Installation of MongoDB on Red Hat OS

This document explains the installation of MongoDB Replicaset 6.0 on a server with the Red Hat operating system. It is recommended to have Red Hat 8.x or 9.x operating system.

Before Starting the Installation

Very Important

Before starting installations, make sure that the server's hostname is not localhost.localdomain and that each one is unique (by checking with the hostname command). If this is the case, make sure to change it before proceeding with any operations.

#(If necessary) Change the hostname

hostnamectl set-hostname your-new-hostname

POWERSHELL

Ensure that the hostname is not assigned with an IP-blocked hostname like 127.0.1.1 in the /etc/hosts file.

Make sure that there is no entry in /etc/resolv.conf like "nameserver 127.0.1.1"

Important

In order for the installation to be healthy, Apinizer Kubernetes servers must access the following addresses.

MongoDB:

https://www.mongodb.org/static/pgp/server-6.0.asc

https://repo.mongodb.org/apt/ubuntu

http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.19_amd64.deb

#1) Operating System Configurations (On All MongoDB Servers)

#It is recommended that the following tools be installed on all servers
sudo yum update
sudo yum install -y curl wget telnet zip lsof lvm2 net-tools yum-utils bind-utils  device-mapper-persistent-data

# The firewall is turned off
sudo systemctl stop firewalld
sudo systemctl disable firewalld

# SELinux is disabled
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

# Swap is turned off and the swap line in the /etc/fstab file is commented out to prevent it from restarting
sudo swapoff -a
sudo vi /etc/fstab
# Then the file is closed (:wq)

POWERSHELL

#2) Installation of MongoD

#2.1) Operating System Configuration and Installation of MongoDB Application (On All MongoDB Servers)

sudo vi /etc/yum.repos.d/mongodb-org-6.0.repo

POWERSHELL

[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc

POWERSHELL

sudo yum install -y mongodb-org

POWERSHELL

#2.2) MongoDB Configurations (On All MongoDB Servers)

Generating Key:

sudo mkdir -p /etc/mongodb/keys/

sudo chown -Rf apinizer:apinizer /etc/mongodb/keys
sudo chmod -Rf 700 /etc/mongodb/keys

sudo openssl rand -base64 756 > /etc/mongodb/keys/mongo-key

sudo chmod -Rf 400 /etc/mongodb/keys/mongo-key
sudo chown -Rf mongod:mongod /etc/mongodb

POWERSHELL

You need to add the following parameters to the /etc/mongod.conf file, adjusting them to your environment:

- storage / wiredTiger
- replication
- security
- setParameter
- processManagement

The expected state of the relevant configuration file:

storage:
  dbPath: /var/lib/mongo
  wiredTiger:
    engineConfig:
       cacheSizeGB: 2
  journal:
    enabled: true

systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

net:
  port: 25080
  bindIp: 0.0.0.0  

replication:
  replSetName: apinizer-replicaset 

security:
  authorization: enabled
  keyFile:  /etc/mongodb/keys/mongo-key

setParameter:
  transactionLifetimeLimitSeconds: 300

processManagement:
  fork: true  # fork and run in background
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfo

POWERSHELL

Then, the MongoDB application is started.

sudo systemctl start mongod
sudo systemctl enable mongod

POWERSHELL

If MongoDB installation will be done on more than one server, the keys created in the Primary node are transferred to all nodes and the same privileges are given.

#On the Primary server
scp -r /etc/mongodb/keys/ apinizer@mongoDb2:/tmp
##The same process should be done separately for mongoDb3
  
#On the Secondary servers
sudo mv /tmp/mongo-key /etc/mongodb/keys/
  
#Check and adjust permissions
chmod -Rf 400 /etc/mongodb/keys
chown -Rf mongodb:mongodb /etc/mongodb

POWERSHELL

#2.3) ReplicaSet Configuration and Authorization User Definition (MongoDB Primary Server)

Replicaset activation should only be done on the Primary server.

