For the correct operation of the system, MongoDB version 3.6–6.0 is required. The article describes the installation of MongoDB 6.0 for the Ubuntu Linux 22.04 OS. You can also refer to the guide in the official MongoDB documentation.
начало внимание
In this example, the database name is elma365, the user is elma365, and the password is SecretPassword.
When configuring the cluster, set these data according to the security policy adopted in your organization.
конец внимание
The installation consists of 7 steps:
- Prepare the nodes (servers).
- Install MongoDB.
- Configure MongoDB.
- Configure connection to MongoDB.
- Initialize the replica.
- MongoDB security.
- Connect to MongoDB.
Step 1: Prepare the nodes (servers)
Начало внимание
The minimum number of servers to organize a cluster is three.
Конец внимание
- Create three nodes (servers) with sequentially numbered host name:
- mongodb-server1.your_domain;
- mongodb-server2.your_domain;
- mongodb-server3.your_domain.
- Create the necessary host name mappings in DNS. If this is not possible, add the required entries to
/etc/hosts
.
Step 2: Install MongoDB
- To install MongoDB on each node, add the official repository::
sudo apt-get install gnupg
curl -fsSL https://pgp.mongodb.com/server-6.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg --dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
sudo apt-get update
- Install MongoDB on each node:
sudo apt install mongodb-org
- Start MongoDB on each node:
sudo systemctl enable --now mongod
Step 3: Configure MongoDB
начало Внимание
For the password, the following characters are allowed:
- Uppercase Latin letters: A to Z
- Lowercase Latin letters: a to z
- Digits: 0 to 9
- Symbols: -_
Reserved (invalid) symbols:
! * ' ( ) ; : @ & = + $ , / ? % # [ ]
конец Внимание
The following actions are performed on the mongodb-server1.your_domain node:
- Enter mongosh (Command Line Interface) and create a database:
mongosh
- Use the elma365 database. If the database is missing, create it:
use elma365
- Create a separate user elma365 to work with the database with the password SecretPassword. The username and password are provided for example purposes::
db.createUser({user:'elma365', pwd:'SecretPassword', roles:[{role:"readWrite", db:"elma365"},{"role":"root", "db":"admin"}]})
- Ensure the user is created:
show users
- Create a superuser to enable authentication:
use admin
db.createUser({user:'superuser', pwd:'SecretPassword', roles: ["root"]})
- Ensure the user is created:
show users
- Finish the configuration:
exit
Step 4: Configure connection to MongoDB
- Make changes to the configuration file
/etc/mongod.conf
on each node:
sudo nano /etc/mongod.conf
- Configure the variable values:
- bindIp is the list of addresses from which connections on port 27017 can be accepted (in this case, it makes the MongoDB service accessible from all external addresses).
- replSetName is the replica name, by default rs0.
. . .
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
. . .
replication:
replSetName: "rs0"
enableMajorityReadConcern: true
. . .
Configuring TLS/SSL in MongoDB
To enable TLS/SSL support in MongoDB, follow these steps:
cat your_domain.key > mongodb.pem
cat fullchain_your_domain.pem >> mongodb.pem
net: For more detailed information on configuring TLS/SSL in MongoDB, refer to the official MongoDB documentation. |
- Restart MongoDB on each node for the changes to take effect:
sudo systemctl restart mongod
Step 5: Initialize the replica
The following actions are performed on the mongodb-server1.your_domain node:
- Open the mongosh console for configuration.
To connect to MongoDB, execute the following command:
sudo mongosh
To connect to MongoDB with TLS/SSL enabled:
sudo mongosh --tls --host mongodb-server1.your_domain --tlsCAFile /etc/ssl/CA.pem
- Initialize the replica:
rs.initiate({ _id: "rs0", members: [{ _id: 0, host: "mongodb-server1.your_domain" },{ _id: 1, host: "mongodb-server2.your_domain" },{ _id: 2, host: "mongodb-server3.your_domain" }]})
- Check the configuration:
rs.conf()
Step 6: MongoDB security
- Create and specify permissions for the file with the shared authentication key. All Replica Set members will use this key to communicate with each other:
openssl rand -base64 756 > /var/lib/mongodb/keyfile
chmod 400 /var/lib/mongodb/keyfile
chown mongodb:mongodb /var/lib/mongodb/keyfile
- Copy the key file to each replica.
начало внимание
The contents of the key file on all nodes must be identical while preserving access rights.
конец внимание
- Enable secure access to the MongoDB server if it is in an open zone.
- To configure, edit the
/etc/mongod.conf
file on each of the servers. The lines should look like this:
. . .
setParameter:
enableLocalhostAuthBypass: false
security:
authorization: "enabled"
keyFile: /var/lib/mongodb/keyfile
. . .
- Restart MongoDB on each node:
sudo systemctl restart mongod
- Open the mongosh console using the user for MongoDB access.
To connect to MongoDB, execute the command:
sudo mongosh -u superuser
To connect to MongoDB with TLS/SSL enabled:
sudo mongosh -u superuser --tls --host mongodb-server1.your_domain --tlsCAFile /etc/ssl/CA.pem
- Check the configuration:
rs.conf()
Step 7: Connect to MongoDB
Connection string to connect to MongoDB:
mongodb://elma365:SecretPassword@mongodb-server1.your_domain:27017,mongodb-server2.your_domain:27017,mongodb-server3.your_domain:27017/elma365?replicaSet=rs0&readPreference=nearest&maxStalenessSeconds=120
Connection string to connect to MongoDB with TLS/SSL:
mongodb://elma365:SecretPassword@mongodb-server1.your_domain:27017,mongodb-server2.your_domain:27017,mongodb-server3.your_domain:27017/elma365?ssl=true&replicaSet=rs0&readPreference=nearest&maxStalenessSeconds=120
Prepare a MongoDB database for restoration
If you need to restore a database from backup, first prepare the database for restoration. For more details, refer to the article MongoDB.