OperationFailure:未经授权可跟踪执行命令 [英] OperationFailure: not authorized on tracking to execute command
问题描述
我做了以下
-- `sudo apt-get install mongodb-org`
-- go to `etc/mongod.conf` change bindIp to: `0.0.0.0`
-- sudo mkdir /data/db
-- start without auth to create user
`sudo mongod --port 27017 --dbpath /data/db`
-- open shell with : mongo --port 27017
```
> use admin
> db.createUser( { user: "useradmin", pwd: "mypassword", roles: [ { role: "root", db: "admin" } ] } )
```
-- Restart with auth required(ctrl+c the above mongod process):
`sudo mongod --auth --port 27017 --dbpath /data/db'
-- To open shell(ctrl+c above mongo shell):
`mongo --port 27017 -u useradmin -p mypassword --authenticationDatabase admin`
我的mongoengine_settings.py
my mongoengine_settings.py
```PYTHON
from mongoengine import connect
DATABASE = 'tracking'
USERNAME = 'useradmin'
PASSWORD = 'mypassword'
HOST = 'mongodb://localhost/tracking'
PORT = 27017
connect(DATABASE,
username=USERNAME,
password=PASSWORD,
host=HOST,
port=PORT
)
```
现在,当我尝试使用mongoengine批量插入一些数据时,如果我未启用--auth,则可以正常工作,否则会引发以下错误:
now when i try to bulk insert some data using mongoengine that works fine if i don't have --auth enabled, otherwise it throws the following error:
OperationFailure(u'command SON([(\'createIndexes\', u\'order\'), (\'indexes\', [{\'unique\': True, \'background\': False, \'sparse\': False, \'key\': SON([(\'order_id\', 1)]), \'name\': u\'order_id_1\'}])]) on namespace tracking.$cmd failed: not authorized on tracking to execute command { createIndexes: "order", indexes: [ { unique: true, background: false, sparse: false, key: { order_id: 1 }, name: "order_id_1" } ] }',)
我在做什么错?
推荐答案
MongoDB用户是在特定数据库中创建的,而不是在实例级别创建的.创建后,可以为用户授予不同数据库的不同角色.在其中创建用户的数据库称为他们的身份验证数据库
MongoDB users are created in a specific database rather than at the instance level. Once created users can be granted different roles for different databases. The database a user is created in is called their authentication database
因为用户名不是唯一的(只有用户名和身份验证数据库的组合才是),所以可以在具有不同角色和密码的不同数据库中创建两个具有相同名称的用户.这也意味着在连接时,您需要指定身份验证数据库以及用户名和密码.
Because usernames are not unique (only the combination of username and authentication database is) you can create two users with the same name in different databases with different roles and passwords. This also means that when connecting you need to specify the authentication database as well as the username and password.
这就是为什么在admin数据库中创建useradmin用户之后,您需要运行以下命令的原因:
This is why after creating the useradmin user in the admin database you needed to run this command:
mongo --port 27017 -u useradmin -p mypassword --authenticationDatabase admin
将MongoDB Shell连接到默认数据库test.
to connect the MongoDB shell to the default database test.
如果您未明确指定身份验证数据库,则MongoDB会假定您要连接的数据库也是身份验证数据库.因此,像这样连接到管理数据库就可以了:
If you don't specify the authentication database explicitly then MongoDB assumes the database you are connecting to is also the authentication database. So connecting to the admin database like this would have worked:
mongo --port 27017 -u useradmin -p mypassword admin
这三个命令实际上是相同的,并且都将返回身份验证失败"错误:
and these three commands are effectively the same and all will return an "Authentication failed" error :
mongo --port 27017 -u useradmin -p mypassword
mongo --port 27017 -u useradmin -p my password test
mongo --port 27017 -u useradmin -p my password test --authenticationDatabase test
要从Python连接,请使用 MongoClient 并将其传递给完整的 MongoDB URI ,连接字符串可以包含可选参数.选项之一是authSource(与用户凭据关联的数据库名称),这显然是您需要的:
To connect from Python, if you use MongoClient and pass it a complete MongoDB URI, the connection string can include optional parameters. One of the options is authSource (the the database name associated with the user’s credentials) which is obviously what you need: connection options.
您的URI如下所示:
MdbURI = "mongodb://useradmin:mypassword@localhost:27017/tracking?authSource=admin"
client = MongoClient(MdbURI)
MdbURI = "mongodb://useradmin:mypassword@localhost:27017/tracking?authSource=admin"
client = MongoClient(MdbURI)
这篇关于OperationFailure:未经授权可跟踪执行命令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
