监视代理程序无法连接到启用了身份验证的副本集
[英]monitoring agent can't connect to replica set with auth enabled
问题描述
I have a replica set with auth enabled. 
我有一个启用了身份验证的副本集。 All members are able to authenticate to each other with internal authentication (keyfile) and replication is working fine. 所有成员都可以使用内部身份验证(密钥文件)彼此进行身份验证,并且复制工作正常。 I installed a monitoring agent in one of the mebers and it connects to mongo cloud. 我在其中一个成员中安装了监视代理程序,它连接到mongo cloud。
The problem is that the monitoring agent is not able to authenticate to the replica set. 问题是监视代理程序无法对副本集进行身份验证。 I know that because mongo cloud shows a warning. 我知道这是因为mongo cloud会显示警告。
A Monitoring Agent was unable to establish a connection to this host because of an authentication error.
And the logs say: 日志说:
Error: Failure during discovery.
I know it is not a discovery issue because if I start the replica set without auth enabled then mongo cloud shows everything normal. 我知道这不是发现问题,因为如果我在未启用身份验证的情况下启动副本集,则mongo cloud会显示一切正常。
Question 题
What I need to know is how to tell the monitoring agent what user and password to use to authenticate to the replica set. 我需要知道的是如何告诉监视代理使用什么用户和密码对副本集进行身份验证。 I looked through the documentation but I couldn't find it. 我浏览了文档,但找不到。 However I did find this: 但是我确实发现了这一点:
If your MongoDB deployment enforces access control, the Cloud Manager Monitoring Agent must authenticate to MongoDB as a user with the proper access.
https://docs.cloudmanager.mongodb.com/reference/required-access-monitoring-agent/ https://docs.cloudmanager.mongodb.com/reference/required-access-monitoring-agent/
I can create the user with the correct roles but it doesn't say how to configure the monitoring agent to use that user and password. 我可以创建具有正确角色的用户,但没有说明如何配置监视代理程序以使用该用户和密码。
1 个解决方案
解决方案1
0 已采纳 2017-03-11 00:36:16
After looking some more in the documentation I was finally able to find the way to do it, but I am not 100% convinced this is the correct way because the documentation marks this section as deprecated, but I can't find anything else on this subject. 在文档中查看了更多内容之后,我终于找到了解决方法,但我不是100%确信这是正确的方法,因为文档将本节标记为已弃用,但是我在此上找不到任何其他内容学科。
You can edit the configuration file for the monitoring agent and add these two options to specify user and password that it will use: 您可以编辑监视代理程序的配置文件,并添加以下两个选项以指定它将使用的用户和密码:
/etc/mongodb-mms/monitoring-agent.config /etc/mongodb-mms/monitoring-agent.config
globalAuthUsername=mms-monitoring-agent
globalAuthPassword=password
https://docs.cloudmanager.mongodb.com/reference/monitoring-agent/#msetting.globalAuthUsername https://docs.cloudmanager.mongodb.com/reference/monitoring-agent/#msetting.globalAuthUsername
After editing the file restart the monitoring agent. 编辑文件后,重新启动监视代理。
EDIT: 编辑:
I was not using the automation agent that is why I needed to do it manually. 我没有使用自动化代理,这就是为什么我需要手动执行该操作的原因。 If you are using the automation agent then this can be done through the UI in mongo cloud. 如果您正在使用自动化代理,则可以通过mongo cloud中的UI来完成。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.