- LXC Container
- Minimum 2 CPU Cores (2 threads are needed to run the TTL Monitor.)
- 10GB HDD
$ mongosh
> use admin
> db.createUser(
{
user: "myUserAdmin",
pwd: passwordPrompt(), // or cleartext password
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" }
]
}
)
# /etc/mongodb.conf
security:
authorization: enabled
$ mongosh --authenticationDatabase 'admin' -u <user> -p
Enter password:
or
$ mongosh --authenticationDatabase 'admin' -u <user> -p <pass>
$ mongosh
> use admin
> db.auth(<user>, passwordPrompt())
or
> db.auth(<user>, <pass>)
openssl rand -base64 756 > /opt/mongodb/keyfile
sudo chown mongodb:mongodb /opt/mongodb/keyfile
sudo chmod 400
# /etc/mongodb.conf
security:
authorization: enabled
keyFile: /opt/mongodb/keyfile
# /etc/mongodb.conf
replication:
replSetName: <name>
sudo systemctl restart mongodb
$ mongosh
> use admin
> db.auth(<user>, passwordPrompt())
> db.grantRolesToUser(<user>, [
{role: 'clusterAdmin', db: 'admin'}
])
> rs.initiate()
"WiredTiger error","attr":{"error":13,"message":"[1662831911:129518][1630:0x7f062b617ec0], wiredtiger_open: __posix_open_file, 808: /var/lib/mongodb/WiredTiger.turtle: handle-open: open: Permission denied"
sudo su
chown -R mongodb:mongodb /var/lib/mongodb
"Read security file failed","attr":{"error":{"code":30,"codeName":"InvalidPath","errmsg":"Error reading file /path/to/mongodb/keyfile: Permission denied"
sudo mkdir -p /opt/mongodb/
sudo mv /path/to/mongodb/keyfile /opt/mongodb/
sudo chown -R mongodb:mongodb /opt/mongodb
sudo chmod 400 /opt/mongodb/keyfile
- I do not fully understand why this error occurs and why it can't access the user directory.
- But it seems to alleviate permission errors when it is moved to a different directory within the system.
https://stackoverflow.com/questions/53478123/mongodb-can-not-start-because-of-wiredtiger-turtle-permissions
https://www.digitalocean.com/community/tutorials/how-to-configure-keyfile-authentication-for-mongodb-replica-sets-on-ubuntu-20-04