Step 1: create 3 standalone mongo instances and create admin users without enabling authentication and not as a replicaset member.
a) nohup mongod --dbpath /var/lib/rs0 --port 27017 --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
sh-3.2# ./mongo --port 27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
Server has startup warnings:
2015-08-12T02:50:59.803+0530 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-08-12T02:50:59.803+0530 I CONTROL [initandlisten]
> show dbs
local 0.031GB
> use admin
switched to db admin
> db.createUser( {
... user: "siteUserAdmin",
... pwd: "<password>",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
> db.createUser( {
... user: "siteRootAdmin",
... pwd: "<password>",
... roles: [ { role: "root", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteRootAdmin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> exit
bye
b)nohup mongod --dbpath /var/lib/rs1 --port 27018 --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
sh-3.2# ./mongo --port 27018
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27018/test
Server has startup warnings:
2015-08-12T02:52:52.956+0530 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-08-12T02:52:52.956+0530 I CONTROL [initandlisten]
> use admin
switched to db admin
> db.createUser( {
... user: "siteUserAdmin",
... pwd: "<password>",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
> db.createUser( {
... user: "siteRootAdmin",
... pwd: "<password>",
... roles: [ { role: "root", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteRootAdmin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> exit
bye
c)nohup mongod --dbpath /var/lib/rs2 --port 27019 --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
sh-3.2# ./mongo --port 27019
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27019/test
Server has startup warnings:
2015-08-12T02:54:11.735+0530 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-08-12T02:54:11.735+0530 I CONTROL [initandlisten]
> use admin
switched to db admin
> db.createUser( {
... user: "siteUserAdmin",
... pwd: "<password>",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
> db.createUser( {
... user: "siteRootAdmin",
... pwd: "<password>",
... roles: [ { role: "root", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteRootAdmin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> exit
bye
Step 2: Create the key file to be used by each member of the replica set and place in proper place to be used.
openssl rand -base64 741 > mongodb-keyfile chmod 600 mongodb-keyfile
Step 3: Make all mongo instances down and start one instance with authentication.
nohup mongod --dbpath /var/lib/rs0 --port 27017 --replSet rs0 --auth --keyFile /var/lib/mongo/mongodb-keyfile --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
sh-3.2# ./mongo --port 27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
> use admin
switched to db admin
> db.auth("siteRootAdmin", "<password>");
1
> rs.initiate()
{
"info2" : "no configuration explicitly specified -- making one",
"me" : "test1:27017",
"ok" : 1
}
rs0:SECONDARY>
rs0:PRIMARY> rs.conf()
{
"_id" : "rs0",
"version" : 1,
"members" : [
{
"_id" : 0,
"host" : "test1:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : 0,
"votes" : 1
}
],
"settings" : {
"chainingAllowed" : true,
"heartbeatTimeoutSecs" : 10,
"getLastErrorModes" : {
},
"getLastErrorDefaults" : {
"w" : 1,
"wtimeout" : 0
}
}
}
rs0:PRIMARY> rs.status()
{
"set" : "rs0",
"date" : ISODate("2015-08-11T21:30:50.422Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "test1:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 168,
"optime" : Timestamp(1439328572, 1),
"optimeDate" : ISODate("2015-08-11T21:29:32Z"),
"electionTime" : Timestamp(1439328572, 2),
"electionDate" : ISODate("2015-08-11T21:29:32Z"),
"configVersion" : 1,
"self" : true
}
],
"ok" : 1
}
Step 4: Make remaining 2 instances up with authentication and add them to replica set.
nohup mongod --dbpath /var/lib/rs1 --port 27018 --replSet rs0 --auth --keyFile /var/lib/mongo/mongodb-keyfile --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
nohup mongod --dbpath /var/lib/rs2 --port 27019 --replSet rs0 --auth --keyFile /var/lib/mongo/mongodb-keyfile --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
rs0:PRIMARY> rs.add("test2:27018")
{ "ok" : 1 }
rs0:PRIMARY> rs.add("test3:27019")
{ "ok" : 1 }
rs0:PRIMARY> rs.status()
{
"set" : "rs0",
"date" : ISODate("2015-08-11T21:36:02.487Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "test1:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 480,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"electionTime" : Timestamp(1439328572, 2),
"electionDate" : ISODate("2015-08-11T21:29:32Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 1,
"name" : "test2:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 92,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:01.195Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:01.971Z"),
"pingMs" : 6,
"syncingTo" : "test1:27017",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "test3:27019",
"health" : 1,
"state" : 5,
"stateStr" : "STARTUP2",
"uptime" : 9,
"optime" : Timestamp(0, 0),
"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:01.201Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:01.288Z"),
"pingMs" : 19,
"configVersion" : 3
}
],
"ok" : 1
}
rs0:PRIMARY> rs.status()
{
"set" : "rs0",
"date" : ISODate("2015-08-11T21:36:09.191Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "test1:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 487,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"electionTime" : Timestamp(1439328572, 2),
"electionDate" : ISODate("2015-08-11T21:29:32Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 1,
"name" : "test2:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 99,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:07.205Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:07.983Z"),
"pingMs" : 2,
"syncingTo" : "test1:27017",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "test3:27019",
"health" : 1,
"state" : 5,
"stateStr" : "STARTUP2",
"uptime" : 16,
"optime" : Timestamp(0, 0),
"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:07.205Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:07.299Z"),
"pingMs" : 9,
"configVersion" : 3
}
],
"ok" : 1
}
rs0:PRIMARY> rs.status()
{
"set" : "rs0",
"date" : ISODate("2015-08-11T21:36:16.413Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "srirams-MacBook-Pro.local:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 494,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"electionTime" : Timestamp(1439328572, 2),
"electionDate" : ISODate("2015-08-11T21:29:32Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 1,
"name" : "srirams-MacBook-Pro.local:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 106,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:15.223Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:15.999Z"),
"pingMs" : 0,
"syncingTo" : "srirams-MacBook-Pro.local:27017",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "srirams-MacBook-Pro.local:27019",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 23,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:15.223Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:15.320Z"),
"pingMs" : 3,
"configVersion" : 3
}
],
"ok" : 1
}
rs0:PRIMARY>
Step 5: Testing, How authentication and authorization working with created users.
a) current user is "siteRootAdmin"
rs0:PRIMARY> show dbs
admin 0.031GB
local 1.031GB
rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> show collections
system.indexes
system.users
system.version
rs0:PRIMARY> show dbs
admin 0.031GB
local 1.031GB
rs0:PRIMARY> use testdb
switched to db testdb
b) We disconnected to mongo and reconnecting(or we can switch user also)
sh-3.2# ./mongo --port 27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
Note 2: Authenticating as "siteUserAdmin"
rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> db.auth("siteUserAdmin", "<password>");
Note: above created user are with default credentials with diff roles and permissions.
Awesome Blog!! Keep on sharing.
ReplyDeleteFull Stack Training in Hyderabad
Full Stack Training in Ameerpet