1- title : Start one member of the replica set.
2- stepnum : 1
3- level : 4
4- ref : start-first-replica-set-member
5- content : |
6- This :binary:`~bin.mongod` should *not* enable :setting:`auth`.
7-
8- title : Create administrative users.
9- stepnum : 2
10- level : 4
11- ref : create-administrative-users
12- pre : |
13- The following operations will create two users: a user administrator
14- that will be able to create and modify users (``myUserAdmin``),
15- and a :authrole:`root` user (``siteRootAdmin``) that you will use to
16- complete the remainder of the tutorial:
17- action :
18- language : javascript
19- code : |
20- use admin
21- db.createUser( {
22- user: "myUserAdmin",
23- pwd: "<password>",
24- roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
25- });
26- db.createUser( {
27- user: "siteRootAdmin",
28- pwd: "<password>",
29- roles: [ { role: "root", db: "admin" } ]
30- });
31-
32- title : Stop the ``mongod`` instance.
33- stepnum : 3
34- level : 4
35- ref : stop-first-replica-set-member
36- ---
371title : Create the key file to be used by each member of the replica set.
38- stepnum : 4
392level : 4
3+ stepnum : 1
404ref : generate-keyfile
415source :
426 file : steps-generate-key-file.yaml
437 ref : generate
448---
459title : Copy the key file to each member of the replica set.
46- stepnum : 5
4710level : 4
11+ stepnum : 2
4812ref : copy-key-file
4913content : |
50- Copy the ``mongodb-keyfile`` to all hosts where components of a
51- MongoDB deployment run. Set the permissions of these files to
52- ``600`` so that only the *owner* of the file can read or write this
53- file to prevent other users on the system from accessing the shared
54- secret.
14+
15+ Copy the ``mongodb-keyfile`` to all hosts where the replica set
16+ members run.
17+
18+ On UNIX systems, the keyfile must not have group or world
19+ permissions:
20+
21+ - Ensure that the user running the :program:`mongod` is the owner of
22+ the file.
23+
24+ - Set the permissions of these files to ``400`` so that only the
25+ *owner* of the file can read this file.
26+
5527
5628title : Start each member of the replica set with the appropriate options.
5729level : 4
58- stepnum : 6
30+ stepnum : 3
5931ref : start-mongod
6032pre : |
6133 For each member, start a :binary:`~bin.mongod` and specify the key file and
@@ -72,55 +44,83 @@ action:
7244 code: |
7345 mongod --keyFile /mysecretdirectory/mongodb-keyfile --replSet "rs0"
7446pre : |
75- The following example specifies parameters through a configuration file:
76- language: javascript
47+ If using a configuration file, set the :setting:`security.keyFile` option
48+ to the keyfile's path, and the :setting:`replication.replSetName` option
49+ to the replica set name:
50+
51+ .. code-block:: yaml
52+
53+ security:
54+ keyFile: /mysecretdirectory/mongodb-keyfile
55+ replication:
56+ replSetName: "rs0"
57+
58+ Start the :binary:`~bin.mongod` using the configuration file:
59+ language: shell
7760 code: |
78- mongod --config $HOME/.mongodb/ config
79- post : |
80- In production deployments, you can configure a :term:`init script` to
81- manage this process. Init scripts are beyond the scope of this document .
61+ mongod --config <path-to- config-file>
62+ post: |
63+ For more information on the configuration file, see
64+ :doc:`configuration options</reference/configuration-options>` .
8265
83- title : " Connect to the member of the replica set where you created the administrative users."
66+ stepnum : 4
67+ title : Initiate the replica set.
8468level : 4
85- stepnum : 7
86- ref : connect-and-auth
69+ ref : initiate-rs
70+ pre : |
71+ Connect a :program:`mongo` shell to one member of the replica set and run
72+ :method:`rs.initiate()` method initiates the replica set.
73+
74+ For example:
75+
76+ .. code-block:: javascript
77+
78+ rs.initiate( {
79+ _id : "rs0",
80+ members: [
81+ { _id : 0, host : "mongo1.example.net:27017" },
82+ { _id : 1, host : "mongo2.example.net:27017" },
83+ { _id : 2, host : "mongo3.example.net:27017" }
84+ ]
85+ })
86+
87+ The :rsconf:`_id` *must* match the ``--replSet`` parameter or the
88+ :setting:`replication.replSetName` specified during startup.
89+
90+
91+ stepnum : 5
92+ title : Create administrative users.
93+ level : 4
94+ ref : create-administrative-users
8795pre : |
88- Connect to the replica set member you started and authenticate as
89- the ``siteRootAdmin`` user. From the :binary:`~bin.mongo` shell, use the
90- following operation to authenticate:
96+
97+ Connected to the primary, create a root user (``siteRootAdmin``)
98+ that you will use to complete the remainder of the tutorial:
9199action :
92100 language : javascript
93101 code : |
94102 use admin
95- db.auth("siteRootAdmin", "<password>");
96-
97- stepnum : 8
98- level : 4
99- source :
100- file : steps-deploy-replica-set.yaml
101- ref : initiate-rs
102- ---
103- stepnum : 9
104- level : 4
105- source :
106- file : steps-deploy-replica-set.yaml
107- ref : verify-rsconf
108- ---
109- stepnum : 10
110- level : 4
111- source :
112- file : steps-deploy-replica-set.yaml
113- ref : add-remaining-members
103+ db.createUser( {
104+ user: "siteRootAdmin",
105+ pwd: "<password>",
106+ roles: [ { role: "root", db: "admin" } ]
107+ });
114108
115- stepnum : 11
109+ title : " Authenticate as the newly created user. "
116110level : 4
117- source :
118- file : steps-deploy-replica-set.yaml
119- ref : check-status
111+ stepnum : 6
112+ ref : connect-and-auth
113+ pre : |
114+
115+ action :
116+ language : javascript
117+ code : |
118+ use admin
119+ db.auth("siteRootAdmin", "<password>");
120120
121121title : Create additional users to address operational requirements.
122122level : 4
123- stepnum : 12
123+ stepnum : 7
124124ref : create-records-db-owner
125125pre : |
126126 You can use :doc:`built-in roles </reference/built-in-roles>` to create
0 commit comments