Thursday, November 17, 2016

Mongodb - Create Users for Different Tasks



# Setup directory for replication set testing
# hostname: database.dbaglobe.com
mkdir -p /home/donghua/LAB3/{r0,r1,r2}

# Setup replset with 3 replicas

mongod --dbpath /home/donghua/LAB3/r0 --logpath /home/donghua/LAB3/r0/mongo.log --port 31210 --replSet TO_BE_SECURED --fork
mongod --dbpath /home/donghua/LAB3/r1 --logpath /home/donghua/LAB3/r1/mongo.log --port 31211 --replSet TO_BE_SECURED --fork
mongod --dbpath /home/donghua/LAB3/r2 --logpath /home/donghua/LAB3/r2/mongo.log --port 31212 --replSet TO_BE_SECURED --fork

mongo --port 31210 --eval "rs.initiate({_id: 'TO_BE_SECURED',members: [{ _id: 1, host: 'database.dbaglobe.com31210' },{ _id: 2, host: 'database.dbaglobe.com31211' },{ _id: 3, host: 'database.dbaglobe.com31212' }]})"
mongo --port 31210 --eval "rs.status()"


# Create a keyfile to use for internal authentication between the members of the replica set.
openssl rand -base64 755 > /home/donghua/LAB3/mongodb-keyfile
chmod 400 /home/donghua/LAB3/mongodb-keyfile


# Starting with the primary, restart each member using the shared keyfile you generated.

mongod --dbpath /home/donghua/LAB3/r0 --shutdown
mongod --dbpath /home/donghua/LAB3/r1 --shutdown
mongod --dbpath /home/donghua/LAB3/r2 --shutdown

mongod --dbpath /home/donghua/LAB3/r0 --logpath /home/donghua/LAB3/r0/mongo.log --port 31210 --replSet TO_BE_SECURED --fork  --keyFile /home/donghua/LAB3/mongodb-keyfile
mongod --dbpath /home/donghua/LAB3/r1 --logpath /home/donghua/LAB3/r1/mongo.log --port 31211 --replSet TO_BE_SECURED --fork  --keyFile /home/donghua/LAB3/mongodb-keyfile
mongod --dbpath /home/donghua/LAB3/r2 --logpath /home/donghua/LAB3/r2/mongo.log --port 31212 --replSet TO_BE_SECURED --fork  --keyFile /home/donghua/LAB3/mongodb-keyfile

# Create a user "userAdmin" with password "badges" has permission to "create users on any database"
MongoDB Enterprise TO_BE_SECURED:PRIMARY> use admin
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.createUser( {user: "userAdmin", pwd: "badges", roles:[{role:'userAdminAnyDatabase',db:'admin'}]});
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.auth("userAdmin","badges")

# Create a user "sysAdmin" with password "cables" has permission to "configure a replica set"
MongoDB Enterprise TO_BE_SECURED:PRIMARY> use admin
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.auth("userAdmin","badges")
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.createUser( {user: "sysAdmin", pwd: "cables", roles:[{role:'clusterManager',db:'admin'}]});
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.auth("sysAdmin","cables")

# Create a user "dbAdmin" with password "collections" has permission to "create a collection on any database"
MongoDB Enterprise TO_BE_SECURED:PRIMARY> use admin
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.auth("userAdmin","badges")
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.createUser( {user: "dbAdmin", pwd: "collections", roles:[{role:'dbAdminAnyDatabase',db:'admin'}]});
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.auth("dbAdmin","collections")
             
# Create a user "dataLoader" with password "dumpin" has permission to "insert data on any database"
MongoDB Enterprise TO_BE_SECURED:PRIMARY> use admin
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.auth("userAdmin","badges")
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.createUser( {user: "dataLoader", pwd: "dumpin", roles:[{role:'readWriteAnyDatabase',db:'admin'}]});
MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.auth("dbAdmin","collections")

MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.system.users.find({},{user:1,db:1,roles:1,_id:0})
{ "user" : "userAdmin", "db" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
{ "user" : "sysAdmin", "db" : "admin", "roles" : [ { "role" : "clusterManager", "db" : "admin" } ] }
{ "user" : "dbAdmin", "db" : "admin", "roles" : [ { "role" : "dbAdminAnyDatabase", "db" : "admin" } ] }
{ "user" : "dataLoader", "db" : "admin", "roles" : [ { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }

MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.getUser('userAdmin')
{
        "_id" : "admin.userAdmin",
        "user" : "userAdmin",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}

# Shutdown and clean up
mongod --dbpath /home/donghua/LAB3/r0 --shutdown
mongod --dbpath /home/donghua/LAB3/r1 --shutdown
mongod --dbpath /home/donghua/LAB3/r2 --shutdown
rm -rf /home/donghua/LAB3/