主页 / server / 问题 / 1170213
Accepted
Malkavian
Asked: 2025-01-16 19:51:49 +0800 CST

almalinux9.5 上的 mongodb6 出现错误:尝试副本集时无法获取安全密钥

  • 772

我尝试使用 3 台 PC 创建具有副本集的 mongodb 集群。我对 mongodb 非常陌生。这 3 台 PC 安装了 almalinux9.5 和 mongodb v6。到目前为止,我以 root 身份发出了这些命令。

 yum install https://repo.percona.com/yum/percona-release-latest.noarch.rpm
 percona-release enable psmdb-60 release
 yum list percona-server-mongodb --showduplicates
 yum install percona-server-mongodb
 systemctl start mongod
 systemctl status mongod
 systemctl stop mongod
 mongosh
 sudo firewall-cmd --add-port=27017/tcp --permanent
 firewall-cmd --reload
 systemctl restart mongod
 rm /tmp/mongodb-27017.sock
 systemctl restart mongod
 systemctl status mongod
 mongosh --port 27017  --authenticationDatabase "admin" -u "admin" -p
 nano /etc/mongod.conf 
 systemctl stop mongod

conf文件是这样的:

dbPath: /var/lib/mongo
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongo/mongod.log
processManagement:
  fork: true
  pidFilePath: /var/run/mongod.pid
net:
  port: 27017
  bindIp: 0.0.0.0
security:
  authorization: enabled
replication:
  replSetName: "rs0"
security:
    keyFile: /etc/mongodb/keyfile

当我尝试启动 mongod 并以 root 身份执行此操作时,收到以下错误日志:

{"t":{"$date":"2025-01-16T12:01:48.622+01:00"},"s":"I",  "c":"CONTROL",  "id":23285,   "ctx":"-","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2025-01-16T12:01:48.629+01:00"},"s":"I",  "c":"NETWORK",  "id":4915701, "ctx":"-","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":17},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":17},"outgoing":{"minWireVersion":6,"maxWireVersion":17},"isInternalClient":true}}}
{"t":{"$date":"2025-01-16T12:01:48.630+01:00"},"s":"I",  "c":"NETWORK",  "id":4648601, "ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize."}
{"t":{"$date":"2025-01-16T12:01:48.632+01:00"},"s":"I",  "c":"ACCESS",   "id":20254,   "ctx":"main","msg":"Read security file failed","attr":{"error":{"code":30,"codeName":"InvalidPath","errmsg":"permissions on /etc/mongodb/keyfile are too open"}}}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"I",  "c":"SHARDING", "id":5847201, "ctx":"main","msg":"Balancer command scheduler stop requested"}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"I",  "c":"ASIO",     "id":22582,   "ctx":"main","msg":"Killing all outstanding egress activity."}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"F",  "c":"CONTROL",  "id":20575,   "ctx":"main","msg":"Error creating service context","attr":{"error":"Location5579201: Unable to acquire security key[s]"}}

为了更好地解释我的尝试,我创建了一个名为 keyfile 的密钥文件,并使用 scp 将其复制到路径为 /etc/mongodb/keyfile 的 3 台 PC 上,该密钥文件现在具有权限 644。我该如何修复无法获取安全密钥的错误,这是什么意思?

linux

1 个回答

  1. Best Answer

    答案就在错误消息中。

    密钥文件具有644权限。它绝对不能具有组或全局权限。将权限更改为,400并确保它归mongod运行守护mongod进程的用户所有。此外,确保密钥文件的目录路径可以通过 遍历mongod

    • 0

相关问题