Activating the User Authentication¶
Caution - installation and configuration order
Mind the order of installation and configuration. The installation of the complete system including all its components, i. e. PLOSSYS Output Engine, SEAL Operator, easyPRIMA, and others, must be finished before you start to configure the user authentication.
Getting the Master Node¶
Find the master node in the MongoDB cluster:
& "C:\Program Files\mongosh\mongosh.exe" --tls --tlsAllowInvalidCertificates --eval 'rs.isMaster()'
Example - result of the above command to get the master node
The hosts
entry contains a list of all known cluster nodes and the primary
entry contains the host name of the master node.
{
"topologyVersion" : {
"processId" : ObjectId("62da51692acff423bc8b8a92"),
"counter" : NumberLong(4)
},
"hosts" : [
"db:27017",
"db2:27017",
"db3:27017"
],
"setName" : "rs",
"setVersion" : 5,
"ismaster" : false,
"secondary" : true,
"primary" : "db3:27017",
"me" : "db:27017",
"lastWrite" : {
"opTime" : {
"ts" : Timestamp(1658474882, 1),
"t" : NumberLong(20)
},
"lastWriteDate" : ISODate("2022-07-22T07:28:02Z"),
"majorityOpTime" : {
"ts" : Timestamp(1658474872, 2),
"t" : NumberLong(20)
},
"majorityWriteDate" : ISODate("2022-07-22T07:27:52Z")
},
"maxBsonObjectSize" : 16777216,
"maxMessageSizeBytes" : 48000000,
"maxWriteBatchSize" : 100000,
"localTime" : ISODate("2022-07-22T07:28:02.477Z"),
"logicalSessionTimeoutMinutes" : 30,
"connectionId" : 9,
"minWireVersion" : 0,
"maxWireVersion" : 13,
"readOnly" : false,
"ok" : 1,
"$clusterTime" : {
"clusterTime" : Timestamp(1658474882, 1),
"signature" : {
"hash" : BinData(0,"hgMLa+1zoaSPY1zOSOsiS1yr0bQ="),
"keyId" : NumberLong("7116508179495649285")
}
},
"operationTime" : Timestamp(1658474882, 1)
}
Single System and Replica Set Primary¶
The user authentication of MongoDB is disabled by default. Activate the user authentication to enhance the security.
-
Open a PowerShell (Administrator) and change to the following directory:
C:\Program Files\SEAL Systems\seal-mongodb
-
Execute the following script and follow the instructions:
.\secure-mongo.ps1
The script creates a random password, please read the output of the script for the password.
The user for accessing the different databases is plossys
, the user for administration tasks is root
.
Example - configuration of PLOSSYS Output Engine
service:
any:
tag:
any:
MONGO_JOBS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-jobs?replicaSet=p5
MONGO_PRINTERS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-printers?replicaSet=p5
MONGO_EVENTS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-events?replicaSet=p5
MONGO_NOTIFICATIONS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-notifications?replicaSet=p5
MONGO_PREPROCESS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-preprocess?replicaSet=p5
MONGO_CONFIGS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-configs?replicaSet=p5
MONGO_LOCKS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-locks?replicaSet=p5
MONGO_ACTIONS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-actions?replicaSet=p5
Example - configuration of SEAL Operator
service:
any:
tag:
any:
MONGO_SERVER_URL: mongodb://plossys:<the random password>@<host1>:27017,<host2>:27017,<host3>:27017/operator-server
MONGO_FILEUPLOAD_URL: mongodb://plossys:<the random password>@<host1>:27017,<host2>:27017,<host3>:27017/operator-fileupload
MONGO_PREPROCESS_URL: mongodb://plossys:<the random password>@<host1>:27017,<host2>:27017,<host3>:27017/preprocess
Example - calling MongoDB client
& "C:\Program Files\mongosh\mongosh.exe" --tls --tlsAllowInvalidCertificates -u root -p <the random password> --eval 'rs.status()'
Secondary Members of the Replica Set¶
-
On the secondary member, create the
C:\ProgramData\SEAL Systems\secure\
directory, if not yet existing:New-Item -ItemType Directory -Force -Path 'C:\ProgramData\SEAL Systems\secure\'
-
Copy the key file created by
secure-mongo.ps1
on the replica set primaryC:\ProgramData\SEAL Systems\secure\mongod.keyfile
into the following directory on your current member of the replica set:
C:\ProgramData\SEAL Systems\secure\
-
In the
C:\ProgramData\SEAL Systems\config\mongod.conf
file, add the following lines:security: authorization: enabled keyFile: C:\ProgramData\SEAL Systems\secure\mongod.keyfile
-
Restart MongoDB:
Restart-Service -name seal-mongodb -Force
-
Proceed with step 1 on the next member of the replica set.