Mongos authentication

Question

We have 9 mongo nodes in our environment with:

• 1 mongos
• 3 config servers (mongod --configSvr)
• 9 mongod servers (shards or members of sharded replica-sets)

and we are trying to implement authentication on them.

I have done this in the past with a single server and it was really easy:

1. just add the admin user to the admin database
2. add a user on each database

I had to restart mongod with --auth option, but here it doesn't seem to work.

I've added the admin account to our mongos and for our sharded databases; I tried to authenticate as the user I had just created, but it didn't work.

I've tried creating an admin user on each database, and the other user accounts that we need, but it still didn't work.

I also tried making sure all of our mongo servers were running with the --keyFile option specified either on the command-line or in their /etc/mongodb.conf files, but that didn't seem to help.

When I try to authenticate as a given user, like so:

db.auth("user","passwd")

it fails and returns 0, as in false; not non-zero.

I seriously need all the help I can get, so please at least leave some suggestions on things I could try--I can't overstress this, any help is more than welcome since I don't seem to be getting anywhere just from following the official docs on managing/administrating mongo sharded clusters.

Answer 1

In a sharded cluster you should use --keyFile to allow all the members of the cluster to authenticate to each other. When you use this option, --auth is "assumed". Since there've been several version changes since you asked this question, the roles assigned to users are more granular now - you would need to have a 'clusterAdmin', 'userAdmin', 'dbAdmin', etc.

This page has more details about how to configure security in MongoDB for a sharded cluster.