Setting up a multi-tiered log infrastructure Part 5 -- MongoDB Setup

Additional Setup for master node

Install mongodb on master node

Install instructions from https://docs.mongodb.com/manual/administration/install-on-linux/

Create repo file for mongodb

vi /etc/yum.repos.d/MongoDB-3.4.repo

Insert this text

[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc

Install mongodb

yum install mongodb-org

Set mongod to start on boot

systemctl enable mongod .service

Allow mongodb to use port 27017 for communication

semanage port -a -t mongod_port_t -p tcp 27017

Start mongodb

systemctl start mongod

Setup Note: By default, mongodb does not enforce any kind of user authentication. There are two choices; one is to leave it be, the second is to add users and enable auth mode. If the decision is to leave the default then the mongo setup is complete. However, if adding a user and some basic auth seems like a better idea then the next few steps will allow that.

Setup mongo users for auth

Mongo doc references https://docs.mongodb.com/manual/reference/method/db.createUser/ and https://docs.mongodb.com/v3.4/core/security-built-in-roles/

Enter the mongo shell from the cli

mongo

Change to the default admin DB

use admin

Add a user named admin with a password and grant that user full privileges

db.createUser(
  {
    user: "admin",
    pwd: "Pa$$w0rd",
    roles: [ { role: "root", db: "admin" } ]
  }
);

Create a DB named graylog

use graylog

Add a user named gluser with a password and grant privileges to the graylog DB

db.createUser(
  {
    user: "gluser",
    pwd: "Pa$$w0rd",
    roles: [ { role: "readWrite", db: "graylog" } ]
  }
);

Edit the mongod config file

vi /etc/mongod.conf

Make sure the security section is configured

#security:
security.authorization: enabled

Restart mongod

systemctl restart mongod

Check mongod started and the gluser credentials are good

mongo -u gluser -p --authenticationDatabase graylog

2 Responses to“Setting up a multi-tiered log infrastructure Part 5 -- MongoDB Setup”

  1. user_1024
    June 15, 2015 at 6:40 am #

    Hello! I think this resource is very useful, thank you!
    Note that in Mongo v3.0 user management id different.

  2. admin
    December 15, 2016 at 9:16 pm #

    It took me awhile but I have updated the information for this series to later versions of graylog, elasticsearch, and mongod.

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com