English (US) Español (Latinoamérica) 한국어(대한민국) Português do Brasil

Articles in this section

[SES8 (EOL product) ] MongoDB Authentication

  • Updated

Introduction

This document describes how to setup the MongoDB authentication on Systran SES in post-installation phase in order to secure MongoDB accesses.

This procedure had been validated on Linux (RedHat/CentOS) & Windows operating systems for SES 8.

Pre-Requisites

  1. All Systran packages and dependencies are currently installed, up, and running.
  2. SES console is reachable on http://<server_ip>:3443
  3. MongoDB is currently running without activated authentication mechanism.

Procedure

Add Administrator account

Launch a mongo shell:

Linux

mongo

Windows (in cmd)

cd C:\Program Files\MongoDB\Server\3.2\bin
mongo.exe

In the Mongo shell, copy/paste the following entries (adjust the username & password to your needs):

use admin
db.system.users.remove({})
db.system.version.remove({})
db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
db.createUser(
{
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
})
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
})
db.grantRolesToUser(
"sesuser",
[{ role: "clusterMonitor", db:"admin"} ])

OPLogger role creation

Launch a mongo shell:

db.runCommand({ createRole: "oplogger", privileges: [{ resource: { db: 'local', collection: 'oplog.rs'}, actions: ['find']}, ], roles: [{role: 'readWrite', db: 'local'}] })

Then logout Mongo shell (CTRL+D or quit())

Activate MongoDB Authentication mechanism

Open the MongoDB configuration file

Linux

/etc/mongod.conf

Windows

C:\Program Files\MongoDB\Server\3.2\mongod.cfg

Then add the following entry

Linux

security:
authorization: enabled

Windows

auth=true

Then restart the MongoDB service

Linux (RedHat/CentOS 7)

systemctl restart mongod

Linux (RedHat/CentOS 6)

service mongod restart

Windows

Start/Administrative Tools/Services then right click on MongoDB > Restart

To test the authentication, launch a Mongo shell then copy/paste the following commands

use admin
db.auth("admin","password")

You should receive 1 in return and you should be able to list all databases using the following command

show dbs

Output

Monitoring 0.000GB
Profiles 0.000GB
Resources 0.000GB
TRSL 17.306GB
admin 0.000GB
corpus 0.000GB
development 0.000GB
dictionary 0.000GB
dispatcher 0.000GB
environments 0.000GB
feedbacks 0.000GB
indexer 0.000GB
local 3.235GB
locales 0.001GB
notifications 0.000GB
production 0.017GB
routes 0.000GB
settings 0.000GB
staging 0.000GB
stats 0.000GB
translationResource 0.000GB
user 0.001GB

Create SES user account on dedicated Mongo databases

Into the Mongo shell, copy paste the following entries (adjust the username & password according to your needs)

use Monitoring
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "Monitoring" } ]
}
)
use Profiles
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "Profiles" } ]
}
)
use Resources
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "Resources" } ]
}
)
use training
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "training" } ]
}
)
use TRSL
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "TRSL" } ]
}
)
use corpus
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "corpus" } ]
}
)
use development
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "development" } ]
}
)
use dictionary
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "dictionary" } ]
}
)
use dispatcher
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "dispatcher" } ]
}
)
use environments
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "environments" } ]
}
)
use feedbacks
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "feedbacks" } ]
}
)
use indexer
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "indexer" },{ role: "readWrite", db: "local" } ]
}
)
use locales
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "locales" } ]
}
)
use notifications
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "notifications" } ]
}
)
use production
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "production" } ]
}
)
use routes
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "routes" } ]
}
)
use settings
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "settings" } ]
}
)
use staging
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "staging" } ]
}
)
use stats
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "stats" } ]
}
)
use translationResource
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "translationResource" } ]
}
)
use user
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "user" } ]
}
)
use information
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "information" } ]
}
)
use gateway_async
db.createUser(
{
user: "sesuser",
pwd: "password",
roles: [ { role: "readWrite", db: "gateway_async" } ]
}
)

Then logout Mongo shell (CTRL+D or quit())

Edit Systran components configuration files

Edit the following configuration files by adding the MongoDB user & password parameters (adjust them to your own)

Corpus Manager

Linux

/opt/systran/corpus-manager2/etc/cm.cfg

Windows

C:\Program Files\Systran Enterprise Server\Systran Corpus Manager\etc\cm.cfg

Configuration change

# Authentication
mongodb-user = sesuser
mongodb-password = password

DCT-Indexer

Linux

/opt/systran/dct-indexer/etc/dcti.cfg

Windows

C:\Program Files\Systran Enterprise Server\Systran DCT Indexer\etc\dcti.cfg

Configuration change

mongodb-user = sesuser #MongoDB user
mongodb-password = password #MongoDB password

GDict

Linux

/opt/systran/gdict/etc/gdict.cfg

Windows

C:\Program Files\Systran Enterprise Server\Systran GDict Server\etc\gdict.cfg

Configuration change

mongodb-user = sesuser #MongoDB user
mongodb-password = password #MongoDB password

Routing Server

Linux

/opt/systran/routing/etc/rs.cfg

Windows

C:\Program Files\Systran Enterprise Server\Systran Routing Server\etc\rs.cfg

Configuration change

mongodb-user = sesuser #MongoDB user
mongodb-password = password #MongoDB password

TM-Indexer

Linux

/opt/systran/tm-indexer/etc/tmi.cfg

Windows

C:\Program Files\Systran Enterprise Server\Systran TM Indexer\etc\tmi.cfg

Configuration change

mongodb-user = sesuser #MongoDB user
mongodb-password = password #MongoDB password

Dispatcher

Linux

/opt/systran/translation-dispatcher/etc/std.cfg

Windows

C:\Program Files\Systran Enterprise Server\Systran Translation Dispatcher\etc\std.cfg

Configuration change

async-mongodb-user = sesuser
async-mongodb-password = password

SES Console

Linux

/opt/systran/apps-node/enterprise-server/config/default.yaml

Windows

C:\Program Files\Systran Enterprise Server\Systran SES Console\config\default.yaml

Configuration change

User:
login: sesuser
password: password

Linux

/opt/systran/apps-node/enterprise-server/config/database.json

Windows

C:\Program Files\Systran Enterprise Server\Systran SES Console\config\database.json

Configuration change

"User": {
"login": "sesuser",
"password": "password"
}

TRS

Linux

/opt/systran/apps-node/translation-resource-store/config/default.yaml

Windows

C:\Program Files\Systran Enterprise Server\Systran Translation Resource Store\config\default.yaml

Configuration change

User:
login: sesuser
password: password

Gateway

Linux

/opt/systran/apps-node/translation-gateway/config/default.yaml

Windows

C:\Program Files\Systran Enterprise Server\Systran SES Gateway\config\default.yaml

Configuration change

User:
login: sesuser
password: password

Restart the Systran components

Restart all the Systran components or reboot the server

Linux (RedHat/CentOS 7)

for i in $(systemctl -a | grep -o "systran.*service"); do systemctl restart $i; done

Linux (RedHat/CentOS 6)

for i in $(ls /etc/init.d | grep systran); do service $i restart; done

Windows

Start/Administrative Tools/Services then right click on the followed services > Restart

  • Systran Corpus Manager
  • Systran DCT Indexer
  • Systran GDict Server
  • Systran Lookup Server
  • Systran Routing Server
  • Systran SES Console
  • Systran SES Gateway
  • Systran TM Indexer
  • Systran Translation Dispatcher
  • Systran Translation Resource Monitor
  • Systran Resource Store