mongodb - 在mongodb配置文件中添加ip

Question

我已经在 Windows Server 2012 上安装了 mongodb 3.6 并修改了配置文件以添加新 IP，

systemLog:
    destination: file
    path: c:\data\log\mongod.log
storage:
    dbPath: c:\data\db
security:
    authorization: enabled
net:
    port: 27017 
    bindIp: 127.0.0.1,192.168.1.11

当我尝试启动服务时，这会向我发送下一条消息

The MongoDB service is starting.
The MongoDB service could not be started.

Service specific error: 48.

You can get more help with the NET HELPMSG 3547 command.

我检查日志文件并发现此消息

2018-01-24T09:18:23.511-0500 I CONTROL  [initandlisten] options: { config: "C:\data\mongod.cfg", net: { bindIp: "127.0.0.1,192.168.1.11", port: 27017 }, security: { authorization: "enabled" }, service: true, storage: { dbPath: "c:\data\db" }, systemLog: { destination: "file", path: "c:\data\log\mongod.log" } }
2018-01-24T09:18:23.512-0500 E STORAGE  [initandlisten] Failed to set up listener: SocketException: The requested address is not valid in this context.
2018-01-24T09:18:23.512-0500 I CONTROL  [serviceStopWorker] now exiting

现在我修改配置文件，在ip之间添加一个空格

systemLog:
    destination: file
    path: c:\data\log\mongod.log
storage:
    dbPath: c:\data\db
security:
    authorization: enabled
net:
    port: 27017 
    bindIp: 127.0.0.1, 192.168.1.11

然后我启动服务

The MongoDB service is starting ..
The MongoDB service started successfully.

我再次检查日志文件并找到以下内容

2018-01-24T09:24:53.807-0500 I CONTROL  [initandlisten] options: { config: "C:\data\mongod.cfg", net: { bindIp: "127.0.0.1, 192.168.1.11", port: 27017 }, security: { authorization: "enabled" }, service: true, storage: { dbPath: "c:\data\db" }, systemLog: { destination: "file", path: "c:\data\log\mongod.log" } }
2018-01-24T09:24:53.808-0500 I NETWORK  [initandlisten] getaddrinfo(" 192.168.1.11") failed: Unknown host.
2018-01-24T09:24:53.808-0500 W NETWORK  [initandlisten] Found no addresses for  192.168.1.11
2018-01-24T09:24:53.808-0500 I -        [initandlisten] Detected data files in c:\data\db created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2018-01-24T09:24:53.808-0500 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=7679M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),statistics_log=(wait=0),verbose=(recovery_progress),
2018-01-24T09:24:54.029-0500 I STORAGE  [initandlisten] WiredTiger message [1516803894:28660][640:140720456536192], txn-recover: Main recovery loop: starting at 20/11264
2018-01-24T09:24:54.197-0500 I STORAGE  [initandlisten] WiredTiger message [1516803894:196669][640:140720456536192], txn-recover: Recovering log 20 through 21
2018-01-24T09:24:54.297-0500 I STORAGE  [initandlisten] WiredTiger message [1516803894:296682][640:140720456536192], txn-recover: Recovering log 21 through 21
2018-01-24T09:24:55.031-0500 I CONTROL  [initandlisten] 
2018-01-24T09:24:55.031-0500 I CONTROL  [initandlisten] ** WARNING: The file system cache of this machine is configured to be greater than 40% of the total memory. This can lead to increased memory pressure and poor performance.
2018-01-24T09:24:55.031-0500 I CONTROL  [initandlisten] See http://dochub.mongodb.org/core/wt-windows-system-file-cache
2018-01-24T09:24:55.031-0500 I CONTROL  [initandlisten] 
2018-01-24T09:24:55.231-0500 W FTDC     [initandlisten] Failed to initialize Performance Counters for FTDC: WindowsPdhError: PdhExpandCounterPathW failed with 'The specified object was not found on the computer.' for counter '\Memory\Available Bytes'
2018-01-24T09:24:55.231-0500 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory 'c:/data/db/diagnostic.data'
2018-01-24T09:24:55.232-0500 I NETWORK  [initandlisten] waiting for connections on port 27017
2018-01-24T09:24:55.232-0500 I STORAGE  [initandlisten] Service running

我尝试了很多方法，用[] {}:;并且总是抛出错误，但是当我将bindIp保留为0.0.0.0时，它可以让我从其他ip进行连接。请帮忙。谢谢。

Answer 1

bindIp 不是客户端 IP，而是表示 mongodb 正在监听的接口(interface)的服务器 IP。 0.0.0.0 是一种特殊情况，它告诉 mongodb 监听所有可用的接口(interface)。

如果您想限制特定客户端 IP 地址对 mongodb 的访问，您可以在 user or role 上执行此操作。等级。在这种情况下，服务器仍然会监听所有允许的接口(interface)，但不会允许未知 IP 的用户登录。

启动 mongod 时或在 config file 中通过 --auth 命令行选项启用此功能。 。

请阅读 step-by-step guide如何正确启用身份验证。

createUser 的示例允许 testUser 仅从 192.168.1.11 IP 连接的命令:

db.createUser({ user: "testUser",
                pwd: "testPassword",
                roles: [ { role: "readWriteAnyDatabase", db: "admin" } ],
                authenticationRestrictions: [ { clientSource: ["192.168.1.11"] } ]
              });

clientSource 数组可以包含以 CIDR 表示法表示的精确 IP 或/和网络掩码列表，例如192.168.1.0/24 将允许用户从 192.168.1.0 到 192.168.1.255 的任何 IP 连接。