bugcy013
6/5/2016 - 7:57 AM

init.d_mongod_master

step 1:
=========
1. we used centos5.8
2. mongo version == 3.2.10 installed via (yum)

step 2:
==========
1. let's create admin user in mongo database

use admin
var user = {
    "user" : "root",
    "pwd" : "toor",
    roles : [
	{
	    "role" : "root",
	    "db" : "admin"
	}
    ]
}

db.createUser(user);

2. let's create readonly user to read any database

use admin
var user = {
    "user" : "reporting",
    "pwd" : "abc123",
    roles : [
        {
            "role" : "readAnyDatabase",
	    "db" : "admin"
           
        }
    ]
}

db.createUser(user);
exit

3. let's create application user, we need to go the perticular database

use admin
var user = {
    "user" : "appuser",
    "pwd" : "app123",
    roles : [
        {
            "role" : "readWrite",
            "db" : "hermes"
        }
    ]
}

db.createUser(user);

4. let's verify user with roles.

db.getUsers()
[
	{
		"_id" : "hermes.appuser",
		"user" : "appuser",
		"db" : "hermes",
		"roles" : [
			{
				"role" : "readWrite",
				"db" : "hermes"
			}
		]
	}
]

step 3:
========
let's time to enable mongo authication

/etc/mongo.conf:

security:
    authorization: enabled
    
after changing config file, please restart mongod

Here after we can use user name and pass for access database.

If you enter with out user and pass, you will see these kind erros,

> show databases;
2016-06-05T08:05:22.960+0530 E QUERY    [thread1] Error: listDatabases failed:{
	"ok" : 0,
	"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
	"code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
shellHelper.show@src/mongo/shell/utils.js:760:19
shellHelper@src/mongo/shell/utils.js:650:15
@(shellhelp2):1:1
> 

$mongo admin -u root -p
MongoDB shell version: 3.2.10
Enter password: 
connecting to: admin
> 

step 4:
=========
let's time to enable mongo master/slave setup

1. If you want start mongo master use this init.d file
   https://gist.githubusercontent.com/bugcy013/0a6ed175c34a89e3d1d37bc84383f351/raw/2eea4a6365b5b7160d50ac267a29cd6657041af5/init.d_mongod_master
   
2. If you want start mongo slave use this init.d file
   https://gist.githubusercontent.com/bugcy013/0a6ed175c34a89e3d1d37bc84383f351/raw/2eea4a6365b5b7160d50ac267a29cd6657041af5/init.d_mongod_slave
   
NOTE::
In mongo master init.d file, have added DAEMON_OPTS=" --master" This is very important. otherwise mongo traet as normal mongo instance. --master option, the mongod will create a local.oplog.$main collection, which the “operation log” that queues operations that the slaves will apply to replicate operations from the master.

3. How to add master info Slave node

use local
db.sources.find()
db.sources.insert( { host: "172.16.60.79:27017"  } );

or

we can add startup commnad init.d/mongod
DAEMON_OPTS=" --slave --auth --source 172.16.60.79:27017"

4. Connecting a Slave to a Master running in auth mode. (keyfile-access-control)

cd /var/lib/mongo
openssl rand -base64 755  > dv_mongo.key
chmod 400 dv_mongo.key
chown mongod: dv_mongo.key

security:
    authorization: enabled
    keyFile: /var/lib/mongo/dv_mongo.key

NOTE :: dv_mongo.key file copy to all slave machine.


  
step 5:
=========
let's time to verify master slave sync.

