Advanced configuration
Last updated
Last updated
All commands are executed as mongodb user.
🔴 In this example the replicaset is create on the same node. This is just for example purpose.
Replicaset configuration
mdbrs01
172.168.0.236
25101
mdbrs02
172.168.0.236
25102
mdbrs03
172.168.0.236
25103
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp $DMK_HOME/templates/dbcreate/mcreate_replicaset_tpl.yaml $DMK_HOME/etc/mcreate_mdb01rs.yaml
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp $DMK_HOME/templates/dbcreate/mcreate_replicaset_tpl.yaml $DMK_HOME/etc/mcreate_mdb02rs.yaml
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp $DMK_HOME/templates/dbcreate/mcreate_replicaset_tpl.yaml $DMK_HOME/etc/mcreate_mdb03rs.yaml
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp $DMK_HOME/templates/dbcreate/mongo_ini_replicaset.yaml $DMK_HOME/etc/mongo_ini_replicaset.yaml
mongodb@dev-vm:/home/mongodb/ [DUMMY] cat $DMK_HOME/etc/mcreate_mdb01rs.yaml
# mongod.conf
# Generated by MONGODB - DMK dbi services
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
mongodb_cfg:
db_name: mdbrs01
home_path: /u01/app/mongodb/product/8.0
data_path: /u02/mongodbdata
bindIp: 172.168.0.236
port: 25101
template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
replicaset_name: rs01
mongodb@dev-vm:/home/mongodb/ [DUMMY] cat $DMK_HOME/etc/mcreate_mdb02rs.yaml
# mongod.conf
# Generated by MONGODB - DMK dbi services
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
mongodb_cfg:
db_name: mdbrs02
home_path: /u01/app/mongodb/product/8.0
data_path: /u02/mongodbdata
bindIp: 172.168.0.236
port: 25102
template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
replicaset_name: rs01
mongodb@dev-vm:/home/mongodb/ [DUMMY] cat $DMK_HOME/etc/mcreate_mdb03rs.yaml
# mongod.conf
# Generated by MONGODB - DMK dbi services
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
mongodb_cfg:
db_name: mdbrs03
home_path: /u01/app/mongodb/product/8.0
data_path: /u02/mongodbdata
bindIp: 172.168.0.236
port: 25103
template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
replicaset_name: rs01
mongodb@dev-vm:/home/mongodb/ [DUMMY] dmk_dbcreate.sh -c $DMK_HOME/etc/mcreate_mdb01rs.yaml
2025-01-14_14-34-29::dmk_mongodb_create.p::Mainprogram ::INFO ==> Configuration File = /u01/app/mongodb/local/dmk/etc/mcreate_mdb01rs.yaml
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> Create directory layout for mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodblog/mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodbdata/mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/pid
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/etc
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/backup
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/dump
2025-01-14_14-34-29::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs01/secret
2025-01-14_14-34-29::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb conf from template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
2025-01-14_14-34-29::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb init file: /u01/app/mongodb/admin/mdbrs01/etc/mdbrs01.conf
2025-01-14_14-34-29::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create systemd file from template /u01/app/mongodb/local/dmk/templates/systemd/mongod.service
2025-01-14_14-34-29::dmk_mongodb_create.p::create_systemd_file ::INFO ==> Created service file for systemd /u01/app/mongodb/admin/mdbrs01/etc/mongod_mdbrs01.service
2025-01-14_14-34-29::dmk_mongodb_create.p::create_systemd_file ::INFO ==> copy it to /etc/systemd/system as root user
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> Update /u01/app/mongodb/etc/mongodb.lst file with mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> Source the dmk to get settings new instance mdbrs01
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> by executting the command 'source /u01/app/mongodb/local/dmk/bin/dmk.sh'
2025-01-14_14-34-29::dmk_mongodb_create.p::MainProgram ::INFO ==> Database mdbrs01 created.
