Damilare Joseph

Deploying a MongoDB replica set on AWS EC2 instance

According to Mongodb's website, "A replica set in MongoDB is a group of mongod processes that maintain the same data set. Replica sets provide redundancy and high availability, and are the basis for all production deployments." Meaning if you are using MongoDB as your data source and you are ready to deploy in production, you need a replica set for some system reliability.

It is advised that each member of your replica set have their own standalone servers.

For this tutorial, I will be setting up a replica set with an arbiter. For more on replication and replica set architecture, see Replica Set Architecture.

STEP 1: Create 3 EC2 instance and Install MongoDB

Create 3 ec2 instance, they can be of any OS, just make sure you can install Mongodb on each of them.

I will be using Red Hat Enterprise Linux 8 for the 3 instance.

For MongoDB installation guide, checkout MongoDB Installation

Make sure the 3 instance created are in the same security group and the inbound rule allows them to talk with each other on port 27017.

STEP 2: Enable Access Control (Authentication and Authorization)

  • Create a Keyfile:

    With keyfile authentication, each mongod instances in the replica set uses the contents of the keyfile as the shared password for authenticating other members in the deployment. Only mongod instances with the correct keyfile can join the replica set.

    Run the following commands to generate a keyfile
      openssl rand -base64 756 > /opt/mongo/mongod-keyfile
      chmod 400 /opt/mongo/mongod-keyfile
      sudo chown mongodb:mongodb /opt/mongo/mongod-keyfile
    

    The above commands will generate a keyfile for you located in /opt/mongo/mongod-keyfile. It will give read permissions to the owner and allow mongodb to be able to read it.

  • Copy the Keyfile to other replica-set members:

    This means copying the keyfile generated to the other EC2-instances where your member replica-set members are located. You might have to run the second and third command above in the replica-set instances after copying them to enable read permission.

    To transfer files from one EC2 instance to another, you can follow this tutorial, File Transfer between 2 EC2 Instance

  • Update the configuration file:
    1. Open the file: sudo nano /etc/mongod.conf
    2. Under bindIp in net, add the private address of the current machine along with the localhost because mongodb binds to the localhost by default
    3. Under replication add replSetName with the name of your replica set
    4. Under security, add keyFile: 'path to keyfile you generated'
    5. Save the file and restart mongodb: sudo systemctl restart mongod

STEP 3: Create and connect your replicaset members

  • Connect to the mongo shell(typing mongo should get you there) in any of the servers you want to make the primary
  • run rs.initiate() to create your Primary. This sets the current instance as the primary replica
  • Create the user admin: This admin user must have privileges to create other users, such as a user with the userAdminAnyDatabase role.

    run

    db.createUser({user: “admin”, pwd: “admin”, roles: [{role: “userAdminAnyDatabase”, db: “admin"}]})

    to create an admin user for you. Use a strong username and password of your choice.

  • exit the shell and authenticate as admin user:

    mongo -u 'your-username' -p --authenticationDatabase admin

    It will prompt for your password, enter correct one.

  • Create a cluster admin: Use the clusterAdmin role. This grants access to replication operations such as configuring replica set.

    run

    db.createUser({user: “adminCluster”, pwd: “adminCluster”, roles: [{role: “clusterAdmin”, db: “admin"}]})

    . Use a unique username and a strong password for this.
  • Exit the shell and authenticate as the cluster admin to add more replica members.

    mongo -u 'your-cluster-admin-username' -p --authenticationDatabase admin

    When it prompts for password, enter your cluster admin password.
  • Add more cluster members by running

    rs.add( { host: "ipaddress/hostname-of-the-instance-you-want-to-add-as-member:27017" } )

  • Add an arbiter to your replica set:

    rs.addArb(‘ipaddress/hostname-of-the-instance-you-want-to-make-as-arbiter:27017’)

Sidenotes: You can create additional db users for your clients(backend applications, etc) to connect to. To do that, authenticate as admin and create a db user with the appropriate role you want.

In adding a new member to the cluster, copy the keyfile you generated to the new member’s server. uncomment security in the /etc/mongod.conf file and add keyFile: 'file location' uncomment replication and add replSetName with the replica set’s name you want to add it to. save file and start mongod instance. Go to the primary of the replica set and add this new member to the replica set using rs.add( { host: "ipaddress/hostname-of-the-instance-you-want-to-add-as-member:27017" } )