This document describes how to install MongoDB Replicaset 6.0 on Ubuntu operating system. It is recommended that Ubuntu 22.04 LTS Live Server to be used.


Before Starting the Installation

Very Important

Before starting installations, make sure that the server's hostname is not localhost.localdomain and that each one is unique (by checking with the hostname command). If this is the case, make sure to change it before proceeding with any operations.

#(If necessary) Change the hostname

hostnamectl set-hostname your-new-hostname
POWERSHELL

Ensure that the hostname is not assigned with an IP-blocked hostname like 127.0.1.1 in the /etc/hosts file.

Make sure that there is no entry in /etc/resolv.conf like "nameserver 127.0.1.1"

Important

In order for the installation to be healthy, Apinizer Kubernetes servers must access the following addresses.

MongoDB:

https://www.mongodb.org/static/pgp/server-6.0.asc

https://repo.mongodb.org/apt/ubuntu

http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb

Important

While updating the packages, Ubuntu tries to pull from the server located in Turkey. However, from time to time, there may be a problem at tr.archive.ubuntu.com. In this case, you need to make the following change.

sudo vi /etc/apt/sources.list

#Replace all addresses starting with .tr with "Replace All".

#Example: 

Old: http://tr.archive.ubuntu.com/ubuntu

New: http://archive.ubuntu.com/ubuntu

#1) Operating System Configurations (On All MongoDB Servers)


# It is recommended that the following tools be installed on all servers
sudo apt update
sudo apt install -y curl wget net-tools gnupg2 software-properties-common apt-transport-https ca-certificates lsb-release

# The firewall is turned off.
sudo systemctl stop ufw
sudo systemctl disable ufw
 
# Swap is turned off and the swap line in the /etc/fstab file is commented out to prevent it from restarting
sudo swapoff -a
sudo vi /etc/fstab
# Then the file is closed (:wq)
POWERSHELL

#2) Installation of MongoDB

#2.1) Operating System Configuration and Installation of MongoDB Application (On All MongoDB Servers)


wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb

sudo dpkg -i ./libssl1.1_1.1.1f-1ubuntu2.19_amd64.deb

curl -fsSL https://www.mongodb.org/static/pgp/server-6.0.asc|sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/mongodb-6.gpg
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list


sudo apt update
sudo apt install mongodb-org -y
POWERSHELL

#2.2) MongoDB Configurations (On All MongoDB Servers)


Generating Key:

sudo mkdir -p /etc/mongodb/keys/

sudo chown -Rf apinizer:apinizer /etc/mongodb/keys
sudo chmod -Rf 700 /etc/mongodb/keys

sudo openssl rand -base64 756 > /etc/mongodb/keys/mongo-key

sudo chmod -Rf 400 /etc/mongodb/keys/mongo-key
sudo chown -Rf mongodb:mongodb /etc/mongodb
POWERSHELL

You need to add the following parameters to the /etc/mongod.conf file, adjusting them to your environment:

    • storage / wiredTiger
    • replication
    • security
    • setParameter
    • processManagement

The expected state of the relevant configuration file:

storage:
  dbPath: /var/lib/mongodb
  wiredTiger:
    engineConfig:
       cacheSizeGB: 2

systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

net:
  port: 25080
  bindIp: 0.0.0.0

replication:
  replSetName: apinizer-replicaset

security:
  authorization: enabled
  keyFile:  /etc/mongodb/keys/mongo-key

setParameter:
  transactionLifetimeLimitSeconds: 300

processManagement:
  timeZoneInfo: /usr/share/zoneinfo
YML

Then, the MongoDB application is started.

sudo systemctl enable mongod
sudo systemctl start mongod
POWERSHELL

If MongoDB installation will be done on more than one server, the keys created in the Primary node are transferred to all nodes and the same privileges are given.

#On the Primary server
scp -r /etc/mongodb/keys/ apinizer@mongoDb2:/tmp
##The same process should be done separately for mongoDb3

#On the Secondary servers
sudo mv /tmp/mongo-key /etc/mongodb/keys/
 
#Check and adjust permissions
chmod -Rf 400 /etc/mongodb/keys
chown -Rf mongodb:mongodb /etc/mongodb
BASH


#2.3) ReplicaSet Configuration and Authorization User Definition (MongoDB Primary Server)


Replicaset activation should only be done on the Primary server.

