§2023-07-29
- h2Jammy.yushei.net is a odroid0h2, running Ubunti Jamy, 59.126.118.193 over Chingyen building, and it is a off site.
¶Step 1. set up mongodb user
alexlai@h2Jammy:~$ sudo useradd -u 966 -d /var/lib/mongodb -s /usr/bin/nologin mongodb
[sudo] password for alexlai:
useradd: Warning: missing or non-executable shell '/usr/bin/nologin'
alexlai@h2Jammy:~$ grep mongodb /etc/passwd
mongodb:x:966:1027::/var/lib/mongodb:/usr/bin/nologin
alexlai@h2Jammy:~$ sudo groupmod -g 966 mongodb
alexlai@h2Jammy:~$ id mongodb
uid=966(mongodb) gid=966(mongodb) groups=966(mongodb)
alexlai@h2Jammy:~$ sudo mkdir /var/lib/mongodb
alexlai@h2Jammy:~$ sudo chown mongodb:mongodb -R /var/lib/mongodb/
¶Step 2, get mongod and mongos
alexlai@h2Jammy:~$ cd build/mongo/build/install/bin/
alexlai@h2Jammy:~/build/mongo/build/install/bin$ ls -l
total 524036
-rwxrwxr-x 1 alexlai alexlai 132966200 七 27 14:14 mongod-x86_64-illegal
-rwxrwxr-x 2 alexlai alexlai 132228920 七 27 13:45 mongod-x86_64-r7.0.0-rc8
-rwxrwxr-x 1 alexlai alexlai 94513016 七 27 14:14 mongos-x86_64-illegal
-rwxrwxr-x 2 alexlai alexlai 94095224 七 27 13:33 mongos-x86_64-r7.0.0-rc8
-rwxrw-r-- 2 alexlai alexlai 1782 七 26 13:29 resmoke.py
alexlai@h2Jammy:~/build/mongo/build/install/bin$ ./mongod-x86_64-r7.0.0-rc8 --version
db version v7.0.0-rc8
Build Info: {
"version": "7.0.0-rc8",
"gitVersion": "27da922959c12df48ae2ecf8aad0f37f42f71451",
"openSSLVersion": "OpenSSL 3.0.2 15 Mar 2022",
"modules": [],
"allocator": "tcmalloc",
"environment": {
"distarch": "x86_64",
"target_arch": "x86_64"
}
}
alexlai@h2Jammy:~$ cd build/mongo/build/install/bin/
alexlai@h2Jammy:~/build/mongo/build/install/bin$ ls -l
total 524036
-rwxrwxr-x 1 alexlai alexlai 132966200 七 27 14:14 mongod-x86_64-illegal
-rwxrwxr-x 2 alexlai alexlai 132228920 七 27 13:45 mongod-x86_64-r7.0.0-rc8
-rwxrwxr-x 1 alexlai alexlai 94513016 七 27 14:14 mongos-x86_64-illegal
-rwxrwxr-x 2 alexlai alexlai 94095224 七 27 13:33 mongos-x86_64-r7.0.0-rc8
-rwxrw-r-- 2 alexlai alexlai 1782 七 26 13:29 resmoke.py
alexlai@h2Jammy:~/build/mongo/build/install/bin$ ./mongod-x86_64-r7.0.0-rc8 --version
db version v7.0.0-rc8
Build Info: {
"version": "7.0.0-rc8",
"gitVersion": "27da922959c12df48ae2ecf8aad0f37f42f71451",
"openSSLVersion": "OpenSSL 3.0.2 15 Mar 2022",
"modules": [],
"allocator": "tcmalloc",
"environment": {
"distarch": "x86_64",
"target_arch": "x86_64"
}
}
alexlai@h2Jammy:~/build/mongo/build/install/bin$ sudo cp -v mongod-x86_64-r7.0.0-rc8 /usr/local/bin/mongod
alexlai@h2Jammy:~/build/mongo/build/install/bin$ sudo cp -v mongos-x86_64-r7.0.0-rc8 /usr/local/bin/mongos
¶Step 3, x.509
- from orgpi5Arch.yushei.net to create
h2Jammy.yushei.net.pem
[alexlai@orpi5Arch x.509]$ ./genCertificate.sh h2Jammy.yushei.net
-----
Certificate request self-signature ok
subject=C = Tw, ST = Taiwan, L = Taichung, O = yushei.net, OU = ComputerDepartment, CN = h2Jammy.yushei.net
Enter pass phrase for mongoCA.key:
[alexlai@orpi5Arch x.509]$ ls
genCertificate.sh hc4Jammy.yushei.net.pem mongoCA.key orgpi5Arch.yushei.net.pem
h2Jammy.yushei.net.pem mongoCA.crt mongoCA.srl orgpi5Jammy.yushei.net.pem
- copy it into ~/x.509
alexlai@h2Jammy:~$ mkdir ~/.x.509 && cd $_
alexlai@h2Jammy:~/.x.509$ scp orgpi5Arch.yushei.net:/opt/xfs/home/alexlai/x.509/h2Jammy.yushei.net.pem ./
