Menu Title

Setup MongoDB Replica Set with 2 Nodes

What you must know about Replica Set in MongoDB?

  • Replica set in MongoDB is a group of MongoDB servers that maintain the same data set
  • Provides fault tolerance as copies of database reside on multiple servers
  • To secure communication between MongoDB servers in replica set, configure Keyfiles using openssl. Keyfiles are bare minimum security for testing and development environments, however for production purpose, use x.509 certificates

Step 1: Update /etc/hosts with IP address and Hostname information

# nano /etc/hosts

10.20.10.82 srv1.domain.com srv1

10.20.10.83 srv2.domain.com srv2

Step 2: Create Keyfile

  • Each mongod servers in the replica set uses keyfile as the shared password for authenticating other members in the deployment
  • Only mongod instances with the correct keyfile can join the replica set

1.1. Create KeyFile directory

# mkdir -p /etc/mongodb/KeyFile

-p option creates parent directory if it doesn't exist

1.2 Create Keyfile

# openssl rand -base64 756 > /etc/mongodb/KeyFile/mongodb-key

1.3 Provide read permission for keyfile (most important)

# chmod 400 /etc/mongodb/KeyFile/mongodb-key

# chown -R mongodb:mongodb /etc/mongodb/KeyFile/mongodb-key

Step 3: Copy keyfile to other mongodb server and set similar read permission

  • All servers must have the same key file and located in the same directory, with identical permissions.

Step 4: Create Admin User on Primary Member only

  • login to mongo shell

mongodb

  • Connect to admin database

use admin

Create administrator user with root privileges

db.createUser({user: "mongoadmin", pwd: "set-password", roles:[{role: "root", db: "admin"}]})

Step 4: Configure MongoDB ReplicaSet

Use your favorite editor (vi or nano) to update /etc/mongodb.conf in both nodes

In Node 1: 10.20.10.82

# network interfaces
net:
port: 27017
bindIp: 127.0.0.1, 10.20.10.82

security:
keyFile: /etc/mongodb/KeyFile/mongodb-key

replication:
replSetName: rs0

In Node 2: 10.20.10.83

# network interfaces
net:
port: 27017
bindIp: 127.0.0.1,10.20.10.83

security:
keyFile: /etc/mongodb/KeyFile/mongodb-key

replication:
replSetName: rs0

Step 5: Restart MongoDB instance on both nodes

$ sudo systemctl restart mongod

$sudo systemctl status mongod

Step 6: Connect to mongo shell on Primary member

mongo -u mongoadmin -p --authenticationDatabase admin

Step 7: Configure Replica Set

Initiate replica set

rs.initiate()

This command initiates a replica set with the current host as its only member. This is confirmed by the output, which should resemble the following:

{ "info2" : "no configuration specified. Using a default configuration for the set", "me" : "192.0.2.1:27017", "ok" : 1 }

All in One WordPress Hosting Starts at 30$ per month
All in One WordPress Hosting
WordPress
High optimized WordPress hosting, secure firewall, HTTPS, Backup, hack-fix guarantee and many others at 30$ per month

Add other member to replica set

rs.add("srv2.domain.com")

Verify configuration of replica set

rs.status()

 

Other Notes:

If you encounter these problems, then you have missed or misconfigured step 1.3

{"error":{"code":30,"codeName":"InvalidPath","errmsg":"error opening file: /etc/mongodb/KeyFile/mongodb-key: bad file"}}}

or

{"error":{"code":30,"codeName":"InvalidPath","errmsg":"permissions on /etc/mongodb/KeyFile/mongodb-key are too open"}}}

Related Post