Editing
My MongoDB notes
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== add MongoDB user and enable remote management access == [https://docs.mongodb.com/manual/core/security-users/ User documentation] Steps to setup first user and enable access control [https://docs.mongodb.com/manual/tutorial/enable-authentication/ resource] create user administrator (sample file, use your own user and pwd values) <pre>use admin db.createUser( { user: "myUserAdmin", pwd: "abc123", roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ] } )</pre> Enable MongoDB instance to start with access control enabled by editing MongoDB config <code>$ sudo vi /etc/mongod.conf</code> Enable security.authorization configuration option <pre>security: authorization: enabled </pre> Bind IP address that enables remote connection to MongoDB (optional step) <pre># network interfaces net: port: 27017 bindIp: 127.0.0.1,192.168.1.109 <-- An IP address on your server that you want MongoDB to listen for TCP connections.</pre> Shutdown instance within mongo shell <code>db.adminCommand( { shutdown: 1 } )</code> '''After restart attempt MongoDB instance failed to start.''' The MongoDB log had this: <pre>$ sudo tail /var/log/mongodb/mongod.log 2019-08-11T15:41:04.940-0500 I CONTROL [initandlisten] distarch: x86_64 2019-08-11T15:41:04.940-0500 I CONTROL [initandlisten] target_arch: x86_64 2019-08-11T15:41:04.940-0500 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "127.0.0.1,192.168.1.109", port: 27017 }, processManagement: { timeZoneInfo: "/usr/share/zoneinfo" }, security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } } 2019-08-11T15:41:04.940-0500 E NETWORK [initandlisten] Failed to unlink socket file /tmp/mongodb-27017.sock Unknown error 2019-08-11T15:41:04.940-0500 F - [initandlisten] Fatal Assertion 40486 at src/mongo/transport/transport_layer_asio.cpp 685 2019-08-11T15:41:04.940-0500 F - [initandlisten] ***aborting after fassert() failure</pre> Root owns file and we want mongodb user to own file <pre>$ ls -l /tmp/mongodb-27017.sock srwx------ 1 root root 0 Aug 11 15:31 /tmp/mongodb-27017.sock </pre> The fix is to delete file so it can be recreated with correct permissions. <code>$ sudo rm /tmp/mongodb-27017.sock</code> Verify that TCP socket is closed or you will get ''Failed to set up listener: SocketException: Address already in use'' upon start up <pre>$ netstat -an | grep 27017 tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN </pre> TCP port 27017 in use so you have to close the port <code>$ sudo kill $(sudo lsof -t -i:27017)</code> Verify TCP port in use (should get no output) <code>$ netstat -an | grep 27017</code> Upon start attempt received another failure due to file permissions. Verify that mongodb user and group own all files and directories <code>$ ls -la /var/lib/mongodb</code> If you see root on any file or directory except '..' then change permissions using <code>$ sudo chown -R mongodb:mongodb /var/lib/mongodb</code> Now start MongoDB instance and verify access control and TCP port in bound to bindIp values from above. <pre>$ sudo systemctl start mongod $ sudo systemctl status mongod β mongod.service - MongoDB Database Server Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2019-08-11 16:14:13 CDT; 4s ago Docs: https://docs.mongodb.org/manual Main PID: 19662 (mongod) CGroup: /system.slice/mongod.service ββ19662 /usr/bin/mongod --config /etc/mongod.conf Aug 11 16:14:13 hammerhead systemd[1]: Started MongoDB Database Server. $ netstat -an | grep 27017 tcp 0 0 192.168.1.109:27017 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN unix 2 [ ACC ] STREAM LISTENING 13117024 /tmp/mongodb-27017.sock </pre> === Connect and authenticate as user administrator === Authenticate during connection to mongo <code>mongo --port 27017 -u "myUserAdmin" --authenticationDatabase "admin" -p</code> or <pre> $ mongo --port 27017 > use admin > db.auth("myUserAdmin", "abc123" )</pre>
Summary:
Please note that all contributions to GotOpinion may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
GotOpinion:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information