Step 1: create 3 standalone mongo instances and create admin users without enabling authentication and not as a replicaset member.
a) nohup mongod --dbpath /var/lib/rs0 --port 27017 --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
sh-3.2# ./mongo --port 27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
Server has startup warnings:
2015-08-12T02:50:59.803+0530 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-08-12T02:50:59.803+0530 I CONTROL [initandlisten]
> show dbs
local 0.031GB
> use admin
switched to db admin
> db.createUser( {
... user: "siteUserAdmin",
... pwd: "<password>",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
> db.createUser( {
... user: "siteRootAdmin",
... pwd: "<password>",
... roles: [ { role: "root", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteRootAdmin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> exit
bye
b)nohup mongod --dbpath /var/lib/rs1 --port 27018 --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
sh-3.2# ./mongo --port 27018
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27018/test
Server has startup warnings:
2015-08-12T02:52:52.956+0530 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-08-12T02:52:52.956+0530 I CONTROL [initandlisten]
> use admin
switched to db admin
> db.createUser( {
... user: "siteUserAdmin",
... pwd: "<password>",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
> db.createUser( {
... user: "siteRootAdmin",
... pwd: "<password>",
... roles: [ { role: "root", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteRootAdmin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> exit
bye
c)nohup mongod --dbpath /var/lib/rs2 --port 27019 --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
sh-3.2# ./mongo --port 27019
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27019/test
Server has startup warnings:
2015-08-12T02:54:11.735+0530 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-08-12T02:54:11.735+0530 I CONTROL [initandlisten]
> use admin
switched to db admin
> db.createUser( {
... user: "siteUserAdmin",
... pwd: "<password>",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
> db.createUser( {
... user: "siteRootAdmin",
... pwd: "<password>",
... roles: [ { role: "root", db: "admin" } ]
... });
Successfully added user: {
"user" : "siteRootAdmin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> exit
bye
Step 2: Create the key file to be used by each member of the replica set and place in proper place to be used.
openssl rand -base64 741 > mongodb-keyfile chmod 600 mongodb-keyfile
Step 3: Make all mongo instances down and start one instance with authentication.
nohup mongod --dbpath /var/lib/rs0 --port 27017 --replSet rs0 --auth --keyFile /var/lib/mongo/mongodb-keyfile --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
sh-3.2# ./mongo --port 27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
> use admin
switched to db admin
> db.auth("siteRootAdmin", "<password>");
1
> rs.initiate()
{
"info2" : "no configuration explicitly specified -- making one",
"me" : "test1:27017",
"ok" : 1
}
rs0:SECONDARY>
rs0:PRIMARY> rs.conf()
{
"_id" : "rs0",
"version" : 1,
"members" : [
{
"_id" : 0,
"host" : "test1:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : 0,
"votes" : 1
}
],
"settings" : {
"chainingAllowed" : true,
"heartbeatTimeoutSecs" : 10,
"getLastErrorModes" : {
},
"getLastErrorDefaults" : {
"w" : 1,
"wtimeout" : 0
}
}
}
rs0:PRIMARY> rs.status()
{
"set" : "rs0",
"date" : ISODate("2015-08-11T21:30:50.422Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "test1:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 168,
"optime" : Timestamp(1439328572, 1),
"optimeDate" : ISODate("2015-08-11T21:29:32Z"),
"electionTime" : Timestamp(1439328572, 2),
"electionDate" : ISODate("2015-08-11T21:29:32Z"),
"configVersion" : 1,
"self" : true
}
],
"ok" : 1
}
Step 4: Make remaining 2 instances up with authentication and add them to replica set.