mongodb@dev-vm:/home/mongodb/ [DUMMY] dmk_dbcreate.sh -c $DMK_HOME/etc/mcreate_mdb02rs.yaml
2025-01-14_14-34-34::dmk_mongodb_create.p::Mainprogram ::INFO ==> Configuration File = /u01/app/mongodb/local/dmk/etc/mcreate_mdb02rs.yaml
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> Create directory layout for mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodblog/mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodbdata/mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/pid
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/etc
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/backup
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/dump
2025-01-14_14-34-34::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs02/secret
2025-01-14_14-34-34::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb conf from template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
2025-01-14_14-34-34::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb init file: /u01/app/mongodb/admin/mdbrs02/etc/mdbrs02.conf
2025-01-14_14-34-34::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create systemd file from template /u01/app/mongodb/local/dmk/templates/systemd/mongod.service
2025-01-14_14-34-34::dmk_mongodb_create.p::create_systemd_file ::INFO ==> Created service file for systemd /u01/app/mongodb/admin/mdbrs02/etc/mongod_mdbrs02.service
2025-01-14_14-34-34::dmk_mongodb_create.p::create_systemd_file ::INFO ==> copy it to /etc/systemd/system as root user
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> Update /u01/app/mongodb/etc/mongodb.lst file with mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> Source the dmk to get settings new instance mdbrs02
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> by executting the command 'source /u01/app/mongodb/local/dmk/bin/dmk.sh'
2025-01-14_14-34-34::dmk_mongodb_create.p::MainProgram ::INFO ==> Database mdbrs02 created.
mongodb@dev-vm:/home/mongodb/ [DUMMY] dmk_dbcreate.sh -c $DMK_HOME/etc/mcreate_mdb03rs.yaml
2025-01-14_14-34-38::dmk_mongodb_create.p::Mainprogram ::INFO ==> Configuration File = /u01/app/mongodb/local/dmk/etc/mcreate_mdb03rs.yaml
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> Create directory layout for mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodblog/mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u02/mongodbdata/mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/pid
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/etc
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/backup
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/dump
2025-01-14_14-34-38::dmk_mongodb_create.p::main::mkdir_if_not_e::INFO ==> Create directory: /u01/app/mongodb/admin/mdbrs03/secret
2025-01-14_14-34-38::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb conf from template: /u01/app/mongodb/local/dmk/etc/mongo_ini_replicaset.yaml
2025-01-14_14-34-38::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create mongodb init file: /u01/app/mongodb/admin/mdbrs03/etc/mdbrs03.conf
2025-01-14_14-34-38::dmk_mongodb_create.p::create_init_mongo_co::INFO ==> Create systemd file from template /u01/app/mongodb/local/dmk/templates/systemd/mongod.service
2025-01-14_14-34-38::dmk_mongodb_create.p::create_systemd_file ::INFO ==> Created service file for systemd /u01/app/mongodb/admin/mdbrs03/etc/mongod_mdbrs03.service
2025-01-14_14-34-38::dmk_mongodb_create.p::create_systemd_file ::INFO ==> copy it to /etc/systemd/system as root user
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> Update /u01/app/mongodb/etc/mongodb.lst file with mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> Source the dmk to get settings new instance mdbrs03
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> by executting the command 'source /u01/app/mongodb/local/dmk/bin/dmk.sh'
2025-01-14_14-34-38::dmk_mongodb_create.p::MainProgram ::INFO ==> Database mdbrs03 created.
mongodb@dev-vm:/home/mongodb/ [DUMMY] u
MongoDB database quick status
-----------------------------------------------
mdbrs01 ==> CLOSED
mdbrs02 ==> CLOSED
mdbrs03 ==> CLOSED
mongodb@dev-vm:/home/mongodb/ [DUMMY] ls /u01/app/mongodb/admin/
mdbrs01 mdbrs02 mdbrs03
The replicaset nodes must have the same key.
