Replica set configuration on ‘n’ node Replica:
We generally have 3 nodes replica set with 1 Primary and 2 secondaries.
Below are the steps we will need to perform to configure replica set in our environment.
1. We will receive server with required configuration with CloudOps. They will be using standard configurations in for replica set Standard MongoDB installation on EC2.
Perform below steps one by one on each nodes :
(a) Create data directory for mongo :
1 | sudo mkdir -p /mongo/data/data |
sudo chown -R mongod:mongod /mongo/data/data (NOTE : For permissions to directories take reference from any already present replica cluster)
(b) Create log directory :
1 2 3 | sudo mkdir -p /mongo/log sudo chown -R mongod:mongod /mongo/log |
(c) Create directory to keep key file (used to authenticate servers to each other)
1 2 3 4 5 | sudo mkdir -p /mongo/key sudo chown -R mongod:mongod /mongo/key cd /mongo/key |
- Run below command to generate key :
1 | sudo openssl rand -base74 741 > mykey {or use this command: "tr -dc A-Za-z0-9 </dev/urandom | head -c 1024 > mykey" } |
Copy the key generated on first server to rest of the servers. It should be same on each server.
NOTE : Set the permission of these files to 600 so that only the owner of the file can read or write this file to prevent other users on the system form accessing the shared secret by running below command
1 | sudo chmod 600 mykey |
2. Edit the Mongo configuration file (/etc/mongod.conf)
1 | vi /etc/mongod.conf |
(Take reference of any already present replica cluster. Make sure to keep path of data directory, log and keyfile same as we created in above steps)
NOTE : Some variables varies with mongo version like bind_ip_all . Make sure to use them correctly.
Required variables in mongodb conf file are as below. All the nodes in replica set will need to start with below configuration along with rest standard configuration
1 2 3 | oplogSize = 10240 {example size} replSet = PnewsReplSet (example Name) |
3. Start Mongo service on each node after making changes in MongoDB configuration file (/etc/mongod.conf)
1 | $ sudo /etc/init.d/mongod start |
4. Make sure MongoDB service port (Default 27017) security rule is added to connect all nodes in replica set. They should be able to connect with each other. We can check by using below command
1 2 3 | $ nc -z -w 5 <private ip of host> 27017 $ nc -z -w 5 ip-10-107-2-121 27017 (Example) |
5. After completing above steps on each node, perform below steps on any of the node first which we need to make our Primary.
(a) Login to mongo shell using “mongo” command and then perform steps given below.
1 2 3 4 5 6 7 | > rs.initiate() --> It will initiate replica set and this server will act as Primary PnewsReplSet> rs.add("server2:host") --> Add another node as secondary PnewsReplSet> rs.add("server3:host") --> Add one more node as Secondary PnewsReplSet> rs.addArb("server3:host") --> If you need to add node as Arbiter |
Now run below command to check replica set configuration and status.
1 2 3 | > rs.conf() --> It will show information about each nodes > rs.status() --> It will display information about primary, secondary and arbiter (if present) nodes. |
(b) Now create admin user by logging into primary server (check in rs.status())
Connect to mongo shell.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | > use admin > db.getSiblingDB("admin").createUser( { "user" : "admin", "pwd" : "<password>", roles: [ { "role" : "root", "db" : "admin" } ] } ) |
Confirm it using :
1 2 3 | > use admin > db.getUsers() |
NOTE : Create Admin user — need not to be repeated on the remaining servers, as it is already replicated to the other nodes (Secondary’s and arbiter)
6. Now login to secondary servers and perform below steps :
1 | > rs.printSlaveReplicationInfo() ---> It will show that secondary is in sync with primary |
NOTE : In case of arbiter, no need to perform above step. The arbiter does not contain any data therefore you or the application won’t need to authenticate if you connect directly.
When your application is connecting to a replica set it will detect if a node is an arbiter and don’t attempt to connect to it.
Hello! Thansk for the article.
What is the meaning of 741? When using openssl:
openssl rand -base64 741