setting up MongoDB Enterprise version Instance on Oracle Cloud Infrastructure Baremetal

Author

Blog Madhusudhan Rao

Special Thanks for Input by Mridula Mayodeo Head of Technology from Dressire on MongoDB.Conf Network Configurations

Goal

The Aim of this Blog is to setup MongoDB Enterprise Edition Instance on OCI Oracle cloud infrastructure Bare metal ,The Blog starts with generating SSH keys, Creating Virtual Cloud Network, Attaching an Instance to VCN Subnet, Installing MongoDB, Opening Firewall, Configuration of mongodb file, Setting up Security Rules on OCI, Finally Testing the access from outside the internet

if you are looking at easier alternative you can use OCI classic as well , please refer this blog

Generate SSH Keys

 
D:\BM>ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/madhurao/.ssh/id_rsa): bm_ssh_key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in bm_ssh_key.
Your public key has been saved in bm_ssh_key.pub.
The key fingerprint is:
SHA256:B1eLdzuhzjm69ymRCx7f8+5oQZGU/DtMUunc+3k4N5c madhurao@MADHURAO-IN
The key's randomart image is:
+---[RSA 2048]----+
|            .o.o.|
|           o .=o |
|        . o o *o.|
|         o . +.*o|
|        S . .o* o|
|         .ooo..* |
|         . +=+ o=|
|          ..=.*E=|
|          oo ++BB|
+----[SHA256]-----+

D:\BM>ls
bm_ssh_key  bm_ssh_key.pub

Create VNC and Ubuntu 16.04 Virtual Machine image

this should be easiest one login to OCI , create a new compartment or use already existing compartment , create VNC with default options

create Ubuntu 16.04 Virtual Machine using the created VNC

SSH to OCI Ubuntu Instance

oracle@oracle:~/BM$ chmod 700 bm_ssh_key
oracle@oracle:~/BM$ ssh -i bm_ssh_key ubuntu@129.213.59.52
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-127-generic x86_64)
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