Activating Replicaset:

mongosh mongodb://localhost:25080 
#If there is a connection error at this stage, the server address and server name should be added under /etc/hosts and one of the values of 127.0.0.1 should be checked to see if it is localhost.

rs.initiate()
rs.status()

POWERSHELL

Creating an authorized user for Apinizer application:

use admin;
db.createUser(
  {
    user: 'apinizer',
    pwd: '<YOUR_PASSWORD>',
    roles: [ { role: 'root', db: 'admin' } ]
  }
 );

exit;

POWERSHELL

If MongoDB is to be managed by your organization, a user with the following role must be created.

roles: [ { role: "readWrite", db: "apinizerdb" } ]

POWERSHELL

Changes That May Be Needed

Authorize a user on the previously created MongoDB using the following command lines.

mongosh mongodb://localhost:25080

use admin;
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])

POWERSHELL

If hostname or IP address needs to be changed:

mongosh  mongodb://localhost:25080 --authenticationDatabase "admin" -u "apinizer" -p

cfg = rs.conf()
cfg.members[0].host = "<MONGO_IP_ADDRESS>:25080"
rs.reconfig(cfg)
rs.status()

POWERSHELL

If a user password needs to be changed:

use admin

db.changeUserPassword("apinizer", passwordPrompt())

POWERSHELL

#2.4) MongoDB ReplicaSet Installation on Multiple Servers (MongoDB Primary Server)

Apinizer suggests the high availability feature of MongoDB. High availability allows secondary databases to take over when the primary database fails.

For high availability in MongoDB, a minimum of three servers is required (1 Primary and 2 Secondary). If the primary server encounters an issue, one of the secondary servers automatically becomes the primary, ensuring uninterrupted operation. Once the primary server is back online, the secondary server remains as a backup. However, this functionality cannot be achieved with fewer than three active servers. To enhance system continuity, servers can be positioned in different locations.

High availability is not limited to just three servers; it can also be implemented with an Arbiter or more servers. For more information, you can visit the link: https://www.mongodb.com/docs/manual/core/replica-set-architectures/.

When you restart the MongoDB services, you can configure the Secondary nodes on the Primary node using the following commands in a replica set architecture.

mongosh mongodb://<PRIMARY_NODE>:25080 --authenticationDatabase "admin" -u "apinizer" -p
  
rs.add("mongoDb02:25080")
rs.add("mongoDb03:25080")
  
rs.status()
  
exit;

BASH

With these steps, a structure consisting of a total of three servers is established, with one being the primary server and the other two being secondary servers.

In the event of high availability, if the connection to the primary server is severed or it fails, one of the secondary servers should automatically assume the role of the primary server. To configure this situation, follow the steps outlined for all nodes.

mongosh mongodb://<PRIMARY_NODE>:25080 --authenticationDatabase "admin" -u "apinizer" -p   

cfg = rs.conf()
cfg.members[0].priority = 1
cfg.members[0].votes = 1
cfg.members[1].priority = 1
cfg.members[1].votes = 1
cfg.members[2].priority = 1
cfg.members[2].votes = 1
rs.reconfig(cfg)
rs.conf()
  
rs.status()
  
exit;

BASH

Priority specifies the likelihood of a node being chosen as the new Primary, and this value can be scaled between 0 and 1. A value of 0 indicates that the node can never become the Primary, while higher values closer to 1 signify a higher priority for becoming the Primary.
Votes indicates whether a node can participate in the election of a new Primary and takes either a 0 or 1 value. This value indicates whether the node will cast a vote during the election process.

This setup is prepared assuming that the DNS names such as "mongoDb01, mongoDb02, mongoDb03, k8sWorkerIP" can be resolved by the system. In cases where servers cannot resolve these DNS names, either this issue needs to be corrected or all the DNS names should be fixed as IP addresses.