How to check replication status (Master Side)
----------------------------------------------
> db.printReplicationInfo()
configured oplog size:   1965.9365234375MB
log length start to end: 13447secs (3.74hrs)
oplog first event time:  Fri Oct 21 2016 11:05:30 GMT-0400 (EDT)
oplog last event time:   Fri Oct 21 2016 14:49:37 GMT-0400 (EDT)
now:                     Fri Oct 21 2016 14:49:46 GMT-0400 (EDT)
> 

How to check replication status (Slave Side)
------------------------------------------------
> db.printReplicationInfo()
this is a slave, printing slave replication info.
source: 172.16.60.79
	syncedTo: Fri Oct 21 2016 14:49:07 GMT-0400 (EDT)
	7 secs (0 hrs) behind the freshest member (no primary available at the moment)
> 


How to re-sync to Slave, if sync not happen properly.
-----------------------------------------------------
> use admin
switched to db admin
> db.runCommand({resync: 1})
{ "info" : "triggered resync for all sources", "ok" : 1 }

let's insert some data on master side:
--------------------------------------------
use myNewDatabase
db.myCollection.insert( { x: 503 } )


verification on slave side:
---------------------------------------------
use myNewDatabase
db.myCollection.find().sort({_id:-1}).limit(10)


step 6: (very important) How to disable master/slave setup
===========================================================
1. modify /etc/init.d/mongod file comment the DAEMON_OPTS variable in line number = 16
2. then restart mongod 

step 7: (very important) How to disable authentication setup
=============================================================
1. modify the /etc/mongod.conf 

comment-out the 'security' section.

	security:
	    authorization: enabled
	    keyFile: /var/lib/mongo/dv_mongo.key
	    
2. then restart mongod 
Users & Roles
================

There are a number of predefined roles:

root - All powerful. Use with caution
userAdminAnyDatabase - Can create users and assign roles on any database. Use with caution
userAdmin - Can only create users and assign roles in a specific database
read - Read collections in a specific database.
readWrite - Read and Write to a specific database


> db.getUsers()
or
> db.system.users.find()

STEP - 1
========

Add Users Before Enabling Access Control

Create Admin User :: -

The first thing is to create an admin user, go to the mongo shell
connect to the `admin' database

The first user should be an admin user that can manage the database.

create a user and assign him the role userAdminAnyDatabase

use admin

var user = {
    "user" : "root",
    "pwd" : "toor",
    roles : [
	{
	    "role" : "userAdminAnyDatabase",
	    "db" : "admin"
	}
    ]
}

db.createUser(user);

How to check user created or not ?
-----------------------------------

db.getUsers()
[
	{
		"_id" : "admin.root",
		"user" : "root",
		"db" : "admin",
		"roles" : [
			{
				"role" : "userAdminAnyDatabase",
				"db" : "admin"
			}
		]
	}
]


STEP - 2
========
Enabling Access Control ::

in /etc/mongod.conf
                                                                                                                                                                                                    
security:
   authorization: enabled
   
after updating config file we need to restart the mongo instance.

STEP - 3
========
Here after we can use user name and pass for access database.

If you enter with out user and pass, you will see these kind erros,

> show databases;
2016-06-05T08:05:22.960+0530 E QUERY    [thread1] Error: listDatabases failed:{
	"ok" : 0,
	"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
	"code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
shellHelper.show@src/mongo/shell/utils.js:760:19
shellHelper@src/mongo/shell/utils.js:650:15
@(shellhelp2):1:1
> 

$mongo admin -u root -p
MongoDB shell version: 3.2.5
Enter password: 
connecting to: admin
>

STEP - 4
========	

let's create application User for read/Write

Before we need to create application user, we need to go the perticular database

> use hermes;

var user = {
    "user" : "appuser",
    "pwd" : "app123",
    roles : [
        {
            "role" : "readWrite",
            "db" : "hermes"
        }
    ]
}

db.createUser(user);

let's verify 

> db.getUsers()
[
	{
		"_id" : "hermes.appuser",
		"user" : "appuser",
		"db" : "hermes",
		"roles" : [
			{
				"role" : "readWrite",
				"db" : "hermes"
			}
		]
	}
]
> 

STEP - 5
========

let's create readonly user to read any database

$mongo admin -u admin -p

var user = {
    "user" : "reporting",
    "pwd" : "abc123",
    roles : [
        {
            "role" : "readAnyDatabase",
	    "db" : "admin"
           
        }
    ]
}

db.createUser(user);
exit

> db.products.insert({ "title" : "MongoDB in Action"  });
WriteResult({
	"writeError" : {
		"code" : 13,
		"errmsg" : "not authorized on hermes to execute command { insert: \"products\", documents: [ { _id: ObjectId('5753d9af680d6e283c83138f'), title: \"MongoDB in Action\" } ], ordered: true }"
	}
})
> 

If you try to insert/update/delete document you will receive an exception.

How to update the user role:
=============================
use admin

db.updateUser( "admin",
               {
                 
                 roles : [
                           { role : "root", db : "admin"  }
                         ]
                }
             )


Enforce-keyfile-access-control done on (master machine)
=======================================================
cd /var/lib/mongo
openssl rand -base64 755  > dv_mongo.key
chmod 400 dv_mongo.key
chown mongod: dv_mongo.key

security:
    authorization: enabled
    keyFile: /var/lib/mongo/dv_mongo.key

NOTE :: dv_mongo.key file copy to all slave machine.

Superuser Roles required monitor the replications status both slave and master
=========================================================================
use admin
db.createUser(
  {
    user: "admin",
    pwd: "password",
    roles: [ { role: "root", db: "admin" } ]
  }
);
exit; 
Initial Deployment
=====================

To configure a master-slave deployment, start two mongod instances: one in master mode, and the other in slave mode.

To start a mongod instance in master mode, invoke mongod as follows:

mongod --master 

or slave side

mongod --slave 


How to add master info Slave node
==========================================
> use local
switched to db local
> db.sources.find()
> 
db.sources.insert( { host: "172.16.60.79:27017"  } );


or

we can add startup commnad init.d/mongod

DAEMON_OPTS=" --slave --auth --source 172.16.60.79:27017"

How to check replication status (Master Side)
===============================================

> db.printReplicationInfo()
configured oplog size:   1965.9365234375MB
log length start to end: 13447secs (3.74hrs)
oplog first event time:  Fri Oct 21 2016 11:05:30 GMT-0400 (EDT)
oplog last event time:   Fri Oct 21 2016 14:49:37 GMT-0400 (EDT)
now:                     Fri Oct 21 2016 14:49:46 GMT-0400 (EDT)
> 

How to check replication status (Slave Side)
===============================================
> db.printReplicationInfo()
this is a slave, printing slave replication info.
source: 172.16.60.79
	syncedTo: Fri Oct 21 2016 14:49:07 GMT-0400 (EDT)
	7 secs (0 hrs) behind the freshest member (no primary available at the moment)
> 


How to re-sync ro Slave side forcefully
============================================
> use admin
switched to db admin
> db.runCommand({resync: 1})
{ "info" : "triggered resync for all sources", "ok" : 1 }



Insert some data on master side:
================================
use myNewDatabase
db.myCollection.insert( { x: 503 } )


verification on slave side:
=============================
use myNewDatabase
db.myCollection.find().sort({_id:-1}).limit(10)
#!/bin/bash

# mongod - Startup script for mongod

# chkconfig: 35 85 15
# description: Mongo is a scalable, document-oriented database.
# processname: mongod
# config: /etc/mongod.conf

. /etc/rc.d/init.d/functions

# NOTE: if you change any OPTIONS here, you get what you pay for:
# this script assumes all options are in the config file.
CONFIGFILE="/etc/mongod.conf"
OPTIONS=" -f $CONFIGFILE"
DAEMON_OPTS=" --slave"

mongod=${MONGOD-/usr/bin/mongod}

MONGO_USER=mongod
MONGO_GROUP=mongod

# All variables set before this point can be overridden by users, by
# setting them directly in the SYSCONFIG file. Use this to explicitly
# override these values, at your own risk.
SYSCONFIG="/etc/sysconfig/mongod"
if [ -f "$SYSCONFIG" ]; then
    . "$SYSCONFIG"
fi

