Congifuring authentication in a cluster
For cluster nodes authentication, create a file with the key of 6-1024 Base64 symbols. That can be done in the following way:
openssl rand -base64 741 > mongo_keyfile
This file should have numerical permission 400, so allow owner to read the file and define ownership.
chown mongodb mongo_keyfile chmod 400 mongo_keyfile
After that, add keyfile
parameter containing an absolute path to the created file to /etc/mongodb.conf
(in the example considered, add keyFile = /etc/mongo_keyfile line) and restart MongoDB.
This should be done for each node of the cluster:
Copy the file to each node of the cluster, check permissions and file owner.
Specification of keyFile automatically enables authentication (auth = true
).
Then user configuration should be performed.
User configuration
Creating administrator account
To create administrator account using Mongo shell, the following will need to be done:
1) Connect to admin database:
$ mongo admin connecting to: admin >
2) Enter the command to create a user
db.addUser({ user: "<username>", pwd: "<password>", roles: [ "clusterAdmin", "userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase" ] })
After administrator account has been created, restart MongoDB service. If authentication was not configured in the cluster, set auth = true in /etc/mongodb.conf configuration file
service mongodb restart
After service restart, mongo can be accessible using the new user account.
mongo -u<username> -p<password> admin
admin is the name of the database to which connection is made.
Then users for other databases should be added. In particular for DB: notification-gw, pcrf, wifi-customer-cab
Regular users are added in the same way as administrator, but with readWrite (reading/writing) and dbAdmin (some operations with indices and collections) roles:
Select the required database
> use notification-gw
Create a user
> db.addUser(\{ user: "<user_name>", pwd: "<password>", roles: \[ "readWrite", "dbAdmin" \] \})
Switch to another database
> use pcrf
Repeat the operation for PCRF using the same privileges, but add clusterAdmin privilege to get replica set state.
> db.addUser(\{ user: "<user_name>", pwd: "<password>", roles: \[ "readWrite", "dbAdmin", clusterAdmin \] \})
Do not forget to specify login and password for wifi-customer-cab
database access in /etc/eltex-wifi-cab/system.xml
configuration file of Admin Panel.
Configure pcrf access in /etc/eltex-radius-nbi/radius_nbi_config.txt
.
Configure notification-gw access
in /etc/eltex-notification-gw/notification.properties
.