I run mongod.exe in server with this option in cmd.exe:
mongod.exe --dbpath=path --auth
And now, how can I do this in a config file?
my mongod.cfg:
dbpath=D:\Program Files\MongoDB 2.6 Standard\data
security=
authorization= enabled
I get this error :
Error parsing INI config file: unknown option security.
For mongod version 2.4 (ini config file)
auth = true
https://docs.mongodb.com/v2.4/reference/configuration-options/#auth
For mongod versions 2.6+ (yaml config file)
security:
authorization: enabled
https://docs.mongodb.com/v3.2/reference/configuration-options/#security.authorization
https://docs.mongodb.com/v3.0/reference/configuration-options/#security.authorization
https://docs.mongodb.com/v2.6/reference/configuration-options/#security.authorization
mongodb version 3.2
this is the correct config
security:
authorization: "enabled"
with quotes since the value is a string as per the documentation
security:
authorization: "enabled"
This is correct as stated above, one thing to note is if it still doesn't work make sure you didn't use a tab for the authorization line it won't work you need to just use spaces.
Just needs to say
auth=true
You don't need any of the other options!
If you are use YAML
security:
authorization: "enabled"
working for 2.6 or high.
But if you don't use YAML.
auth: true
I'm use mongodb v3.0.2, v3.6.5, v4.0.3, both files are working correctly.
INI CONFIG
# mongodb.conf
# Where to store the data.
dbpath=/var/lib/mongodb
#where to log
logpath=/var/log/mongodb/mongodb.log
logappend=true
bind_ip = 0.0.0.0
port = 27017
journal=true
auth = true
YAML CONFIG
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
security:
authorization: "enabled"
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
On DigitalOcean you get the 3.6.3 version but with 2.* style config files. Which makes it confusion when reading all the comments above.
So, instead of following the DigitalOcean Guide of installing MongoDB (this one), you'd better take the official MongoDB Guide (this one)
Really late to they party.
For me nothing of the above worked (on windows, on Linux "authorization: enabled" works fine as long as permissions are right).
Ended up creating a service of my own with --dbpath and --auth options using a third party service manager. Works like a charm.
I perfectly aware that this is not a direct answer but I hope, this will help someone.
Side note though, I could not use "C:\Program Files\MongoDB\4.2\Server\data" folder. No write permissions.
db.adminCommand(
{
setParameter: 1,
security.authorization: "enabled"
}
);
For me the key thing that was causing the fault/error was noted in Robert Walters response - Use of the TAB in the config file.
Changing this to 4 whitespaces fixed the issue whilst keeping the config file looking neat/readable.
Related
How to correctly write to the config?
Information taken from here
https://altinity.com/blog/integrating-clickhouse-with-ldap-part-one
Operator
https://github.com/Altinity/clickhouse-operator
Unknown setting server: while parsing profile 'ldap' in users configuration file: while loading configuration file '/etc/clickhouse-server/users.xml'
settings:
# to allow scrape metrics via embedded prometheus protocol
prometheus/endpoint: /metrics
prometheus/port: 8888
prometheus/metrics: true
prometheus/events: true
prometheus/asynchronous_metrics: true
ldap_servers/ldap_test/host: host ldap
ldap_servers/ldap_test/port: 389
ldap_servers/ldap_test/bind_dn: DC=passport,DC=local
profiles:
ldap/server: ldap_test
I have setup my mongodb on AWS Linux 2 EC2 instance.
I have associated inbound rule as - SSH | TCP | 22 | to the instance.
I was able to SSH into it through MongoDB Compass by using following settings:
However as soon as I added a username password to my database using following method:
use my_database
db.createUser(
{
user: "some_user",
pwd: "some_password",
roles: [{ role: "readWrite", db: "my_database" }]
}
)
And tried to access it using following parameters:
I got following error:
Error creating SSH Tunnel: connect EADDRINUSE some_ip:22 - Local (0.0.0.0:29353)
Here is my /etc/ssh/sshd_config file content:
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
#PasswordAuthentication no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
#ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f
AuthorizedKeysCommandUser ec2-instance-connect
Am I missing anything over here?
I was running in to the exact same issue when trying to connect through an SSH tunnel. I have found a quirky solution for this issue.
I solved it by installing Studio 3T. Once opened create a new connection by clicking on Connect -> New Connection.
Once opened set up your connection, save it, and you should be able to connect successfully.
When this is complete do the following:
Click on Connect once again.
Right-click the saved connection and select Edit....
At the bottom left there is an option named To URI... to export the Connection String.
And Finally select the option Include Passwords and copy the Connection String.
That's it! You can now paste it in MongoDB Compass and you should be good to go.
