I recently installed mongo db and ran it for the first time. I encountered this warning,
Access control is not enabled for the database.
Read and write access to data and configuration is unrestricted.
I fixed this by enabling access control using these commands
db.createUser(
{
user:"myuserName",
pwd:"myPassword",
roles:[{role: "userAdminAnyDatabase", db:"admin"}]
})
From the docs, I have to restart mongodb with this command:
mongod --auth --port 27017 --dbpath /data/db
but when I try to restart mongodb after access control, I get this error.
2017-08-17T19:11:14.337+0530 E QUERY [thread1] SyntaxError: missing ; before statement #(shell):1:9
Is the command wrong or am I missing something here. Please walk me through this. Thanks.
Related
I have MongoDB replica set (3 servers) running on AWS. Every 6 hours I take a snapshot of the volume.
I have the need to get off Amazon Linux 1 and move to Ubuntu Linux due to some package changes. I have turned off the old cloudformation stack, created a new cloudformation stack using Ubuntu and now everything is blank.
So now, I take my snapshot, create a volume, remove the volume currently on the EC2, attach the new volume with old data, run sudo chown -R mongodb:mongodb /data and sudo chmod -R go+w /data and then restart Mongodb sudo systemctl restart mongod
This does start, but in the mongo log, I get this issue:
"msg":"Heartbeat failed after max retries","attr":{"target":"db2.ospreynrglive.com:27017","maxHeartbeatRetries":2,"error":{"code":93,"codeName":"InvalidReplicaSetConfig","errmsg":"replica set IDs do not match, ours: 604d72257a07ddd82163de70; remote node's: 604e566ee4290c91c30c91c3ff6504"}}}
How can I fix this? I try to edit local.system.replset and that doesn't work. Tried to specify the replicaSetId in rs initialize which failed and also rs.reconfig won't let me change it either.
I know that I can do a mongodump and mongorestore but this is extremely slow when having lots of data. Can I not use the data/volume/backup/snapshot from AWS? What would happen if all 3 servers went down at the same time on AWS? I would be in the same situation!
Anyone looking to clear an existing Replica Set needs to do the following steps:
Start mongod without --replSet flag
Run this on mongo shell
use admin
db.grantRolesToUser("admin", [{ role: "__system", db: "admin" }])
use local
db.dropDatabase()
use admin
db.revokeRolesFromUser("admin", [{ role: "__system", db: "admin" }])
Then restart mongod with --replSet flag and it will be like no RS was ever initiated
From here, you initiate it on the primary and then do the same with the other nodes and add each one.
I have created user with read permissions in Mongodb. I have done the same process here
but still user was not restricted with permissions.User can create the collection and insert the document but user have only read permissions.
When I opened mongo.exe, it was showing some warnings.
ongoDB shell version v4.0.0
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.0
Server has startup warnings:
2018-09-17T01:11:07.042-0400 I CONTROL [initandlisten]
**2018-09-17T01:11:07.042-0400 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-09-17T01:11:07.042-0400 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.******
2018-09-17T01:11:07.042-0400 I CONTROL [initandlisten]
---
So how can i restrict the user in MongoDB?
So, you are missing few things in configure section.
you need to activate in the mongod configuration file.
it will be located in /etc/mongod.conf if you are using Linux.
you need to change/uncomment/add this section below:
security:
authorization: "enabled"
and after that you need to restart mongod service.
in my case service name is mongod .
so i did sudo systemctl restart mongod .
and as you already having role. and authentication enabled just now.
you have to login now.
>> mongo --port <YOUR_MONGO_PORT>
> use admin
> db.auth("username","password")
it should login now.
all steps:
Create Users with needed Roles.
Enable Authetication in DB config level.
Dont forget to Restart The Database service.
Try To login. You are Good to Go.
You can look into this medium post as well here.
I want to convert a standalone machine into one member replica set by configuring the same in /etc/init.d/mongodb.
