1

I have 4 instances of mongodb running(replica set) with following mongodb.conf file for each instance:

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /root/mongodata/log/mongod.log

# Where and how to store data.
storage:
  dbPath: /root/mongodata/db1 # also have db2 and so on for rest of the instances
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /root/mongodata/db1/mongod.pid  # location of pidfile, different for 4 instances

# network interfaces
net:
  port: 30000 #port different for 4 different instances
  bindIp: 12.123.321.432(example ip, same for all 4 .conf files) 

# security  
security:
  KeyFile: /path to my keyfile location

#  authorization: enabled

#operationProfiling:

replication:
  replSetName: testReplica #have this same for all 4


#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:

I also created a keyfile for internal authentication as follows:

openssl rand -base64 756 > <path-to-keyfile>
chmod 400 <path-to-keyfile>

After all the instances are running I opened mongoShell as follows:

mongo --host 12.123.321.432 --port 30000

I am able to open the shell but when I try to create a user, I get the following exception:

2016-12-22T20:55:38.396-0500 E QUERY    [thread1] Error: couldn't add user: not authorized on test to execute command { createUser: "root", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:23:13
DB.prototype.createUser@src/mongo/shell/db.js:1230:11
@(shell):1:1

I tried switching to admin db but still says unauthorized, I also tried to run rs.initiate() command to define primary and secondary dbs, says unauthorized. I read even if i start the mongod with authentication disabled the internal authentication via keyfile will force the role based authentication. What am I missing here and how would i resolve it? thanks in advance.

Aurasphere
  • 3,841
  • 12
  • 44
  • 71
Gurkha
  • 1,104
  • 4
  • 20
  • 37

1 Answers1

1

The error message shows that you have not privileges to execute the command.

After set keyfile parameter in .conf file, mongo need you login with auth user.

So if you have not root user.

  1. start mongod without auth config (don't set keyfile and disable security.authorization )
  2. create use with root role
db.createUser({user:"root",pwd:"rootpassword",roles:[{role:"root",db:"admin"}]})

if you have root user, you should use db.auth() or login mongo with root privileges, for executing rs.conf() command.

mongo --port portnumber -u root -p --authenticationDatabase admin

or after login with command mongo --port portnumber

db.auth("root", "rootpassword")

ps. KeyFile is for replica set inner communication security.

Muhammad Tariq
  • 3,318
  • 5
  • 38
  • 42
0xTang
  • 776
  • 7
  • 11
  • You are almost correct but for replica set the trick was to start with empty `db` folder and in `.conf` file you should not provide the`'keyFile` parameter. As soon as you put in `keyFile` internal authentication + role based access is forced. So start without `keyfile` and the create necessary users and then restart with `keyFile` added to `.conf` file. Note: when you provide `keyFile` parameter u dont need to use `--auth` to enable authentication. Please update your answer so that I can mark as correct answer. thanks! – Gurkha Dec 23 '16 at 23:11
  • @Gurkha yes, that's right, answer have updated, hope this help you. – 0xTang Dec 24 '16 at 09:24