MongoDB - Default port - 27017
MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling. MongoDB obviates the need for an Object Relational Mapping (ORM) to facilitate development.
MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling. MongoDB obviates the need for an Object Relational Mapping (ORM) to facilitate development.
1- Logon to Mongo shell
If you have SSH to Mongo server then use the command below to connect mongo shell. When you have enabled authentication
When authentication not enabled -
7- Test Login with Sever IP Address
Use the command below to verify login access
8- Try to connect MongoDB from Windows-based GUI client.
Generally, Developer needs a GUI based client to connect Database server, Here I am using NoSQLbooster client to make a connection from my Windows PC to MongoDB server.
Reboot your System and check Warning message will not come again
Now, You can access Database- Amar From Client IP address- 192.168.102.1 only.
$ mongo
When authentication is enabled -
$ mongo -u amar -p --authenticationDatabase admin
If you will use above command - Default selected database is "test". In order to log-in to the specific database use following command.
$ mongo -u amar -p --authenticationDatabase admin
2- List all the databases -
Once you are at mongo shell use command show dbs to list all the database
> show dbs;
3- Print current selected database -
Sometimes, we required checking currently selected database use command db
> db
4- Change database
To change the database use command use database_name
> use admin
In the above example - I switched to database Admin, Now you can perform the required actions on the database name Admin.
5- List all created users in the currently selected database -
In order to check all the created users and their access level- User command show users, It will print all the user's information.
> use admin # To select database
> show users # To print user details
Above command's output - We can see here username, and what role they have.
6-Change IP binding to the external IP address
By default, MongoDB works with localhost (127.0.0.1) but in our production environment, we require MongoDB access from outside (Example- access from App server). In order to allow outside MongoDB access, We need to modify MongoDB binding to Server IP address.Let's Change MongoDB binding to Sever's IP address:
Modify mongoDB configuration file.
By default, MongoDB works with localhost (127.0.0.1) but in our production environment, we require MongoDB access from outside (Example- access from App server). In order to allow outside MongoDB access, We need to modify MongoDB binding to Server IP address.Let's Change MongoDB binding to Sever's IP address:
Modify mongoDB configuration file.
$ vi /etc/mongod.conf
Change bind IP address with Server IP address
# network interfaces
net:
port: 27017
# bindIp: 127.0.0.1
bindIp: 192.168.102.10
Save and Exit from the file.
Restart MongoDB Service.
Check Service Statussystemctl restart mongod.service
systemctl status mongod.service
7- Test Login with Sever IP Address
Use the command below to verify login access
mongo -u amar -p --host 192.168.102.10 --authenticationDatabase admin
8- Try to connect MongoDB from Windows-based GUI client.
Generally, Developer needs a GUI based client to connect Database server, Here I am using NoSQLbooster client to make a connection from my Windows PC to MongoDB server.
9- Disable Transparent huge page
Generally, When you logged in to MongoDB server you will get a warning message-
Generally, When you logged in to MongoDB server you will get a warning message-
** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
** We suggest setting it to 'never'
To disable this Warning message- Follow the steps below:
Create a file: etc/init.d/disable-transparent-hugepages
Create a file: etc/init.d/disable-transparent-hugepages
$ vi /etc/init.d/disable-transparent-hugepages
Paste followings line to the file and save.
#!/bin/bash
### BEGIN INIT INFO
# Provides: disable-transparent-hugepages
# Required-Start: $local_fs
# Required-Stop:
# X-Start-Before: mongod mongodb-mms-automation-agent
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Disable Linux transparent huge pages
# Description: Disable Linux transparent huge pages, to improve
# database performance.
### END INIT INFO
case $1 in
start)
if [ -d /sys/kernel/mm/transparent_hugepage ]; then
thp_path=/sys/kernel/mm/transparent_hugepage
elif [ -d /sys/kernel/mm/redhat_transparent_hugepage ]; then
thp_path=/sys/kernel/mm/redhat_transparent_hugepage
else
return 0
fi
echo 'never' > ${thp_path}/enabled
echo 'never' > ${thp_path}/defrag
re='^[0-1]+$'
if [[ $(cat ${thp_path}/khugepaged/defrag) =~ $re ]]
then
# RHEL 7
echo 0 > ${thp_path}/khugepaged/defrag
else
# RHEL 6
echo 'no' > ${thp_path}/khugepaged/defrag
fi
unset re
unset thp_path
;;
esac
Save and Exit from the file.
Make it executable:
$ sudo chmod 755 /etc/init.d/disable-transparent-hugepages
Enable this script to run at System boot
$ sudo update-rc.d disable-transparent-hugepages defaults
10- Restrict database access from specific IP address
In the above example, We were given access to a user on a database with no IP restriction. That means a user can access MongoDB server's database from any client machine. Let's restrict access to a specific IP address only.
Log on to MongoDB shell
Create New Database and restrict specific IP address Access.In the above example, We were given access to a user on a database with no IP restriction. That means a user can access MongoDB server's database from any client machine. Let's restrict access to a specific IP address only.
Log on to MongoDB shell
sudo mongo -u amar -p --host 192.168.102.10 --authenticationDatabase admin
use Amar
db.createUser(
{
user: "user1",
pwd: "redhat",
roles: [ {role: 'readWrite', db: 'Amar'} ],
authenticationRestrictions: [ {
clientSource: ["192.168.102.1"],
serverAddress: ["192.168.102.10"]
} ]
}
)
Now, You can access Database- Amar From Client IP address- 192.168.102.1 only.
No comments:
Post a Comment