问题描述
因此,当我尝试在本地计算机上使用docker compose部署副本集时,我无法启动该副本集以使用TLS。 当我继续制作mono.mongors1时,我尝试制作
rs.initiate({
_id : "mongors1",members:
[
{ _id : 0,host : "mongo.mongors1 ",priority : 1},{ _id : 1,host : "mongo-2.mongors1",priority : 0},{ _id : 2,host : "mongo-3.mongors1",priority : 0}
]
})
工作正常,但是我不断收到错误消息,表明SSL握手失败。错误:
SSL Handshake Failed. The server is configured to only allow SSL connections
` - --tlsCertificateKeyFile=/security/certs_thorben/mongodb_node_1.pem
- --tlsCAFile=/security/certs_thorben/ca.pem
- --tlsMode
- requireTLS`
它起作用,因此错误来自TL证书。我使用此脚本进行了认证
openssl req -nodes -out ca.pem -new -x509 -keyout ca.key
# Create Certificate Requests
openssl req -nodes -newkey rsa:4096 -sha256 -keyout mongodb_node_1.key -out mongodb_node_1.csr
openssl req -nodes -newkey rsa:4096 -sha256 -keyout mongodb_node_2.key -out mongodb_node_2.csr
openssl req -nodes -newkey rsa:4096 -sha256 -keyout mongodb_node_3.key -out mongodb_node_3.csr
# Signiere Certifikats
openssl x509 -req -in mongodb_node_1.csr -CA ca.pem -CAkey ca.key -set_serial 00 -out mongodb_node_1.crt
openssl x509 -req -in mongodb_node_2.csr -CA ca.pem -CAkey ca.key -set_serial 00 -out mongodb_node_2.crt
openssl x509 -req -in mongodb_node_3.csr -CA ca.pem -CAkey ca.key -set_serial 00 -out mongodb_node_3.crt
# one pem file at the end
cat mongodb_node_1.key mongodb_node_1.crt > mongodb_node_1.pem
cat mongodb_node_2.key mongodb_node_2.crt > mongodb_node_2.pem
cat mongodb_node_3.key mongodb_node_3.crt > mongodb_node_3.pem
我将公用名定义如下:“ * .mongors1” 我猜它应该可以工作,因为我在docker-compose文件中为每个节点的末尾都带有“ .mongors1”的主机做了别名。
这是我的docker Compose-File的样子。
mongors1n1:
container_name: mongors1n1
networks:
default:
aliases:
- mongo.mongors1
image: mongo_cluster:latest
command:
- --shardsvr
- --replSet
- mongors1
- --dbpath
- /data/db
# - --keyFile=/mongodb_keyfile
- --tlsCertificateKeyFile=/security/certs_thorben/mongodb_node_1.pem
- --tlsCAFile=/security/certs_thorben/ca.pem
- --tlsMode
- requireTLS
- --port
- "27017"
- --bind_ip_all
ports:
- 27017:27017
expose:
- "27017"
volumes:
- ./mounted/shards/primary1/db:/data/db
depends_on:
- mongors1n2
- mongors1n3
environment:
- PRIMARY_SHARD=1
mongors1n2:
container_name: mongors1n2
networks:
default:
aliases:
- mongo-2.mongors1
image: mongo_cluster:latest
command:
- --shardsvr
- --replSet
- mongors1
- --dbpath
- /data/db
# - --keyFile=/mongodb_keyfile
- --tlsCertificateKeyFile=/security/certs_thorben/mongodb_node_1.pem
- --tlsCAFile=/security/certs_thorben/ca.pem
- --tlsMode
- requireTLS
- --port
- "27017"
- --bind_ip_all
ports:
- 27027:27017
expose:
- "27017"
volumes:
- ./mounted/shards/secondary1/db:/data/db
mongors1n3:
container_name: mongors1n3
networks:
default:
aliases:
- mongo-3.mongors1
image: mongo_cluster:latest
command:
- --shardsvr
- --replSet
- mongors1
- --dbpath
- /data/db
# - --keyFile=/mongodb_keyfile
- --tlsCertificateKeyFile=/security/certs_thorben/mongodb_node_1.pem
- --tlsCAFile=/security/certs_thorben/ca.pem
- --tlsMode
- requireTLS
- --port
- "27017"
- --bind_ip_all
ports:
- 27037:27017
expose:
- "27017"
volumes:
- ./mounted/shards/secondary2/db:/data/db
你们有什么想法让TLS加密在带有副本集的localhost上工作。还是有任何想法我在这里做错了吗? 谢谢
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)