mongodb復(fù)制集root 賬號(hào)密碼忘記找回

環(huán)境要求：

可以登錄部署機(jī)器

原理

mongodb的配置文件中

security:
authorization: enabled # enabled/disabled 控制客戶端認(rèn)證開(kāi)關(guān)
transitionToAuth: true # 是否啟用中間狀態(tài)登錄， 開(kāi)啟可以使用空密碼登錄， 默認(rèn)關(guān)閉蜕企，打開(kāi)auth建議關(guān)閉或者注釋
方法：（1）讯柔、使用 transitionToAuth來(lái)空密碼root登錄，默認(rèn)不加user和密碼會(huì)以root登錄
（2）缔御、使用 authorization 關(guān)閉認(rèn)證，同上
建議使用方法1

步驟

1.登錄復(fù)制集，關(guān)閉sever

登錄 shell ： mongo "mongodb://mongodb0.example.com.local:27017,mongodb1.example.com.local:27017,mongodb2.example.com.local:27017/?replicaSet=replA&authSource=admin"

查看復(fù)制集conf：

> rs.status() //需要數(shù)據(jù)庫(kù)admin權(quán)限垂寥，其他看不到復(fù)制集信息

or

> rs.isMaster() // 普通user可見(jiàn)

{

"hosts" : [

"10.38.164.243:27017",

"10.38.164.210:27017"

],

"setName" : "your",

"setVersion" : 13,

"ismaster" : true,

"secondary" : false,

"primary" : "10.38.164.243:27017",

"tags" : {

"state" : "online",

"online" : "rack-1",

"env" : "staging"

},

"me" : "10.38.164.243:27017",

"electionId" : ObjectId("5d3ab964963dfa5ce2c63564"),

"lastWrite" : {

"opTime" : {

"ts" : Timestamp(1566992731, 3),

"t" : NumberLong(-1)

},

"lastWriteDate" : ISODate("2019-08-28T11:45:31Z")

},

"maxBsonObjectSize" : 16777216,

"maxMessageSizeBytes" : 48000000,

"maxWriteBatchSize" : 1000,

"localTime" : ISODate("2019-08-28T11:45:34.133Z"),

"maxWireVersion" : 5,

"minWireVersion" : 0,

"readOnly" : false,

"ok" : 1

}

可以看到本機(jī)是主，列出了復(fù)制集機(jī)器列表

關(guān)閉server：

1 登錄客戶端關(guān)閉 (需要root權(quán)限)

> use admin

> db.shutdownServer()

2 直接在機(jī)器上kill master進(jìn)程

> ps -ef | grep mongod

> kill -9 $pid

2 修改conf文件另锋，重啟server

添加 transitionToAuth: true

重啟server： ../ mongod -f config.conf

3.登錄primary機(jī)器修改或者添加root賬戶密碼

./mongo 10.38.164.243:27017 # 使用root賬戶登錄數(shù)據(jù)庫(kù)

> use admin

> db.getUsers() # 同 show users

[

{

"_id" : "admin.your_wr",

"user" : "your_wr",

"db" : "admin",

"roles" : [

{

"role" : "rwyour",

"db" : "admin"

}

]

},

{

"_id" : "admin.sys_admin",

"user" : "sys_admin",

"db" : "admin",

"roles" : [

{

"role" : "root",

"db" : "admin"

}

]

}

]

or

> db.system.users.find()

{

"_id" : "admin.sys_admin",

"user" : "sys_admin",

"db" : "admin",

"credentials" : {

"SCRAM-SHA-1" : {

"iterationCount" : 10000,

"salt" : "9jEggysaAxzKk/j5KQfErg==",

"storedKey" : "536K7n6PZw8fvlqvu4ntUpeucVU=",

"serverKey" : "drAbbTwLO2mPF+oh1BuyeBZK+AA="

}

},

"roles" : [

{

"role" : "root",

"db" : "admin"

}

]

}

{

"_id" : "admin.your_wr",

"user" : "your_wr",

"db" : "admin",

"credentials" : {

"SCRAM-SHA-1" : {

"iterationCount" : 10000,

"salt" : "l5mTQBZCoXpJGzJxfLlUyQ==",

"storedKey" : "FRnQUOKLdrhRJOaqjmgHXC9vhWI=",

"serverKey" : "EeDZz5oBhsLOSKz5+0qRFK/p3oU="

}

},

"roles" : [

{

"role" : "rwyour",

"db" : "admin"

}

]

}

修改sys_admin 的密碼

> db.changeUserPassword('sys_admin', '123456')

新增用戶

db.createUser(

{

user: "reportsUser",

pwd: passwordPrompt(), // or cleartext password

roles: [

{ role: "read", db: "reporting" },

{ role: "read", db: "products" },

{ role: "read", db: "sales" },

{ role: "readWrite", db: "accounts" }

]

}

)

db.createUser({user: "your_admin", pwd: "123456", roles: [{"role": "root", "db": "admin"}]})

添加權(quán)限

db.grantRolesToUser("your_wr", [{"role": "dbAdminAnyDatabase", "db": "admin"}])

4 關(guān)server

> use admin

> db.auth("your_admin", "123456")

> db.shutdownServer()
or 
kill 方法 同上

5滞项、修改conf 開(kāi)區(qū)復(fù)制集，啟動(dòng)server

./mongod -f /home/work/mongod/conf/mongod.conf

使用root用戶登錄夭坪，查看復(fù)制集狀態(tài)

> rs.status()

mongo "mongodb://your_admin:[123456@10.38.164.243](mailto:123456@10.38.164.243):27017,10.38.164.210:27017/?authSource=admin&replicaSet=your"

{

"set" : "your",

"date" : ISODate("2019-08-28T12:55:48.870Z"),

"myState" : 1,

"term" : NumberLong(-1),

"heartbeatIntervalMillis" : NumberLong(2000),

"optimes" : {

"lastCommittedOpTime" : {

"ts" : Timestamp(1566996947, 3),

"t" : NumberLong(-1)

},

"appliedOpTime" : Timestamp(1566996947, 3),

"durableOpTime" : Timestamp(1566996947, 3)

},

"members" : [

{

"_id" : 2,

"name" : "10.38.164.243:27017",

"health" : 1,

"state" : 1,

"stateStr" : "PRIMARY",

"uptime" : 301,

"optime" : Timestamp(1566996947, 3),

"optimeDate" : ISODate("2019-08-28T12:55:47Z"),

"electionTime" : Timestamp(1566996650, 1),

"electionDate" : ISODate("2019-08-28T12:50:50Z"),

"configVersion" : 13,

"self" : true

},

{

"_id" : 3,

"name" : "10.38.164.210:27017",

"health" : 1,

"state" : 2,

"stateStr" : "SECONDARY",

"uptime" : 300,

"optime" : Timestamp(1566996947, 3),

"optimeDurable" : Timestamp(1566996947, 3),

"optimeDate" : ISODate("2019-08-28T12:55:47Z"),

"optimeDurableDate" : ISODate("2019-08-28T12:55:47Z"),

"lastHeartbeat" : ISODate("2019-08-28T12:55:48.723Z"),

"lastHeartbeatRecv" : ISODate("2019-08-28T12:55:47.232Z"),

"pingMs" : NumberLong(0),

"syncingTo" : "10.38.164.243:27017",

"configVersion" : 13

}

],

"ok" : 1

}

ok!!! 是不是很全了