nohup mongod --dbpath /var/lib/rs1 --port 27018 --replSet rs0 --auth --keyFile /var/lib/mongo/mongodb-keyfile --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
nohup mongod --dbpath /var/lib/rs2 --port 27019 --replSet rs0 --auth --keyFile /var/lib/mongo/mongodb-keyfile --smallfiles --oplogSize 1024 >/var/log/mongodb/mongodb.log &
rs0:PRIMARY> rs.add("test2:27018")
{ "ok" : 1 }
rs0:PRIMARY> rs.add("test3:27019")
{ "ok" : 1 }
rs0:PRIMARY> rs.status()
{
"set" : "rs0",
"date" : ISODate("2015-08-11T21:36:02.487Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "test1:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 480,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"electionTime" : Timestamp(1439328572, 2),
"electionDate" : ISODate("2015-08-11T21:29:32Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 1,
"name" : "test2:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 92,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:01.195Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:01.971Z"),
"pingMs" : 6,
"syncingTo" : "test1:27017",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "test3:27019",
"health" : 1,
"state" : 5,
"stateStr" : "STARTUP2",
"uptime" : 9,
"optime" : Timestamp(0, 0),
"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:01.201Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:01.288Z"),
"pingMs" : 19,
"configVersion" : 3
}
],
"ok" : 1
}
rs0:PRIMARY> rs.status()
{
"set" : "rs0",
"date" : ISODate("2015-08-11T21:36:09.191Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "test1:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 487,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"electionTime" : Timestamp(1439328572, 2),
"electionDate" : ISODate("2015-08-11T21:29:32Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 1,
"name" : "test2:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 99,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:07.205Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:07.983Z"),
"pingMs" : 2,
"syncingTo" : "test1:27017",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "test3:27019",
"health" : 1,
"state" : 5,
"stateStr" : "STARTUP2",
"uptime" : 16,
"optime" : Timestamp(0, 0),
"optimeDate" : ISODate("1970-01-01T00:00:00Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:07.205Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:07.299Z"),
"pingMs" : 9,
"configVersion" : 3
}
],
"ok" : 1
}
rs0:PRIMARY> rs.status()
{
"set" : "rs0",
"date" : ISODate("2015-08-11T21:36:16.413Z"),
"myState" : 1,
"members" : [
{
"_id" : 0,
"name" : "srirams-MacBook-Pro.local:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 494,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"electionTime" : Timestamp(1439328572, 2),
"electionDate" : ISODate("2015-08-11T21:29:32Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 1,
"name" : "srirams-MacBook-Pro.local:27018",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 106,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:15.223Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:15.999Z"),
"pingMs" : 0,
"syncingTo" : "srirams-MacBook-Pro.local:27017",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "srirams-MacBook-Pro.local:27019",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 23,
"optime" : Timestamp(1439328953, 1),
"optimeDate" : ISODate("2015-08-11T21:35:53Z"),
"lastHeartbeat" : ISODate("2015-08-11T21:36:15.223Z"),
"lastHeartbeatRecv" : ISODate("2015-08-11T21:36:15.320Z"),
"pingMs" : 3,
"configVersion" : 3
}
],
"ok" : 1
}
rs0:PRIMARY>
Step 5: Testing, How authentication and authorization working with created users.
a) current user is "siteRootAdmin"
rs0:PRIMARY> show dbs
admin 0.031GB
local 1.031GB
rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> show collections
system.indexes
system.users
system.version
rs0:PRIMARY> show dbs
admin 0.031GB
local 1.031GB
rs0:PRIMARY> use testdb
switched to db testdb
b) We disconnected to mongo and reconnecting(or we can switch user also)
sh-3.2# ./mongo --port 27017
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:27017/test
Note 2: Authenticating as "siteUserAdmin"
rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> db.auth("siteUserAdmin", "<password>");
Note: above created user are with default credentials with diff roles and permissions.
Awesome Blog!! Keep on sharing.
ReplyDeleteFull Stack Training in Hyderabad
Full Stack Training in Ameerpet
Thank you for sharing such a well-explained article on mongodb database management solutions. The insights on performance optimization and scalability were very helpful, especially for businesses handling large volumes of data. Great content and clearly written!
ReplyDelete