Friday, May 18, 2018

Security Basic Setup - Replica Set

Security Basic Setup - Replica Set

Here we gonna setup the basic security for replication by creating key files and users.

Servers:

ec2-54-210-172-176.compute-1.amazonaws.com
ec2-54-161-242-215.compute-1.amazonaws.com
ec2-54-173-156-117.compute-1.amazonaws.com

1.  Create a keyfile.

# openssl rand -base64 756 > /data/sand/keyfile
# chmod 400 /data/sand/keyfile

The generated key file looks like this,

2. Copy the keyfile to each replica set member.

Copy the key files to other to servers in the location /data/sand/keyfile

Servers:

ec2-54-161-242-215.compute-1.amazonaws.com
ec2-54-173-156-117.compute-1.amazonaws.com

# vi /data/sand/keyfile
# :wq!

3. Enforce access control on each member of the replica set.

The config file look like this -

Configuration File

net:
  port: 27017
processManagement:
  fork: true
replication:
  replSetName: tommy
security:
  keyFile: /data/sand/keyfile
storage:
  dbPath: /data/sand/data
systemLog:
  destination: file
  logAppend: true
  logRotate: rename
  path: /data/sand/logs/mongod.log


4. Connect to a member of the replica set over the localhost interface.

# /data/sand/mongodb_3.4.10/bin/mongod -f /data/sand/conf/mongod.conf
# /data/sand/mongodb_3.4.10/bin/mongo --port 27017


5. Initiate the replica set.

Initiate the replica set using ,

# rs.initiate(
  {
    _id : "tommy",
    members: [
      { _id : 0, host : "ec2-54-210-172-176.compute-1.amazonaws.com:27017" },
      { _id : 1, host : "ec2-54-161-242-215.compute-1.amazonaws.com:27017" },
      { _id : 2, host : "ec2-54-173-156-117.compute-1.amazonaws.com:27017" }
    ]
  }
)


6. Create the user administrator.

Create an admin user by using the command,

admin = db.getSiblingDB("admin")
admin.createUser(
  {
    user: "admin",
    pwd: "admin",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)


7. Authenticate as the user administrator.

Authenticate to the admin database.

# db.getSiblingDB("admin").auth("admin", "admin" )


Alternatively, connect a new mongo shell to the primary replica set member using,

# /data/sand/mongodb_3.4.10/bin/mongo --port 27017 -u "admin" -p "admin" --authenticationDatabase "admin"


8. Create the cluster administrator.

Create a cluster admin to manage the cluster,

db.getSiblingDB("admin").createUser(
  {
    "user" : "tommy",
    "pwd" : "changeme1",
    roles: [ { "role" : "clusterAdmin", "db" : "admin" } ]
  }
)


Connect  to the cluster admin by using,

# /data/sand/mongodb_3.4.10/bin/mongo --port 27017 -u "tommy" -p "changeme1" --authenticationDatabase "admin"


9. Create additional users (Optional).

Create users to allow clients to connect and interact with the replica set, if required.


DoneJ














Posted by at

4 comments:

  1. UnknownMay 21, 2018 at 10:31 AM

    Very useful bro :)

    ReplyDelete
  2. madinApril 16, 2019 at 12:46 AM

    Mi piacciono molto questi abiti Gucci replica !!!repliche gucci borse È decisamente consigliato comprare qui, la qualità è molto perfetta, repliche accessori gucci il colore è lo stesso del vero Gucci, non vedo l'ora di indossarli!

    ReplyDelete
  3. madinJune 3, 2019 at 3:10 AM

    The replica Christian Louboutin shoes are of perfect quality and comfortable to wear.Cheap Louboutin Shoes Outlet They wear this shoe when they travel, and they won't get tired. I recommended this site to my good friends,cheap men Christian Louboutin boat shoes they are very happy, can buy such cheap Christian Louboutin shoes

    ReplyDelete
  4. Priya ankaSeptember 11, 2020 at 3:14 AM

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)