MongoDB replica set with simple password authentication
I have a MongoDB replica set of 3 servers (1 primary, 1 secondary, 1 arbiter; this is the default replica set created by Google Cloud 1-click install). The 2 config files (mongod.conf) of primary server and secondary server have been changed with "security.authorization: enabled" added.
Root user is added with the following MongoDB shell command:
use admin
db.createUser({user:"root",pwd:"root",roles:["root"]})
After restarting MongoDB services on the primary and secondary servers with "sudo service mongod restart", connection to the replica set turns unstable.
rs.status() sometimes give the result as
- 1 primary, 1 unreachable, 1 arbiter
- 1 secondary, 1 secondary, 1 arbiter
- 1 secondary, 1 unreachable, 1 arbiter
How to setup basic password authentication (not using keyfile) for MongoDB replica set the correct way?
Answer
I finally found the answer. MongoDB replica set needs both user account and keyfile. Keyfile seems for authentication between servers in the replica set, not for logging in.
Create mongodb key file on linux, copy to all db servers with mode 600 intact:
cd
openssl rand -base64 741 > mongodb.key
chmod 600 mongodb.key
mongod.conf file:
replication:
replSetName: rs0
security:
authorization: enabled
keyFile: /home/USERNAME/mongodb.key
Admin user:
(just like in question content)