Using key files to authenticate servers in a replica set
For the most part in this chapter, we have discussed how to authenticate and authorize users in MongoDB. However, it is also equally important to ensure that unwanted servers do not get attached to a closed system like replica sets.
In this recipe, we will look at how to achieve inter-server authentication within a MongoDB replica set using key files.
Getting ready
You only need standard MongoDB binaries.
How to do it...
- We begin by creating a key file using the
openssl
utility:
openssl rand -base64 756 > /data/keyfile
- Change the file permissions for the key file:
chmod 400 /data/keyfile
- Start the mongod replica set instances:
mongod --dbpath /data/server1/db --replSet MyReplicaSet --port 27017 --keyFile /data/keyfile mongod --dbpath /data/server2/db --replSet MyReplicaSet --port 27018 --keyFile /data/keyfile mongod --dbpath /data/server3/db --replSet MyReplicaSet --port 27019 --keyFile /data/keyfile
- Connect to the primary instance:
mongo localhost...