alexlai@h2Jammy:~/.x.509$ scp orgpi5Arch.yushei.net:/opt/xfs/home/alexlai/x.509/mongoCA.crt ./
alexlai@h2Jammy:~/.x.509$ sudo mkdir /var/lib/mongodb/x.509
alexlai@h2Jammy:~/.x.509$ sudo cp -v * /var/lib/mongodb/x.509/
alexlai@h2Jammy:~/.x.509$ sudo chown -R mongodb:mongodb /var/lib/mongodb/x.509/*
¶Step 4
- /etc/mongodb-27999.config
# mongodb-27999.conf
# MuneTakaHome replicationSet
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/lib/mongodb/log/mongod-27999.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb/data/data-27999/
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
port: 27999
bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
ssl:
mode: preferSSL
PEMKeyFile: /var/lib/mongodb/x.509/h2Jammy.yushei.net.pem
CAFile: /var/lib/mongodb/x.509/mongoCA.crt
allowInvalidCertificates: false
allowInvalidHostnames: false
security:
authorization: enabled
clusterAuthMode: x509
#operationProfiling:
replication:
replSetName: "MuneTakaHome"
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
alexlai@h2Jammy:~/.x.509$ sudo mkdir -p /var/lib/mongodb/data/data-27999/
alexlai@h2Jammy:~/.x.509$ sudo mkdir -p /var/lib/mongodb/log/
alexlai@h2Jammy:~/.x.509$ sudo chown -R mongodb:mongodb /var/lib/mongodb/
alexlai@h2Jammy:~/.x.509$ sudo ls -l /var/lib/mongodb/
total 0
drwxr-xr-x 3 mongodb mongodb 24 七 29 19:35 data
drwxr-xr-x 2 mongodb mongodb 6 七 29 19:35 log
drwxr-xr-x 2 mongodb mongodb 55 七 29 19:25 x.509
alexlai@h2Jammy:~/.x.509$ sudo ls -l /var/lib/mongodb/data/
total 0
drwxr-xr-x 2 mongodb mongodb 6 七 29 19:35 data-27999
alexlai@h2Jammy:~/.x.509$ sudo ls -l /var/lib/mongodb/log/
total 0
¶Step 5
- /etc/systemd/system/Mongodb-27999.service
[Unit]
Description=MongoDB Database Server, port 27999, MuneTakaHome
Documentation=https://docs.mongodb.org/manual
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=infinity
User=mongodb
Group=mongodb
Environment="OPTIONS=-f /etc/mongodb-27999.conf"
Environment="MONGODB_CONFIG_OVERRIDE_NOFORK=1"
ExecStart=/usr/local/bin/mongod $OPTIONS
RuntimeDirectory=mongodb
# file size
LimitFSIZE=infinity
# cpu time
LimitCPU=infinity
# virtual memory size
LimitAS=infinity
# open files
LimitNOFILE=64000
# processes/threads
LimitNPROC=64000
# locked memory
LimitMEMLOCK=infinity
# total threads (user+kernel)
TasksMax=infinity
TasksAccounting=false
# Recommended limits for mongod as specified in
# https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings
[Install]
WantedBy=multi-user.target
¶Step 6, try
alexlai@h2Jammy:~/.x.509$ sudo systemctl daemon-reload
alexlai@h2Jammy:~/.x.509$ sudo systemctl start Mongodb-27999.service
alexlai@h2Jammy:~/.x.509$ sudo systemctl status Mongodb-27999.service
● Mongodb-27999.service - MongoDB Database Server, port 27999, MuneTakaHome
Loaded: loaded (/etc/systemd/system/Mongodb-27999.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2023-07-29 19:39:11 CST; 5s ago
Docs: https://docs.mongodb.org/manual
Main PID: 264876 (mongod)
Memory: 73.7M
CPU: 1.317s
CGroup: /system.slice/Mongodb-27999.service
└─264876 /usr/local/bin/mongod -f /etc/mongodb-27999.conf
alexlai@h2Jammy:~/.x.509$ ls /var/lib/mongodb/data/data-27999/
collection-0--3363057023794735295.wt collection-8--3363057023794735295.wt index-5--3363057023794735295.wt mongod.lock WiredTiger.lock
