logo标签列表

Debezium MongoDB Connector连接MongoDB时身份验证失败

mongodbapache-kafka-connectdebezium
5
部署了 Strimzi Kafka、Strimzi Zookeeper 和 Debezium mongodb 连接器,并配置了 Debezium mongodb。
curl 'http://my-connect-cluster-connect-api:8083/connectors' -X POST -i -H "Content-Type:application/json" -d '{
  "name": "mongodb-connector", 
  "config": {
    "connector.class": "io.debezium.connector.mongodb.MongoDbConnector",
    "mongodb.hosts": "MainRepSet/mongod-0.mongodb-service.kafka.svc.cluster.local:27017,mongod-1.mongodb-service.kafka.svc.cluster.local:27017,mongod-2.mongodb-service.kafka.svc.cluster.local:27017", 
    "mongodb.name": "MainRepSet", 
    "collection.whitelist": "springdatabase[.]*",
    "mongodb.user": "springuser",
    "mongodb.password": "password"
  }
}'

但是遇到了认证异常。

2019-01-29 13:13:40,170 ERROR Error while reading the 'shards' collection in the 'config' database: Timed out after 30000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=mongod-2.mongodb-service.kafka.svc.cluster.local:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='springuser', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server mongod-2.mongodb-service.kafka.svc.cluster.local:27017. The full response is { "operationTime" : { "$timestamp" : { "t" : 1548767616, "i" : 1 } }, "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1548767616, "i" : 1 } }, "signature" : { "hash" : { "$binary" : "M7qA9dMzPj1sC8lfT681vT57oPw=", "$type" : "00" }, "keyId" : { "$numberLong" : "6651444731228192769" } } } }}},

我创建了下面语句中的mongodb账户:
db.createUser({user:"springuser",pwd:"password",roles:[{role:"readWrite",db:"springdatabase"}]})

分析了异常后发现,默认情况下 Debezium Mongodb 使用的是 "source='admin'",但是我的mongodb账户的 authSource 是 'springdatabase',我认为这就是认证失败的原因。

其中一种解决方法是使用默认的 'admin' 创建mongodb账户。但是我们的生产mongodb账户已经创建好了,所以我们无法更改它。

那么是否有配置属性可以设置 'authSource' 呢?

2个回答
3

Debezium硬编码了管理连接,可能是因为需要从oplog中读取,这是一个便利之举。

我看到你已经在项目中创建了一个错误,但如果你现在想要拥有安全的权限数量,可以:


// Create a role which allows to list the databases
db.runCommand({createRole:"listDatabases",privileges:[{resource:{cluster:true},
           actions:["listDatabases"]}],roles:[]})

// Create a user which can, list the databases, read the oplog (local db), and read the source database (for initial syncs)
db.createUser({
"user" : "debezium_read_only",
    "roles" : [
        {
            "role" : "justListDatabases",
            "db" : "admin"
        },
        {
            "role" : "read",
            "db" : "database_where_collections_are"
        },
        {
            "role" : "read",
            "db" : "local"
        }
    ]
})

我希望这可以帮助您保护设置,直到Debezium内提供更好的登录选项。

最初的回答:

0

很抱歉,这是硬编码的。您能否提出一个Jira功能请求,以便我们可以查看一下?

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接