problem. 这样就解决了问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.