MongoDB – Setup a Replica Pair running in auth mode

If you are using MongoDB and need a Master/Slave configuration that will give you a Slave that will automatically be promoted to Master in the event of a Master DB failure, then MongoDB Replica Pairs will do the job for you. In a Replica Pair the Slave checks the Master for updates every few seconds. If the Master fails to respond, the Slave automatically takes over as the Master. So as far as your application is concerned, everything is still functioning correctly. In the event that the failed pair comes back online, it will see the other pair is currently the Master, will start as a Slave and sync up with the Master.

Testing the Replica Pair setup, it works very well. However, we wanted to be able to run Replica Pairs with MongoDB auth mode turned on so we could password protect our databases. We figured out how to do this setup, after a couple of attempts, so here are our instructions. Hopefully this will help!

Replica Pair using auth mode

Server1 = Your server that has all of the data you want to use
Server2 = Your server that current has no data (This is our Failover server)

Assuming both servers have a data file location of /data/db

  • Server1: delete all files with local.*
    • rm -f /data/db/local.*
  • Server2: ensure your /data/db folder is empty
  • Start Server1
    • mongod --pairwith Server2 --dbpath /data/db
    • Server1 will become the current Master
  • Start Server2
    • mongod --pairwith Server1 --dbpath /data/db
    • Server2 will become the current Slave
  • With the mongo shell connect to Server1
    • mongo --host Server1
    • Add credentials to the admin database
      • use admin
      • db.addUser(“admin”,”adminpassword”)
      • db.auth(“admin”,”adminpassword”)
    • Add replication credentials to the admin database
      • use local
      • db.addUser(“repl”,”replpassword”)
      • exit
  • Stop Server1 (ctrl+c)
    • Server2 should now switch to being the new Master
  • With the mongo shell connect to Server2
    • mongo --host Server2
    • Authenticate with the admin credentials, they were copied from Server1(Master) to Server2 (Slave)
      • use admin
      • db.auth(“admin”,”adminpassword”)
    • Add the replication credentials to the “local” database, these were not copied from Server1 to Server2 automatically while running as replica pairs
      • use local
      • db.addUser(“repl”,”replpassword”)
      • exit
  • Stop Server2 (ctrl+c)
  • Start Server1 in auth mode (It will be the Master)
    • mongod --pairwith Server2 --auth --dbpath /data/db
  • Start Server2 in auth mode (It will be the Slave)
    • mongod --pairwith Server1 --auth --dbpath /data/db

Python Replica Pair Connection

Example connection string for Python connecting to a replica pair (Server1, Server2)

import pymongo

MongoDB – Connecting a Slave to a Master running in auth mode

We have been running MongoDB in a test environment with a Master and a Slave working fine. However, for production we want to run our MongoDB Master and Slave using auth mode. To do this, according to the documentation on the MongoDB site, you need to create an account on both the Master and the Slave in the “Local” database that has the username “repl” (i.e., replication user). This common user on both instances of MongoDB is what is used to authenticate a Slave .The documentation on the MongoDB site on how to set up a Master-Slave configuration in auth mode is kind of vague. So to help out anyone who may be attempting this setup for the first time, here are our step by step instructions.

To setup a Master and Slave running in auth mode:

Setup Master

  • Create a directory to store your mongo DB database files
    • mkdir /data/db
  • Go to the bin folder of where your MongoDB code was extracted
    • e.g., /Users/me/mongodb/mongodb-osx-x86_64-1.4.0/bin
  • Start the Master DB
    • mongod --dbpath /data/db
  • Open another command prompt in the same folder and run the MongoDB shell
    • mongo
    • NOTE: You can also connect to a remote mongo server using the shell: mongo [remotehostname]
  • Create an admin user on the admin database
    • use admin
    • db.addUser(“admin”,”adminpassword”)
    • exit
  • Stop the mongodb server, use ctrl+c in the command prompt where it was started
  • Start the mongodb in “auth” mode
    • mongod --master --auth --dbpath /data/db
  • Now let’s login to the admin database using the admin credentials and add the “repl” (replication) user
    • mongo admin -u admin -p adminpassword
    • use local
    • db.addUser(“repl”,”replpassword”)
    • exit
  • Just to make sure it works, let’s login to our mongo db server with the “repl” credentials
    • mongo local -u repl -p replpassword
    • If you get a command prompt, then the setup was all successful!
    • exit

Setup Slave

Follow the same setup as Master on your Slave server. A MongoDB instance is always configured as a Master. Which db is a Master and which is a Slave is determined when the database is started.

NOTE: The above instructions assume you are setting up the Master and the Server on two physical machines

  • If you want to setup both on the same machine, you will need to use different “dbpath” folders for each
  • For Example:
    • mongodb --master --dbpath /data/masterdb
    • mongodb --slave --dbpath /data/slavedb

Start the Master and the Slave

  • On Master server: mongod --master --auth --dbpath /data/masterdb
  • On Slave Server: mongod --slave --auth --source [masterhostname] --dbpath /data/slavedb/
  • The Slave should start now and successfully connect to the Master running in auth mode

Test your configuration

  • Open a mongo shell to the Master database
    • mongo --host [masterhostname] admin -u admin -p adminpassword
  • Now lets add a new database and add a user account
    • use foo
    • db.addUser(“foouser”,”foopassword”)
  • Now let’s check to make sure the foo database and user have been replicated to the slave
    • Open a mongo shell to the Slave database
    • mongo --host [slavehostname] foo -u foouser -p foopassword
    • show collections
    • If you get a command prompt and can type “show collections”, everything is working fine!

NOTE: If your configuration was setup incorrectly you will probably see the following error:

        replauthenticate: no user in local.system.users to use for authentication