蒙戈连接器无法连接到mongos

Question

我连接与clusterAdmin和备份角色的用户来蒙戈，但我得到的错误：

2017-02-09 17:51:23,254 [ERROR] mongo_connector.util:96 - Fatal Exception 
Traceback (most recent call last): 
    File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 94, in wrapped 
    func(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 370, in run 
    'listShards')['shards']: 
    File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 78, in retry_until_ok 
    return func(*args, **kwargs) 
    File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 494, in command 
    codec_options, **kwargs) 
    File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 406, in _command 
    parse_write_concern_error=parse_write_concern_error) 
    File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 419, in command 
    collation=collation) 
    File "/usr/lib64/python2.7/site-packages/pymongo/network.py", line 116, in command 
    parse_write_concern_error=parse_write_concern_error) 
    File "/usr/lib64/python2.7/site-packages/pymongo/helpers.py", line 210, in _check_command_response 
    raise OperationFailure(msg % errmsg, code, response) 
OperationFailure: not authorized on admin to execute command { listShards: 1 } 

下所需的权限这一页说让mongo-最简单的方法连接器运行的方法是创建一个备份角色的用户：

https://github.com/mongodb-labs/mongo-connector/wiki/Usage-with-Authentication

db.getSiblingDB("admin").createUser({ user:"backup",pwd:"password_here", roles: ["backup"] }) 

，但我不能，甚至连这样的用户（认证错误）：

2017-02-10 16:52:01,448 [ERROR] mongo_connector.util:96 - Fatal Exception 
Traceback (most recent call last): 
    File "/usr/lib/python2.7/site-packages/mongo_connector/util.py", line 94, in wrapped 
    func(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 398, in run 
    hosts, replicaSet=repl_set) 
    File "/usr/lib/python2.7/site-packages/mongo_connector/connector.py", line 299, in create_authed_client 
    client['admin'].authenticate(self.auth_username, self.auth_key) 
    File "/usr/lib64/python2.7/site-packages/pymongo/database.py", line 1048, in authenticate 
    connect=True) 
    File "/usr/lib64/python2.7/site-packages/pymongo/mongo_client.py", line 505, in _cache_credentials 
    sock_info.authenticate(credentials) 
    File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 523, in authenticate 
    auth.authenticate(credentials, self) 
    File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 470, in authenticate 
    auth_func(credentials, sock_info) 
    File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 450, in _authenticate_default 
    return _authenticate_scram_sha1(credentials, sock_info) 
    File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 201, in _authenticate_scram_sha1 
    res = sock_info.command(source, cmd) 
    File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 419, in command 
    collation=collation) 
    File "/usr/lib64/python2.7/site-packages/pymongo/network.py", line 116, in command 
    parse_write_concern_error=parse_write_concern_error) 
    File "/usr/lib64/python2.7/site-packages/pymongo/helpers.py", line 210, in _check_command_response 
    raise OperationFailure(msg % errmsg, code, response) 
OperationFailure: Authentication failed. 

当我登录到与这两个用户mongos，并运行命令

db.getSiblingDB("admin").runCommand({ listShards: 1 }) 

我得到一个碎片上市没有probs

{ 
     "shards" : [ 
       { 
         "_id" : "shard001", 
         "host" : "shard001/timgrhlmdb01:27020,timgrhlmdb02:27020", 
         "state" : 1 
       }, 
       { 
         "_id" : "shard002", 
         "host" : "shard002/timgrhlmdb03:27020,timgrhlmdb04:27020", 
         "state" : 1 
       } 
     ], 
     "ok" : 1 
} 

那么这是什么意思：

操作失败：管理员未授权执行命令{listShards：1}

更新

我重建从头集群，仍然有同样的问题：OperationFailure：未授权的管理员执行命令{listShards：1}

我也曾尝试用户“备份“只有角色'clusterManager'和'readAnyDatabase'。这允许用户列出碎片，但现在蒙戈连接器失败，“验证失败”：通过运行此命令

{ "_id" : "admin.backup", "user" : "backup", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "pWcEU7uFqfHPgGe8z+E9Wg==", "storedKey" : "k2tapXQPtM2dHlxYnJiWVxO/rtg=", "serverKey" : "EGG8M4i27OYBy+fLYaL13+Nn4mc=" } }, "roles" : [ { "role" : "readAnyDatabase", "db" : "admin" }, { "role" : "clusterManager", "db" : "admin" } ] } 

Answer 1

应对提交的MongoDB，实验室/蒙戈连接器：

This is indeed a subtle bug introduced in #563. We changed a find on config.shards into a call to listShards assuming that it would have no change in behavior. Unfortunately (and annoyingly), the backup role has privileges to read the list of shards in the config.shards collection but, as you can see, does not have the privilege to run the listShards command. I'll revert this change to fix the problem in the upcoming 2.5.1 bug-fix release.

In the meantime, you will need to grant the mongo-connector user the backup AND clusterMonitor roles.

An important point that is not yet mentioned in the documentation is that the user must be created on a mongos and all the shards. This enables mongo-connector to authenticate to the cluster as a whole and to each shard individually.

这就是现在的作品！ yay

这会教我跟随手动大声笑！

Answer 2

退房用户：

db.system.users.find({}) 

确保您创建的用户是具有backup角色，如果您可以登录为备份用户，并且您也可以运行这些命令，这意味着备份用户已创建并授予角色及其权限。

---

确保您的角色为clusterManager来执行此操作。

Provides management and monitoring actions on the cluster. A user with this role can access the config and local databases, which are used in sharding and replication, respectively.

Provides the following actions on the cluster as a whole:

• addShard
• appendOplogNote
• applicationMessage
• cleanupOrphaned
• flushRouterConfig
• listShards
• removeShard etc

看看built-in-roles。

顺便说一下，看看这个issue。希望这可以帮助。从错误