Install MongoDB on Ubuntu

Refer this Official Installation Document

ubuntu@mongodbubuntu:~$ mongod --version
-bash: /usr/bin/mongod: No such file or directory
ubuntu@mongodbubuntu:~$ sudo apt-key adv --keyserver 
hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5 Executing: /tmp/tmp.lrLDWwUQQu/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5 gpg: requesting key 91FA4AD5 from hkp server keyserver.ubuntu.com gpg: key 91FA4AD5: "MongoDB 3.6 Release Signing Key <packaging@mongodb.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 ubuntu@mongodbubuntu:~$ echo "deb [ arch=amd64,arm64,ppc64el,s390x ]
http://repo.mongodb.com/apt/ubuntu xenial/mongodb-enterprise/3.6 multiverse"
| sudo tee /etc/apt/sources.list.d/mongodb-enterprise.list deb [ arch=amd64,arm64,ppc64el,s390x ]
http://repo.mongodb.com/apt/ubuntu xenial/mongodb-enterprise/3.6 multiverse
ubuntu@mongodbubuntu:~$ sudo apt-get update Hit:1 http://iad-ad-3.clouds.archive.ubuntu.com/ubuntu xenial InRelease Get:2 http://iad-ad-3.clouds.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB] Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB] Get:4 http://iad-ad-3.clouds.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB] Ign:5 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 InRelease Hit:6 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release Ign:8 http://repo.mongodb.com/apt/ubuntu xenial/mongodb-enterprise/3.6 InRelease Ign:9 https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 InRelease Hit:10 https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 Release ... Fetched 350 kB in 1s (180 kB/s) Reading package lists... Done ubuntu@mongodbubuntu:~$ sudo apt-get install -y mongodb-enterprise Reading package lists... Done Building dependency tree Reading state information... Done .... Selecting previously unselected package libcurl3:amd64. (Reading database ... 60823 files and directories currently installed.) Preparing to unpack .../libcurl3_7.47.0-1ubuntu2.8_amd64.deb ... Unpacking libcurl3:amd64 (7.47.0-1ubuntu2.8) ... Selecting previously unselected package libsensors4:amd64. Preparing to unpack .../libsensors4_1%3a3.4.0-2_amd64.deb ... Unpacking libsensors4:amd64 (1:3.4.0-2) ... Selecting previously unselected package libsnmp-base. Preparing to unpack .../libsnmp-base_5.7.3+dfsg-1ubuntu4.1_all.deb ... Unpacking libsnmp-base (5.7.3+dfsg-1ubuntu4.1) ... Selecting previously unselected package libsnmp30:amd64. Preparing to unpack .../libsnmp30_5.7.3+dfsg-1ubuntu4.1_amd64.deb ... Unpacking libsnmp30:amd64 (5.7.3+dfsg-1ubuntu4.1) ... Selecting previously unselected package mongodb-enterprise-shell. Preparing to unpack .../mongodb-enterprise-shell_3.6.5_amd64.deb ... Unpacking mongodb-enterprise-shell (3.6.5) ... Selecting previously unselected package snmp. Preparing to unpack .../snmp_5.7.3+dfsg-1ubuntu4.1_amd64.deb ... Unpacking snmp (5.7.3+dfsg-1ubuntu4.1) ... Selecting previously unselected package mongodb-enterprise-server. Preparing to unpack .../mongodb-enterprise-server_3.6.5_amd64.deb ... Unpacking mongodb-enterprise-server (3.6.5) ... Selecting previously unselected package mongodb-enterprise-mongos. Preparing to unpack .../mongodb-enterprise-mongos_3.6.5_amd64.deb ... Unpacking mongodb-enterprise-mongos (3.6.5) ... Selecting previously unselected package mongodb-enterprise-tools. Preparing to unpack .../mongodb-enterprise-tools_3.6.5_amd64.deb ... Unpacking mongodb-enterprise-tools (3.6.5) ... Selecting previously unselected package mongodb-enterprise. Preparing to unpack .../mongodb-enterprise_3.6.5_amd64.deb ... Unpacking mongodb-enterprise (3.6.5) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for man-db (2.7.5-1) ... Setting up libcurl3:amd64 (7.47.0-1ubuntu2.8) ... Setting up libsensors4:amd64 (1:3.4.0-2) ... Setting up libsnmp-base (5.7.3+dfsg-1ubuntu4.1) ... Setting up libsnmp30:amd64 (5.7.3+dfsg-1ubuntu4.1) ... Setting up mongodb-enterprise-shell (3.6.5) ... Setting up snmp (5.7.3+dfsg-1ubuntu4.1) ... Setting up mongodb-enterprise-server (3.6.5) ... Configuration file '/etc/mongod.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** mongod.conf (Y/I/N/O/D/Z) [default=N] ? Y Installing new version of config file /etc/mongod.conf ... Setting up mongodb-enterprise-mongos (3.6.5) ... Setting up mongodb-enterprise-tools (3.6.5) ... Setting up mongodb-enterprise (3.6.5) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... ubuntu@mongodbubuntu:~$ mongod --version db version v3.6.5 git version: a20ecd3e3a174162052ff99913bc2ca9a839d618 OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016 allocator: tcmalloc modules: enterprise build environment: distmod: ubuntu1604 distarch: x86_64 target_arch: x86_64

Refer this Official Installation Document

Modification /etc/mongod.conf

oracle@oracle:~/BM$ ssh -i bm_ssh_key ubuntu@129.213.139.42
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-127-generic x86_64)

..  

Last login: Sun Jun 17 14:27:38 2018 from 106.51.18.6
ubuntu@mongodb:~$ sudo vi /etc/mongod.conf

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# network interfaces
net:
  port: 27017
  #bindIp: 127.0.0.1
  bindIpAll: true

# how the process runs
processManagement:
  timeZoneInfo: /usr/share/zoneinfo

#security:

#operationProfiling:
"/etc/mongod.conf" 43L, 644C                                                                                                  1,1           Top

ubuntu@mongodb:~$ sudo service mongod stop
ubuntu@mongodb:~$ sudo service mongod start
ubuntu@mongodb:~$ sudo service mongod status
● mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-06-17 14:56:31 UTC; 4s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 12810 (mongod)
    Tasks: 23
   Memory: 136.3M
      CPU: 1.120s
   CGroup: /system.slice/mongod.service
           └─12810 /usr/bin/mongod --config /etc/mongod.conf

Jun 17 14:56:31 mongodb systemd[1]: Started High-performance, 
schema-free document-oriented database.

