Last year I shared a series of posts walking through how to set up and monitor MongoDB with Aria Operations. For reference, here are those articles:<\/p>\n\n\n\n
When I originally created those posts, Mongo DB had not yet added support for Ubuntu 24.04, so I used Ubuntu 20.04, as I had a template for that distribution. Recently I noticed these older Ubuntu 20.04 VMs, as Ubuntu 20.04 reached end of standard support earlier in the year. This post will review the updated setup steps to deploy a Mongo DB Replica Set on Ubuntu 24.04.<\/p>\n\n\n\n
The Mongo DB documentation is very well written. I followed their steps from https:\/\/www.mongodb.com\/docs\/manual\/tutorial\/install-mongodb-enterprise-on-ubuntu\/#std-label-install-mdb-enterprise-ubuntu<\/a>. I’ll include a short code block below with the specific steps:<\/p>\n\n\n\n After running the above commands, my systems were all running a default MongoDB service and that service was set to run automatically at boot. <\/p>\n\n\n\n I confirmed that I could connect to the instance by running After getting a successful response that my new user account was created, I exited the mongo shell by typing Back at the command line, I created a directory to store a With this file created & properly permissioned, we’ll update our mongo configuration file to specify the path to the In the In the After updating the After the service restarted, I launched Next I initiated the replica set using the following syntax:<\/p>\n\n\n\n This took a few seconds, but then returned the message I then created a custom role to be used by monitoring tools, like Aria Operations. <\/p>\n\n\n\n I also created a role to use for management. I could have done this with a single command by providing both roles when creating the role, but wanted to show an example of modifying an existing role as well.<\/p>\n\n\n\n Similar to the previous series of posts, I loaded some sample data into this replica set using the following syntax:<\/p>\n\n\n\n Since we have LDAP authentication configured, we can also login to the mongo shell as an LDAP user. The following syntax is an example of how to do so:<\/p>\n\n\n\n In this case we specify that we want to use an external authentication database (LDAP) and the mechanism as ‘PLAIN’, which we previously enabled as an option when configuring the replica set & LDAP authentication.<\/p>\n\n\n\n When demoing the Operations management pack, it is often helpful to interact \/ show the databases. Workflows such as creating, deleting, renaming a database can be helpful. Doing these demos is often more interesting from a GUI instead of a command line. I recently found mongo-express<\/a>, a web-based, graphical interface to manage Mongo DB databases. I ran this as a container as a test using the following sytax:<\/p>\n\n\n\n This connects to the Mongo DB service using our local dbadmin. The console shows us that we can use With Ubuntu 20.04 out of standard support, refreshing to 24.04 was a necessary step, even in a lab. Getting current by rebuilding this replica set configuration was rather straightforward. Monitoring is continuing to work with the same Aria Operations management pack previously used, with only creating a new data source and reusing the previous credential object. <\/p>\n","protected":false},"excerpt":{"rendered":" Last year I shared a series of posts walking through how to set up and monitor MongoDB with Aria Operations. For reference, here are those articles: When I originally created those posts, Mongo DB had not yet added support for … Continue reading sudo apt-get install gnupg curl\ncurl -fsSL https:\/\/pgp.mongodb.com\/server-8.0.asc | \\\n sudo gpg -o \/usr\/share\/keyrings\/mongodb-server-8.0.gpg \\\n --dearmor\n\necho \"deb [ arch=amd64,arm64 signed-by=\/usr\/share\/keyrings\/mongodb-server-8.0.gpg ] https:\/\/repo.mongodb.com\/apt\/ubuntu noble\/mongodb-enterprise\/8.0 multiverse\" | sudo tee \/etc\/apt\/sources.list.d\/mongodb-enterprise-8.0.list\n\nsudo apt-get update\nsudo apt-get install mongodb-enterprise\n\nsudo systemctl start mongod\nsudo systemctl status mongod\nsudo systemctl enable mongod<\/code><\/pre>\n\n\n\nmongosh<\/code> at the console. This allowed me to connect automatically without specifying a password. While in the mongosh<\/code> console, I created a dbadmin<\/code> user account with the root<\/code> role.<\/p>\n\n\n\nvar admin = db.getSiblingDB(\"admin\")\nadmin.createUser(\n {\n user: \"dbadmin\", \n pwd: \"VMware1!\", \n roles:[\"root\"]\n })<\/code><\/pre>\n\n\n\nexit<\/code>. <\/p>\n\n\n\nConfiguring MongoDB for Replica Set and LDAP authentication<\/h2>\n\n\n\n
