Discussion:
Implementing Mongodb auth on a mult-node setup.
(too old to reply)
Lance Lyons
2018-11-30 22:33:58 UTC
Permalink
We have 3 machines in a multi-node setup (primary and 2 secondarys.)

we setup the mongo config for each instance to include

security:

authorization: "enabled"


We added 2 users to BOTH the admin and DBConfigs collection... one as admin
of the entire set and one as a application connection login.


db.createUser({ user: "admintool", pwd: "sdfsdfs", roles: [{role: "read",
db: "admin" },{ role : "dbOwner", db : "DBConfigs" }] })


db.createUser ( { user: "mongoadmin", pwd: "sdfssdf", roles: [{role:
"userAdminAnyDatabase", db: "admin" },{role: "dbOwner", db:
"DBConfigs"},{role: "userAdmin", db: "DBConfigs"}] })

we also updated the mongo connection string
mongodb://admintool:***@ServerName:27017/DBConfigs


I have confirmed this all works in single node systems


On the multinode system, I did the work on the primary first and recycled
the service thus enabling for primary
then I enabled authorization on the 2 secondary's without adding the users
to those and recycled the service

I was able to connect to the primary with robomongo and authentication with
no problem.

however our app had a problem connecting and bringing back data.

couple of questions.

do I need to add the users to the secondaries as well? I assumed they
would be replicated.

Could working the primary first and recycling it, have caused the primary
to switch? I think our connection string for mongo does not include all
three nodes but just the original primary.

any help would be appreciated.

I have had to disable the authorization on all three for the time being
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: https://docs.mongodb.com/manual/support/
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/28f132ac-a983-41ec-bd8d-71a6815976b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Lance Lyons
2018-11-30 22:36:42 UTC
Permalink
Post by Lance Lyons
We have 3 machines in a multi-node setup (primary and 2 secondarys.)
we setup the mongo config for each instance to include
authorization: "enabled"
We added 2 users to BOTH the admin and DBConfigs collection... one as
admin of the entire set and one as a application connection login.
db.createUser({ user: "admintool", pwd: "sdfsdfs", roles: [{role: "read",
db: "admin" },{ role : "dbOwner", db : "DBConfigs" }] })
"DBConfigs"},{role: "userAdmin", db: "DBConfigs"}] })
we also updated the mongo connection string
I have confirmed this all works in single node systems
On the multinode system, I did the work on the primary first and recycled
the service thus enabling for primary
then I enabled authorization on the 2 secondary's without adding the users
to those and recycled the service
I was able to connect to the primary with robomongo and authentication
with no problem.
however our app had a problem connecting and bringing back data.
couple of questions.
do I need to add the users to the secondaries as well? I assumed they
would be replicated.
Could working the primary first and recycling it, have caused the primary
to switch? I think our connection string for mongo does not include all
three nodes but just the original primary.
any help would be appreciated.
I have had to disable the authorization on all three for the time being
I forgot to ask if our user admintool defined above, needs any unique
roles on a multinode system to just connect (read/write) on the DBConfigs
db.
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: https://docs.mongodb.com/manual/support/
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/5bda38ee-f6aa-41f6-9e2f-54c756993bc9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Continue reading on narkive:
Loading...