Configuring MongoDB authentication

By default, MongoDB does not require a username or password to access or modify the database. Anaconda recommends enabling and configuring mandatory authentication.

1. Open a MongoDB shell:

   mongo
   

2. Repository requires read/write access to the database binstar. Enter the following commands into the MongoDB shell to create an administrative user and a service user:

   use admin
   

3. Create an administrative user to manage database users:

   db.createUser({user:'siteUserAdmin', pwd: '<secure password #1>', roles:['userAdminAnyDatabase']})
   

4. Authorize as that user to verify the password:

   db.auth('siteUserAdmin', '<secure password #1>')
   

5. Create a service user for Repository:

   db.createUser({user:'anaconda', pwd: '<secure password #2>', roles:[{db:'binstar', role:'readWrite'}]})
   

6. Enable mandatory authentication in MongoDB:

   • If you are using the legacy MongoDB configuration format, add the auth key to /etc/mongod.conf:

     auth=true
     

   • If you are using the current MongoDB configuration format, add the security.authorization key to /etc/mongod.conf:

     security:
         authorization: enabled
     

7. Restart MongoDB to reload the configuration:

   sudo service mongod restart
   

8. Edit the Repository configuration file and set the MONGO_URL parameter to mongodb://<username>:<password>@<hostname>.

   After editing the configuration file, restart Repository for the changes to take effect.

9. Edit the Repository configuration file and set the MONGO_URL parameter to mongodb://<username>:<password>@<hostname>.

   After editing the configuration file, restart Repository for the changes to take effect.

NOTE: For more information about MongoDB authentication and authorization, see https://docs.mongodb.com/v2.6/core/authentication/ and https://docs.mongodb.com/v2.6/core/authorization/.