Advanced configuration
Advanced configuration
Table of Contents
Using Replicaset
All commands are executed as mongodb user.
🔴 In this example the replicaset is create on the same node. This is just for example purpose.
Replicaset configuration
Database Name
Server IP
Port
mdbrs01
172.168.0.236
25101
mdbrs02
172.168.0.236
25102
mdbrs03
172.168.0.236
25103
Adapt template files
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp $DMK_HOME/templates/dbcreate/mcreate_replicaset_tpl.yaml $DMK_HOME/etc/mcreate_mdb01rs.yaml
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp $DMK_HOME/templates/dbcreate/mcreate_replicaset_tpl.yaml $DMK_HOME/etc/mcreate_mdb02rs.yaml
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp $DMK_HOME/templates/dbcreate/mcreate_replicaset_tpl.yaml $DMK_HOME/etc/mcreate_mdb03rs.yaml
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp $DMK_HOME/templates/dbcreate/mongo_ini_replicaset.yaml $DMK_HOME/etc/mongo_ini_replicaset.yaml
mongodb@dev-vm:/home/mongodb/ [DUMMY] cat $DMK_HOME/etc/mcreate_mdb01rs.yaml
# mongod.conf
# Generated by MONGODB - DMK dbi services
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
mongodb_cfg:
db_name: mdbrs01
home_path: /u01/app/mongodb/product/8.0
data_path: /u02/mongodbdata
bindIp: 172.168.0.236
port: 25101
template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
replicaset_name: rs01
mongodb@dev-vm:/home/mongodb/ [DUMMY] cat $DMK_HOME/etc/mcreate_mdb02rs.yaml
# mongod.conf
# Generated by MONGODB - DMK dbi services
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
mongodb_cfg:
db_name: mdbrs02
home_path: /u01/app/mongodb/product/8.0
data_path: /u02/mongodbdata
bindIp: 172.168.0.236
port: 25102
template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
replicaset_name: rs01
mongodb@dev-vm:/home/mongodb/ [DUMMY] cat $DMK_HOME/etc/mcreate_mdb03rs.yaml
# mongod.conf
# Generated by MONGODB - DMK dbi services
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
mongodb_cfg:
db_name: mdbrs03
home_path: /u01/app/mongodb/product/8.0
data_path: /u02/mongodbdata
bindIp: 172.168.0.236
port: 25103
template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
replicaset_name: rs01
Create the databases
mongodb@dev-vm:/home/mongodb/ [DUMMY] dmk_dbcreate.sh -c $DMK_HOME/etc/mcreate_mdb01rs.yaml
2025-01-14_14-34-29::dmk_mongodb_create.p::Mainprogram ::INFO ==> Configuration File = /u01/app/mongodb/local/dmk/etc/mcreate_mdb01rs.yaml
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> Create directory layout for mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodblog/mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodbdata/mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/pid
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/etc
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/backup
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/dump
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/secret
2025-01-14_14-34-29::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb conf from template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
2025-01-14_14-34-29::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb init file: /u01/app/mongodb/admin/mdbrs01/etc/mdbrs01.conf
2025-01-14_14-34-29::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create systemd file from template /u01/app/mongodb/local/dmk/templates/systemd/mongod.service
2025-01-14_14-34-29::dmk_mongodb_create.p::create_systemd_file ::INFO ==> Created service file for systemd /u01/app/mongodb/admin/mdbrs01/etc/mongod_mdbrs01.service
2025-01-14_14-34-29::dmk_mongodb_create.p::create_systemd_file ::INFO ==> copy it to /etc/systemd/system as root user
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> Update /u01/app/mongodb/etc/mongodb.lst file with mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> Source the dmk to get settings new instance mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> by executting the command 'source /u01/app/mongodb/local/dmk/bin/dmk.sh'
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> Database mdbrs01 created.
mongodb@dev-vm:/home/mongodb/ [DUMMY] dmk_dbcreate.sh -c $DMK_HOME/etc/mcreate_mdb02rs.yaml
2025-01-14_14-34-34::dmk_mongodb_create.p::Mainprogram ::INFO ==> Configuration File = /u01/app/mongodb/local/dmk/etc/mcreate_mdb02rs.yaml
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> Create directory layout for mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodblog/mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodbdata/mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/pid
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/etc
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/backup
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/dump
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/secret
2025-01-14_14-34-34::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb conf from template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
2025-01-14_14-34-34::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb init file: /u01/app/mongodb/admin/mdbrs02/etc/mdbrs02.conf
2025-01-14_14-34-34::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create systemd file from template /u01/app/mongodb/local/dmk/templates/systemd/mongod.service
2025-01-14_14-34-34::dmk_mongodb_create.p::create_systemd_file ::INFO ==> Created service file for systemd /u01/app/mongodb/admin/mdbrs02/etc/mongod_mdbrs02.service
2025-01-14_14-34-34::dmk_mongodb_create.p::create_systemd_file ::INFO ==> copy it to /etc/systemd/system as root user
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> Update /u01/app/mongodb/etc/mongodb.lst file with mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> Source the dmk to get settings new instance mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> by executting the command 'source /u01/app/mongodb/local/dmk/bin/dmk.sh'
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> Database mdbrs02 created.
mongodb@dev-vm:/home/mongodb/ [DUMMY] dmk_dbcreate.sh -c $DMK_HOME/etc/mcreate_mdb03rs.yaml
2025-01-14_14-34-38::dmk_mongodb_create.p::Mainprogram ::INFO ==> Configuration File = /u01/app/mongodb/local/dmk/etc/mcreate_mdb03rs.yaml
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> Create directory layout for mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodblog/mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodbdata/mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/pid
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/etc
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/backup
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/dump
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/secret
2025-01-14_14-34-38::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb conf from template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
2025-01-14_14-34-38::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb init file: /u01/app/mongodb/admin/mdbrs03/etc/mdbrs03.conf
2025-01-14_14-34-38::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create systemd file from template /u01/app/mongodb/local/dmk/templates/systemd/mongod.service
2025-01-14_14-34-38::dmk_mongodb_create.p::create_systemd_file ::INFO ==> Created service file for systemd /u01/app/mongodb/admin/mdbrs03/etc/mongod_mdbrs03.service
2025-01-14_14-34-38::dmk_mongodb_create.p::create_systemd_file ::INFO ==> copy it to /etc/systemd/system as root user
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> Update /u01/app/mongodb/etc/mongodb.lst file with mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> Source the dmk to get settings new instance mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> by executting the command 'source /u01/app/mongodb/local/dmk/bin/dmk.sh'
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> Database mdbrs03 created.
mongodb@dev-vm:/home/mongodb/ [DUMMY] u
MongoDB database quick status
-----------------------------------------------
mdbrs01 ==> CLOSED
mdbrs02 ==> CLOSED
mdbrs03 ==> CLOSED
mongodb@dev-vm:/home/mongodb/ [DUMMY] ls /u01/app/mongodb/admin/
mdbrs01 mdbrs02 mdbrs03
Generate the key file for replicaset
The replicaset nodes must have the same key.
