Skip to content

Activating the User Authentication

Caution - installation and configuration order

Mind the order of installation and configuration. The installation of the complete system including all its components, i. e. PLOSSYS 5, SEAL Operator, easyPRIMA, and others, must be finished before you start to configure the user authentication.

Getting the Master Node

Check which node in a cluster is the MongoDB master node:

& "C:\Program Files\MongoDB\Server\4.4\bin\mongo.exe" --tls --tlsAllowInvalidCertificates --eval 'rs.isMaster()'

Example - result of the above command to get the master node

The hosts entry contains a list of all known cluster nodes and the primary entry contains the host name of the master node.

{
"topologyVersion" : {
  "processId" : ObjectId("62da51692acff423bc8b8a92"),
  "counter" : NumberLong(4)
},
"hosts" : [
  "db:27017",
  "db2:27017",
  "db3:27017"
],
"setName" : "rs",
"setVersion" : 5,
"ismaster" : false,
"secondary" : true,
"primary" : "db3:27017",
"me" : "db:27017",
"lastWrite" : {
  "opTime" : {
  "ts" : Timestamp(1658474882, 1),
  "t" : NumberLong(20)
  },
  "lastWriteDate" : ISODate("2022-07-22T07:28:02Z"),
  "majorityOpTime" : {
  "ts" : Timestamp(1658474872, 2),
  "t" : NumberLong(20)
  },
  "majorityWriteDate" : ISODate("2022-07-22T07:27:52Z")
},
"maxBsonObjectSize" : 16777216,
"maxMessageSizeBytes" : 48000000,
"maxWriteBatchSize" : 100000,
"localTime" : ISODate("2022-07-22T07:28:02.477Z"),
"logicalSessionTimeoutMinutes" : 30,
"connectionId" : 9,
"minWireVersion" : 0,
"maxWireVersion" : 13,
"readOnly" : false,
"ok" : 1,
"$clusterTime" : {
  "clusterTime" : Timestamp(1658474882, 1),
  "signature" : {
  "hash" : BinData(0,"hgMLa+1zoaSPY1zOSOsiS1yr0bQ="),
  "keyId" : NumberLong("7116508179495649285")
  }
},
"operationTime" : Timestamp(1658474882, 1)
}

Single System and Replica Set Primary

The user authentication of MongoDB is disabled by default. Activate the user authentication to enhance the security.

  1. Open a PowerShell (Administrator) and change to the following directory:

    C:\Program Files\SEAL Systems\seal-mongodb

  2. Execute the following script and follow the instructions:

    .\secure-mongo.ps1

The script creates a random password, please read the output of the script for the password. The user for accessing the different databases is plossys, the user for administration tasks is root.

Example - configuration of PLOSSYS 5

service:
  any:
    tag:
      any:
        MONGO_JOBS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-jobs?replicaSet=p5
        MONGO_PRINTERS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-printers?replicaSet=p5
        MONGO_EVENTS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-events?replicaSet=p5
        MONGO_NOTIFICATIONS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-notifications?replicaSet=p5
        MONGO_PREPROCESS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-preprocess?replicaSet=p5
        MONGO_CONFIGS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-configs?replicaSet=p5
        MONGO_LOCKS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-locks?replicaSet=p5
        MONGO_ACTIONS_URL: mongodb://plossys:<the random passwort>@<host1>:27017,<host2>:27017,<host3>:27017/spooler-actions?replicaSet=p5

Example - configuration of SEAL Operator

service:
  any:
    tag:
      any:
        MONGO_SERVER_URL: mongodb://plossys:<the random password>@<host1>:27017,<host2>:27017,<host3>:27017/operator-server
        MONGO_FILEUPLOAD_URL: mongodb://plossys:<the random password>@<host1>:27017,<host2>:27017,<host3>:27017/operator-fileupload
        MONGO_PREPROCESS_URL: mongodb://plossys:<the random password>@<host1>:27017,<host2>:27017,<host3>:27017/preprocess

Example - calling MongoDB client

mongo --tls --tlsAllowInvalidCertificates -u root -p <the random password> -eval 'rs.status()'

Secondary Members of the Replica Set

If you run PLOSSYS 5 in a cluster, execute the above step on the replica set primary. Then execute the following steps on any secondary member of the replica set:

  1. Copy the key file created by secure-mongo.ps1 on the replica set primary

    C:\ProgramData\SEAL Systems\config\mongod.keyfile

    into the following directory on your current member of the replica set:

    C:\ProgramData\SEAL Systems\config\

  2. Add the following lines to the C:\ProgramData\SEAL Systems\config\mongod.conf file:

    security:
  authorization: enabled
  keyFile: C:\ProgramData\SEAL Systems\config\mongod.keyfile

  3. Restart MongoDB:

    seal-mongodb

  4. Proceed with step 1 on the next member of the replica set.

Back to top