Setup MongoDB Replica with Password Authentication in Ubuntu 20.04 LTS.
Today we’re going to setup MongoDB Replica with Password Authentication in Ubuntu 20.04 LTS.
(1 Master and 2 Secondary)
MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License (SSPL).
A record in MongoDB is a document, which is a data structure composed of field and value pairs. MongoDB documents are similar to JSON objects. The values of fields may include other documents, arrays, and arrays of documents.
Replication in MongoDB
A replica set is a group of mongod instances that maintain the same data set. In replica set only one is primary and others are secondary nodes. Replica sets provide high availability with automatic failover so that system can operate continuously without downtime.
Overview
1. Install MongoDB to all servers.
2. Generate Key file on any one server.
3. Copy keyfile to all servers.
4. Update conf file for keyfile, replicaset name and bind address on all servers.
5. Restart MongoDB on all servers.
6. Run rs.initiate() to initialize cluster on only one server.
7. Run rs.status() to check Replica set status.
8. Create admin user on Primary server to enable password authentication.
9. Test Authentication in MongoDB.
10. Login to MongoDB with Password.
Steps
- Install MongoDB on all servers.
(Reference taken from MongoDB official Documentation for version MongoDB 5.0 Community Edition).
sudo apt-get install gnupgwget -qO — https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -echo “deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.listsudo apt-get updatesudo apt-get install -y mongodb-orgsudo systemctl start mongod #To start MonnDB servicesudo systemctl enable mongod #To Start MongoDB on server boot
2. On any one instance generate keyfile.
openssl rand -base64 756 > /var/lib/mongodb/keyfilechmod 400 /var/lib/mongodb/keyfilechown mongodb:mongodb /var/lib/mongodb/keyfile
3. Copy keyfile to all servers
rsync -av /var/lib/mongodb/keyfile root@ip-of-your-instance:/var/lib/mongodbNote: for rsync to work make sure servers are able to connect with each other by adding ssh key in authorized_keys)
4. Update conf file for keyfile, password Auth., replicaset name and bind address on all servers
Conf file location: /etc/mongod.conf
a. update bind address
net:
port: 27017 # default port
bindIp: 0.0.0.0 #I’m binding to all network interfaces for demo purpose. In production bind to only required interface.b. update security
security:
keyFile: /var/lib/mongodb/keyfilec. update replica set name
replication:
replSetName: "rs0"5. Restart mongoDB
sudo systemctl restart mongod.service
6. Run rs.initiate() on only one server.
type mongo in terminal to get MongoDB shell
type below command in shell to initialize cluster.
rs.initiate(
{
_id : ‘rs0’,
members: [
{ _id : 0, host : “ip-of-instance-1:27017” },
{ _id : 1, host : “ip-of-instance-2:27017” },
{ _id : 2, host : “ip-of-instance-3:27017” }]
}
);7. Run rs.status() to check Replica set status.
you will get list of members with their status like which members are Primary and secondary.
8. Create Admin user
db.createUser(
{
user: “Admin”,pwd: “myNewPassword”,
roles: [ { role: ‘root’, db: ‘admin’ } ]
}
);9. Test Authentication in MongoDB.
run rs.status() it will give you an error msg with “command replSetGetStatus requires authentication”
10. Login to MongoDB with Password
sample URI to login:
mongo "mongodb://<username>:<password>@<host>:<port>/<dbName>?replicaSet=<replicaSetName>"in our case URI should be:
mongo "mongodb://Admin:myNewPassword@ip-of-instance-1:27017,ip-of-instance-2:27017,ip-of-instance-3:27017/admin/?replicaSet=rs0"After login type rs.status() to check status of cluster.
Log file location: /var/log/mongodb/mongod.log
Data location: /var/lib/mongodb
