Choose the region where you want to locate your infrastructure
Create VPC
Setup Postgres RDS
* Then you will need to provide the DB credential for our team.
NextSetup MongoDB on the EC2 instance
* Save pem key in your secure vault.
Setup bastion instance for access to DBS
Setup MongoDB
Connect to bastion
ssh -i my-project.pem ubuntu@3.82.141.206
Copy my-project.pem on the bastion
Connect to mongo instance
ssh -i my-project.pem ubuntu@172.18.41.49
Configure data disk:
sudo -i
mkfs.xfs /dev/xvdb
mkdir /var/lib/mongodb
disk=`blkid | grep xvdb | awk ‘{print $2}’`
echo “$disk /var/lib/mongodb xfs nodev,nosuid,noatime 0 2” >> /etc/fstab
mount -a
chown mongodb:mongodb /var/lib/mongodb| sudo -i | |
| mkfs.xfs /dev/xvdb | |
| mkdir /var/lib/mongodb | |
| disk=`blkid | grep xvdb | awk ‘{print $2}’` | |
| echo “$disk /var/lib/mongodb xfs nodev,nosuid,noatime 0 2” >> /etc/fstab | |
| mount -a | |
| chown mongodb:mongodb /var/lib/mongodb |
Setup mongodb:
apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common wget -qO – https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add – echo “deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list apt update apt install -y mongodb-org systemctl enable mongod systemctl restart mongod
| apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common | |
| wget -qO –<a href="https://www.mongodb.org/static/pgp/server-5.0.asc" rel="nofollow" target="_blank"> https://www.mongodb.org/static/pgp/server-5.0.asc</a> | sudo apt-key add – | |
| echo “deb [ arch=amd64,arm64 ]<a href="https://repo.mongodb.org/apt/ubuntu" rel="nofollow" target="_blank"> https://repo.mongodb.org/apt/ubuntu</a> focal/mongodb-org/5.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list | |
| apt update | |
| apt install -y mongodb-org | |
| systemctl enable mongod | |
| systemctl restart mongod |
Configure mongo: login to mongo:
[copy_code title="Configure data disk:"]mongo
| [copy_code title="Configure data disk:"]mongo |
use admin
db.createUser({ user: “USER” , pwd: “PASSWORD”, roles: [“userAdminAnyDatabase”, “dbAdminAnyDatabase”, “readWriteAnyDatabase”]})
var role = {
role: “mongostatRole”,
privileges: [
{ resource: { cluster: true }, actions: [ “serverStatus” ] }
],
roles: []
}
var auser = {
“user” : ‘admin’,
“pwd” : ‘ADMIN_PASSWORD’,
roles : [
{
“role” : “userAdmin”,
“db” : “admin”
},
{
“role” : “mongostatRole”,
“db” : “admin”
}
]
}
use admin
db.createRole(role);
db.createUser(auser);
exit| use admin | |
| db.createUser({ user: “USER” , pwd: “PASSWORD”, roles: [“userAdminAnyDatabase”, “dbAdminAnyDatabase”, “readWriteAnyDatabase”]}) | |
| var role = { | |
| role: “mongostatRole”, | |
| privileges: [ | |
| { resource: { cluster: true }, actions: [ “serverStatus” ] } | |
| ], | |
| roles: [] | |
| } | |
| var auser = { | |
| “user” : ‘admin’, | |
| “pwd” : ‘ADMIN_PASSWORD’, | |
| roles : [ | |
| { | |
| “role” : “userAdmin”, | |
| “db” : “admin” | |
| }, | |
| { | |
| “role” : “mongostatRole”, | |
| “db” : “admin” | |
| } | |
| ] | |
| } | |
| use admin | |
| db.createRole(role); | |
| db.createUser(auser); | |
| exit |
Configure mongo: Create mongodb.pem from your wildcard SSL certificate and key:
cat cert.crt cert.key > mongodb.pem
| cat cert.crt cert.key > mongodb.pem |
Create ca.pem from your wildcard SSL certificate and SSL certificate chain:
cat cert.crt cert_chain.pam > ca.pem
| cat cert.crt cert_chain.pam > ca.pem |
Create folder /admin on the server and copy mongodb.pem and ca.pem on it.
Modify /etc/mongod.conf:
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
net:
port: 27017
bindIp: 0.0.0.0
ssl:
mode: requireSSL
PEMKeyFile: /admin/mongodb.pem
CAFile: /admin/ca.pem
disabledProtocols: “TLS1_1,TLS1_2”
allowConnectionsWithoutCertificates: true
security:
authorization: ‘enabled’| storage: | |
| dbPath: /var/lib/mongodb | |
| journal: | |
| enabled: true | |
| systemLog: | |
| destination: file | |
| logAppend: true | |
| path: /var/log/mongodb/mongod.log | |
| net: | |
| port: 27017 | |
| bindIp: 0.0.0.0 | |
| ssl: | |
| mode: requireSSL | |
| PEMKeyFile: /admin/mongodb.pem | |
| CAFile: /admin/ca.pem | |
| disabledProtocols: “TLS1_1,TLS1_2” | |
| allowConnectionsWithoutCertificates: true | |
| security: | |
| authorization: ‘enabled’ |
Add mongo host to hosts:
echo “127.0.0.1 mongo.your.domain” >> /etc/hosts
| echo “127.0.0.1 mongo.your.domain” >> /etc/hosts |
Restart mongo:
systemctl restart mongod
| systemctl restart mongod |
Check connections:
mongo –ssl –sslAllowInvalidCertificates –host mongo.your.domain –username admin –password ADMIN_PASSWORD –authenticationDatabase admin
| mongo –ssl –sslAllowInvalidCertificates –host mongo.your.domain –username admin –password ADMIN_PASSWORD –authenticationDatabase admin |
*You also need to setup any mongodb backups that are suitable for you.
NextNext setup continue on our side. You need to provide for our team next data:
AWS region
VPC ID and Owner ID
Postgres DB connections parameters host, port, user, dbname, password
Mondo DB connections parameters host IP, port, user, password
Your SSL wildcard certificate, chain and key.
You will need to accept peering connections when we was setup the infrastructure on our side.
