Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying MongoDB Administrator???s Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
MongoDB Administrator???s Guide

MongoDB Administrator???s Guide

By : Dasadia
5 (1)
Buy this Book
close
close
MongoDB Administrator???s Guide

MongoDB Administrator???s Guide

5 (1)
By: Dasadia
Buy this Book

Overview of this book

MongoDB is a high-performance and feature-rich NoSQL database that forms the backbone of the systems that power many different organizations. Packed with many features that have become essential for many different types of software professional and incredibly easy to use, this cookbook contains more than 100 recipes to address the everyday challenges of working with MongoDB. Starting with database configuration, you will understand the indexing aspects of MongoDB. The book also includes practical recipes on how you can optimize your database query performance, perform diagnostics, and query debugging. You will also learn how to implement the core administration tasks required for high-availability and scalability, achieved through replica sets and sharding, respectively. You will also implement server security concepts such as authentication, user management, role-based access models, and TLS configuration. You will also learn how to back up and recover your database efficiently and monitor server performance. By the end of this book, you will have all the information you need—along with tips, tricks, and best practices—to implement a high-performance MongoDB solution.
Table of Contents (11 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Sections
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Free Chapter
1
Installation and Configuration
chevron up
Icon
Installation and Configuration
Icon
Introduction
Icon
Installing and starting MongoDB on Linux
Icon
Installing and starting MongoDB on macOS
Icon
Binding MongoDB process to a specific network interface and port
Icon
Enabling SSL for MongodDB
Icon
Choosing the right MongoDB storage engine
Icon
Changing storage engine
Icon
Separating directories per database
Icon
Customizing the MongoDB configuration file
Icon
Running MongoDB as a Docker container
2
Understanding and Managing Indexes
Icon
Understanding and Managing Indexes
Icon
Introduction
Icon
Creating an index
Icon
Managing existing indexes
Icon
How to use compound indexes
Icon
Creating background indexes
Icon
Creating TTL-based indexes
Icon
Creating a sparse index
Icon
Creating a partial index
Icon
Creating a unique index
3
Performance Tuning
Icon
Performance Tuning
Icon
Introduction
Icon
Configuring disks for better I/O
Icon
Measuring disk I/O performance with mongoperf
Icon
Finding slow running queries and operations
Icon
Storage considerations when using Amazon EC2
Icon
Figuring out the size of a working set
4
High Availability with Replication
Icon
High Availability with Replication
Icon
Introduction
Icon
Initializing a new replica set
Icon
Adding a node to the replica set
Icon
Removing a node from the replica set
Icon
Working with an arbiter
Icon
Switching between primary and secondary nodes
Icon
Changing replica set configuration
Icon
Changing priority to replica set nodes
5
High Scalability with Sharding
Icon
High Scalability with Sharding
Icon
Understanding sharding and its components
Icon
Setting up and configuring a sharded cluster
Icon
Managing chunks
Icon
Moving non-sharded collection data from one shard to another
Icon
Removing a shard from the cluster
Icon
Understanding tag aware sharding – zones
6
Managing MongoDB Backups
Icon
Managing MongoDB Backups
Icon
Introduction
Icon
Taking backup using mongodump tool
Icon
Taking backup of a specific mongodb database or collection
Icon
Taking backup of a small subset of documents in a collection
Icon
Using bsondump tool to view mongodump output in human readable form
Icon
Creating a point in time backup of replica sets
Icon
Using the mongoexport tool
Icon
Creating a backup of a sharded cluster
7
Restoring MongoDB from Backups
Icon
Restoring MongoDB from Backups
Icon
Introduction
Icon
Restoring standalone MongoDB using the mongorestore tool
Icon
Restoring specific database or specific collection
Icon
Restoring data from one collection or database to another
Icon
Creating a new MongoDB replica set node using backups
Icon
Restoring a MongoDB sharded cluster from backup
8
Monitoring MongoDB
Icon
Monitoring MongoDB
Icon
Introduction
Icon
Monitoring MongoDB performance with mongostat
Icon
Checking replication lag of nodes in a replica set
Icon
Monitoring and killing long running operations on MongoDB
Icon
Checking disk I/O usage
Icon
Collecting MongoDB metrics using Diamond and Graphite
9
Authentication and Security in MongoDB
Icon
Authentication and Security in MongoDB
Icon
Introduction
Icon
Setting up authentication in MongoDB and creating a superuser account
Icon
Creating normal users and assigning built-in roles
Icon
Creating and assigning custom roles
Icon
Restoring access if you are locked out
Icon
Using key files to authenticate servers in a replica set
10
Deploying MongoDB in Production
Icon
Deploying MongoDB in Production
Icon
Introduction
Icon
Configuring MongoDB for a production deployment
Icon
Upgrading production MongoDB to a newer version
Icon
Setting up and configuring TLS (SSL)
Icon
Restricting network access using firewalls