mongodb@dev-vm:/home/mongodb/ [DUMMY] openssl rand -base64 756 > /u01/app/mongodb/admin/mdbrs01/secret/rs01.key
mongodb@dev-vm:/home/mongodb/ [DUMMY] chmod 400 /u01/app/mongodb/admin/mdbrs01/secret/rs01.key
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp /u01/app/mongodb/admin/mdbrs01/secret/rs01.key /u01/app/mongodb/admin/mdbrs02/secret/rs01.key
mongodb@dev-vm:/home/mongodb/ [DUMMY] cp /u01/app/mongodb/admin/mdbrs01/secret/rs01.key /u01/app/mongodb/admin/mdbrs03/secret/rs01.keymongodb@dev-vm:/home/mongodb/ [DUMMY] cat /u01/app/mongodb/admin/mdbrs01/secret/cred.yml
##############################################################################
# $Id: cred.yml 73 2015-10-26 12:18:02Z jew $
##############################################################################
#
# FILE: cred.yml Define credentials for the mongodb database
#
# AUTHOR: dbi services Ltd
#
##############################################################################
mdb_admin_user: "root"
mdb_admin_pwd: "root123"
mongodb@dmk-mongo-dev:/home/mongodb/ [mdb01] chmod 400 /u01/app/mongodb/admin/mdbrs01/secret/cred.ymlThe same file cred.ymlmust exist in /u01/app/mongodb/admin/mdbrs02/secret/cred.yml and /u01/app/mongodb/admin/mdbrs03/secret/cred.yml
mongodb@dmk-mongo-dev:/home/mongodb/ [mdb01] cp /u01/app/mongodb/admin/mdbrs01/secret/cred.yml /u01/app/mongodb/admin/mdbrs02/secret/cred.yml
mongodb@dmk-mongo-dev:/home/mongodb/ [mdb01] cp /u01/app/mongodb/admin/mdbrs01/secret/cred.yml /u01/app/mongodb/admin/mdbrs03/secret/cred.ymlIn order to create the first user we need to change the init file for the first node, to be able to use the localhost exception (https://www.mongodb.com/docs/v4.4/core/security-users/#std-label-localhost-exception)
# make a backup of config file
mongodb@dev-vm:/home/mongodb/ [mdbrs01] cp /u01/app/mongodb/admin/mdbrs01/etc/mdbrs01.conf /tmp
# remove replicaset parameters and add the bind to localhost
mongodb@dev-vm:/home/mongodb/ [mdbrs01] cat /u01/app/mongodb/admin/mdbrs01/etc/mdbrs01.conf
---
net:
bindIp: localhost
port: 25101
processManagement:
fork: true
pidFilePath: /u01/app/mongodb/admin/mdbrs01/pid/mongod.pid
security:
keyFile: /u01/app/mongodb/admin/mdbrs01/secret/rs01.key
storage:
dbPath: /u02/mongodbdata/mdbrs01
engine: wiredTiger
systemLog:
destination: file
logAppend: true
path: /u02/mongodblog/mdbrs01/mdbrs01.log
# start the database
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a start -d mdbrs01
2025-01-14_15-26-31::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs01 in state OPEN ...
2025-01-14_15-26-37::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs01 is now OPEN. SUCCESS
# create the admin user
mongodb@dev-vm:/home/mongodb/ [mdbrs01] mongosh mongodb://localhost:25101
Current Mongosh Log ID: 6786825dd04b65c82e544ca6
Connecting to: mongodb://localhost:25101/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
test> use admin
switched to db admin
admin> db.createUser( { user: "root", pwd: "root123" ,roles: [ "root" ]});
{ ok: 1 }
admin> exit
# stop the database
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a stop -d mdbrs01
2025-01-14_15-32-41::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs01 in state CLOSED ...
2025-01-14_15-32-47::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs01 is now CLOSED. SUCCESS
# restore the saved init file
mongodb@dev-vm:/home/mongodb/ [mdbrs01] cp /tmp/mdbrs01.conf /u01/app/mongodb/admin/mdbrs01/etc/mdbrs01.conf
# start the database
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a start -d mdbrs01
2025-01-14_15-33-49::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs01 in state OPEN ...
