The FireWorks tutorials so far have not configured any security on your LaunchPad. We strongly suggest that you password-protect your Mongo database. We’ll walk you through this process in this tutorial. Note that if you are using a cloud service to host MongoDB, you should use the instructions provided by that service to configure database security.
There are several other actions you can take for added security, such as restricting the IPs that can connect to your Mongo instance. Additional details can be found in the MongoDB official documentation.
Create an authenticated user in the admin database¶
On your FireServer (which hosts your Mongo database), you must set up at least one user for the admin database. Note that this involves a server restart, so you should not do this during production runs.
First, connect to your Mongo instance (MongoDB must already be running in the background):
If you are using a non-default port, make sure to specify it.
Connect to the admin database and add your user in the Mongo shell:
use admin; db.addUser('admin_user', 'admin_password'); db.auth('admin_user', 'admin_password') use fireworks db.addUser('FW_user', 'FW_password'); use admin db.shutdownServer(); exit
Restart MongoDB, but use the
--authoption to enable authentication:
If you are using the
--dbpathoption, make sure to set it.
Your admin user is now configured, and your Mongo instance is now protected from unauthorized access by outsiders without your credentials. Next we must set up your LaunchPad configuration file so that you can authenticate yourself when running Firework scripts.
Your admin_user and admin_password can be used to set passwords for all databases in your Mongo installation, including databases that are unrelated to FireWorks. The FW_user and FW_password are used specifically to log in to the fireworks database.
Add username and password keys to your LaunchPad file¶
Your LaunchPad file contains the location of the LaunchPad as well as any credentials needed to connect. To connect to an authenticated database:
my_launchpad.yamlfile (perhaps from when you completed the Worker tutorial). If you never created such a file, you can find a template in
<INSTALL_DIR>/fw_tutorials/worker/launchpad.yaml. You might copy it to
my_launchpad.yamland edit it as necessary.
Add your username and password to your launchpad file by adding or editing the following lines:
username: <YOUR_FW_USERNAME> password: <YOUR_FW_PASSWORD>
Make sure you use the username/password for your FireWorks database, not your database admin username and password.
Make sure you store your LaunchPad file in a secure location with protected filesystem access. It contains your password as plain text!
Whenever running any Firework scripts, make sure to specify the
-loption and link to your configuration file. For example:
lpad -l my_launchpad.yaml get_fws
rlaunch -l my_launchpad.yaml singleshot
To save typing, you can set things up so that the
-l option is automatically set to the correct value. This is especially useful if you want to store your LaunchPad file in a separate directory from the directory that you are running scripts. For details, see the tutorial on Specifying default locations for the config files.