Previously, I used VirtualBox for simulation purposes, but encountered an issue with MongoDB starting from version 4.0 onwards. The error appeared as follows when starting the MongoDB service:
Process: 1170 ExecStart=/usr/bin/mongod $OPTIONS (code=dumped, signal=ILL)
Upon investigation, I found that this issue was related to a CPU feature called Advanced Vector Extensions (AVX), which I couldn’t resolve in VirtualBox. For more details, you can refer to Wikipedia - Advanced Vector Extensions.
Due to this limitation, I switched to VMware. Here are the steps I followed for setting up three virtual machines using VMware:
- I installed three virtual machines on Oracle Linux 8.x. (Refer to Installing Oracle Linux 8.9).
- Each machine was configured with two network interfaces:
- NAT for internet access.
- Host-Only for communication between the local machine and the VMs.
If you are setting this up from Iran, you can use Shecan to resolve connection issues.
Configuring Network Interfaces in VMware
-
Open Virtual Network Editor as an Administrator.
-
Configure the NAT interface as shown below:
[Insert Screenshot of NAT Configuration]
-
In the VM settings, set the network cards to Custom and select the corresponding network interfaces.
-
Assign IP addresses to the Host-Only network interface within the
192.168.188.0range. You can refer to Setting IP via nmcli for detailed instructions.
Configuring Repositories
Create a directory /cdrom and mount the ISO to this directory:
mount /dev/cdrom /cdrom/
Backup the current YUM repositories:
mv /etc/yum.repos.d/* /etc/yum.repos.d/backup/
Create the following repository files:
media.repo:
[dvd-BaseOS]
name=DVD for RHEL - BaseOS
baseurl=file:///cdrom/BaseOS
enabled=1
gpgcheck=0
[dvd-AppStream]
name=DVD for RHEL - AppStream
baseurl=file:///cdrom/AppStream
enabled=1
gpgcheck=0
mongodb-enterprise-7.0.repo:
[mongodb-enterprise-7.0]
name=MongoDB Enterprise Repository
baseurl=https://repo.mongodb.com/yum/redhat/8/mongodb-enterprise/7.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-7.0.asc
MongoDB Installation on All Nodes
-
Open required ports in the firewall:
firewall-cmd --add-port=27017/tcp --permanent
firewall-cmd --reload
Temporarily disable SELinux and make it permanent:
setenforce 0
Edit /etc/selinux/config:
SELINUX=permissive
Set hostnames and update /etc/hosts:
hostnamectl set-hostname mongo1.vahiddb.com
Example /etc/hosts file:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.188.11 mongo1 mongo1.vahiddb.com
192.168.188.12 mongo2 mongo2.vahiddb.com
192.168.188.13 mongo3 mongo3.vahiddb.com
Restart the nodes, remount the ISO, and install MongoDB:
mount /dev/cdrom /cdrom
dnf install -y mongodb-enterprise
Configuring MongoDB
-
Update data directory ownership:
chown -R mongod:mongod /data/
Update /etc/mongod.conf with the following:
Storage Configuration:
storage:
dbPath: /data
Network Configuration (Example for mongo1):
net:
port: 27017
bindIp: 127.0.0.1,mongo1
Replication Settings:
replication:
replSetName: rs0
Validate the configuration:
mongosh --eval 'db.adminCommand({ getCmdLineOpts: 1 })'
Start the MongoDB service:
systemctl start mongod
Initializing Replica Set
-
Connect to
mongo1and initiate the Replica Set:
rs.initiate({
_id: "rs0",
members: [
{ _id: 0, host: "mongo1:27017" },
{ _id: 1, host: "mongo2:27017" },
{ _id: 2, host: "mongo3:27017" }
]
})
Verify the status:
rs.status()
Enabling Authentication and Secure Communication
-
Create an admin user:
use admin;
db.createUser({
user: "root",
pwd: "mySecurePass",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
});
Stop the service and update /etc/mongod.conf:
security:
authorization: "enabled"
keyFile: /etc/mongo-keyfile
Generate and distribute the keyFile:
openssl rand -base64 756 > /etc/mongo-keyfile
scp /etc/mongo-keyfile mongo2:/etc/
scp /etc/mongo-keyfile mongo3:/etc/
on all nodes
chmod 400 /etc/mongo-keyfile
chown mongod:mongod /etc/mongo-keyfile
Restart MongoDB on all nodes:
systemctl start mongod
Connect with authentication:
mongosh --host 192.168.188.11 --port 27017 -u "root" -p "mySecurePass" --authenticationDatabase "admin"
- SocketException: Ensure IP addresses are correctly specified in
bindIp. - SCRAM Authentication Failed: Verify
keyFilepermissions and consistency across nodes.
By following these steps, your Replica Set should be up and running securely. For further improvements, consider using monitoring tools like MongoDB Compass or Ops Manager.