Enabling SSL for MongodDB

By default, connections to MongoDB server are not encrypted. If one were to intercept this traffic, almost all the data transferred between the client and the server is visible as clear text. If you are curious, I would encourage you to use tcpdump or wireshark to capture packets between a mongod daemon and the client. As a result, it is highly advisable to make sure that you encrypt all connections to your mongod set by enabling Transport Layer Security (TLS) also commonly known as SSL.

Getting ready

Make sure you have MongoDB installed on your system as shown in the previous recipes.

The default MongoDB binaries for OS X are not compiled with SSL, you may need to manually recompile the source code or use Homebrew:
brew install mongodb --with-openssl.

How to do it..

  1. First, let us generate a self-signed certificate using OpenSSL, in the /data directory:
openssl req -x509 -newkey rsa:4096 -nodes -keyout mongo-secure.key -out mongo-secure.crt -days 365
  1. Combine the key and certificate into a single .pem file:
cat mongo-secure.key mongo-secure.crt > mongo-secure.pem
  1. Start the mongod daemon, with SSL enabled and listening on the default socket that is, localhost 27017:
mongod  --dbpath /data/db  --sslMode requireSSL --sslPEMKeyFile /data/mongo-secure.pem
  1. In another window, connect to this server using a mongo client:
mongo localhost:27017
  1. You should see a connect failed error on the client Terminal. Switch to the server's console window and you should see a log message indicating that the connection was rejected, something like this:
2017-05-13T16:51:08.031+0000 I NETWORK  [thread1] connection accepted from 192.168.200.200:43441 #4 (1 connection now open)
2017-05-13T16:51:08.032+0000 I -        [conn4] AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections
2017-05-13T16:51:08.032+0000 I -        [conn4] end connection 192.168.200.200:43441 (1 connection now open)
  1. Now, switch back to the other console window and connect to the server again but this time using SSL:
mongo --ssl --sslAllowInvalidCertificates
  1. You should be connected to the server and see the mongo shell.

How it works...

In step 1, we created a self-signed certificate to get us started with SSL enabled connections. One could very well use a certificate signed by a valid Certificate Authority (CA), but for test purposes we are good with a self-signed certificate. In all honesty, if connection security is all you need, a self-signed certificate can also be used in a production environment as long as you keep the keys secure. You might as well take it a step forward by creating your own CA certificate and use it to sign your certificates.

In step 2, we concatenate the key and the certificate file. Next, in step 3, we start the mongod daemon with --sslMode requireSSL followed by providing the path to the concatenated .pem file. At this point, we have a standalone MongoDB server listening to the default port 27017, ready to accept only SSL based clients.

Next, we attempt to connect to the mongod server using the default non-SSL mode, which is immediately rejected by the sever. Finally, in step 5 we explicitly make an SSL connection by providing the --ssl parameter followed by --sslAllowInvalidCertificates. The latter parameter is used because we are using a self-signed certificate on the server. If we were using an certificate signed by a authorized CA or even a self-signed CA, we could very well use the --sslCAFile to provide the CA certificate.

There's more…

MongoDB also supports X.509 certificate-based authentication as an option to username and passwords. We will cover this topic in Chapter 9, Authentication and Security in MongoDB.

End of Section 6
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY