I am using mongoDB Cluster with version 3.4 in google cloud compute engine, actually past week my database got attacked by hackers that's why i thought about using authorization so that i can avoid these types of attack. Now to add Authorizations i saw this article how-to-create-mongodb-replication-clusters, now i have added a keyfile with chmod 0600 on each of my cluster node, but now when i am trying to add my first admin user i am getting below error
use admin
switched to db admin
rs0:PRIMARY> db.createUser({user: "RootAdmin", pwd: "password123", roles: [ { role: "root", db: "admin" } ]});
2017-01-21T18:19:09.814+0000 E QUERY    [main] Error: couldn't add user: not authorized on admin to execute comm
and { createUser: "RootAdmin", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writ
eConcern: { w: "majority", wtimeout: 300000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1290:15
@(shell):1:1
I have searched everywhere but haven't found anything on why i am getting this error.
Can anyone please help me how can i solve this error.
UPDATE My config file is given below for each of the instances
Secondary Server Config
#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: false
   #engine:
  mmapv1:
    smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
Arbiter Server Config
#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /mnt/mongodb/db
  journal:
    enabled: true
   #engine:
  #mmapv1:
    #smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /mnt/mongodb/log/mongodb.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
Primary Server Config
#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /mnt/mongodb/db
  journal:
    enabled: true
   #engine:
  #mmapv1:
    #smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /mnt/mongodb/log/mongodb.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
You have to change your mongod.conf file to disable authorization before creating such admin user
security:
  authorization: disabled
After that, restart the mongod service and open mongodb shell to create the admin user
use admin
db.createUser({user:"RootAdmin",pwd:"blahblah",roles:["root"]})
Remember to enable authorization back on after creating user.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With