Activating Replicaset:

mongosh mongodb://localhost:25080 
#If there is a connection error at this stage, the server address and server name should be added under /etc/hosts and one of the values of 127.0.0.1 should be checked to see if it is localhost.

rs.initiate()
rs.status()
POWERSHELL

Creating an authorized user for Apinizer application:

use admin;
db.createUser(
  {
    user: 'apinizer',
    pwd: '<YOUR_PASSWORD>',
    roles: [ { role: 'root', db: 'admin' } ],
	mechanisms:[  "SCRAM-SHA-1"]   }
);

exit;
POWERSHELL

If MongoDB is to be managed by your organization, a user with the following role must be created.

roles: [ { role: "readWrite", db: "apinizerdb" } ]
POWERSHELL

Changes That May Be Needed

Authorize a user on the previously created MongoDB using the following command lines.

mongosh mongodb://localhost:25080

use admin;
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])
POWERSHELL

If hostname or IP address needs to be changed:

mongosh  mongodb://localhost:25080 --authenticationDatabase "admin" -u "apinizer" -p

cfg = rs.conf()
cfg.members[0].host = "<MONGO_IP_ADDRESS>:25080"
rs.reconfig(cfg)
rs.status()
POWERSHELL

If a user password needs to be changed:

use admin

db.changeUserPassword("apinizer", passwordPrompt())
POWERSHELL

#2.4) MongoDB ReplicaSet Installation on Multiple Servers (MongoDB Primary Server)


Apinizer suggests the high availability feature of MongoDB. High availability allows secondary databases to take over when the primary database fails.

For high availability in MongoDB, a minimum of three servers is required (1 Primary and 2 Secondary). If the primary server encounters an issue, one of the secondary servers automatically becomes the primary, ensuring uninterrupted operation. Once the primary server is back online, the secondary server remains as a backup. However, this functionality cannot be achieved with fewer than three active servers. To enhance system continuity, servers can be positioned in different locations.

High availability is not limited to just three servers; it can also be implemented with an Arbiter or more servers. For more information, you can visit the link: https://www.mongodb.com/docs/manual/core/replica-set-architectures/.


When you restart the MongoDB services, you can configure the Secondary nodes on the Primary node using the following commands in a replica set architecture.

mongosh mongodb://<PRIMARY_NODE>:25080 --authenticationDatabase "admin" -u "apinizer" -p
 
rs.add("mongoDb02:25080")
rs.add("mongoDb03:25080")
 
rs.status()
 
exit;
BASH

With these steps, a structure consisting of a total of three servers is established, with one being the primary server and the other two being secondary servers.


In the event of high availability, if the connection to the primary server is severed or it fails, one of the secondary servers should automatically assume the role of the primary server. To configure this situation, follow the steps outlined for all nodes.

mongosh mongodb://<PRIMARY_NODE>:25080 --authenticationDatabase "admin" -u "apinizer" -p   

cfg = rs.conf()
cfg.members[0].priority = 1
cfg.members[0].votes = 1
cfg.members[1].priority = 1
cfg.members[1].votes = 1
cfg.members[2].priority = 1
cfg.members[2].votes = 1
rs.reconfig(cfg)
rs.conf()
 
rs.status()
 
exit;
BASH

Priority specifies the likelihood of a node being chosen as the new Primary, and this value can be scaled between 0 and 1. A value of 0 indicates that the node can never become the Primary, while higher values closer to 1 signify a higher priority for becoming the Primary.
Votes indicates whether a node can participate in the election of a new Primary and takes either a 0 or 1 value. This value indicates whether the node will cast a vote during the election process.

This setup is prepared assuming that the DNS names such as "mongoDb01, mongoDb02, mongoDb03, k8sWorkerIP" can be resolved by the system. In cases where servers cannot resolve these DNS names, either this issue needs to be corrected or all the DNS names should be fixed as IP addresses.