2025-01-14_15-33-55::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs01 is now OPEN. SUCCESS
# connect using the authentication
mongodb@dev-vm:/home/mongodb/ [mdbrs01] msp
Current Mongosh Log ID: 67868402aecfa28667544ca6
Connecting to: mongodb://<credentials>@172.168.0.236:25101/?directConnection=true&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
test>mongodb@dev-vm:/home/mongodb/ [mdbrs01] msp
Current Mongosh Log ID: 67868402aecfa28667544ca6
Connecting to: mongodb://<credentials>@172.168.0.236:25101/?directConnection=true&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
test> use admin
switched to db admin
admin> rs.initiate()
{
info2: 'no configuration specified. Using a default configuration for the set',
me: '172.168.0.236:25101',
ok: 1
}
rs01 [direct: secondary] admin> exitmongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a start -d mdbrs02
2025-01-14_15-01-04::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs02 in state OPEN ...
2025-01-14_15-01-10::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs02 is now OPEN. SUCCESS
mongodb@dev-vm:/home/mongodb/ [mdbrs01] dmk_db_ctl.sh -a start -d mdbrs03
2025-01-14_15-01-13::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdbrs03 in state OPEN ...
2025-01-14_15-01-19::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdbrs03 is now OPEN. SUCCESS# commands executed from first node
mongodb@dev-vm:/home/mongodb/ [mdbrs01] msp
Current Mongosh Log ID: 678684ad4f8d05ea45544ca6
Connecting to: mongodb://<credentials>@172.168.0.236:25101/?directConnection=true&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
rs01 [direct: primary] test>
rs01 [direct: primary] test> use admin
switched to db admin
rs01 [direct: primary] admin> rs.add( { host: "172.168.0.236:25102" } );
{
ok: 1,
'$clusterTime': {
clusterTime: Timestamp({ t: 1736869193, i: 1 }),
signature: {
hash: Binary.createFromBase64('SfjgUkJ1Ljt4rbcs2Fao5am1zZY=', 0),
keyId: Long('7459795475126812679')
}
},
operationTime: Timestamp({ t: 1736869193, i: 1 })
}
rs01 [direct: primary] admin> rs.add( { host: "172.168.0.236:25103" } );
{
ok: 1,
'$clusterTime': {
clusterTime: Timestamp({ t: 1736869197, i: 1 }),
signature: {
hash: Binary.createFromBase64('2mLkdP+reB8pSR1eMs7aYTecTUU=', 0),
keyId: Long('7459795475126812679')
}
},
operationTime: Timestamp({ t: 1736869197, i: 1 })
}
rs01 [direct: primary] admin> exit
mongodb@dev-vm:/home/mongodb/ [mdbrs01] msp $DMK_HOME/js/rs_status.js
Member ID: 0, Host: 172.168.0.236:25101, State: PRIMARY
Member ID: 1, Host: 172.168.0.236:25102, State: SECONDARY
Member ID: 2, Host: 172.168.0.236:25103, State: SECONDARYAll commands are executed as mongodb user.
This example use a self signed certificate.
In a production environment the CA root certificate should be installed directly on the server and th server certificate must be signed by the company authority.
🔴 DO NOT USE SELF SIGNED CERTIFICATE IN A PRODUCTION ENVIRONMENT
Set the environment for tha database that you want to configure. In this example is mdb01
# set the mdb01 database environment
mongodb@dmk-mongo-dev:/home/mongodb/ [DUMMY] mdb01
********* dbi services Ltd. *********
STATUS : OPEN
BIND : 0.0.0.0
PORT : 25630
REPL : STANDALONE
CONF FILE : /u01/app/mongodb/admin/mdb01/etc/mdb01.conf
DATA PATH : /u02/mongodbdata/mdb01
LOG FILE : /u02/mongodblog/mdb01/mdb01.log
****************************
mongodb@dev-vm:/home/mongodb/ [mdb01] cd /u01/app/mongodb/admin/mdb01/secret/
# Create a default openssl configuration file.
mongodb@dev-vm:/home/mongodb/ [mdb01] cat openssl.cnf
[ req ]
prompt = no
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca # The extensions to add to the self-signed cert
[ req_distinguished_name ]
countryName = CH
stateOrProvinceName = Vaud
localityName = Nyon
organizationName = DBIServices
commonName = your_fqdn_hostname
[ req_ext ]
subjectAltName = @alt_names
[ v3_ca ]
subjectAltName = @alt_names
extendedKeyUsage = serverAuth, clientAuth
[ alt_names ]
DNS.1 = your_fqdn_hostna
IP.1 = your_server_or_client_ip
🟡 NOTE:
Pay attention to the DNS name of the host who make the connection and the IP.
