Configuring MongoDB authenticationΒΆ

By default, MongoDB does not require a username or password to access or modify the database. We recommend enabling and configuring mandatory authentication.

  1. Open a MongoDB shell:

    mongo
    
  2. Repository requires read/write access to the database binstar. Enter the following commands into the MongoDB shell to create an administrative user and a service user:

    use admin
    
  3. Create an administrative user to manage database users:

    db.createUser({user:'siteUserAdmin', pwd: '<secure password #1>', roles:['userAdminAnyDatabase']})
    
  4. Authorize as that user to verify the password:

    db.auth('siteUserAdmin', '<secure password #1>')
    
  5. Create a service user for Repository:

    db.createUser({user:'anaconda', pwd: '<secure password #2>', roles:[{db:'binstar', role:'readWrite'}]})
    
  6. Enable mandatory authentication in MongoDB:

    • If you are using the legacy MongoDB configuration format, add the auth key to /etc/mongod.conf:

      auth=true
      
    • If you are using the current MongoDB configuration format, add the security.authorization key to /etc/mongod.conf:

      security:
          authorization: enabled
      
  7. Restart MongoDB to reload the configuration:

    sudo service mongod restart
    
  8. Edit the Repository configuration file and set the MONGO_URL parameter to mongodb://<username>:<password>@<hostname>.

    After editing the configuration file, restart Repository for the changes to take effect.

  9. Edit the Repository configuration file and set the MONGO_URL parameter to mongodb://<username>:<password>@<hostname>.

    After editing the configuration file, restart Repository for the changes to take effect.

NOTE: For more information about MongoDB authentication and authorization, see https://docs.mongodb.com/v2.6/core/authentication/ and https://docs.mongodb.com/v2.6/core/authorization/.