DOCS-8616: Kay CR

ravindk89 · ravindk89 · commit 888b09388afa · 2017-02-10T14:52:00.000-05:00
diff --git a/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-auth-config.yaml b/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-auth-config.yaml
@@ -21,8 +21,8 @@ source:
   ref: restart-mongod
 post: |
 
-  At the end of this section, the config server replica set should be up and
-  running fully enforcing authentication.
+  At the end of this section the config server replica set should be up and
+  running, fully enforcing authentication.
   
   Users and client applications *must* specify authentiation credentials when
   connecting to the config server replica set.
diff --git a/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-auth-mongos.yaml b/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-auth-mongos.yaml
@@ -32,15 +32,12 @@ pre: |
   
      db.getSiblingDB("admin").shutdownServer()
   
-  You can then start the :program:`mongos` specifying the updated
-  configuration file, specifying the path to the config file using
-  :option:`--config`.. This configuration file no longer contains the
-  :setting:`security.transitionToAuth` setting, but retains the
-  :setting:`security.keyFile` setting.
+  You can then restart the :program:`mongos specifying the path to the updated
+  config file using :option:`--config`.
   
   .. example::
 
-     The following operation starts the :program:`mongos` specifying
+     The following operation restarts the :program:`mongos` specifying
      the updated configuration file, here named ``mongos-secure.conf``.
      The ``<path>`` represents the system path to the folder containing
      the configuration file.
@@ -52,4 +49,5 @@ pre: |
   .. note::
     
      MongoDB deployments running on :abbr:`Windows (Microsoft Windows)` use
-     the ``.cfg`` file extension instead of ``.conf``.
+     the ``.cfg`` file extension instead of ``.conf``, and
+     :program:`mongos.exe` instead of :program:`mongos`.
diff --git a/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-transition-config.yaml b/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-transition-config.yaml
@@ -4,11 +4,12 @@ title: "Add ``transitionToAuth: true`` to the ``mongod`` configuration file."
 ref: modify-config-files
 pre: |
   
-  Copy the existing {{program}} configuration file and name the copy to
-  distinguish it, for example, by adding ``-secure`` to the filename. You will
-  use this new configuration file to transition the {{program}} to enforce
-  authentication in the sharded cluster. Retain the original configuration
-  file for backup purposes.
+  Copy the existing {{program}} configuration file, giving it a distinct
+  name such as ``<filename>-secure``.
+  
+  You will use this new configuration file to transition the {{program}} to
+  enforce authentication in the sharded cluster. Retain the original
+  configuration file for backup purposes.
 
   Add the following settings to the new configuration file.
 
@@ -25,8 +26,8 @@ pre: |
      * - :setting:`security.keyFile`
        - Path to the keyfile.
 
-         If using a different internal authentication mechanism, specify that
-         mechanism instead of :setting:`security.keyFile`.
+         If using a different internal authentication mechanism, specify
+         settings appropriate for the mechanism.
 
   The new configuration file should contain all of the configuration settings
   previously used by the {{program}}, as well as the new security
@@ -59,15 +60,15 @@ pre: |
   down the primary and trigger an election. You can use the
   :method:`rs.status()` method to ensure the replica set elected a new primary.
   
-  Once you step down the primary, you can then shut it down using the
+  Once you step down the primary, you shut it down using the
   :method:`db.shutdownServer()` method against the ``admin`` database.
   
   .. code-block:: javascript
 
      db.getSiblingDB("admin").rs.stepDown()
      db.getSiblingDB("admin").shutdownServer()
   
-  You can then restart the :program:`mongod` with the {{status}} configuration
+  Restart the :program:`mongod` with the {{status}} configuration
   file, specifying the path to the config file using :option:`--config`.
 
   .. example::
diff --git a/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-transition-mongos.yaml b/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-transition-mongos.yaml
@@ -4,11 +4,12 @@ title: "Add ``transitionToAuth: true`` to the ``mongos`` configuration file"
 ref: modify-config-files
 pre: |
   
-  Copy the existing {{program}} configuration file and name the copy to
-  distinguish it, for example, by adding ``-secure`` to the filename. You will
-  use this new configuration file to transition the {{program}} to enforce
-  authentication in the sharded cluster. Retain the original configuration
-  file for backup purposes.
+  Copy the existing {{program}} configuration file, giving it a distinct
+  name such as ``<filename>-secure``.
+  
+  You will use this new configuration file to transition the {{program}} to
+  enforce authentication in the sharded cluster. Retain the original
+  configuration file for backup purposes.
 
   Add the following settings to the new configuration file.
 
@@ -25,8 +26,8 @@ pre: |
      * - :setting:`security.keyFile`
        - Path to the keyfile.
 
-         If using a different internal authentication mechanism, specify that
-         mechanism instead of :setting:`security.keyFile`.
+         If using a different internal authentication mechanism, specify
+         settings appropriate for the mechanism.
 
   The new configuration file should contain all of the configuration settings
   previously used by the {{program}}, as well as the new security
@@ -50,17 +51,20 @@ pre: |
   method against the ``admin`` database to safely shut down the
   :program:`mongos`.
   
