Author
Special Thanks for Input by Mridula Mayodeo Head of Technology from Dressire on MongoDB.Conf Network Configurations
Goal
The Aim of this Blog is to setup MongoDB Enterprise Edition Instance on OCI Oracle cloud infrastructure Bare metal ,The Blog starts with generating SSH keys, Creating Virtual Cloud Network, Attaching an Instance to VCN Subnet, Installing MongoDB, Opening Firewall, Configuration of mongodb file, Setting up Security Rules on OCI, Finally Testing the access from outside the internet
if you are looking at easier alternative you can use OCI classic as well , please refer this blog
Generate SSH Keys
D:\BM>ssh-keygen -b 2048 -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/madhurao/.ssh/id_rsa): bm_ssh_key Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in bm_ssh_key. Your public key has been saved in bm_ssh_key.pub. The key fingerprint is: SHA256:B1eLdzuhzjm69ymRCx7f8+5oQZGU/DtMUunc+3k4N5c madhurao@MADHURAO-IN The key's randomart image is: +---[RSA 2048]----+ | .o.o.| | o .=o | | . o o *o.| | o . +.*o| | S . .o* o| | .ooo..* | | . +=+ o=| | ..=.*E=| | oo ++BB| +----[SHA256]-----+ D:\BM>ls bm_ssh_key bm_ssh_key.pub
Create VNC and Ubuntu 16.04 Virtual Machine image
this should be easiest one login to OCI , create a new compartment or use already existing compartment , create VNC with default options
create Ubuntu 16.04 Virtual Machine using the created VNC
SSH to OCI Ubuntu Instance
oracle@oracle:~/BM$ chmod 700 bm_ssh_key oracle@oracle:~/BM$ ssh -i bm_ssh_key [email protected] Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-127-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud 0 packages can be updated. 0 updates are security updates. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a command as administrator (user "root"), use "sudo ". See "man sudo_root" for details.
Install MongoDB on Ubuntu
Refer this Official Installation Document
ubuntu@mongodbubuntu:~$ mongod --version -bash: /usr/bin/mongod: No such file or directory ubuntu@mongodbubuntu:~$ sudo apt-key adv --keyserver
hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5 Executing: /tmp/tmp.lrLDWwUQQu/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5 gpg: requesting key 91FA4AD5 from hkp server keyserver.ubuntu.com gpg: key 91FA4AD5: "MongoDB 3.6 Release Signing Key <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 ubuntu@mongodbubuntu:~$ echo "deb [ arch=amd64,arm64,ppc64el,s390x ]
http://repo.mongodb.com/apt/ubuntu xenial/mongodb-enterprise/3.6 multiverse"
| sudo tee /etc/apt/sources.list.d/mongodb-enterprise.list deb [ arch=amd64,arm64,ppc64el,s390x ]
http://repo.mongodb.com/apt/ubuntu xenial/mongodb-enterprise/3.6 multiverse ubuntu@mongodbubuntu:~$ sudo apt-get update Hit:1 http://iad-ad-3.clouds.archive.ubuntu.com/ubuntu xenial InRelease Get:2 http://iad-ad-3.clouds.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB] Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB] Get:4 http://iad-ad-3.clouds.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB] Ign:5 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 InRelease Hit:6 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release Ign:8 http://repo.mongodb.com/apt/ubuntu xenial/mongodb-enterprise/3.6 InRelease Ign:9 https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 InRelease Hit:10 https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 Release ... Fetched 350 kB in 1s (180 kB/s) Reading package lists... Done ubuntu@mongodbubuntu:~$ sudo apt-get install -y mongodb-enterprise Reading package lists... Done Building dependency tree Reading state information... Done .... Selecting previously unselected package libcurl3:amd64. (Reading database ... 