collection-10--3363057023794735295.wt diagnostic.data index-7--3363057023794735295.wt sizeStorer.wt WiredTiger.turtle
collection-2--3363057023794735295.wt index-11--3363057023794735295.wt index-9--3363057023794735295.wt storage.bson WiredTiger.wt
collection-4--3363057023794735295.wt index-1--3363057023794735295.wt journal WiredTiger
collection-6--3363057023794735295.wt index-3--3363057023794735295.wt _mdb_catalog.wt WiredTigerHS.wt
alexlai@h2Jammy:~/.x.509$ sudo tail /var/lib/mongodb/log/mongod-27999.log
{"t":{"$date":"2023-07-29T19:39:49.002+08:00"},"s":"W", "c":"QUERY", "id":23799,
"ctx":"ftdc","msg":"Aggregate command executor error","attr":{"error":{"code":26,"codeName":"NamespaceNotFound","errmsg":"Unable to retrieve storageStats in $collStats stage :: caused by :: Collection [local.oplog.rs] not found."},"stats":{},
"cmd":{"aggregate":"oplog.rs","cursor":{},"pipeline":[{"$collStats":{"storageStats":{"waitForLock":false,"numericOnly":true}}}],"$db":"local"}}}
¶Step 7, connect from orgpi5Jammy.yushei.net
Current Mongosh Log ID: 64c4fc0022cd51afffafc475
Connecting to: mongodb://h2Jammy.yushei.net:27999/?directConnection=true&appName=mongosh+1.10.1
Using MongoDB: 7.0.0-rc8
Using Mongosh: 1.10.1
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
test> show databases
MongoServerError: Command listDatabases requires authentication
test>
¶Step add it into replicationSet
[alexlai@orpi5Arch x.509]$ mongosh mongodb://localhost:27999
Current Mongosh Log ID: 64c4fc742e84ea5c206c72ad
Connecting to: mongodb://localhost:27999/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.10.1
Using MongoDB: 7.0.0-rc8
Using Mongosh: 1.10.1
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
Hi! from orgpi5Arch.yushei.net:27999
MuneTakaHome [direct: primary] admin> db.auth("siteRootAdmin", "b23258585")
{ ok: 1 }
MuneTakaHome [direct: primary] admin> rs.add("h2Jammy.yushei.net:27999")
{
ok: 1,
'$clusterTime': {
clusterTime: Timestamp({ t: 1690631351, i: 1 }),
signature: {
hash: Binary(Buffer.from("2defe7f5467ac570d63dd8471e87074a97c17fc9", "hex"), 0),
keyId: Long("7261161535563628549")
}
},
operationTime: Timestamp({ t: 1690631351, i: 1 })
}
MuneTakaHome [direct: primary] admin> rs.conf()
{
_id: 'MuneTakaHome',
version: 5,
term: 1,
members: [
{
_id: 0,
host: 'orgpi5Arch.yushei.net:27999',
arbiterOnly: false,
buildIndexes: true,
hidden: false,
priority: 1,
tags: {},
secondaryDelaySecs: Long("0"),
votes: 1
},
{
_id: 1,
host: 'orgpi5Jammy.yushei.net:27999',
arbiterOnly: false,
buildIndexes: true,
hidden: false,
priority: 1,
tags: {},
secondaryDelaySecs: Long("0"),
votes: 1
},
{
_id: 2,
host: 'hc4Jammy.yushei.net:27999',
arbiterOnly: false,
buildIndexes: true,
hidden: false,
priority: 1,
tags: {},
secondaryDelaySecs: Long("0"),
votes: 1
},
{
_id: 3,
host: 'h2Jammy.yushei.net:27999',
arbiterOnly: false,
buildIndexes: true,
hidden: false,
priority: 1,
tags: {},
secondaryDelaySecs: Long("0"),
votes: 1
}
],
protocolVersion: Long("1"),
writeConcernMajorityJournalDefault: true,
settings: {
chainingAllowed: true,
heartbeatIntervalMillis: 2000,
heartbeatTimeoutSecs: 10,
electionTimeoutMillis: 10000,
catchUpTimeoutMillis: -1,
catchUpTakeoverDelayMillis: 30000,
getLastErrorModes: {},
getLastErrorDefaults: { w: 1, wtimeout: 0 },
replicaSetId: ObjectId("64c4d3e6e644cb13b7ff1910")
}
}
MuneTakaHome [direct: primary] admin>