# Setup directory for replication set
testing
# hostname: database.dbaglobe.com
mkdir -p /home/donghua/LAB3/{r0,r1,r2}
# Setup replset with 3 replicas
mongod --dbpath
/home/donghua/LAB3/r0 --logpath /home/donghua/LAB3/r0/mongo.log --port 31210
--replSet TO_BE_SECURED --fork
mongod --dbpath
/home/donghua/LAB3/r1 --logpath /home/donghua/LAB3/r1/mongo.log --port 31211
--replSet TO_BE_SECURED --fork
mongod --dbpath
/home/donghua/LAB3/r2 --logpath /home/donghua/LAB3/r2/mongo.log --port 31212
--replSet TO_BE_SECURED --fork
mongo --port 31210 --eval
"rs.initiate({_id: 'TO_BE_SECURED',members: [{ _id: 1, host: 'database.dbaglobe.com31210'
},{ _id: 2, host: 'database.dbaglobe.com31211' },{ _id: 3, host: 'database.dbaglobe.com31212'
}]})"
mongo --port 31210 --eval
"rs.status()"
# Create a keyfile to use for internal
authentication between the members of the replica set.
openssl rand -base64 755
> /home/donghua/LAB3/mongodb-keyfile
chmod 400 /home/donghua/LAB3/mongodb-keyfile
# Starting with the primary, restart
each member using the shared keyfile you generated.
mongod --dbpath
/home/donghua/LAB3/r0 --shutdown
mongod --dbpath
/home/donghua/LAB3/r1 --shutdown
mongod --dbpath
/home/donghua/LAB3/r2 --shutdown
mongod --dbpath
/home/donghua/LAB3/r0 --logpath /home/donghua/LAB3/r0/mongo.log --port 31210
--replSet TO_BE_SECURED --fork --keyFile
/home/donghua/LAB3/mongodb-keyfile
mongod --dbpath
/home/donghua/LAB3/r1 --logpath /home/donghua/LAB3/r1/mongo.log --port 31211
--replSet TO_BE_SECURED --fork --keyFile
/home/donghua/LAB3/mongodb-keyfile
mongod --dbpath
/home/donghua/LAB3/r2 --logpath /home/donghua/LAB3/r2/mongo.log --port 31212
--replSet TO_BE_SECURED --fork --keyFile
/home/donghua/LAB3/mongodb-keyfile
# Create a user "userAdmin"
with password "badges" has permission to "create users on any
database"
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> use admin
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.createUser( {user:
"userAdmin", pwd: "badges", roles:[{role:'userAdminAnyDatabase',db:'admin'}]});
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.auth("userAdmin","badges")
# Create a user "sysAdmin"
with password "cables" has permission to "configure a replica
set"
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> use admin
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.auth("userAdmin","badges")
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.createUser( {user:
"sysAdmin", pwd: "cables",
roles:[{role:'clusterManager',db:'admin'}]});
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.auth("sysAdmin","cables")
# Create a user "dbAdmin" with
password "collections" has permission to "create a collection on
any database"
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> use admin
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.auth("userAdmin","badges")
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.createUser( {user:
"dbAdmin", pwd: "collections",
roles:[{role:'dbAdminAnyDatabase',db:'admin'}]});
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.auth("dbAdmin","collections")
# Create a user "dataLoader"
with password "dumpin" has permission to "insert data on any
database"
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> use admin
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.auth("userAdmin","badges")
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.createUser( {user:
"dataLoader", pwd: "dumpin",
roles:[{role:'readWriteAnyDatabase',db:'admin'}]});
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.auth("dbAdmin","collections")
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.system.users.find({},{user:1,db:1,roles:1,_id:0})
{ "user" :
"userAdmin", "db" : "admin", "roles" :
[ { "role" : "userAdminAnyDatabase", "db" :
"admin" } ] }
{ "user" :
"sysAdmin", "db" : "admin", "roles" : [
{ "role" : "clusterManager", "db" :
"admin" } ] }
{ "user" :
"dbAdmin", "db" : "admin", "roles" : [
{ "role" : "dbAdminAnyDatabase", "db" :
"admin" } ] }
{ "user" :
"dataLoader", "db" : "admin", "roles" :
[ { "role" : "readWriteAnyDatabase", "db" :
"admin" } ] }
MongoDB Enterprise
TO_BE_SECURED:PRIMARY> db.getUser('userAdmin')
{
"_id" : "admin.userAdmin",
"user" : "userAdmin",
"db" : "admin",
"roles" : [
{
"role" :
"userAdminAnyDatabase",
"db" :
"admin"
}
]
}
# Shutdown and clean up
mongod --dbpath
/home/donghua/LAB3/r0 --shutdown
mongod --dbpath
/home/donghua/LAB3/r1 --shutdown
mongod --dbpath
/home/donghua/LAB3/r2 --shutdown
rm -rf /home/donghua/LAB3/
No comments:
Post a Comment