Page History: Configuring Authentication and Users - Mongo DB

Compare Page Revisions

4 3 2 1 0 Current 4 3 2 1 0

« Older Revision - Back to Page History - Newer Revision »

Page Revision: Wed, Jul 13, 2016, 3:35 PM

Overview¶

This article explains how to configure authentication and setup users for a Mongo DB instance.

Procedure¶

On the Primary Server¶

1. Turn off replication

mongo

For each host name within the replica set, within the Mongo shell issue the following command.

rs.remove("host-name:27017")

2. Add root user (still in the Mongo shell)

use admin
db.createUser({user:"root", pwd:"MySecurePassword", roles:[{role:"root",db:"admin"}]})

3. Create additional users (still in the Mongo shell)

db.createUser({user:"MyUserName", pwd:"MySecurePassword",
roles:[ 
   {role:"readWrite",db:"MyDatabase1"},
   . . .
   {role:"readWrite",db:"MyDatabaseN"}
   ]})

4. Shutdown the database (still within the Mongo shell)

db.shutdownServer({force:true})
exit

After this step, you should be back at the Linux prompt

5. Create the authorization key file.

openssl rand -base64 755 > /mongo/keys/mongod-auth.key

All Mongo DB Servers¶

1. If necessary, stop the Mongo DB service

service mongod stop

2. Configure authorization in the /etc/mongod.conf file

Add the following lines to the "security:" section

  authorization: enabled
  keyFile: /mongo/keys/mongod-auth.key

3. Install the authorization key file (all servers except Primary)

IMPORTANT: The mongod-auth.key must have the same contents on all Mongo DB Servers! Copy the /mongo/keys/mongod-auth.key file from the Primary server to the same folder on all the other servers.

4. Adjust security on the authorization key file.

chown mongod:mongod /mongo/keys/mongod-auth.key
chmod 400 /mongo/keys/mongod-auth.key
cat /mongo/keys/mongod-auth.key