/munetakaJupyterHub/Computer/MongoDB/Replicattion/addHc4Bookworm.md

§2023-08-05

hc4Bookworm.yushei.net, running on odroid-hc4 with Debian Bookworm Debian releaase 12.

copy software

alexlai@hc4Bookworm:~$ mkdir -p build/src && cd $_

lexlai@hc4Bookworm:~/build/src$ scp orgpi5arch.yushei.net:/opt/xfs/home/alexlai/build/src/mongod-aarch64-7.0.0-rc8  ./

alexlai@hc4Bookworm:~/build/src$ ./mongod-aarch64-7.0.0-rc8 -version
db version v7.0.0-rc8
Build Info: {
    "version": "7.0.0-rc8",
    "gitVersion": "27da922959c12df48ae2ecf8aad0f37f42f71451",
    "openSSLVersion": "OpenSSL 3.0.9 30 May 2023",
    "modules": [],
    "allocator": "tcmalloc",
    "environment": {
        "distarch": "aarch64",
        "target_arch": "aarch64"
    }
}

alexlai@hc4Bookworm:~/build/src$ scp orgpi5arch.yushei.net:/opt/xfs/home/alexlai/build/src/mongosh-1.10.1-linux-arm64-openssl11.tgz   ./
alexlai@hc4Bookworm:~/build/src$ scp orgpi5arch.yushei.net:/opt/xfs/home/alexlai/build/src/mongosh-1.10.1-linux-arm64.tgz   ./

alexlai@hc4Bookworm:~/build$ tar xvf src/mongosh-1.10.1-linux-arm64-openssl11.tgz 
alexlai@hc4Bookworm:~/build$ cd mongosh-1.10.1-linux-arm64-openssl11/bin/
alexlai@hc4Bookworm:~/build/mongosh-1.10.1-linux-arm64-openssl11/bin$ ./mongosh -version
1.10.1
alexlai@hc4Bookworm:~/build/mongosh-1.10.1-linux-arm64-openssl11/bin$ ./mongosh -version
1.10.1
alexlai@hc4Bookworm:~/build$ tar xvf src/mongosh-1.10.1-linux-arm64.tgz 
alexlai@hc4Bookworm:~/build$ cd mongosh-1.10.1-linux-arm64/bin/
alexlai@hc4Bookworm:~/build/mongosh-1.10.1-linux-arm64/bin$ ./mongosh -version
1.10.1

alexlai@hc4Bookworm:~/build/src$ sudo cp -v mongod-aarch64-7.0.0-rc8 /usr/local/bin/mongod

alexlai@hc4Bookworm:~/build$ sudo cp -v mongosh-1.10.1-linux-arm64/bin/mongosh /usr/local/bin  <-- no openssl 1.0.x

create mongosb user

alexlai@hc4Bookworm:~$ sudo mkdir -p /opt/xfs/mongodb/log
[sudo] password for alexlai: 
alexlai@hc4Bookworm:~$ sudo useradd -u 966  -d /var/lib/mongodb -s /usr/bin/nologin mongodb
useradd: Warning: missing or non-executable shell '/usr/bin/nologin'
useradd warning: mongodb's uid 966 outside of the UID_MIN 1000 and UID_MAX 60000 range.
alexlai@hc4Bookworm:~$ sudo groupmod -g 966 mongodb
alexlai@hc4Bookworm:~$ id mongodb
uid=966(mongodb) gid=966(mongodb) groups=966(mongodb)
alexlai@hc4Bookworm:~$ grep mongodb /etc/passwd
mongodb:x:966:966::/var/lib/mongodb:/usr/bin/nologin
alexlai@hc4Bookworm:~$ sudo mkdir /var/lib/mongodb
alexlai@hc4Bookworm:~$ sudo chown mongodb:mongodb /var/lib/mongodb

setup directories `/opt/xfs/mongodb/

$ sudo mkdir -p /opt/xfs/mongodb/log
$ sudo chown -R mongodb:mongodb /opt/xfs/mongodb

