MongoDB replica set with simple password authentication

datdinhquoc picture datdinhquoc · Jul 22, 2016 · Viewed 18.9k times · Source

I have a MongoDB replica set of 3 servers (1 primary, 1 secondary, 1 arbiter; this is the default replica set created by Google Cloud 1-click install). The 2 config files (mongod.conf) of primary server and secondary server have been changed with "security.authorization: enabled" added.

Root user is added with the following MongoDB shell command:

use admin
db.createUser({user:"root",pwd:"root",roles:["root"]})

After restarting MongoDB services on the primary and secondary servers with "sudo service mongod restart", connection to the replica set turns unstable.

rs.status() sometimes give the result as

  • 1 primary, 1 unreachable, 1 arbiter
  • 1 secondary, 1 secondary, 1 arbiter
  • 1 secondary, 1 unreachable, 1 arbiter

How to setup basic password authentication (not using keyfile) for MongoDB replica set the correct way?

Answer

datdinhquoc picture datdinhquoc · Jul 25, 2016

I finally found the answer. MongoDB replica set needs both user account and keyfile. Keyfile seems for authentication between servers in the replica set, not for logging in.

Create mongodb key file on linux, copy to all db servers with mode 600 intact:

cd
openssl rand -base64 741 > mongodb.key
chmod 600 mongodb.key

mongod.conf file:

replication:
  replSetName: rs0

security:
  authorization: enabled
  keyFile: /home/USERNAME/mongodb.key

Admin user:

(just like in question content)