# Handle NUMA access to CPUs (SERVER-3574)
# This verifies the existence of numactl as well as testing that the command works

NUMACTL_ARGS="--interleave=all"
if which numactl >/dev/null 2>/dev/null && numactl $NUMACTL_ARGS ls / >/dev/null 2>/dev/null
then
    NUMACTL="numactl $NUMACTL_ARGS"
else
    NUMACTL=""
fi

# things from mongod.conf get there by mongod reading it
PIDFILEPATH=`awk -F'[:=]' -v IGNORECASE=1 '/^[[:blank:]]*(processManagement\.)?pidfilepath[[:blank:]]*[:=][[:blank:]]*/{print $2}' "$CONFIGFILE" | tr -d "[:blank:]\"'" | awk -F'#' '{print $1}'`
PIDDIR=`dirname $PIDFILEPATH`

start()
{
  # Make sure the default pidfile directory exists
  if [ ! -d $PIDDIR ]; then
    install -d -m 0755 -o $MONGO_USER -g $MONGO_GROUP $PIDDIR
  fi

  # Make sure the pidfile does not exist
  if [ -f $PIDFILEPATH ]; then
      echo "Error starting mongod. $PIDFILEPATH exists."
      RETVAL=1
      return
  fi

  # Recommended ulimit values for mongod or mongos
  # See http://docs.mongodb.org/manual/reference/ulimit/#recommended-settings
  #
  ulimit -f unlimited
  ulimit -t unlimited
  ulimit -v unlimited
  ulimit -n 64000
  ulimit -m unlimited
  ulimit -u 64000

  echo -n $"Starting mongod: "
  daemon --user "$MONGO_USER" --check $mongod "$NUMACTL $mongod $DAEMON_OPTS $OPTIONS >/dev/null 2>&1"
  RETVAL=$?
  echo
  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/mongod
}

stop()
{
  echo -n $"Stopping mongod: "
  mongo_killproc "$PIDFILEPATH" $mongod
  RETVAL=$?
  echo
  [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/mongod
}

restart () {
        stop
        start
}

# Send TERM signal to process and wait up to 300 seconds for process to go away.
# If process is still alive after 300 seconds, send KILL signal.
# Built-in killproc() (found in /etc/init.d/functions) is on certain versions of Linux
# where it sleeps for the full $delay seconds if process does not respond fast enough to
# the initial TERM signal.
mongo_killproc()
{
  local pid_file=$1
  local procname=$2
  local -i delay=300
  local -i duration=10
  local pid=`pidofproc -p "${pid_file}" ${procname}`

  kill -TERM $pid >/dev/null 2>&1
  usleep 100000
  local -i x=0
  while [ $x -le $delay ] && checkpid $pid; do
    sleep $duration
    x=$(( $x + $duration))
  done

  kill -KILL $pid >/dev/null 2>&1
  usleep 100000

  checkpid $pid # returns 0 only if the process exists
  local RC=$?
  [ "$RC" -eq 0 ] && failure "${procname} shutdown" || rm -f "${pid_file}"; success "${procname} shutdown"
  RC=$((! $RC)) # invert return code so we return 0 when process is dead.
  return $RC
}

RETVAL=0

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart|reload|force-reload)
    restart
    ;;
  condrestart)
    [ -f /var/lock/subsys/mongod ] && restart || :
    ;;
  status)
    status $mongod
    RETVAL=$?
    ;;
  *)
    echo "Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
    RETVAL=1
esac

exit $RETVAL
#!/bin/bash

# mongod - Startup script for mongod

# chkconfig: 35 85 15
# description: Mongo is a scalable, document-oriented database.
# processname: mongod
# config: /etc/mongod.conf

