Additional Setup for master node
Install mongodb on master node
Install instructions from https://docs.mongodb.com/manual/administration/install-on-linux/
Create repo file for mongodb
vi /etc/yum.repos.d/MongoDB-3.4.repo
Insert this text
[mongodb-org-3.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
Install mongodb
yum install mongodb-org
Set mongod to start on boot
systemctl enable mongod .service
Allow mongodb to use port 27017 for communication
semanage port -a -t mongod_port_t -p tcp 27017
Start mongodb
systemctl start mongod
Setup Note: By default, mongodb does not enforce any kind of user authentication. There are two choices; one is to leave it be, the second is to add users and enable auth mode. If the decision is to leave the default then the mongo setup is complete. However, if adding a user and some basic auth seems like a better idea then the next few steps will allow that.
Setup mongo users for auth
Mongo doc references https://docs.mongodb.com/manual/reference/method/db.createUser/ and https://docs.mongodb.com/v3.4/core/security-built-in-roles/
Enter the mongo shell from the cli
mongo
Change to the default admin DB
use admin
Add a user named admin with a password and grant that user full privileges
db.createUser( { user: "admin", pwd: "Pa$$w0rd", roles: [ { role: "root", db: "admin" } ] } );
Create a DB named graylog
use graylog
Add a user named gluser with a password and grant privileges to the graylog DB
db.createUser( { user: "gluser", pwd: "Pa$$w0rd", roles: [ { role: "readWrite", db: "graylog" } ] } );
Edit the mongod config file
vi /etc/mongod.conf
Make sure the security section is configured
#security: security.authorization: enabled
Restart mongod
systemctl restart mongod
Check mongod started and the gluser credentials are good
mongo -u gluser -p --authenticationDatabase graylog
Hello! I think this resource is very useful, thank you!
Note that in Mongo v3.0 user management id different.
It took me awhile but I have updated the information for this series to later versions of graylog, elasticsearch, and mongod.