________________________________________________________________________________ MongoDB Download Center: https://www.mongodb.com/download-center?&_ga=2.174414311.455679298.1518514680-103988791.1510657464#production -> Linux -> Version: Linux 64-bit legacy x64 (does not include SSL encryption) -> mongodb-linux-x86_64-3.6.2.tgz ________________________________________________________________________________ ________________________________________________________________________________ General ======= OS-User: mongo MONGO_HOME: /app/mongodb dbpath: /u01/data/db logpath: /u01/data/log cfgpath: /u01/cfg Node 1 (PRIMARY) ================ Hostname: mongon1 ETH0: 192.168.56.210 (08:00:27:b7:63:07) ETH1: 192.168.56.211 (08:00:27:c6:ef:1b) Node 2 (SECONDARY) ================== Hostname: mongon2 ETH0: 192.168.56.220 (08:00:27:f2:08:50) ETH1: 192.168.56.221 (08:00:27:a2:a9:51) Node 3 (ARBITER) ================ Hostname: mongon3 ETH0: 192.168.56.230 (08:00:27:4D:F8:93) ETH1: 192.168.56.231 (08:00:27:BF:51:CF) ________________________________________________________________________________ ________________________________________________________________________________ ************************************* *** I N I T I A L S E T U P *** ************************************* ALL NODES: ENSURE, THAT ALL 3 NODES ARE "VIRGIN" AND MONGODB DEAMONS ARE DOWN ========== ================================================================== $ sudo /etc/init.d/mongodb stop $ rm -rf /u01/data/db/* $ rm -rf /u01/data/log/* $ rm -rf /u01/cfg/* $ ls -alv /u01/data/*/ $ ls -alv /u01/cfg/ ________________________________________________________________________________ NODE 1: NEITHER SECURITY NOR REPLICATION ARE ENABLED IN CONFIG FILE ======= =========================================================== $ vi /etc/mongod.conf net: port: 27017 bindIp: 127.0.0.1,192.168.56.210 #security: # authorization: enabled # keyFile: /u01/cfg/monkey #replication: # replSetName: rs0 ________________________________________________________________________________ NODE 1: START MONGODB DEAMON ======= ==================== $ sudo /etc/init.d/mongodb start ________________________________________________________________________________ NODE 1: INSERT TEST DOCUMENTS INTO SAMPLE COLLECTION ======= ============================================ $ mongo > use exampleDB > db.exampleDB.insert([ {name: "Maus", vorname: "Mickey", company: "Disney"}, {name: "Duck", vorname: "Donald", company: "Disney"}, {name: "Mustermann", vorname: "Max", company: "Opel"} ]) > db.exampleDB.find().pretty() { "_id" : ObjectId("5a86ea9213dcc382149c7694"), "name" : "Maus", "vorname" : "Mickey", "company" : "Disney" } { "_id" : ObjectId("5a86ea9213dcc382149c7695"), "name" : "Duck", "vorname" : "Donald", "company" : "Disney" } { "_id" : ObjectId("5a86ea9213dcc382149c7696"), "name" : "Mustermann", "vorname" : "Max", "company" : "Opel" } ________________________________________________________________________________ NODE 1: CREATE ADMINISTRATION ACCOUNTS ======= ============================== When copying/pasteing, please make sure that the password is provided with a "correct" value. > use admin > db.createUser( {user: "mongoroot", pwd: "*********", roles: [{role: "root", db: "admin" }] }); > db.createUser( {user: "mongodba", pwd: "********", roles: ["readWriteAnyDatabase", "dbAdminAnyDatabase", "userAdminAnyDatabase" ] }); > show users { "_id" : "admin.mongodba", "user" : "mongodba", "db" : "admin", "roles" : [ { "role" : "readWriteAnyDatabase", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" } ] } { "_id" : "admin.mongoroot", "user" : "mongoroot", "db" : "admin", "roles" : [ { "role" : "root", "db" : "admin" } ] } > exit ________________________________________________________________________________ ________________________________________________________________________________ ***************************************** *** E N A B L E S E C U R I T Y *** ***************************************** ALL NODES: CREATE PASSWORD KEYFILE ========== ======================= $ su - root $ mkdir /u01/cfg/ $ chown mongo:users /u01/cfg/ $ chmod 700 /u01/cfg/ $ exit $ echo "ThisIsThePassword" > /u01/cfg/monkey $ chown mongo:users /u01/cfg/monkey $ chmod 600 /u01/cfg/monkey ________________________________________________________________________________ NODE 1: ENABLE SECURITY INFO IN CONFIG FILE ======= =================================== $ vi /etc/mongod.conf net: port: 27017 bindIp: 127.0.0.1,192.168.56.210 security: authorization: enabled keyFile: /u01/cfg/monkey #replication: # replSetName: rs0 ________________________________________________________________________________ NODE 1: RESTART MONGODB DEAMON ======= ====================== $ sudo /etc/init.d/mongodb stop $ sudo /etc/init.d/mongodb start ________________________________________________________________________________ NODE 1: TEST MONGO SHELL WITHOUT AND WITH USER/PASSWORD ======= =============================================== Without credentials fails as expected: $ mongo > use exampleDB > db.exampleDB.find().pretty() Error: error: { "operationTime" : Timestamp(1519042187, 1), "ok" : 0, "errmsg" : "not authorized on exampleDB to execute command { find: \"exampleDB\", filter: {}, $clusterTime: { clusterTime: Timestamp(1519042167, 1), signature: { hash: BinData(0, D1549B0CB2B52EF293C251C712BF27AFDA0CBC99), keyId: 6523165061802885122 } }, $db: \"exampleDB\" }", "code" : 13, "codeName" : "Unauthorized", "$clusterTime" : { "clusterTime" : Timestamp(1519042187, 1), "signature" : { "hash" : BinData(0,"hbPaZfFjqVcNJfpkGZrC+nGolDY="), "keyId" : NumberLong("6523165061802885122") } } } > exit With credentials it works: $ mongo -u mongodba admin -p ******** > use exampleDB > db.exampleDB.find().pretty() { "_id" : ObjectId("5a86ea9213dcc382149c7694"), "name" : "Maus", "vorname" : "Mickey", "company" : "Disney" } { "_id" : ObjectId("5a86ea9213dcc382149c7695"), "name" : "Duck", "vorname" : "Donald", "company" : "Disney" } { "_id" : ObjectId("5a86ea9213dcc382149c7696"), "name" : "Mustermann", "vorname" : "Max", "company" : "Opel" } > exit ________________________________________________________________________________ ________________________________________________________________________________ *********************************************** *** E N A B L E R E P L I C A T I O N *** *********************************************** NODE 1: ENABLE REPLICATION SET INFO IN CONFIG FILE ======= ========================================== $ vi /etc/mongod.conf net: port: 27017 bindIp: 127.0.0.1,192.168.56.210 security: authorization: enabled keyFile: /u01/cfg/monkey replication: replSetName: rs0 ________________________________________________________________________________ NODE 1: RESTART MONGODB DEAMON ======= ====================== $ sudo /etc/init.d/mongodb stop $ sudo /etc/init.d/mongodb start ________________________________________________________________________________ NODE 1: INITIATE THE REPLICA SET $ mongo -u mongoroot admin -p ******** > rs.initiate() { "info2" : "no configuration specified. Using a default configuration for the set", "me" : "192.168.56.210:27017", "ok" : 1, "operationTime" : Timestamp(1519116292, 1), "$clusterTime" : { "clusterTime" : Timestamp(1519116292, 1), "signature" : { "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="), "keyId" : NumberLong(0) } } } > exit ________________________________________________________________________________ *** C H A N G E T O N O D E 2 *** *** C H A N G E T O N O D E 2 *** *** C H A N G E T O N O D E 2 *** ________________________________________________________________________________ NODE 2: START DEAMON (SECONDARY) ======= ======================== $ sudo /etc/init.d/mongodb start ________________________________________________________________________________ *** C H A N G E T O N O D E 3 *** *** C H A N G E T O N O D E 3 *** *** C H A N G E T O N O D E 3 *** ________________________________________________________________________________ NODE 3: START DEAMON (ARBITER) ======= ====================== $ sudo /etc/init.d/mongodb start ________________________________________________________________________________ *** C H A N G E T O N O D E 1 *** *** C H A N G E T O N O D E 1 *** *** C H A N G E T O N O D E 1 *** ________________________________________________________________________________ NODE 1: ADD SECONDARY AND ARBITER TO THE REPLICA SET ======= ============================================ $ mongo -u mongoroot admin -p ******** rs0:PRIMARY> rs.add("192.168.56.220:27017") { "ok" : 1, "operationTime" : Timestamp(1519116983, 1), "$clusterTime" : { "clusterTime" : Timestamp(1519116983, 1), "signature" : { "hash" : BinData(0,"rQWyKYcJI00IAqL6Ut/WbIIdhtY="), "keyId" : NumberLong("6524554797255753729") } } } rs0:PRIMARY> rs.addArb("192.168.56.230:27017") { "ok" : 1, "operationTime" : Timestamp(1519116997, 1), "$clusterTime" : { "clusterTime" : Timestamp(1519116997, 1), "signature" : { "hash" : BinData(0,"TJi8P4CunXY0/KFCJDYP+RDJTVE="), "keyId" : NumberLong("6524554797255753729") } } } ________________________________________________________________________________ NODE 1: CHECK REPLICA SET CONFIGURATION AND STATUS ======= ========================================== rs0:PRIMARY> rs.conf() { "_id" : "rs0", "version" : 3, "protocolVersion" : NumberLong(1), "members" : [ { "_id" : 0, "host" : "192.168.56.210:27017", "arbiterOnly" : false, "buildIndexes" : true, "hidden" : false, "priority" : 1, "tags" : { }, "slaveDelay" : NumberLong(0), "votes" : 1 }, { "_id" : 1, "host" : "192.168.56.220:27017", "arbiterOnly" : false, "buildIndexes" : true, "hidden" : false, "priority" : 1, "tags" : { }, "slaveDelay" : NumberLong(0), "votes" : 1 }, { "_id" : 2, "host" : "192.168.56.230:27017", "arbiterOnly" : true, "buildIndexes" : true, "hidden" : false, "priority" : 0, "tags" : { }, "slaveDelay" : NumberLong(0), "votes" : 1 } ], "settings" : { "chainingAllowed" : true, "heartbeatIntervalMillis" : 2000, "heartbeatTimeoutSecs" : 10, "electionTimeoutMillis" : 10000, "catchUpTimeoutMillis" : -1, "catchUpTakeoverDelayMillis" : 30000, "getLastErrorModes" : { }, "getLastErrorDefaults" : { "w" : 1, "wtimeout" : 0 }, "replicaSetId" : ObjectId("5a8be004d3c70f108e3b69aa") } } rs0:PRIMARY> rs.status() { "set" : "rs0", "date" : ISODate("2018-02-20T09:05:42.255Z"), "myState" : 1, "term" : NumberLong(2), "heartbeatIntervalMillis" : NumberLong(2000), "optimes" : { "lastCommittedOpTime" : { "ts" : Timestamp(1519117540, 1), "t" : NumberLong(2) }, "readConcernMajorityOpTime" : { "ts" : Timestamp(1519117540, 1), "t" : NumberLong(2) }, "appliedOpTime" : { "ts" : Timestamp(1519117540, 1), "t" : NumberLong(2) }, "durableOpTime" : { "ts" : Timestamp(1519117540, 1), "t" : NumberLong(2) } }, "members" : [ { "_id" : 0, "name" : "192.168.56.210:27017", "health" : 1, "state" : 1, "stateStr" : "PRIMARY", "uptime" : 575, "optime" : { "ts" : Timestamp(1519117540, 1), "t" : NumberLong(2) }, "optimeDate" : ISODate("2018-02-20T09:05:40Z"), "electionTime" : Timestamp(1519116968, 1), "electionDate" : ISODate("2018-02-20T08:56:08Z"), "configVersion" : 3, "self" : true }, { "_id" : 1, "name" : "192.168.56.220:27017", "health" : 1, "state" : 2, "stateStr" : "SECONDARY", "uptime" : 558, "optime" : { "ts" : Timestamp(1519117540, 1), "t" : NumberLong(2) }, "optimeDurable" : { "ts" : Timestamp(1519117540, 1), "t" : NumberLong(2) }, "optimeDate" : ISODate("2018-02-20T09:05:40Z"), "optimeDurableDate" : ISODate("2018-02-20T09:05:40Z"), "lastHeartbeat" : ISODate("2018-02-20T09:05:41.036Z"), "lastHeartbeatRecv" : ISODate("2018-02-20T09:05:41.807Z"), "pingMs" : NumberLong(0), "syncingTo" : "192.168.56.210:27017", "configVersion" : 3 }, { "_id" : 2, "name" : "192.168.56.230:27017", "health" : 1, "state" : 7, "stateStr" : "ARBITER", "uptime" : 544, "lastHeartbeat" : ISODate("2018-02-20T09:05:40.716Z"), "lastHeartbeatRecv" : ISODate("2018-02-20T09:05:37.957Z"), "pingMs" : NumberLong(0), "configVersion" : 3 } ], "ok" : 1, "operationTime" : Timestamp(1519117540, 1), "$clusterTime" : { "clusterTime" : Timestamp(1519117540, 1), "signature" : { "hash" : BinData(0,"/AwaqLCg+mRLGVwnDPxVyrUt7Sk="), "keyId" : NumberLong("6524554797255753729") } } } ________________________________________________________________________________ LINKS ===== MongoDB Download Center -> Linux -> Version: Linux 64-bit legacy x64 (does not include SSL encryption) -> mongodb-linux-x86_64-3.6.2.tgz