security.key<\/code> file to be used for each node in the replica set. I’ve included the details of these commands below:<\/p>\n\n\n\ncd \/opt\nsudo mkdir mongodb\nsudo chown mongodb:mongodb \/opt\/mongodb\n\necho '88157a33a9dc499ea6b05c504daa36f8v2' | sudo tee \/opt\/mongodb\/security.key\nsudo chmod 400 \/opt\/mongodb\/security.key\nsudo chown mongodb:mongodb \/opt\/mongodb\/security.key<\/code><\/pre>\n\n\n\nsecurity<\/code>.key<\/code> file. While we are in the file, we’ll add some additional settings for LDAP auth, as well as define the replica set name. We do this with vi \/etc\/mongod.conf<\/code> and then make the following edits:<\/p>\n\n\n\nsecurity<\/code> section, we add:<\/p>\n\n\n\n authorization: enabled\n keyFile: \/opt\/mongodb\/security.key\n ldap:\n servers: \"core-control-21.lab.enterpriseadmins.org:389\"\n bind:\n queryUser: \"CN=svc-ldapbind,OU=LAB Service Accounts,DC=lab,DC=enterpriseadmins,DC=org\"\n queryPassword: \"VMware1!\"\n transportSecurity: \"none\"\n authz:\n queryTemplate: \"{USER}?memberOf?base\"\n validateLDAPServerConfig: true\nsetParameter:\n authenticationMechanisms: \"PLAIN,SCRAM-SHA-1,SCRAM-SHA-256\"<\/code><\/pre>\n\n\n\nreplication<\/code> section we add:<\/p>\n\n\n\n replSetName: svcs-rs-11<\/code><\/pre>\n\n\n\n\/etc\/mongod.conf<\/code> file on each host in my three node cluster, I restarted the service with the command sudo systemctl restart mongod<\/code><\/p>\n\n\n\nmongosh<\/code> again. Now that authentication has been enabled, I set my database and then login using the following commnds:<\/p>\n\n\n\nuse admin\ndb.auth({ user: 'dbadmin', pwd: 'VMware1!', mechanism: 'SCRAM-SHA-256' })<\/code><\/pre>\n\n\n\nrs.initiate( {\n _id : \"svcs-rs-11\",\n members: [\n { _id: 0, host: \"svcs-mongo-11.lab.enterpriseadmins.org:27017\" },\n { _id: 1, host: \"svcs-mongo-12.lab.enterpriseadmins.org:27017\" },\n { _id: 2, host: \"svcs-mongo-13.lab.enterpriseadmins.org:27017\" }\n ]\n})<\/code><\/pre>\n\n\n\n{ ok: 1 }<\/code>. I double checked everything was running as expected by checking status rs.status()<\/code> which returned details of the replica set, showing member nodes and which were primary vs secondary.<\/p>\n\n\n\nCreating custom role for monitoring and administration<\/h2>\n\n\n\n
var admin = db.getSiblingDB('admin')\nadmin.createRole(\n {\n role: \"CN=LAB MongoDB Ent Monitoring,OU=LAB Service Accounts,DC=lab,DC=enterpriseadmins,DC=org\",\n roles: [ { role: \"clusterMonitor\", db: \"admin\" } ],\n privileges: []\n }\n)<\/code><\/pre>\n\n\n\nvar admin = db.getSiblingDB('admin')\nadmin.createRole(\n {\n role: \"CN=LAB MongoDB Ent Admins,OU=LAB Service Accounts,DC=lab,DC=enterpriseadmins,DC=org\",\n roles: [ \"dbAdminAnyDatabase\", \"clusterAdmin\" ],\n privileges: []\n }\n)\n\ndb.grantRolesToRole(\"CN=LAB MongoDB Ent Admins,OU=LAB Service Accounts,DC=lab,DC=enterpriseadmins,DC=org\", [ { role: \"root\", db: \"admin\" } ] )<\/code><\/pre>\n\n\n\nLoading sample data<\/h2>\n\n\n\n
curl https:\/\/atlas-education.s3.amazonaws.com\/sampledata.archive -o sampledata.archive\nmongorestore --archive=sampledata.archive -u dbadmin -p 'VMware1!'<\/code><\/pre>\n\n\n\nUsing
mongosh<\/code> as an LDAP user<\/h2>\n\n\n\nmongosh --username \"CN=svc-mgdbeadm,OU=LAB Service Accounts,DC=lab,DC=enterpriseadmins,DC=org\" --password 'VMware1!' --authenticationDatabase='$external' --authenticationMechanism=\"PLAIN\"<\/code><\/pre>\n\n\n\nManaging databases with a graphical user interface<\/h2>\n\n\n\n
sudo docker run -p 8081:8081 -e ME_CONFIG_MONGODB_URL='mongodb:\/\/dbadmin:VMware1!@svcs-mongo-11.lab.enterpriseadmins.org,svcs-mongo-12.lab.enterpriseadmins.org,svcs-mongo-13.lab.enterpriseadmins.org\/admin?replicaSet=svcs-rs-11' mongo-express<\/code><\/pre>\n\n\n\nhttp:\/\/0.0.0.0:8081<\/code> to connect to the web interface with the username admin<\/code> and password of pass<\/code>. From this web interface we can see \/ edit \/ delete our databases during our demos. I’ve since wrapped this up in a docker compose file and exposed it with a reverse proxy to apply an SSL certificate. <\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n