Edit Ubuntu Firewall settings

Its required to Delete REJECT all rule in the IPTABLES

ubuntu@mongodb:~$ sudo iptables --list --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
2    ACCEPT     icmp --  anywhere             anywhere            
3    ACCEPT     all  --  anywhere             anywhere            
4    ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
5    ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
6    REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    BareMetalInstanceServices  all  --  anywhere             link-local/16       

Chain BareMetalInstanceServices (1 references)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  anywhere             169.254.0.2          
owner UID match root tcp dpt:iscsi-target
/* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 2 ACCEPT tcp -- anywhere 169.254.2.0/24
owner UID match root tcp dpt:iscsi-target
/* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 3 ACCEPT tcp -- anywhere 169.254.0.2
tcp dpt:http /* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 4 ACCEPT udp -- anywhere 169.254.169.254
udp dpt:domain /* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 5 ACCEPT tcp -- anywhere 169.254.169.254
tcp dpt:domain /* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 6 ACCEPT tcp -- anywhere 169.254.0.3
owner UID match root tcp dpt:http /* See the Oracle-Provided Images
section in the Oracle Bare Metal documentation for security impact
of modifying or removing this rule */ .... ubuntu@mongodb:~$ sudo iptables -D INPUT 6 ubuntu@mongodb:~$ sudo netfilter-persistent save run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save ubuntu@mongodb:~$ sudo netfilter-persistent reload run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start ubuntu@mongodb:~$ sudo iptables --list --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere 4 ACCEPT udp -- anywhere anywhere udp spt:ntp 5 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 BareMetalInstanceServices all -- anywhere link-local/16 Chain BareMetalInstanceServices (1 references) num target prot opt source destination 1 ACCEPT tcp -- anywhere 169.254.0.2
owner UID match root tcp dpt:iscsi-target
/* See the Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 2 ACCEPT tcp -- anywhere 169.254.2.0/24
owner UID match root tcp dpt:iscsi-target /* See the
Oracle-Provided Images section in the Oracle
Bare Metal documentation for security impact of modifying or removing this rule */ 3 ACCEPT tcp -- anywhere 169.254.0.2
tcp dpt:http /* See the Oracle-Provided Images section in the
Oracle Bare Metal documentation for security impact of modifying or removing this rule */ 4 ACCEPT udp -- anywhere 169.254.169.254
udp dpt:domain /* See the Oracle-Provided Images section in the
Oracle Bare Metal documentation for security impact of modifying or removing this rule */ 5 ACCEPT tcp -- anywhere 169.254.169.254
tcp dpt:domain /* See the Oracle-Provided Images section in the
Oracle Bare Metal documentation for security impact of modifying or removing this rule */ ... ubuntu@mongodb:~$

Access the Default Security List and Edit Ingress Rules to Allow Internet Traffic on Port 27017

Shutdown the VM , Edit Firewall Rules and Restart

Edit the INGRES Rule Add CIDR 0.0.0.0/0 TCP Destination 27017

 

Reboot and Start MongoDB

oracle@oracle:~/BM$ ssh -i bm_ssh_key ubuntu@129.213.139.42
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-127-generic x86_64)
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

35 packages can be updated.
23 updates are security updates.
Last login: Sun Jun 17 14:54:29 2018 from 106.51.18.6
ubuntu@mongodb:~$ sudo service mongod start
ubuntu@mongodb:~$ sudo service mongod status
● mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: e
   Active: active (running) since Sun 2018-06-17 15:09:30 UTC; 4min 31s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 1071 (mongod)
    Tasks: 23
   Memory: 184.2M
      CPU: 2.047s
   CGroup: /system.slice/mongod.service
           └─1071 /usr/bin/mongod --config /etc/mongod.conf

Jun 17 15:09:30 mongodb systemd[1]: Started High-performance, schema-free docume
Jun 17 15:13:51 mongodb systemd[1]: Started High-performance, schema-free docume

Reality Check

there might be many ways to check this i would prefer Studio3T because of its ease of use

You can install this on Ubuntu Host OS or Windows , I am once again using Ubuntu Desktop to connect to My Ubuntu Server on OCI using Studio3T

here are connection parameters

check for public ip