0

I have configured MongoDB with sharding something like below.

 Shard1     Shard2     Shard3
--------   --------   -------
rs1(Pri)   rs1(Sec)   rs1(Sec)
rs2(Sec)   rs2(Pri)   rs2(Sec)   
rs3(Sec)   rs3(Sec)   rs3(Pri)

Now, I am planning to have different keyFile's for each replicaset for authentication. Just to ensure no data mismatches in case of any manual configuration errors.

Is there a way we can set-up different keyFile's for multiple replicasets? And how we can configure mongos to refer multiple keyFile's for authentication?

Any pointers will be helpful.

vareda
  • 70
  • 1
  • 7

1 Answers1

2

This is not possible. You can have only one keyfile per mongos, and the mongos processes must be able to talk to every node in the sharded cluster.

Additionally, for balancing purposes, every primary needs to be able to talk to every other primary, and any node in a replica set can become primary. Hence you would have to have every keyfile you mention deployed on every replica set member and every mongos.

Basically, what you are looking to do does not make sense within the context of a sharded cluster. You can have different keyfiles if the replica sets are isolated, but not if they are supposed to communicate as part of a sharded cluster.

Adam C
  • 5,222
  • 2
  • 30
  • 52