60823 files and directories currently installed.) Preparing to unpack .../libcurl3_7.47.0-1ubuntu2.8_amd64.deb ... Unpacking libcurl3:amd64 (7.47.0-1ubuntu2.8) ... Selecting previously unselected package libsensors4:amd64. Preparing to unpack .../libsensors4_1%3a3.4.0-2_amd64.deb ... Unpacking libsensors4:amd64 (1:3.4.0-2) ... Selecting previously unselected package libsnmp-base. Preparing to unpack .../libsnmp-base_5.7.3+dfsg-1ubuntu4.1_all.deb ... Unpacking libsnmp-base (5.7.3+dfsg-1ubuntu4.1) ... Selecting previously unselected package libsnmp30:amd64. Preparing to unpack .../libsnmp30_5.7.3+dfsg-1ubuntu4.1_amd64.deb ... Unpacking libsnmp30:amd64 (5.7.3+dfsg-1ubuntu4.1) ... Selecting previously unselected package mongodb-enterprise-shell. Preparing to unpack .../mongodb-enterprise-shell_3.6.5_amd64.deb ... Unpacking mongodb-enterprise-shell (3.6.5) ... Selecting previously unselected package snmp. Preparing to unpack .../snmp_5.7.3+dfsg-1ubuntu4.1_amd64.deb ... Unpacking snmp (5.7.3+dfsg-1ubuntu4.1) ... Selecting previously unselected package mongodb-enterprise-server. Preparing to unpack .../mongodb-enterprise-server_3.6.5_amd64.deb ... Unpacking mongodb-enterprise-server (3.6.5) ... Selecting previously unselected package mongodb-enterprise-mongos. Preparing to unpack .../mongodb-enterprise-mongos_3.6.5_amd64.deb ... Unpacking mongodb-enterprise-mongos (3.6.5) ... Selecting previously unselected package mongodb-enterprise-tools. Preparing to unpack .../mongodb-enterprise-tools_3.6.5_amd64.deb ... Unpacking mongodb-enterprise-tools (3.6.5) ... Selecting previously unselected package mongodb-enterprise. Preparing to unpack .../mongodb-enterprise_3.6.5_amd64.deb ... Unpacking mongodb-enterprise (3.6.5) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for man-db (2.7.5-1) ... Setting up libcurl3:amd64 (7.47.0-1ubuntu2.8) ... Setting up libsensors4:amd64 (1:3.4.0-2) ... Setting up libsnmp-base (5.7.3+dfsg-1ubuntu4.1) ... Setting up libsnmp30:amd64 (5.7.3+dfsg-1ubuntu4.1) ... Setting up mongodb-enterprise-shell (3.6.5) ... Setting up snmp (5.7.3+dfsg-1ubuntu4.1) ... Setting up mongodb-enterprise-server (3.6.5) ... Configuration file '/etc/mongod.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** mongod.conf (Y/I/N/O/D/Z) [default=N] ? Y Installing new version of config file /etc/mongod.conf ... Setting up mongodb-enterprise-mongos (3.6.5) ... Setting up mongodb-enterprise-tools (3.6.5) ... Setting up mongodb-enterprise (3.6.5) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... ubuntu@mongodbubuntu:~$ mongod --version db version v3.6.5 git version: a20ecd3e3a174162052ff99913bc2ca9a839d618 OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016 allocator: tcmalloc modules: enterprise build environment: distmod: ubuntu1604 distarch: x86_64 target_arch: x86_64
Refer this Official Installation Document
Modification /etc/mongod.conf
oracle@oracle:~/BM$ ssh -i bm_ssh_key [email protected] Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-127-generic x86_64) .. Last login: Sun Jun 17 14:27:38 2018 from 106.51.18.6 ubuntu@mongodb:~$ sudo vi /etc/mongod.conf # mongod.conf # for documentation of all options, see: # http://docs.mongodb.org/manual/reference/configuration-options/ # Where and how to store data. storage: dbPath: /var/lib/mongodb journal: enabled: true # engine: # mmapv1: # wiredTiger: # where to write logging data. systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log # network interfaces net: port: 27017 #bindIp: 127.0.0.1 bindIpAll: true # how the process runs processManagement: timeZoneInfo: /usr/share/zoneinfo #security: #operationProfiling: "/etc/mongod.conf" 43L, 644C 1,1 Top ubuntu@mongodb:~$ sudo service mongod stop ubuntu@mongodb:~$ sudo service mongod start ubuntu@mongodb:~$ sudo service mongod status ● mongod.service - High-performance, schema-free document-oriented database Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2018-06-17 14:56:31 UTC; 4s ago Docs: https://docs.mongodb.org/manual Main PID: 12810 (mongod) Tasks: 23 Memory: 136.3M CPU: 1.120s CGroup: /system.slice/mongod.service └─12810 /usr/bin/mongod --config /etc/mongod.conf Jun 17 14:56:31 mongodb systemd[1]: Started High-performance,
schema-free document-oriented database.