mongodb@dev-vm:/home/mongodb/ [DUMMY] openssl rand -base64 756 > /u01/app/mongodb/admin/mdbrs01/secret/rs01.key
mongodb@dev-vm:/home/mongodb/ [DUMMY] chmod 400 /u01/app/mongodb/admin/mdbrs01/secret/rs01.key
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp /u01/app/mongodb/admin/mdbrs01/secret/rs01.key /u01/app/mongodb/admin/mdbrs02/secret/rs01.key
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp /u01/app/mongodb/admin/mdbrs01/secret/rs01.key /u01/app/mongodb/admin/mdbrs03/secret/rs01.keyCreate the credentials files
mongodb@dev-vm:/home/mongodb/ [DUMMY] cat /u01/app/mongodb/admin/mdbrs01/secret/cred.yml
##############################################################################
# $Id: cred.yml 73 2015-10-26 12:18:02Z jew $
##############################################################################
#
# FILE: cred.yml Define credentials for the mongodb database
#
# AUTHOR: dbi services Ltd
#
##############################################################################
mdb_admin_user: "root"
mdb_admin_pwd: "root123"
mongodb@dmk-mongo-dev:/home/mongodb/ [mdb01] chmod 400 /u01/app/mongodb/admin/mdbrs01/secret/cred.ymlThe same file cred.ymlmust exist in /u01/app/mongodb/admin/mdbrs02/secret/cred.yml and /u01/app/mongodb/admin/mdbrs03/secret/cred.yml
mongodb@dmk-mongo-dev:/home/mongodb/ [mdb01] cp /u01/app/mongodb/admin/mdbrs01/secret/cred.yml /u01/app/mongodb/admin/mdbrs02/secret/cred.yml
mongodb@dmk-mongo-dev:/home/mongodb/ [mdb01] cp /u01/app/mongodb/admin/mdbrs01/secret/cred.yml /u01/app/mongodb/admin/mdbrs03/secret/cred.ymlCreate the admin user
In order to create the first user we need to change the init file for the first node, to be able to use the localhost exception (https://www.mongodb.com/docs/v4.4/core/security-users/#std-label-localhost-exception)
# make a backup of config file
mongodb@dev-vm:/home/mongodb/ [mdbrs01] cp /u01/app/mongodb/admin/mdbrs01/etc/mdbrs01.conf /tmp
# remove replicaset parameters and add the bind to localhost
mongodb@dev-vm:/home/mongodb/ [mdbrs01] cat /u01/app/mongodb/admin/mdbrs01/etc/mdbrs01.conf
---
net:
bindIp: localhost
port: 25101
processManagement:
fork: true
pidFilePath: /u01/app/mongodb/admin/mdbrs01/pid/mongod.pid
security:
keyFile: /u01/app/mongodb/admin/mdbrs01/secret/rs01.key
storage:
dbPath: /u02/mongodbdata/mdbrs01
engine: wiredTiger
systemLog:
destination: file
logAppend: true
path: /u02/mongodblog/mdbrs01/mdbrs01.log
# start the database
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a start -d mdbrs01
2025-01-14_15-26-31::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs01 in state OPEN ...
2025-01-14_15-26-37::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs01 is now OPEN. SUCCESS
# create the admin user
mongodb@dev-vm:/home/mongodb/ [mdbrs01] mongosh mongodb://localhost:25101
Current Mongosh Log ID: 6786825dd04b65c82e544ca6
Connecting to: mongodb://localhost:25101/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
test> use admin
switched to db admin
admin> db.createUser( { user: "root", pwd: "root123" ,roles: [ "root" ]});
{ ok: 1 }
admin> exit
# stop the database
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a stop -d mdbrs01
2025-01-14_15-32-41::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs01 in state CLOSED ...
2025-01-14_15-32-47::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs01 is now CLOSED. SUCCESS
# restore the saved init file
mongodb@dev-vm:/home/mongodb/ [mdbrs01] cp /tmp/mdbrs01.conf /u01/app/mongodb/admin/mdbrs01/etc/mdbrs01.conf
# start the database
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a start -d mdbrs01
2025-01-14_15-33-49::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs01 in state OPEN ...
2025-01-14_15-33-55::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs01 is now OPEN. SUCCESS
# connect using the authentication
mongodb@dev-vm:/home/mongodb/ [mdbrs01] msp
Current Mongosh Log ID: 67868402aecfa28667544ca6
Connecting to: mongodb://<credentials>@172.168.0.236:25101/?directConnection=true&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
test>Init the replicaset on the fist node
mongodb@dev-vm:/home/mongodb/ [mdbrs01] msp
Current Mongosh Log ID: 67868402aecfa28667544ca6
Connecting to: mongodb://<credentials>@172.168.0.236:25101/?directConnection=true&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
test> use admin
switched to db admin
admin> rs.initiate()
{
info2: 'no configuration specified. Using a default configuration for the set',
me: '172.168.0.236:25101',
ok: 1
}
rs01 [direct: secondary] admin> exitStart the other nodes
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a start -d mdbrs02
2025-01-14_15-01-04::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs02 in state OPEN ...
