Docs Menu
Docs Home
/
MongoDB 매뉴얼
/
자체 관리 배포서버
/
보안
/
인증
/
내부

자체 관리형 샤딩된 클러스터를 키 파일 인증으로 업데이트(다운타임 없음)

이 페이지의 내용

개요

중요

The following procedure applies to sharded clusters using MongoDB 3.4 or later.

Earlier versions of MongoDB do not support no-downtime upgrade. For sharded clusters using earlier versions of MongoDB, see 자체 관리형 샤딩된 클러스터를 키 파일 인증으로 업데이트.

A MongoDB sharded cluster can enforce user authentication as well as internal authentication of its components to secure against unauthorized access.

The following tutorial describes a procedure using security.transitionToAuth to transition an existing sharded cluster to enforce authentication without incurring downtime.

Before you attempt this tutorial, please familiarize yourself with the contents of this document.

고려 사항

클라우드 관리자 및 운영 관리자

If you are using Cloud Manager or Ops Manager to manage your deployment, refer to Configure Access Control for MongoDB Deployments in the Cloud Manager manual or Ops Manager manual to enforce authentication.

IP 바인딩

2} 및mongod mongos MongoDB localhost 바이너리는 기본적으로 에 바인딩됩니다.

Internal and Client Authentication Mechanisms

This tutorial configures authentication using SCRAM for client authentication and a keyfile for internal authentication.

Refer to the 자체 관리 배포에 대한 인증 documentation for a complete list of available client and internal authentication mechanisms.

아키텍처

This tutorial assumes that each shard replica set, as well as the config server replica set, can elect a new primary after stepping down its existing primary.

A replica set can elect a primary only if both of the following conditions are true:

Minimum number of mongos instances

Ensure your sharded cluster has at least two mongos instances available. This tutorial requires restarting each mongos in the cluster. If your sharded cluster has only one mongos instance, this results in downtime during the period that the mongos is offline.

Enforce Keyfile Access Control on an Existing Sharded Cluster

Create and Distribute the Keyfile

키 파일 인증을 사용하면 샤딩된 클러스터의 각 mongod 또는 mongos 인스턴스는 배포에서 다른 멤버를 인증하기 위한 공유 암호로 키 파일의 내용을 사용합니다. 올바른 키 파일을 가진 mongod 또는 mongos 인스턴스만 샤딩된 클러스터에 참여할 수 있습니다.

참고

내부 멤버십 인증을 위한 키파일은 YAML 형식을 사용해 키파일에 여러 키를 허용합니다. YAML 형식은 다음 중 하나를 허용합니다.

  • 단일 키 문자열(이전 버전과 동일)

  • 키 문자열의 순서

YAML 형식은 텍스트 파일 형식을 사용하는 기존의 단일 키 키파일과 호환됩니다.

키 길이는 6~1024자 사이여야 하며 base64 세트의 문자만 포함할 수 있습니다. 샤딩된 클러스터의 모든 멤버는 하나 이상의 공통 키를 공유해야 합니다.

참고

UNIX 시스템에서는 키 파일에 그룹 또는 월드 권한이 없어야 합니다. Windows 시스템에서는 키 파일 권한이 확인되지 않습니다.

원하는 방법을 사용하여 키 파일을 생성할 수 있습니다. 예를 들어 다음 작업에서는 openssl 사용하여 공유 암호로 사용할 복잡한 의사 난수 1024자 문자열을 생성합니다. 그런 다음 chmod 사용하여 파일 소유자에게만 읽기 권한을 제공하도록 파일 권한을 변경합니다.

openssl rand -base64 755 > <path-to-keyfile>
chmod 400 <path-to-keyfile>

샤딩된 클러스터 멤버를 호스팅하는 각 서버에 키 파일을 복사합니다. mongod 또는 mongos 인스턴스를 실행하는 사용자가 파일의 소유자이며 키 파일에 액세스할 수 있도록 합니다.

USB 드라이브 또는 네트워크 연결 저장 장치와 같이 mongod 또는 mongos인스턴스를 호스팅하는 하드웨어에서 쉽게 분리될 수 있는 저장 매체에 키 파일을 저장하지 마세요.

For more information on using keyfiles for internal authentication, refer to 키파일.

Configure Sharded Cluster Admin User and Client Users

You must connect to a mongos to complete the steps in this section. The users created in these steps are cluster-level users and cannot be used for accessing individual shard replica sets.

1

Create the adminstrator user.

