1. Start first set of core mongod nodes using auth and keyFile:
mongod --replSet s1 --logpath /data/logmongo/s1-a.log --dbpath /data/datamongo/s1-a --port 37017 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
mongod --replSet s1 --logpath /data/logmongo/s1-b.log --dbpath /data/datamongo/s1-b --port 37018 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
mongod --replSet s1 --logpath /data/logmongo/s1-c.log --dbpath /data/datamongo/s1-c --port 37019 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
2. Setup replica set s1:
mongo --port 37017
config =
{"_id": "s1", "members" : [
{"_id" : 0, "host" : "localhost:37017"}
,
{"_id" : 1, "host" : "localhost:37018"}
,
{"_id" : 2, "host" : "localhost:37019"}
]
}
rs.initiate(config);
3. Start second set of core mongod nodes using auth and keyFile:
mongod --replSet s2 --logpath /data/logmongo/s2-a.log --dbpath /data/datamongo/s2-a --port 47017 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
mongod --replSet s2 --logpath /data/logmongo/s2-b.log --dbpath /data/datamongo/s2-b --port 47018 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
mongod --replSet s2 --logpath /data/logmongo/s2-c.log --dbpath /data/datamongo/s2-c --port 47019 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
4. Setup replica set s2:
mongo --port 47017
config =
{"_id": "s2", "members" : [
{"_id" : 0, "host" : "localhost:47017"}
,
{"_id" : 1, "host" : "localhost:47018"}
,
{"_id" : 2, "host" : "localhost:47019"}
]
}
rs.initiate(config);
5. Start config servers using --auth and --keyFile:
mongod --logpath /data/logmongo/cfg-1.log --dbpath /data/configmongo/cfg-a --port 57017 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt
mongod --logpath /data/logmongo/cfg-2.log --dbpath /data/configmongo/cfg-b --port 57018 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt
mongod --logpath /data/logmongo/cfg-3.log --dbpath /data/configmongo/cfg-c --port 57019 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt
6. Start mongos process:
mongos --port 27017 --fork --logpath "mongos-1.log" --configdb localhost:57017,localhost:57018,localhost:57019
7. Add shards:
mongos> db.adminCommand(
{"addshard" : "s1/localhost:37017"}
);
mongos> db.adminCommand(
{"addshard" : "s2/localhost:47017"}
);
8. Switch to use admin database:
mongos> use admin;
9. Add user (I try to add an admin user with full access for testing purposes):
mongos> db.addUser(
{user: "admin",pwd: "admin",roles: ["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"], otherDBRoles:
{
config:["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"],
admin: ["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"]
}}
);
10. Attempt to log in as the user I just created. This is where the problem seems to be, mongo will not authenticate the user and returns an error
mongos> db.auth("admin","admin");
Error: 18 { code: 13106, ok: 0.0, errmsg: "exception: nextSafe():
{ $err: "not authorized for query on admin.system.users", code: 16550 }
" }