Edit Ubuntu Firewall settings
Its required to Delete REJECT all rule in the IPTABLES
ubuntu@mongodb:~$ sudo iptables --list --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere 4 ACCEPT udp -- anywhere anywhere udp spt:ntp 5 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh 6 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 BareMetalInstanceServices all -- anywhere link-local/16 Chain BareMetalInstanceServices (1 references) num target prot opt source destination 1 ACCEPT tcp -- anywhere 169.254.0.2
owner UID match root tcp dpt:iscsi-target
/* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 2 ACCEPT tcp -- anywhere 169.254.2.0/24
owner UID match root tcp dpt:iscsi-target
/* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 3 ACCEPT tcp -- anywhere 169.254.0.2
tcp dpt:http /* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 4 ACCEPT udp -- anywhere 169.254.169.254
udp dpt:domain /* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 5 ACCEPT tcp -- anywhere 169.254.169.254
tcp dpt:domain /* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 6 ACCEPT tcp -- anywhere 169.254.0.3
owner UID match root tcp dpt:http /* See the Oracle-Provided Images
section in the Oracle Bare Metal documentation for security impact
of modifying or removing this rule */ .... ubuntu@mongodb:~$ sudo iptables -D INPUT 6 ubuntu@mongodb:~$ sudo netfilter-persistent save run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save ubuntu@mongodb:~$ sudo netfilter-persistent reload run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start ubuntu@mongodb:~$ sudo iptables --list --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere 4 ACCEPT udp -- anywhere anywhere udp spt:ntp 5 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 BareMetalInstanceServices all -- anywhere link-local/16 Chain BareMetalInstanceServices (1 references) num target prot opt source destination 1 ACCEPT tcp -- anywhere 169.254.0.2
owner UID match root tcp dpt:iscsi-target
/* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 2 ACCEPT tcp -- anywhere 169.254.2.0/24
owner UID match root tcp dpt:iscsi-target /* See the
Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 3 ACCEPT tcp -- anywhere 169.254.0.2
tcp dpt:http /* See the Oracle-Provided Images section in the
Oracle Bare Metal documentation for security impact of modifying or removing this rule */ 4 ACCEPT udp -- anywhere 169.254.169.254
udp dpt:domain /* See the Oracle-Provided Images section in the
Oracle Bare Metal documentation for security impact of modifying or removing this rule */ 5 ACCEPT tcp -- anywhere 169.254.169.254
tcp dpt:domain /* See the Oracle-Provided Images section in the
Oracle Bare Metal documentation for security impact of modifying or removing this rule */ ... ubuntu@mongodb:~$
Access the Default Security List and Edit Ingress Rules to Allow Internet Traffic on Port 27017
Shutdown the VM , Edit Firewall Rules and Restart
Edit the INGRES Rule Add CIDR 0.0.0.0/0 TCP Destination 27017
Reboot and Start MongoDB
oracle@oracle:~/BM$ ssh -i bm_ssh_key [email protected] Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-127-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud 35 packages can be updated. 23 updates are security updates. Last login: Sun Jun 17 14:54:29 2018 from 106.51.18.6 ubuntu@mongodb:~$ sudo service mongod start ubuntu@mongodb:~$ sudo service mongod status ● mongod.service - High-performance, schema-free document-oriented database Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: e Active: active (running) since Sun 2018-06-17 15:09:30 UTC; 4min 31s ago Docs: https://docs.mongodb.org/manual Main PID: 1071 (mongod) Tasks: 23 Memory: 184.2M CPU: 2.047s CGroup: /system.slice/mongod.service └─1071 /usr/bin/mongod --config /etc/mongod.conf Jun 17 15:09:30 mongodb systemd[1]: Started High-performance, schema-free docume Jun 17 15:13:51 mongodb systemd[1]: Started High-performance, schema-free docume
Reality Check
there might be many ways to check this i would prefer Studio3T because of its ease of use
You can install this on Ubuntu Host OS or Windows , I am once again using Ubuntu Desktop to connect to My Ubuntu Server on OCI using Studio3T
here are connection parameters
check for public ip