Use the db.createUser() method to create an administrator user and assign it the following roles:

Clients performing maintenance operations or user administrative operations on the sharded cluster must authenticate as this user at the completion of this tutorial. Create this user now to ensure that you have access to the cluster after enforcing authentication.

admin = db.getSiblingDB("admin");
admin.createUser(
  {
    user: "admin",
    pwd: "<password>",
    roles: [
      { role: "clusterAdmin", db: "admin" },
      { role: "userAdmin", db: "admin" }
    ]
  }
);

중요

Passwords should be random, long, and complex to prevent or hinder malicious access.

2

Optional: Create additional users for client applications.

In addition to the administrator user, you can create additional users before enforcing authentication.. This ensures access to the sharded cluster once you fully enforce authentication.

예시

The following operation creates the user joe on the marketing database, assigning to this user the readWrite role on the marketing database`.

db.getSiblingDB("marketing").createUser(
  {
    "user": "joe",
    "pwd": "<password>",
    "roles": [ { "role" : "readWrite", "db" : "marketing" } ]
  }
)

Clients authenticating as "joe" can perform read and write operations on the marketing database.

See Database User Roles for roles provided by MongoDB.

사용자 추가에 대한 자세한 내용은 사용자 추가 튜토리얼을 참조하세요. 새 사용자를 추가할 때는 보안 권장 사항을 고려하세요.

3

Optional: Update client applications to specify authentication credentials.

While the sharded cluster does not currently enforce authentication, you can still update client applications to specify authentication credentials when connecting to the sharded cluster. This may prevent loss of connectivity at the completion of this tutorial.

예시

The following operation connects to the sharded cluster using mongosh, authenticating as the user joe on the marketing database.

mongosh  --username "joe" --password "<password>" \
  --authenticationDatabase "marketing" --host mongos1.example.net:27017

If your application uses a MongoDB driver, see the associated driver documentation for instructions on creating an authenticated connection.

Transition Each mongos Instance to Enforce Authentication

1

Create a new mongos configuration file.

For each mongos:

  1. Copy the existing mongos configuration file, giving it a distinct name such as <filename>-secure.conf (or .cfg if using Windows). You will use this new configuration file to transition the mongos to enforce authentication in the sharded cluster. Retain the original configuration file for backup purposes.

  2. To the new configuration file, add the following settings:

    security:
       transitionToAuth: true
       keyFile: <path-to-keyfile>

    The new configuration file should contain all of the configuration settings previously used by the mongos as well as the new security settings.

2

One at a time, restart the mongos with the new configuration file.

참고

If your cluster has only one mongos, this step results in downtime while the mongos is offline.

Follow the procedure to restart the mongos instance, one mongos at a time:

  1. Connect to the mongos to shutdown.

  2. Use the db.shutdownServer() method against the admin database to safely shut down the mongos.

    db.getSiblingDB("admin").shutdownServer()

  3. 다시 시작 mongos with the new configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongos-secure.conf:

    mongos --config <path>/mongos-secure.conf

    where <path> represents the system path to the folder containing the new configuration file.

Repeat the restart process for the next mongos instance until all mongos instances in the sharded cluster have been restarted.

At the end of this section, all mongos instances in the sharded cluster are running with security.transitionToAuth and security.keyFile internal authentication.

Transition Config Server Replica Set Members to Enforce Authentication

1

Create a new mongod configuration file.

For each mongod in the config server replica set,

  1. Copy the existing mongod configuration file, giving it a distinct name such as <filename>-secure.conf (or .cfg if using Windows). You will use this new configuration file to transition the mongod to enforce authentication in the sharded cluster. Retain the original configuration file for backup purposes.

  2. To the new configuration file, add the following settings:

    security:
       transitionToAuth: true
       keyFile: <path-to-keyfile>
2

One at a time, restart the mongod with the new configuration file.

Restart the replica set, one member at a time, starting with the secondary members.

  1. To restart the secondary members one at a time,

    1. Connect to the mongod and use the db.shutdownServer() method against the admin database to safely shut down the mongod.

      db.getSiblingDB("admin").shutdownServer()

    2. Restart the mongod with the new configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongod-secure.conf:

      mongod --config <path>/mongod-secure.conf

      where <path> represents the system path to the folder containing the new configuration file.

    Once this member is up, repeat for the next secondary member.

  2. Once all the secondary members have restarted and are up, restart the primary:

    1. Connect to the mongod.

    2. Use the rs.stepDown() method to step down the primary and trigger an election.

      rs.stepDown()

      You can use the rs.status() method to ensure the replica set has elected a new primary.

    3. Once you step down the primary and a new primary has been elected, shut down the old primary using the db.shutdownServer() method against the admin database.

      db.getSiblingDB("admin").shutdownServer()

    4. Restart the mongod with the new configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongod-secure.conf:

      mongod --config <path>/mongod-secure.conf

      where <path> represents the system path to the folder containing the new configuration file.