. /etc/rc.d/init.d/functions

# NOTE: if you change any OPTIONS here, you get what you pay for:
# this script assumes all options are in the config file.
CONFIGFILE="/etc/mongod.conf"
OPTIONS=" -f $CONFIGFILE"
DAEMON_OPTS=" --master"

mongod=${MONGOD-/usr/bin/mongod}

MONGO_USER=mongod
MONGO_GROUP=mongod

# All variables set before this point can be overridden by users, by
# setting them directly in the SYSCONFIG file. Use this to explicitly
# override these values, at your own risk.
SYSCONFIG="/etc/sysconfig/mongod"
if [ -f "$SYSCONFIG" ]; then
    . "$SYSCONFIG"
fi

# Handle NUMA access to CPUs (SERVER-3574)
# This verifies the existence of numactl as well as testing that the command works

NUMACTL_ARGS="--interleave=all"
if which numactl >/dev/null 2>/dev/null && numactl $NUMACTL_ARGS ls / >/dev/null 2>/dev/null
then
    NUMACTL="numactl $NUMACTL_ARGS"
else
    NUMACTL=""
fi

# things from mongod.conf get there by mongod reading it
PIDFILEPATH=`awk -F'[:=]' -v IGNORECASE=1 '/^[[:blank:]]*(processManagement\.)?pidfilepath[[:blank:]]*[:=][[:blank:]]*/{print $2}' "$CONFIGFILE" | tr -d "[:blank:]\"'" | awk -F'#' '{print $1}'`
PIDDIR=`dirname $PIDFILEPATH`

start()
{
  # Make sure the default pidfile directory exists
  if [ ! -d $PIDDIR ]; then
    install -d -m 0755 -o $MONGO_USER -g $MONGO_GROUP $PIDDIR
  fi

  # Make sure the pidfile does not exist
  if [ -f $PIDFILEPATH ]; then
      echo "Error starting mongod. $PIDFILEPATH exists."
      RETVAL=1
      return
  fi

  # Recommended ulimit values for mongod or mongos
  # See http://docs.mongodb.org/manual/reference/ulimit/#recommended-settings
  #
  ulimit -f unlimited
  ulimit -t unlimited
  ulimit -v unlimited
  ulimit -n 64000
  ulimit -m unlimited
  ulimit -u 64000

  echo -n $"Starting mongod: "
  daemon --user "$MONGO_USER" --check $mongod "$NUMACTL $mongod $DAEMON_OPTS $OPTIONS >/dev/null 2>&1"
  RETVAL=$?
  echo
  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/mongod
}

stop()
{
  echo -n $"Stopping mongod: "
  mongo_killproc "$PIDFILEPATH" $mongod
  RETVAL=$?
  echo
  [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/mongod
}

restart () {
        stop
        start
}

# Send TERM signal to process and wait up to 300 seconds for process to go away.
# If process is still alive after 300 seconds, send KILL signal.
# Built-in killproc() (found in /etc/init.d/functions) is on certain versions of Linux
# where it sleeps for the full $delay seconds if process does not respond fast enough to
# the initial TERM signal.
mongo_killproc()
{
  local pid_file=$1
  local procname=$2
  local -i delay=300
  local -i duration=10
  local pid=`pidofproc -p "${pid_file}" ${procname}`

  kill -TERM $pid >/dev/null 2>&1
  usleep 100000
  local -i x=0
  while [ $x -le $delay ] && checkpid $pid; do
    sleep $duration
    x=$(( $x + $duration))
  done

  kill -KILL $pid >/dev/null 2>&1
  usleep 100000

  checkpid $pid # returns 0 only if the process exists
  local RC=$?
  [ "$RC" -eq 0 ] && failure "${procname} shutdown" || rm -f "${pid_file}"; success "${procname} shutdown"
  RC=$((! $RC)) # invert return code so we return 0 when process is dead.
  return $RC
}

RETVAL=0

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart|reload|force-reload)
    restart
    ;;
  condrestart)
    [ -f /var/lock/subsys/mongod ] && restart || :
    ;;
  status)
    status $mongod
    RETVAL=$?
    ;;
  *)
    echo "Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
    RETVAL=1
esac

exit $RETVAL