Create shard local user

Ops and Admin
1

Hey guys, i’ve been given a mongodb cluster to manage, currently implementing PBM for backup/restore strategy. It turns out that guys dont have the admin user for the mongod shard local instances, so, i’m trying to create the shard local user for pbm but i dont have the permissions and apparently someone created a admin user they dont have the username/password… I tried Localhost Exception but it’s not working…anyone been throught this?

2

It won’t work once the first user is created.

You’re going to need access to start and stop mongod on the host.
A change of primary is required during this process.

  1. Verify your replicaset is healthy to begin with. Without a local user you may have to db.hello() each node.
  2. Start with the current secondaries, one at a time.
  3. Stop mongod:
    sudo systemctl stop mongod
  4. Start mongod on a different port with no authentication(assuming mongodb defaults):
    sudo -u mongodb mongod --port 55555 --fork --syslog
  5. Connect and set password:
    mongo --port 55555 admin
    db.changeUserPassword('root','passw0rd')
    Or Create a new user:
    db.createUser({user:'root',pwd:'passw0rd',roles:[...]})
  6. It is worth testing the credential at this point:
    db.auth('root','passw0rd')
  7. Stop mongod
    db.shutdownServer()
  8. Start mongod with it’s regular configuation
    sudo systemctl start mongod
  9. Do the next secondary until they are all done.
  10. Stop the current primary - this is now referred to as old primary.
  11. Connect to the replicaset and change the password.
    mongo --host replicasetName/hostname --port 27018 admin
    db.changeUserPassword('root','passw0rd')
  12. Start the old primary.
2 Likes
3

Don’t you need to set the local password for the “old primary” node explicitly? Or will this be synced in some way?

4

Step 11 will take care of it.

This is because all nodes are running as part of the replicaset again and the password update will communicated to all the members in the normal fashion.

1 Like
5

Even though I fumbled the node restart (I was working with docker containers/Nomad allocations) I managed to create a new root user on all my nodes using this technique.

Thank you very much, this was a life saver.

1 Like