At the end of this section, all mongod instances in the config server replica set is running with security.transitionToAuth and security.keyFile internal authentication.

Transition Each Shard Replica Set Members to Enforce Authentication

Create the shard-local administrator

In a sharded cluster that enforces authentication, each shard replica set should have its own shard-local administrator. You cannot use a shard-local administrator for one shard to access another shard or the sharded cluster.

Connect to the primary member of each shard replica set and create a user with the db.createUser() method, assigning it the following roles:

메서드/명령 호출에서 암호를 직접 지정하는 대신 passwordPrompt() 메서드를 다양한 사용자 인증/관리 메서드/명령과 함께 사용하여 암호를 묻는 메시지를 표시할 수 있습니다. 그러나 이전 버전의 mongo shell에서와 마찬가지로 비밀번호를 직접 지정할 수도 있습니다.

admin = db.getSiblingDB("admin")
admin.createUser(
  {
    user: "admin",
    pwd: passwordPrompt(),  // or cleartext password
    roles: [
      { role: "clusterAdmin", db: "admin" },
      { role: "userAdmin", db: "admin" }
    ]
  }
)

At the completion of this tutorial, if you want to connect to the shard to perform maintenance operation that require direct connection to a shard, you must authenticate as the shard-local administrator.

참고

Direct connections to a shard should only be for shard-specific maintenance and configuration. In general, clients should connect to the sharded cluster through the mongos.

절차

Transitioning one shard replica set at a time, repeat these steps for each shard replica set in the sharded cluster.

1
Create a new mongod configuration file.

For each mongod in the shard replica set,

  1. Copy the existing mongod configuration file, giving it a distinct name such as <filename>-secure.conf (or .cfg if using Windows). You will use this new configuration file to transition the mongod to enforce authentication in the sharded cluster. Retain the original configuration file for backup purposes.

  2. To the new configuration file, add the following settings:

    security:
       transitionToAuth: true
       keyFile: <path-to-keyfile>
2
One at a time, restart the mongod with the new configuration file.

Restart the replica set, one member at a time, starting with the secondary members.

  1. To restart the secondary members one at a time,

    1. Connect to the mongod and use the db.shutdownServer() method against the admin database to safely shut down the mongod.

      db.getSiblingDB("admin").shutdownServer()

    2. Restart the mongod with the new configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongod-secure.conf:

      mongod --config <path>/mongod-secure.conf

      where <path> represents the system path to the folder containing the new configuration file.

    Once this member is up, repeat for the next secondary member of the replica set until all secondaries have been updated.

  2. Once all the secondary members have restarted and are up, restart the primary:

    1. Connect to the mongod.

    2. Use the rs.stepDown() method to step down the primary and trigger an election.

      rs.stepDown()

      You can use the rs.status() method to ensure the replica set has elected a new primary.

    3. Once you step down the primary and a new primary has been elected, shut down the old primary using the db.shutdownServer() method against the admin database.

      db.getSiblingDB("admin").shutdownServer()

    4. Restart the mongod with the new configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongod-secure.conf:

      mongod --config <path>/mongod-secure.conf

      where <path> represents the system path to the folder containing the new configuration file.

At this point in the tutorial, every component of the sharded cluster is running with --transitionToAuth and security.keyFile internal authentication. The sharded cluster has at least one administrative user, and each shard replica set has a shard-local administrative user.

The remaining sections involve taking the sharded cluster out of the transition state to fully enforce authentication.

Restart Each mongos Instance without transitionToAuth

중요

At the end of this section, clients must specify authentication credentials to connect to the sharded cluster. Update clients to specify authentication credentials before completing this section to avoid loss of connectivity.

To complete the transition to fully enforcing authentication in the sharded cluster, you must restart each mongos instance without the security.transitionToAuth setting.

1

제거 transitionToAuth from the mongos configuration files.

Remove the security.transitionToAuth key and its value from the mongos configuration files created during this tutorial. Leave the security.keyFile setting added in the tutorial.

security:
   keyFile: <path-to-keyfile>
2

Restart the mongos with the updated configuration file.

참고

If your cluster has only one mongos, this step results in downtime while the mongos is offline.

Follow the procedure to restart mongos instance, one mongos at a time:

  1. Connect to the mongos to shutdown.

  2. Use the db.shutdownServer() method against the admin database to safely shut down the mongos.

    db.getSiblingDB("admin").shutdownServer()

  3. 다시 시작 mongos with the updated configuration file, specifying the path to the config file using --config. For example, if the updated configuration file were named mongos-secure.conf:

    mongos --config <path>/mongos-secure.conf

At the end of this section, all mongos instances enforce client authentication and security.keyFile internal authentication.

