mongoDB：用户身份验证工作正常，但是在日志中显示“未经授权，未经管理员授权即可执行命令”

Question

我已经按照“ 如何在2.6中向Mongo添加管理员用户”中所述的步骤进行操作。

首先，注释掉/etc/mongod.conf文件中的“ auth = true”，以便不进行身份验证，我可以在相应的数据库中创建以下用户。

管理员：

use admin;
db.createUser({user: "mongoRoot", pwd: "password", roles: [{role: "root", db: "admin"}]}); 
db.createUser({user: "mongoAdmin", pwd: "password", roles: ["readWrite"]});
db.createUser({user: "siteUserAdmin", pwd: "password", roles: [{role: "userAdminAnyDatabase", db: "admin"}]}); 
db.createUser({user: "mongoDBAdmin", pwd: "password", roles: [{role: "dbAdmin", db: "admin"}]}); 
db.createUser({user: "mongoDBOwner", pwd: "password", roles: [{role: "dbOwner", db: "admin"}]}); 

db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]});  (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin', the user mongoWrite is able to login as done in https://gist.github.com/tamoyal/10441108)
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]});  (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin', the user mongoRead is able to login  as done in https://gist.github.com/tamoyal/10441108)

配置：

use config;
db.createUser({user: "mongoConfig", pwd: "password", roles: [{role: "readWrite", db: "config"}]}); 

测试：

use test;
db.createUser({user: "mongoTest", pwd: "password", roles: [{role: "readWrite", db: "test"}]}); 

mongo_database：

use mongo_database;
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]}); 
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]}); 
db.createUser({user: "mongoAdmin", pwd: "password", roles: [{role: "readWrite", db: "mongo_database"}]}); 

确保添加了所有必需的用户之后，通过取消注释/etc/mongod.conf文件中的“ auth = true”并重新启动mongodb来启用身份验证。

[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({ "nInserted" : 1 })
rs0:PRIMARY> exit
bye
[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({
        "writeError" : {
                "code" : 13,
                "errmsg" : "not authorized on mongo_database to execute command { insert: \"test\", documents: [ { _id: ObjectId('559bba6ead81843e121c5ac7'), Hello: \"World\" } ], ordered: true }"
        }
})
rs0:PRIMARY>

到目前为止，一切正常。 唯一遇到的问题是，我的日志文件以每分钟近万行的速度受到以下两行的轰炸，并且我的磁盘很快就没有空间了。

2015-07-07T11:40:28.340+0000 [conn3] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55913d82b47aa336e4f971c2') }
2015-07-07T11:40:28.340+0000 [conn2] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55923232e292bbe6ca406e4e') }

给出一个想法，在10秒的跨度内，仅由上述两行构成了价值10 MB的日志文件。

[ec2-user@ip-xxx-xx-xx-xx ~]$ date
Tue Jul  7 11:44:01 UTC 2015
[ec2-user@ip-xxx-xx-xx-xx ~]$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvdh       4.8G  388M  4.2G   9% /log
[ec2-user@ip-xxx-xx-xx-xx ~]$ date
Tue Jul  7 11:44:14 UTC 2015
[ec2-user@ip-xxx-xx-xx-xx ~]$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvdh       4.8G  398M  4.2G   9% /log

据我所知，身份验证似乎运行良好。 只是原木正在以超快的声音速度充满。 我究竟做错了什么？ 请帮忙。 提前致谢。

Answer 1

过多的日志来自配置服务器，即使将身份验证添加到启用了身份验证的配置服务器后，它也不会停止。 升级到副本集的mongo 3.0.4，打开副本集的身份验证，并在配置服务器上将mongo升级到3.0.4，它开始正常运行而没有任何问题（在mongo 2.6.x上执行相同的步骤将导致我提到的问题以上）。 因此，我们计划升级到3.0.4，以绕过此问题。 希望对别人有帮助。