generate and copy x.509 from orgpi5Arch.yushei.net

alexlai@hc4Bookworm:~/x.509$ scp orgpi5Arch.yushei.net:/opt/xfs/home/alexlai/x.509/hc4bookworm.yushei.net.pem ./
alexlai@hc4Bookworm:~/x.509$ scp orgpi5Arch.yushei.net:/opt/xfs/home/alexlai/x.509/mongoCA.crt ./
alexlai@orgpi5arch.yushei.net's password: 
alexlai@hc4Bookworm:~/x.509$ scp orgpi5Arch.yushei.net:/opt/xfs/home/alexlai/x.509/MuneTakaHomeKey ./

alexlai@hc4Bookworm:~/x.509$ sudo mkdir /opt/xfs/mongodb/x.509
alexlai@hc4Bookworm:~/x.509$ sudo cp -v hc4bookworm.yushei.net.pem /opt/xfs/mongodb/x.509/
alexlai@hc4Bookworm:~/x.509$ sudo cp -v mongoCA.crt  /opt/xfs/mongodb/x.509/
alexlai@hc4Bookworm:~/x.509$ sudo cp -v MuneTakaHomeKey  /opt/xfs/mongodb/x.509/
alexlai@hc4Bookworm:~/x.509$ sudo chown -R mongodb:mongodb /opt/xfs/mongodb/x.509/*
alexlai@hc4Bookworm:~/x.509$ sudo chmod  0400 /opt/xfs/mongodb/x.509/MuneTakaKey

alexlai@hc4Bookworm:~/x.509$ sudo ls -l /opt/xfs/mongodb/x.509/
total 16
-rw-r--r-- 1 mongodb mongodb 5528 Aug  5 09:51 hc4bookworm.yushei.net.pem
-rw-r--r-- 1 mongodb mongodb 1371 Aug  5 09:51 mongoCA.crt
-r-------- 1 mongodb mongodb 1024 Aug  5 09:51 MuneTakaHomeKey    <--- has to be 0400

/etc/mongodb-27999.conf

# mongodb-27999.conf
# MuneTakaHome replicationSet

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /opt/xfs/mongodb/log/mongod-27999.log

# Where and how to store data.
storage:
  dbPath: /opt/xfs/mongodb/data-27999
  
# how the process runs
processManagement:
  timeZoneInfo: /usr/share/zoneinfo

# network interfaces
net:
  port: 27999
  bindIp: 0.0.0.0   # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
  
  tls:
      mode: requireTLS
      certificateKeyFile: /opt/xfs/mongodb/x.509/hc4bookworm.yushei.net.pem
      CAFile: /opt/xfs/mongodb/x.509/mongoCA.crt

security:
  authorization: enabled
  keyFile: /opt/xfs/mongodb/x.509/MuneTakaHomeKey
    # clusterAuthMode: x509  

#operationProfiling:

replication:
  replSetName: "MuneTakaHome"

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:

/etc/systemd/system/Mongpdb-27999.service

[Unit]
Description=MongoDB Database Server, port 27999, MuneTakaHome
Documentation=https://docs.mongodb.org/manual
After=network-online.target
Wants=network-online.target

[Service]
TimeoutStartSec=infinity
User=mongodb
Group=mongodb
Environment="OPTIONS=-f /etc/mongodb-27999.conf"
Environment="MONGODB_CONFIG_OVERRIDE_NOFORK=1"
ExecStart=/usr/local/bin/mongod $OPTIONS
RuntimeDirectory=mongodb
# file size
LimitFSIZE=infinity
# cpu time
LimitCPU=infinity
# virtual memory size
LimitAS=infinity
# open files
LimitNOFILE=64000
# processes/threads
LimitNPROC=64000
# locked memory
LimitMEMLOCK=infinity
# total threads (user+kernel)
TasksMax=infinity
TasksAccounting=false
# Recommended limits for mongod as specified in
# https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings

[Install]
WantedBy=multi-user.target

systemctl start MOngodb-27999.service then check add it into replicationSet

MuneTakaHome [primary] admin> db.auth("siteRootAdmin", "b23258585")