2025-01-14_15-01-10::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs02 is now OPEN. SUCCESS
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a start -d mdbrs03
2025-01-14_15-01-13::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs03 in state OPEN ...
2025-01-14_15-01-19::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs03 is now OPEN. SUCCESSAdd the other nodes
# commands executed from first node
mongodb@dev-vm:/home/mongodb/ [mdbrs01] msp
Current Mongosh Log ID: 678684ad4f8d05ea45544ca6
Connecting to: mongodb://<credentials>@172.168.0.236:25101/?directConnection=true&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
rs01 [direct: primary] test>
rs01 [direct: primary] test> use admin
switched to db admin
rs01 [direct: primary] admin> rs.add( { host: "172.168.0.236:25102" } );
{
ok: 1,
'$clusterTime': {
clusterTime: Timestamp({ t: 1736869193, i: 1 }),
signature: {
hash: Binary.createFromBase64('SfjgUkJ1Ljt4rbcs2Fao5am1zZY=', 0),
keyId: Long('7459795475126812679')
}
},
operationTime: Timestamp({ t: 1736869193, i: 1 })
}
rs01 [direct: primary] admin> rs.add( { host: "172.168.0.236:25103" } );
{
ok: 1,
'$clusterTime': {
clusterTime: Timestamp({ t: 1736869197, i: 1 }),
signature: {
hash: Binary.createFromBase64('2mLkdP+reB8pSR1eMs7aYTecTUU=', 0),
keyId: Long('7459795475126812679')
}
},
operationTime: Timestamp({ t: 1736869197, i: 1 })
}
rs01 [direct: primary] admin> exit
mongodb@dev-vm:/home/mongodb/ [mdbrs01] msp $DMK_HOME/js/rs_status.js
Member ID: 0, Host: 172.168.0.236:25101, State: PRIMARY
Member ID: 1, Host: 172.168.0.236:25102, State: SECONDARY
Member ID: 2, Host: 172.168.0.236:25103, State: SECONDARYUsing TLS
All commands are executed as mongodb user.
This example use a self signed certificate.
In a production environment the CA root certificate should be installed directly on the server and th server certificate must be signed by the company authority.
🔴 DO NOT USE SELF SIGNED CERTIFICATE IN A PRODUCTION ENVIRONMENT
Create the open ssl configuration file
Set the environment for tha database that you want to configure. In this example is mdb01
# set the mdb01 database environment
mongodb@dmk-mongo-dev:/home/mongodb/ [DUMMY] mdb01
********* dbi services Ltd. *********
STATUS : OPEN
BIND : 0.0.0.0
PORT : 25630
REPL : STANDALONE
CONF FILE : /u01/app/mongodb/admin/mdb01/etc/mdb01.conf
DATA PATH : /u02/mongodbdata/mdb01
LOG FILE : /u02/mongodblog/mdb01/mdb01.log
****************************
mongodb@dev-vm:/home/mongodb/ [mdb01] cd /u01/app/mongodb/admin/mdb01/secret/
# Create a default openssl configuration file.
mongodb@dev-vm:/home/mongodb/ [mdb01] cat openssl.cnf
[ req ]
prompt = no
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca # The extensions to add to the self-signed cert
[ req_distinguished_name ]
countryName = CH
stateOrProvinceName = Vaud
localityName = Nyon
organizationName = DBIServices
commonName = your_fqdn_hostname
[ req_ext ]
subjectAltName = @alt_names
[ v3_ca ]
subjectAltName = @alt_names
extendedKeyUsage = serverAuth, clientAuth
[ alt_names ]
DNS.1 = your_fqdn_hostna
IP.1 = your_server_or_client_ip
🟡 NOTE:
Pay attention to the DNS name of the host who make the connection and the IP.
