MongoDB:applyOps:未经管理员授权执行命令
[英]MongoDB : applyOps: not authorized on admin to execute command
问题描述
A Very Good Day, 
美好的一天,
I have the user in the mongodb like below who has the superuser privileges (I confirmed the role setting using show users command) 我在mongodb中有如下用户,该用户具有超级用户特权(我使用show users命令确认了角色设置)
{
"_id" : "admin.mongoadmin",
"user" : "mongoadmin",
"db" : "admin",
"roles" : [
{
"role" : "readWrite",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
when I try to restore the oplog using the mongorestore, I get the error : 当我尝试使用mongorestore还原操作日志时,出现错误:
Failed: restore error: error applying oplog: applyOps: not authorized on admin to execute command { applyOps: [ { ts: Timestamp(1552828309, 1), h: 4632811839329880092, v: 2, op: "c", ns: "admin.$cmd", o: { create: "system.keys", idIndex: { v: 2, key: { _id: 1 }, name: " id ", ns: "admin.system.keys" } }, o2: {} } ], $db: "admin" } 失败:还原错误:应用操作日志时出错:applyOps:未经管理员授权执行命令 {applyOps:[{ts:Timestamp(1552828309,1),h:46328118393298800800,v:2,op:“ c”,ns:“ admin 。$ cmd“,o:{创建:“ system.keys”,idIndex:{v:2,密钥:{_ id :1},名称:“ id ”,ns:“ admin.system.keys”}},o2 :{}}],$ db:“ admin”}
mongorestore -u admin -p password --authenticationDatabase=admin --oplogFile 0000000000_0_oplog.bson --oplogReplay --oplogLimit=1552828432 --dir='/oplog/temp'
2019-03-17T13:47:36.945+0000 preparing collections to restore from
2019-03-17T13:47:36.945+0000 replaying oplog
2019-03-17T13:47:36.962+0000 Failed: restore error: error applying oplog: applyOps: not authorized on admin to execute command { applyOps: [ { ts: Timestamp(1552828309, 1), h: 4632811839329880092, v: 2, op: "c", ns: "admin.$cmd", o: { create: "system.keys", idIndex: { v: 2, key: { _id: 1 }, name: "_id_", ns: "admin.system.keys" } }, o2: {} } ], $db: "admin" }
NOTE : I specified the oploglimit (--oplogLimit=1552828432) with the last value I got from the bsondump Is this correct? 注意 :我用从bsondump获得的最后一个值指定了oploglimit(--oplogLimit = 1552828432)这是正确的吗? Or Am I missing anything? 还是我错过了什么?
(ie) (即)
{"ts":{"$timestamp":{"t":1552828432,"i":79}},"t":{"$numberLong":"1"},"h":{"$numberLong":"-2072015676601300967"},"v":2,"op":"i","ns":"inventory.hari","ui":{"$binary":"avdlGH8AS1eBPXRytlO1Yg==","$type":"04"},"wall":{"$date":"2019-03-17T13:13:52.139Z"},"o":{"_id":"79","name":"Hari","role":"Developer","isEmployee":true}}
{"ts":{"$timestamp":{"t":1552828432,"i":80}},"t":{"$numberLong":"1"},"h":{"$numberLong":"-6279494628130059002"},"v":2,"op":"u","ns":"inventory.hari","ui":{"$binary":"avdlGH8AS1eBPXRytlO1Yg==","$type":"04"},"o2":{"_id":"79"},"wall":{"$date":"2019-03-17T13:13:52.139Z"},"o":{"_id":"79","name":"WD_Userjava.util.Random@9a7504c","role":"Developer","isEmployee":true}}
Anyhelp is appreciated. 任何帮助表示赞赏。 Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 2019-06-03 11:01:48
use admin
db.createRole(
{
role: "interalUseOnlyOplogRestore",
privileges: [
{ resource: { anyResource: true }, actions: [ "anyAction" ] }
],
roles: []
}
)
db.createUser({
user: "root",
pwd: "password",
roles: [
{role: "root", db: "admin"},"__system","interalUseOnlyOplogRestore","backup"
]
})
Better though to reduce the privileges to something like below. 最好将特权减少到下面的内容。
db.createUser({
user: "root2",
pwd: "password",
roles: [
"interalUseOnlyOplogRestore"
]
})
After this you can run the restore command 之后,您可以运行restore命令
mongorestore --port 27017 --oplogReplay oplogRestore --authenticationDatabase admin -u root2 -p password
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.