Automated Process
ePages 6.17.22 introduces Mongo authentication. Mongo authentication is added by (re)starting epagesj: (Re)start 1. checks if Mongo authentication can be enabled and 2. enables Mongo authentication.
For that, /etc/init.d/epagesj contains something like:
/var/epages/bin/mongo_can_enable_auth.sh && /var/epages/bin/mongo_enable_auth.sh
Mongo authentication is added automatically if:
-
there is only one Mongo server and one epagesj server and both have same host
-
Mongo authentication not added yet (/etc/mongod.conf does not contain keys auth/keyFile)
If Mongo authentication is not added automatically, do it manually.
Manual Process
Check if Mongo authentication can be enabled:
/var/epages/bin/mongo_can_enable_auth.sh
If yes, run:
/var/epages/bin/mongo_enable_auth.sh
If not, execute following steps:
1) Update package epages-release which contains latest mongo_*.sh scripts:
1a) On Redhat/CentOS run (use your own UUID):
UUID=1234abcd-1234-1234-1234-0123456789abcd
export EPAGES_REPOURL=http://epages-software.de/repo/usr/$UUID
rpm -hUv http://epages-software.de/repo/epages/7.21.0/epages-release.noarch.rpm
1b) On Debian run (use your own UUID):
UUID=1234abcd-1234-1234-1234-0123456789abcd
export EPAGES_REPOURL=http://epages-software.de/repo/usr/$UUID
curl -LO $EPAGES_REPOURL/apt/epages-release_all.deb
dpkg -i epages-release_all.deb
apt-get -y update
2) Add keys username, password, databaseName to section [Mongo] in configuration file /srv/epages/eproot/j/conf/epagesj.conf on any epagesj or Mongo server:
. /etc/default/epages6
EPAGESJ_CONF=$EPAGESJ_CONFIG/epagesj.conf
[[ -d $EPAGESJ_CONFIG ]] || install -g epages -o "$EPAGESJ_USER" -m 755 -d "$EPAGESJ_CONFIG"
[[ -f $EPAGESJ_CONF ]] || { touch "$EPAGESJ_CONF"; chmod 644 "$EPAGESJ_CONF"; }
/var/epages/ini-config.sh -f "$EPAGESJ_CONF" -s Mongo -k databaseName -v epagesj -i
/var/epages/ini-config.sh -f "$EPAGESJ_CONF" -s Mongo -k username -v epagesj -i
/var/epages/ini-config.sh -f "$EPAGESJ_CONF" -s Mongo -k password -v PASSWORD -i
PASSWORD must be the same on any host and must contain only numbers or letters.
3) On first master MongoDB run:
/var/epages/bin/mongo_enable_auth.sh
4) This creates mongodb-keyfile, copy this file to all other master and slave MongoDBs:
KEYFILE=$(/var/epages/ini-config.sh -f /etc/mongo*.conf -k keyFile -G)
scp $KEYFILE OTHER_MONGODB:$KEYFILE
5) On other master MongoDBs run:
/var/epages/bin/mongo_enable_auth.sh
6) On all slave MongoDBs set auth/keyFile keys:
/var/epages/ini-config.sh -f /etc/mongo*.conf -k keyFile -v $KEYFILE -i
/var/epages/ini-config.sh -f /etc/mongo*.conf -k auth -v true -i
7) First on all slave MongoDBs, then on all epagesj servers restart Mongo/Java:
/etc/init.d/epages6 start_java
This finishes the MongoDB authentication.