Authenticate mongodb replica set

Question

I have 4 instances of mongodb running(replica set) with following mongodb.conf file for each instance:

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /root/mongodata/log/mongod.log

# Where and how to store data.
storage:
  dbPath: /root/mongodata/db1 # also have db2 and so on for rest of the instances
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /root/mongodata/db1/mongod.pid  # location of pidfile, different for 4 instances

# network interfaces
net:
  port: 30000 #port different for 4 different instances
  bindIp: 12.123.321.432(example ip, same for all 4 .conf files) 

# security  
security:
  KeyFile: /path to my keyfile location

#  authorization: enabled

#operationProfiling:

replication:
  replSetName: testReplica #have this same for all 4


#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:

I also created a keyfile for internal authentication as follows:

openssl rand -base64 756 > <path-to-keyfile>
chmod 400 <path-to-keyfile>

After all the instances are running I opened mongoShell as follows:

mongo --host 12.123.321.432 --port 30000

I am able to open the shell but when I try to create a user, I get the following exception:

2016-12-22T20:55:38.396-0500 E QUERY    [thread1] Error: couldn't add user: not authorized on test to execute command { createUser: "root", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:23:13
DB.prototype.createUser@src/mongo/shell/db.js:1230:11
@(shell):1:1

I tried switching to admin db but still says unauthorized, I also tried to run rs.initiate() command to define primary and secondary dbs, says unauthorized. I read even if i start the mongod with authentication disabled the internal authentication via keyfile will force the role based authentication. What am I missing here and how would i resolve it? thanks in advance.

Answer 1

The error message shows that you have not privileges to execute the command.

After set keyfile parameter in .conf file, mongo need you login with auth user.

So if you have not root user.

1. start mongod without auth config (don't set keyfile and disable security.authorization )
2. create use with root role

db.createUser({user:"root",pwd:"rootpassword",roles:[{role:"root",db:"admin"}]})

if you have root user, you should use db.auth() or login mongo with root privileges, for executing rs.conf() command.

mongo --port portnumber -u root -p --authenticationDatabase admin

or after login with command mongo --port portnumber

db.auth("root", "rootpassword")

ps. KeyFile is for replica set inner communication security.