1

I have 4 instances of mongodb running(replica set) with following mongodb.conf file for each instance:

# mongod.conf # for documentation of all options, see: # http://docs.mongodb.org/manual/reference/configuration-options/ # where to write logging data. systemLog: destination: file logAppend: true path: /root/mongodata/log/mongod.log # Where and how to store data. storage: dbPath: /root/mongodata/db1 # also have db2 and so on for rest of the instances journal: enabled: true # engine: # mmapv1: # wiredTiger: # how the process runs processManagement: fork: true # fork and run in background pidFilePath: /root/mongodata/db1/mongod.pid # location of pidfile, different for 4 instances # network interfaces net: port: 30000 #port different for 4 different instances bindIp: 12.123.321.432(example ip, same for all 4 .conf files) # security security: KeyFile: /path to my keyfile location # authorization: enabled #operationProfiling: replication: replSetName: testReplica #have this same for all 4 #sharding: ## Enterprise-Only Options #auditLog: #snmp:

I also created a keyfile for internal authentication as follows:

openssl rand -base64 756 > <path-to-keyfile> chmod 400 <path-to-keyfile>

After all the instances are running I opened mongoShell as follows:

mongo --host 12.123.321.432 --port 30000

I am able to open the shell but when I try to create a user, I get the following exception:

2016-12-22T20:55:38.396-0500 E QUERY [thread1] Error: couldn't add user: not authorized on test to execute command { createUser: "root", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } } : _getErrorWithCode@src/mongo/shell/utils.js:23:13 DB.prototype.createUser@src/mongo/shell/db.js:1230:11 @(shell):1:1

I tried switching to admin db but still says unauthorized, I also tried to run rs.initiate() command to define primary and secondary dbs, says unauthorized. I read even if i start the mongod with authentication disabled the internal authentication via keyfile will force the role based authentication. What am I missing here and how would i resolve it? thanks in advance.

Improve this question

1 Answer 1

Reset to default
1

The error message shows that you have not privileges to execute the command.

After set keyfile parameter in .conf file, mongo need you login with auth user.

So if you have not root user.

  1. start mongod without auth config (don't set keyfile and disable security.authorization )
  2. create use with root role
db.createUser({user:"root",pwd:"rootpassword",roles:[{role:"root",db:"admin"}]})

if you have root user, you should use db.auth() or login mongo with root privileges, for executing rs.conf() command.

mongo --port portnumber -u root -p --authenticationDatabase admin

or after login with command mongo --port portnumber

db.auth("root", "rootpassword")

ps. KeyFile is for replica set inner communication security.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You are almost correct but for replica set the trick was to start with empty db folder and in .conf file you should not provide the'keyFile parameter. As soon as you put in keyFile internal authentication + role based access is forced. So start without keyfile and the create necessary users and then restart with keyFile added to .conf file. Note: when you provide keyFile parameter u dont need to use --auth to enable authentication. Please update your answer so that I can mark as correct answer. thanks!
@Gurkha yes, that's right, answer have updated, hope this help you.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.