-  Restart one :program:`mongos` at a time to ensure that clients
-  can connect to the sharded cluster. If your cluster has only one
-  :program:`mongos`, this step results in downtime while the :program:`mongos`
-  is offline.
+  Restart one :program:`mongos` at a time to ensure that clients can connect
+  to the sharded cluster. If your cluster has only one :program:`mongos`, this
+  step results in downtime while the :program:`mongos` is offline.
+  
+  Connect to the :program:`mongos` and use the :method:`db.shutdownServer()`
+  method against the ``admin`` database to safely shut down the
+  :program:`mongos`.
   
   .. code-block:: javascript
   
      db.getSiblingDB("admin").shutdownServer()
   
-  You can then start the :program:`mongos` with the new configuration
-  file, specifying the path to the config file using :option:`--config`.
+  Restart :program:`mongos` with the new configuration file, specifying the
+  path to the config file using :option:`--config`.
   
   .. example::
 
diff --git a/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-uac.yaml b/source/includes/steps-enable-authentication-in-shardcluster-nodowntime-uac.yaml
@@ -7,7 +7,7 @@ pre: |
   Clients performing maintenance operations or user administrative
   operations on the {{CLUSTER}} must authenticate as this user
   at the completion of this tutorial. Create this user now to ensure
-  that you have seamless access to the cluster after enforcing authentication.
+  that you have access to the cluster after enforcing authentication.
 
   Create a user with the :method:`db.createUser()` method and assign it the
   following roles:
@@ -35,12 +35,7 @@ post: |
   .. important::
     
      Passwords should be random, long, and complex to ensure system security
-     and to prevent or delay malicious access.
-     
-     While this tutorial uses a single administrative user, you should
-     consider applying the `principle of least privilege
-     <https://www.us-cert.gov/bsi/articles/knowledge/principles/least-privilege>`_
-     when configuring MongoDB users in your deployment.
+     and to prevent or hinder malicious access.
   
 replacement:
   CLUSTER: "sharded cluster"
@@ -50,23 +45,23 @@ title: "Create users for client applications to authenticate with."
 optional: true
 pre: |
 
-  You can create users for your client applications to authenticate with prior
+  You can create users for your client applications to authenticate prior
   to enforcing authentication in the sharded cluster. This ensures
-  seamless access to the sharded cluster once you fully enforce authentication.
+  access to the sharded cluster once you fully enforce authentication.
   
   .. example::
     
-     The following operation creates the user ``joe`` on the ``analytics``
+     The following operation creates the user ``joe`` on the ``marketing``
      database, assigning it the :authrole:`readWrite` :ref:`built-in role
-     <built-in-roles>`.
+     <built-in-roles>` on the ``marketing`` database`.
   
      .. code-block:: javascript
      
         db.getSiblingDB("marketing").createUser(
           {
             "user": "joe",
             "pwd": "<password>",
-            "roles": [ { "role" : "readWrite", "db" : "analytics" } ]
+            "roles": [ { "role" : "readWrite", "db" : "marketing" } ]
           }
         )
   
diff --git a/source/tutorial/enforce-keyfile-access-control-in-existing-sharded-cluster-no-downtime.txt b/source/tutorial/enforce-keyfile-access-control-in-existing-sharded-cluster-no-downtime.txt
@@ -1,5 +1,5 @@
 ==========================================================================
-Enable mandatory user authentication in a sharded cluster without downtime
+Enable Mandatory User Authentication in a Sharded Cluster Without Downtime
 ==========================================================================
 
 .. default-domain:: mongodb
@@ -32,7 +32,7 @@ A MongoDB sharded cluster can enforce :ref:`user authentication
 authentication <inter-process-auth>` among the sharded cluster
 :program:`mongod` and :program:`mongos` components.
 
-This tutorial describes a correct procedure for using
+This tutorial describes a procedure for using
 :setting:`security.transitionToAuth` to enable access control in an existing
 MongoDB sharded cluster without incurring downtime.
 
@@ -194,7 +194,7 @@ Procedure
 Repeat these steps for each shard replica set in the sharded cluster.
 
 Perform these steps on one shard replica set at a time, and one member in the
-shard replica set at a time. Work on the :term:`secondary` or :term:`arbiter`
+shard replica set at a time. Work on the :term:`secondary`
 members *first*, and the :term:`primary` *last*.
 
 .. include:: /includes/steps/enable-authentication-in-shardcluster-nodowntime-transition-shards.rst
@@ -244,8 +244,8 @@ sharded cluster, you must restart each :program:`mongod` instance without
 the :setting:`security.transitionToAuth` setting.
 
 Perform these steps for each :program:`mongod` in the config server replica
-set, one member at a time. Work on the :term:`secondary` or
-:term:`arbiter` members *first*, and the :term:`primary` *last*.
+set, one member at a time. Work on the :term:`secondary` or members *first*,
+and the :term:`primary` *last*.
 
 .. include:: /includes/steps/enable-authentication-in-shardcluster-nodowntime-auth-config.rst
 
@@ -269,7 +269,7 @@ sharded cluster without the :setting:`security.transitionToAuth` setting.
 Repeat these steps for each shard replica set in the sharded cluster.
 
 Perform these steps on one shard replica set at a time, and one member in the
-shard replica set at a time. Work on the :term:`secondary` or :term:`arbiter`
+shard replica set at a time. Work on the :term:`secondary`
 members *first*, and the :term:`primary` *last*.
 
 .. include:: /includes/steps/enable-authentication-in-shardcluster-nodowntime-auth-shard.rst