I have a remote machine which I connect to using SSH, I installed mongoDB on it, and I wish to use it remotely, how do I connect to it using nodejs and mongoDB compass? the localhost is the IP ?
const db = "mongodb://what do I write here?";
const connectDB = async () => {
try {
await mongoose.connect(db, { useNewUrlParser: true, useCreateIndex: true });
console.log("MongoDB Connected...");
} catch (err) {
console.error(err.message);
process.exit(1);
}
};
connectDB();
Short answer
Login to your machine, open mongodb configuration file located at /etc/mongod.conf and change the bindIp field to your machine ip address (it is the same ip address which you are using to ssh to your machine), after that restart mongodb server.
Detailed answer
Open /etc/mongod.conf file using any of the editor, if you are running a desktop version then you can make use of gedit utility tool
sudo gedit /etc/mongod.conf
If you are running a server version, then you can make use of vi editor command
sudo vi /etc/mongod.conf
The file should contain the following kind of content:
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: true
processManagement:
fork: true
net:
bindIp: 127.0.0.1 // enter your ip address here
port: 27017
setParameter:
enableLocalhostAuthBypass: false
Once you change the bindIp, then you have to restart the mongodb, using the following command
sudo service mongod restart
Now you'll be able to connect to the mongodb server, with the same ip address which you are using to ssh to your system.
mongoose.connect('mongodb://<machine_ip_address>:27017/<database_name>')
mongoose.connect('mongodb://username:password#host:port/database')
Now for the host, is there any hostname or IP you could use?
Try this one:
mongoose.connect("mongodb://localhost/<database-name>", { useNewUrlParser: true });
const db = mongoose.connection
db.on('error', (error) => console.error(error));
db.once('open', () => console.log('Connected to Database'));
Make sure to run MongoDB
mongod --config /usr/local/etc/mongod.conf
first try this : mongoose.connect('mongodb://localhost:27017/database')
mongoose.connect('mongodb://<machine_ip_address>:27017/<database_name>')
mongodb://[username:password#]host1[:port1][,...hostN[:portN]][/[database][?options]]
check https://docs.mongodb.com/manual/reference/connection-string/
If you are using MongoDb Compass
Open 27017 port in Inbound of your Server
Form a link just like mongodb://11.11.111.11 in case you are not going to use auth
Click Connect
Basicly the link is mongodb://[username:password#]host1[:port1][,...hostN[:portN]][/[defaultauthdb][?options]]
More information here
I have MongoDb 4 running fine as Service on win 10.
as soon as I set authorization: enabled
in the mongo config file:
C:\MongoDB4.0\bin\mongod.cfg
It was
#security:
I have set it to:
security:
authorization: enabled
The service will not start, and displaying Error 1053
I dont see anything in the server log or mongodb log
Any idea what I did wrong?
I had the same problem, but in my case what solved was replacing the tab for two spaces in the authorization: enabled line, like this:
# Configuration using TAB not working
security:
authorization: enabled
# Configuration using two spaces working
security:
authorization: enabled
C:\MongoDB4.0\bin\mongod.cfg
change
#snmp:
mp:
to
#snmp:
#mp:
it works for me.
In my case I first commented it, it caused 1053 error, so I had to remove comment and set -
security:
authorization: disabled
For me MongoDB 4.2, this thing works to run the service on Windows 10.
security:
authorization: enabled
Not sure exactly but I think there is issue related to space and colon.
I am trying to configure mongodb for ssl. I have the two certs within a directory on Ubuntu, but when I try to restart the service with the mongodb.conf set up correctly, the service will not start. If I comment out the lines in the mongodb.conf file that I added, I can then start mongodb. I think the syntax is wrong, and not the certs them self.
#SSL options
sslMode = requireSSL
#Enable SSL on normal ports
#sslOnNormalPorts = true
# SSL Key file and password
sslPEMKeyFile = /path/to/cert
sslPEMKeyPassword = password
sslCAFile = /path/to/cert
I get this error when I try to start the server with these lines not commented out
stop: Unknown instance:
mongodb start/running, process 7725
If i try to get into mongo shell i get this(assuming this is because I could not restart the service properly)
Thu Jul 21 14:32:07.660 Error: couldn't connect to server 127.0.0.1:27017 at src/mongo/shell/mongo.js:145
exception: connect failed
The mongodb.conf file is a YAML file so you need to format it as such. Meaning you can't use tabs. Also it does look like the syntax you're using isn't correct.
Try this:
net:
#SSL options
ssl:
mode: requireSSL
# SSL Key file and password
PEMKeyFile: /path/to/cert
PEMKeyPassword: password
CAFile: /path/to/cert
Also, I know it's commented out but just wanted to mention, the sslOnNormal ports option is deprecated. See here: https://docs.mongodb.com/manual/reference/configuration-options/#net.ssl.sslOnNormalPorts