Setting up Digital Ocean Droplet with MongoDb v. 3.4
MongoDb 3.4 on Xenial (Digital Ocean Droplet)
In my spare time I have been developing an application with a free MongoDb instance at MLab. After getting some more Linux skills in my repetoire I decided I would go for installing on a $5/mo Digital Ocean Droplet. My goal is to spin up the vps, install Mongo and get a simple script in place to backup the db once per day and ship the backup to a remote location.
First Decisions
My first thought was to install the One Click feature on the Create New Droplet page, however Digital Ocean was offering 3.2 at the time and I wanted to get out in front as far as possible with 3.4. That made me decide to install a new plain new vps on Xenial (Ubuntu 16.04.1 x32). I chose the 32 bit version because of my small vps (512 MP/ 1CPU; 20 GB ssd) and a 64 bit version would require more processing power.
But...guess what...I was wrong! Mongo required x64 version of Linux. So I destroyed my droplet and started over with the same specifications as above but selected the x64 Xenial version.
Following the interactive setup on the Digital Ocean site was very easy and took about 2 minutes. The only thing to note was creating the ssh key...just do the following:
ssh-keygen -t rsa
# and then copy the output of:
cat ~/.ssh/id_rsa.pub
Add the cat'ed ssh key to the set up page back on Digital Ocean. After the vps is installed you can ssh to your machine:
ssh root@your_ip_address
Installing MongoDb
I followed the instructions here and below are the commands I used.
First get the key for apt-get
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
Add the key to the sources.list
echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
Update apt-get
sudo apt-get update
Install mongo
sudo apt-get install -y mongodb-org
Start the daemon service
sudo service mongod start
Add root user for mongo and setup security for remote access
Now that mongo is installed on our vps, we need to allow our application that is hosted elsewhere access to the database(s). We will modify the default mongo config and add an admin user as well as a database specific user.
Setting Up Root User
First we will set up a root superuser before we lock down the server. This user will have access to all databases with all privileges. We will create the user on the admin database and when logging in will authenticate against this database.
Log into mongo:
mongo
Run the following commands in the mongo shell:
use admin
db.createUser(
{
user: "root",
pwd: "password",
roles: [ "root" ]
})
Setting up security
Got help here for modifying the mongo config.
sudo vim /etc/mongod.conf
We will remove the bindIp from the config to allow access from other IP addresses. However, when you do this be sure to add the security in the next step.
# network interfaces
net:
port: 27017
# bindIp: 127.0.0.1 <- comment out this line
Now enable security by uncommenting the security line and adding the authorization enabled line.
security:
authorization: 'enabled'
Save the changes to the config.
Let's Test
First lets restart the mongo service:
sudo service mongod restart
Now try logging in to the mongo client
mongo admin -u root -p
This command says login to the admin database with the username of root and prompt me for a password.
Assuming success let's add a new database and a user with much less privileges:
use testDatabase;
db.createUser({user: "dbUsername", pwd: "password", roles: [{role: "readWrite", db: "testDatabase"}]})
Logout of mongo and re-login as the newly created user using the password you just created:
mongo testDatabase -u dbUsername -p
Setting up Backup Script
Create the Backup
mongodump -d databaseName -o outputDir
Restore a Backup
mongorestore pathToBackup
Script to Automate Backups
Here is my thought...let's automate the create backup script by executing a cron job once per day. In this script we can have it keep the last three days of backups. Here it is:
vim backupMongo
Add these commands to the script:
#!/usr/bin/env bash
cp -rf ~/backups/ninjaAPIBackup-1/* ~/backups/ninjaAPIBackup-2
cp -rf ~/backups/ninjaAPIBackup/* ~/backups/ninjaAPIBackup-1
rm -rf ~/backups/ninjaAPIBackup
mongodump -d ninjaAPI -o ~/backups/ninjaAPIBackup -u username -p password
We need to make the script executable:
chmod +x backupMongo
And let's symlink the file into cron.daily
ln backupMongo /etc/cron.daily/