問題描述
在部署副本集模式的mongodb的時候,當啓用認證後,執行rs.status()後,變成了如下狀態:
{
"set" : "mytest",
"date" : ISODate("2019-12-24T02:24:30.510Z"),
"myState" : 3,
"term" : NumberLong(6),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"majorityVoteCount" : 2,
"writeMajorityCount" : 2,
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(0, 0),
"t" : NumberLong(-1)
},
"lastCommittedWallTime" : ISODate("1970-01-01T00:00:00Z"),
"appliedOpTime" : {
"ts" : Timestamp(1577154202, 1),
"t" : NumberLong(6)
},
"durableOpTime" : {
"ts" : Timestamp(1577154202, 1),
"t" : NumberLong(6)
},
"lastAppliedWallTime" : ISODate("2019-12-24T02:23:22.046Z"),
"lastDurableWallTime" : ISODate("2019-12-24T02:23:22.046Z")
},
"lastStableRecoveryTimestamp" : Timestamp(1577154202, 1),
"lastStableCheckpointTimestamp" : Timestamp(1577154202, 1),
"members" : [
{
"_id" : 0,
"name" : "10.38.160.174:27017",
"ip" : "10.38.160.174",
"health" : 1,
"state" : 3,
"stateStr" : "RECOVERING",
"uptime" : 54,
"optime" : {
"ts" : Timestamp(1577154202, 1),
"t" : NumberLong(6)
},
"optimeDate" : ISODate("2019-12-24T02:23:22Z"),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "could not find member to sync from",
"configVersion" : 1,
"self" : true,
"lastHeartbeatMessage" : ""
},
{
"_id" : 1,
"name" : "10.38.160.174:27027",
"ip" : "10.38.160.174",
"health" : 0,
"state" : 6,
"stateStr" : "(not reachable/healthy)",
"uptime" : 0,
"optime" : {
"ts" : Timestamp(0, 0),
"t" : NumberLong(-1)
},
"optimeDurable" : {
"ts" : Timestamp(0, 0),
"t" : NumberLong(-1)
},
"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),
"lastHeartbeat" : ISODate("2019-12-24T02:24:30.466Z"),
"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"authenticated" : false,
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"configVersion" : -1
},
{
"_id" : 2,
"name" : "10.38.160.174:27037",
"ip" : "10.38.160.174",
"health" : 0,
"state" : 6,
"stateStr" : "(not reachable/healthy)",
"uptime" : 0,
"optime" : {
"ts" : Timestamp(0, 0),
"t" : NumberLong(-1)
},
"optimeDurable" : {
"ts" : Timestamp(0, 0),
"t" : NumberLong(-1)
},
"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),
"lastHeartbeat" : ISODate("2019-12-24T02:24:30.466Z"),
"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"authenticated" : false,
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"configVersion" : -1
}
],
"ok" : 1
}
具體的表現就是,當前登錄的節點變成了RECOVERING
的狀態,其他節點變成了 (not reachable/healthy)
的狀態。
問題原因
原因就是當啓用認證後,不僅客戶端連接需要認證,服務內部不同節點之間,也是需要相互認證的,如果僅僅是啓用認證方式,不設定服務內部之間的認證參數,則服務內部各節點之間是無法成功通信的,就造成了當前登錄節點一直是恢復中的狀態,而其他節點應該是 not reachable
的狀態,所以會顯示爲 not reachable/healthy
。
問題解決
只需要在啓用認證的時候,加上節點內容認證參數即可,mongodb提供了兩種方式:一種是 keyfile的方式,一種是證書方式,詳細內容參見:Internal/Membership Authentication
我採用的是簡單的keyfile的方式,只需要在啓動的時候,加上 --keyFile=key/file/path 即可