Restart Each Config Server Replica Set Member without transitionToAuth

중요

At the end of this step, clients must specify authentication credentials to connect to the config server replica set. Update clients to specify authentication credentials before completing this section to avoid loss of connectivity.

To complete the transition to fully enforcing authentication in the sharded cluster, you must restart each mongod instance without the security.transitionToAuth setting.

1

제거 transitionToAuth from the mongod configuration files.

Remove the security.transitionToAuth key and its value from the config server configuration files created during this tutorial. Leave the security.keyFile setting added in the tutorial.

security:
   keyFile: <path-to-keyfile>
2

One at a time, restart the mongod with the updated configuration file.

Restart the replica set, one member at a time, starting with the secondary members.

  1. To restart the secondary members one at a time,

    1. Connect to the mongod and use the db.shutdownServer() method against the admin database to safely shut down the mongod.

      db.getSiblingDB("admin").shutdownServer()

    2. Restart the mongod with the updated configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongod-secure.conf:

      mongod --config <path>/mongod-secure.conf

      where <path> represents the system path to the folder containing the updated configuration file.

    Once this member is up, repeat for the next secondary member.

  2. Once all the secondary members have restarted and are up, restart the primary:

    1. Connect to the mongod.

    2. Use the rs.stepDown() method to step down the primary and trigger an election.

      rs.stepDown()

      You can use the rs.status() method to ensure the replica set has elected a new primary.

    3. Once you step down the primary and a new primary has been elected, shut down the old primary using the db.shutdownServer() method against the admin database.

      db.getSiblingDB("admin").shutdownServer()

    4. Restart the mongod with the updated configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongod-secure.conf:

      mongod --config <path>/mongod-secure.conf

      where <path> represents the system path to the folder containing the updated configuration file.

At the end of this section, all mongod instances in the config server replica set enforce client authentication and security.keyFile internal authentication.

Restart Each Member in Each Shard Replica Set without transitionToAuth

중요

At the end of this step, clients must specify authentication credentials to connect to the shard replica set. Update clients to specify authentication credentials before completing this section to avoid loss of connectivity.

To complete the transition to fully enforcing authentication in the sharded cluster, you must restart every member of every shard replica set in the sharded cluster without the security.transitionToAuth setting.

Transitioning one shard replica set at a time, repeat these steps for each shard replica set in the sharded cluster.

1

제거 transitionToAuth from the mongod configuration files.

Remove the security.transitionToAuth key and its value from the config server configuration files created during this tutorial. Leave the security.keyFile setting added in the tutorial.

security:
   keyFile: <path-to-keyfile>
2

One at a time, restart the mongod with the updated configuration file.

Restart the replica set, one member at a time, starting with the secondary members.

  1. To restart the secondary members one at a time,

    1. Connect to the mongod and use the db.shutdownServer() method against the admin database to safely shut down the mongod.

      db.getSiblingDB("admin").shutdownServer()

    2. Restart the mongod with the updated configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongod-secure.conf:

      mongod --config <path>/mongod-secure.conf

      where <path> represents the system path to the folder containing the updated configuration file.

    Once this member is up, repeat for the next secondary member.

  2. Once all the secondary members have restarted and are up, restart the primary:

    1. Connect to the mongod.

    2. Use the rs.stepDown() method to step down the primary and trigger an election.

      rs.stepDown()

      You can use the rs.status() method to ensure the replica set has elected a new primary.

    3. Once you step down the primary and a new primary has been elected, shut down the old primary using the db.shutdownServer() method against the admin database.

      db.getSiblingDB("admin").shutdownServer()

    4. Restart the mongod with the updated configuration file, specifying the path to the config file using --config. For example, if the new configuration file were named mongod-secure.conf:

      mongod --config <path>/mongod-secure.conf

      where <path> represents the system path to the folder containing the updated configuration file.

At the end of this section, all mongos and mongod instances in the sharded cluster enforce client authentication and security.keyFile internal authentication. Clients can only connect to the sharded cluster by using the configured client authentication mechanism. Additional components can only join the cluster by specifying the correct keyfile.

X.509 Certificate Internal Authentication

MongoDB supports X.509 certificate authentication for use with a secure TLS/SSL connection. Sharded cluster members and replica set members can use X.509 certificates to verify their membership to the cluster or the replica set instead of using 키파일.

For details on using X.509 certificates for internal authentication, see 자체 관리형 MongoDB 로 멤버십 인증에 X.509 인증서 사용.

Upgrade Self-Managed MongoDB from Keyfile Authentication to X.509 Authentication describes how to upgrade a deployment's internal auth mechanism from keyfile-based authentication to X.509 certificate-based auth.

돌아가기

샤딩된 클러스터 업데이트

다음

복제본 세트 키 로테이션