Database Reference
In-Depth Information
Replica set authentication
Replica sets support the same authentication
API
just described, but enabling authen-
tication for a replica set requires a couple of extra steps. To start, create a file contain-
ing at least six characters from the Base64 character set.
6
The contents of the file will
serve as a kind of password that each replica set member uses to authenticate with the
others. As an example, you might create a file called
secret.txt
and fill it with the
following:
tOps3cr3tpa55word
Place the file on each replica set member's machine and adjust the permissions so
that it's accessible only by the owner:
sudo chmod 600 /home/mongodb/secret.txt
Finally, start each replica set member by specifying the location of the password file
using the
--keyFile
option:
mongod --keyFile /home/mongodb/secret.txt
Authentication will now be enabled for the set. You'll want to create an admin user in
advance, as you did in the previous section.
Sharding authentication
Sharding authentication is an extension of replica set authentication. Each replica set
in the cluster is secured as just described, by using a key file. In addition, all the config
servers and every
mongos
instance also use a key file containing the same password.
Start each of these processes with the
--keyFile
option pointing to the a file contain-
ing a password to be used by the entire shard cluster. Once you've done this, the
whole cluster can use authentication.
10.2
Monitoring and diagnostics
Once you've deployed MongoDB in production, you'll want to keep an eye on it. If
performance is slowly degrading or if failures are occurring frequently, you'll want to
be apprised of these. That's where monitoring comes in. Let's start with the simplest
kind of monitoring: logging. Then we'll explore the built-in commands that provide
the most information about the running MongoDB server; these commands underlie
the
mongostat
utility and the web console, both of which I'll describe in brief. I'll
make a couple of recommendations on external monitoring tools. And then I'll end
the section by presenting two diagnostic utilities:
bsondump
and
mongosniff
.
10.2.1
Logging
Logging is the first level of monitoring; as such, you should plan on keeping logs for
all your deployments.
7
This usually isn't a problem because MongoDB requires that
6
The Base64 character set consists of all uppercase and lowercase letters in the English alphabet, the digits 0-9,
and the + and / characters.
7
Never simply pipe logs to /dev/null or stdout.