Also the extendedKeyUsage must allow connection from server and client.
mongodb@dmk-mongo-dev:/home/mongodb/ [DUMMY] cd /u01/app/mongodb/admin/mdb01/secret/
mongodb@dmk-mongo-dev:/u01/app/mongodb/admin/mdb01/secret/ [DUMMY] openssl req -x509 -config ./openssl.cnf -nodes -days 365 -newkey rsa:4096 -out ca-cert.crt -keyout key-cert.crt
.....+.................+.+............+.....+.....
....
....
mongodb@dmk-mongo-dev:/u01/app/mongodb/admin/mdb01/secret/ [DUMMY] cat ca-cert.crt key-cert.crt > ce.pem
# list the certificate
mongodb@dmk-mongo-dev:/u01/app/mongodb/admin/mdb01/secret/ [DUMMY] openssl x509 -in ce.pem -purpose -noout -text
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
......mongodb@dev-vm:/home/mongodb/ [mdb01] dmk_db_ctl.sh -d mdb01 -a stop
2025-01-14_11-13-49::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdb01 in state CLOSED ...
2025-01-14_11-13-55::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdb01 is now CLOSED. SUCCESS🟢 By default the database template file for TLS configuration is $DMK_HOME/templates/dbcreate/mcreate_sample_tpl_tls.yaml.
By default the certificateKeyFile parameter will be $DMK_MONGODB_ADMIN/secret/mongodb_srv.pem. This value can be adapted in template file $DMK_HOME/templates/dbcreate/mongo_ini_tls.yaml
mongodb@dev-vm:/home/mongodb/ [mdb01] cat /u01/app/mongodb/admin/mdb01/etc/mdb01.conf
---
net:
bindIp: 172.168.0.236
port: 25101
tls:
mode: requireTLS
certificateKeyFile: /u01/app/mongodb/admin/mdb01/secret/ce.pem
CAFile: /u01/app/mongodb/admin/mdb01/secret/ca-cert.crt
.....🔴 ATTENTION: The certificate is defined for one or a list of IP's. So parameter bindIP: 0.0.0.0 cannot be used anymore.
Restart the shell to recompute the aliases using the new certificate configuration.
mongodb@dev-vm:/home/mongodb/ [mdb01] mdb01
********* dbi services Ltd. *********
STATUS : CLOSED
BIND : 172.168.0.236
PORT : 25101
REPL : STANDALONE
CONF FILE : /u01/app/mongodb/admin/mdb01/etc/mdb01.conf
DATA PATH : /u02/mongodbdata/mdb01
LOG FILE : /u02/mongodblog/mdb01/mdb01.log
****************************mongodb@dev-vm:/home/mongodb/ [mdb01] dmk_db_ctl.sh -d mdb01 -a start
2025-01-14_11-18-05::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Put database mdb01 in state OPEN ...
2025-01-14_11-18-11::dmk_mongodb_ctl.pl ::control_database ::INFO ==> Database mdb01 is now OPEN. SUCCESS# The 'Connecting to:' shows the certificates parameters used
mongodb@dev-vm:/home/mongodb/ [mdb01] msp
Current Mongosh Log ID: 6786481d1756924371544ca6
Connecting to: mongodb://<credentials>@172.168.0.236:25101/?tls=true&tlsCertificateKeyFile=%2Fu01%2Fapp%2Fmongodb%2Fadmin%2Fmdb01%2Fsecret%2Fce.pem&tlsCAFile=%2Fu01%2Fapp%2Fmongodb%2Fadmin%2Fmdb01%2Fsecret%2Fca-cert.crt&directConnection=true&appName=mongosh+2.3.8
Using MongoDB: 8.0.4
Using Mongosh: 2.3.8
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/All parameters are described here: