mongodb启用认证后出现RECOVERING 与 not reachable/healthy

最新推荐文章于 2025-06-22 22:09:17 发布

原创最新推荐文章于 2025-06-22 22:09:17 发布 · 4.4k 阅读

2 ·

CC 4.0 BY-SA版权

linux运维同时被 2 个专栏收录

21 篇文章

订阅专栏

数据库

14 篇文章

订阅专栏

在启用MongoDB副本集模式的认证后，出现节点RECOVERING和not reachable/healthy状态。原因是内部节点间通信需要认证。解决方案是在启动时通过keyfile或证书方式设置内部认证，如使用keyfile只需添加--keyFile参数指定文件路径。

问题描述

在部署副本集模式的mongodb的时候，当启用认证后，执行rs.status()后，变成了如下状态：

{
	"set" : "mytest",
	"date" : ISODate("2019-12-24T02:24:30.510Z"),
	"myState" : 3,
	"term" : NumberLong(6),
	"syncingTo" : "",
	"syncSourceHost" : "",
	"syncSourceId" : -1,
	"heartbeatIntervalMillis" : NumberLong(2000),
	"majorityVoteCount" : 2,
	"writeMajorityCount" : 2,
	"optimes" : {
		"lastCommittedOpTime" : {
			"ts" : Timestamp(0, 0),
			"t" : NumberLong(-1)
		},
		"lastCommittedWallTime" : ISODate("1970-01-01T00:00:00Z"),
		"appliedOpTime" : {
			"ts" : Timestamp(1577154202, 1),
			"t" : NumberLong(6)
		},
		"durableOpTime" : {
			"ts" : Timestamp(1577154202, 1),
			"t" : NumberLong(6)
		},
		"lastAppliedWallTime" : ISODate("2019-12-24T02:23:22.046Z"),
		"lastDurableWallTime" : ISODate("2019-12-24T02:23:22.046Z")
	},
	"lastStableRecoveryTimestamp" : Timestamp(1577154202, 1),
	"lastStableCheckpointTimestamp" : Timestamp(1577154202, 1),
	"members" : [
		{
			"_id" : 0,
			"name" : "10.38.160.174:27017",
			"ip" : "10.38.160.174",
			"health" : 1,
			"state" : 3,
			"stateStr" : "RECOVERING",
			"uptime" : 54,
			"optime" : {
				"ts" : Timestamp(1577154202, 1),
				"t" : NumberLong(6)
			},
			"optimeDate" : ISODate("2019-12-24T02:23:22Z"),
			"syncingTo" : "",
			"syncSourceHost" : "",
			"syncSourceId" : -1,
			"infoMessage" : "could not find member to sync from",
			"configVersion" : 1,
			"self" : true,
			"lastHeartbeatMessage" : ""
		},
		{
			"_id" : 1,
			"name" : "10.38.160.174:27027",
			"ip" : "10.38.160.174",
			"health" : 0,
			"state" : 6,
			"stateStr" : "(not reachable/healthy)",
			"uptime" : 0,
			"optime" : {
				"ts" : Timestamp(0, 0),
				"t" : NumberLong(-1)
			},
			"optimeDurable" : {
				"ts" : Timestamp(0, 0),
				"t" : NumberLong(-1)
			},
			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),
			"lastHeartbeat" : ISODate("2019-12-24T02:24:30.466Z"),
			"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),
			"pingMs" : NumberLong(0),
			"lastHeartbeatMessage" : "",
			"authenticated" : false,
			"syncingTo" : "",
			"syncSourceHost" : "",
			"syncSourceId" : -1,
			"infoMessage" : "",
			"configVersion" : -1
		},
		{
			"_id" : 2,
			"name" : "10.38.160.174:27037",
			"ip" : "10.38.160.174",
			"health" : 0,
			"state" : 6,
			"stateStr" : "(not reachable/healthy)",
			"uptime" : 0,
			"optime" : {
				"ts" : Timestamp(0, 0),
				"t" : NumberLong(-1)
			},
			"optimeDurable" : {
				"ts" : Timestamp(0, 0),
				"t" : NumberLong(-1)
			},
			"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
			"optimeDurableDate" : ISODate("1970-01-01T00:00:00Z"),
			"lastHeartbeat" : ISODate("2019-12-24T02:24:30.466Z"),
			"lastHeartbeatRecv" : ISODate("1970-01-01T00:00:00Z"),
			"pingMs" : NumberLong(0),
			"lastHeartbeatMessage" : "",
			"authenticated" : false,
			"syncingTo" : "",
			"syncSourceHost" : "",
			"syncSourceId" : -1,
			"infoMessage" : "",
			"configVersion" : -1
		}
	],
	"ok" : 1
}

具体的表现就是，当前登录的节点变成了RECOVERING的状态，其他节点变成了 (not reachable/healthy)的状态。

问题原因

原因就是当启用认证后，不仅客户端连接需要认证，服务内部不同节点之间，也是需要相互认证的，如果仅仅是启用认证方式，不设定服务内部之间的认证参数，则服务内部各节点之间是无法成功通信的，就造成了当前登录节点一直是恢复中的状态，而其他节点应该是 not reachable的状态，所以会显示为 not reachable/healthy。

问题解决

只需要在启用认证的时候，加上节点内容认证参数即可，mongodb提供了两种方式：一种是 keyfile的方式，一种是证书方式，详细内容参见：Internal/Membership Authentication
我采用的是简单的keyfile的方式，只需要在启动的时候，加上 --keyFile=key/file/path 即可