Also the
extendedKeyUsagemust allow connection from server and client.All parameters are described here: https://docs.openssl.org/3.1/man5/config/
Generate the certificates
mongodb@dmk-mongo-dev:/home/mongodb/ [DUMMY] cd /u01/app/mongodb/admin/mdb01/secret/
mongodb@dmk-mongo-dev:/u01/app/mongodb/admin/mdb01/secret/ [DUMMY] openssl req -x509 -config ./openssl.cnf -nodes -days 365 -newkey rsa:4096 -out ca-cert.crt -keyout key-cert.crt
.....+.................+.+............+.....+.....
....
....
mongodb@dmk-mongo-dev:/u01/app/mongodb/admin/mdb01/secret/ [DUMMY] cat ca-cert.crt key-cert.crt > ce.pem
# list the certificate
mongodb@dmk-mongo-dev:/u01/app/mongodb/admin/mdb01/secret/ [DUMMY] openssl x509 -in ce.pem -purpose -noout -text
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
......Stop the database
mongodb@dev-vm:/home/mongodb/ [mdb01] dmk_db_ctl.sh -d mdb01 -a stop
2025-01-14_11-13-49::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdb01 in state CLOSED ...
2025-01-14_11-13-55::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdb01 is now CLOSED. SUCCESS🟢 By default the database template file for TLS configuration is $DMK_HOME/templates/dbcreate/mcreate_sample_tpl_tls.yaml.
By default the certificateKeyFile parameter will be $DMK_MONGODB_ADMIN/secret/mongodb_srv.pem. This value can be adapted in template file $DMK_HOME/templates/dbcreate/mongo_ini_tls.yaml
Adapt the config file
mongodb@dev-vm:/home/mongodb/ [mdb01] cat /u01/app/mongodb/admin/mdb01/etc/mdb01.conf
---
net:
bindIp: 172.168.0.236
port: 25101
tls:
mode: requireTLS
certificateKeyFile: /u01/app/mongodb/admin/mdb01/secret/ce.pem
CAFile: /u01/app/mongodb/admin/mdb01/secret/ca-cert.crt
.....🔴 ATTENTION: The certificate is defined for one or a list of IP's. So parameter bindIP: 0.0.0.0 cannot be used anymore.
Restart the shell to recompute the aliases using the new certificate configuration.
mongodb@dev-vm:/home/mongodb/ [mdb01] mdb01
********* dbi services Ltd. *********
STATUS : CLOSED
BIND : 172.168.0.236
PORT : 25101
REPL : STANDALONE
CONF FILE : /u01/app/mongodb/admin/mdb01/etc/mdb01.conf
DATA PATH : /u02/mongodbdata/mdb01
LOG FILE : /u02/mongodblog/mdb01/mdb01.log
****************************Start the database
mongodb@dev-vm:/home/mongodb/ [mdb01] dmk_db_ctl.sh -d mdb01 -a start
2025-01-14_11-18-05::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdb01 in state OPEN ...
2025-01-14_11-18-11::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdb01 is now OPEN. SUCCESSConnect to the database
# The 'Connecting to:' shows the certificates parameters used
mongodb@dev-vm:/home/mongodb/ [mdb01] msp
Current Mongosh Log ID: 6786481d1756924371544ca6
Connecting to: mongodb://<credentials>@172.168.0.236:25101/?tls=true&tlsCertificateKeyFile=%2Fu01%2Fapp%2Fmongodb%2Fadmin%2Fmdb01%2Fsecret%2Fce.pem&tlsCAFile=%2Fu01%2Fapp%2Fmongodb%2Fadmin%2Fmdb01%2Fsecret%2Fca-cert.crt&directConnection=true&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/Last updated