I came across the below command to do the same:
sudo mongod --port 27017 --dbpath /srv/mongodb/db0 --replSet rs0
But it's not working out. My mongo is configured to run on autostart.
I ran the following command to stop the running instance before running with the --replSet option.
sudo service mongod stop
Both commands above run without any output/error but when I run rs.initiate(), I get the error below:
{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { replSetInitiate: undefined }",
"code" : 13
}
From the error message it looks like the issue seems to be of access. Can anybody give any pointers?
Also, if I succeed with above command, will I need to make any changes to /etc/mongod.conf or /etc/init.d/mongodb so that the instance continues to run as a one node replica?
Firstly: There are two ways of setting a mongod process's configuration; either (as in the command you found) as parameters on the command line, or in a configuration file mongod.conf. Your setup seems to be using a configuration file, so you need to put the replica set settings in the mongod.conf file, not on the command line.
Secondly: to run the rs.initiate() command on a system where authentication is enabled, as yours is, you must be authenticated as a user who has permission to run this command
I just upgrade to mongodb 3.0 from 2.4 and I am getting this error when I log in:
"Failed to authenticate thisuser#admin with mechanism MONGODB-CR: AuthenticationFailed MONGODB-CR credentials missing in the user document"
Elsewhere on stackoverflow I found people who had hacks for this, but where can I specify for the whole database to use CR as the method? Isn't this a global setting?
I'm using pymongo and it has CR style instructions that work fine for me.
After reading the same answer from several sources, I found a detailed enough step-by-step fix for this that is worth sharing back here. The paths are specific to webfaction.com, but you can obvious adjust ports and paths to suit yourself.
1) Start MongoDB 3.0 without --auth enabled, so you can change how it authenticates.
from /webapps/mongo/bin/ run
./mongod --dbpath $HOME/webapps/mongo/data --port 1400
SSH login as admin
from /webapps/mongo/bin/ run
./mongo localhost:1400/admin
2) Run mongodb within SSH on the admin database:
>
> var schema = db.system.version.findOne({"_id" : "authSchema"})
> schema.currentVersion = 3
> db.system.version.save(schema)
> exit
currentVersion = 3 will make the default MONGODB-CR, the default for MongoDB version 2x. Version 3.0 uses SCRAM-SHA-1 by default instead.
3) restart MongoDB with --auth enabled.
from /webapps/mongo/bin I would run
./mongod --dbpath $HOME/webapps/mongo/data --setParameter authenticationMechanisms=MONGODB-CR --auth --port 1400
... and if I want this service to remain active it would be:
#reboot nohub nice <FULL PATH>/mongod --dbpath $HOME/webapps/mongo/data --setParameter authenticationMechanisms=MONGODB-CR --auth --port 1400
The setParameter authenticationMechanisms=MONGODB-CR may be redundant, or meaningless, but I'll leave it in there for now.
Now I can remotely connect so long as my user account is associated with that database, using db.grantRolesToUser( "marc", [ {role: "readWrite", db:"fbc"}, {role: "dbOwner", db:"fbc"}] ) ... and so forth in the admin database.
I'm beginning to use MongoDB and have spent several hours troubleshooting without resolve. From what I understand, there first needs to be a root user before there can be an authorized/admin user.
I installed in C:\mongodb\, then setup --dbpath in C:\mongodb\data and --logpath in C:\mongodb\logs\log.txt.
I installed then ran the MongoDB service, accessible in the services.msc
My recipe to disaster was:
1. mongo localhost,
2. use admin
3. db.createUser({ user: 'root', pwd: '123456', roles:['root']})
Then get "Error: couldn't add user: not authorized on admin to execute command { createUser ....."
I am running MongoDB shell version: 2.6.5 and greatly appreciate any help that leads to a solution.
Thank you,
Leo
I figured it out. I accidentally put the data and logs in same directory as the \mongodb\bin. The solution is to put the mongodb\data and mongodb\logs in a separate folder or drive -- I differentiated using C:\~ and D:\~ drives.