MongoDB 6.X Sharded Cluster on Debian 11 with authentication
Today we're going to install a sharded cluster with MongoDB 6 on Debian 11 (authentication enabled). Im using Hetzner for this. You can use my referral link for 20$ credits:
https://hetzner.cloud/?ref=Vi4UjGTcwywL
This will be our basic setup. But we will only use 1 router
First we add all our hosts to the /etc/hosts file. My setup is the following:
1 router (cloud vm)
3 config servers (cloud vm, CX21 should be enough)
2 x 3 replica servers (dedicated server, im using AX102 for this)
Use an internal network if possible!
/etc/hosts
10.128.10.100 mdb-router
10.128.10.101 mdb-config1
10.128.10.102 mdb-config2
10.128.10.103 mdb-config3
10.128.5.100 mdb-rs0-0
10.128.5.101 mdb-rs0-1
10.128.5.102 mdb-rs0-2
10.128.5.110 mdb-rs1-0
10.128.5.111 mdb-rs1-1
10.128.5.112 mdb-rs1-2
Now we increase the max_map_count on ALL servers and apply it
echo "vm.max_map_count=9999999" | sudo tee -a /etc/sysctl.conf
sysctl --system
Next is adding a mongodb keyfile so we can enable authorization. COPY the generated file on ALL servers. (You can generate it on the mongo router)
/etc/mongodb-keyfile
openssl rand -base64 756 > /etc/mongodb-keyfile
chown mongodb:mongodb /etc/mongodb-keyfile
chmod 400 /etc/mongodb-keyfile
Add the following config to your REPLICA SET SERVERS (mdb-rs0 / mdb-rs1) only
Adjust the following for each replica server:
- bindIP (set this to the respective IP of your replica server)
- replSetName (should be the same for each 3 replica servers within a shard, so rs0 for the first 3 and rs1 for the next 3 and so on)
/etc/mongod.conf
storage:
dbPath: /var/lib/mongodb
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
net:
port: 27017
bindIp: 127.0.0.1,10.128.5.100
processManagement:
timeZoneInfo: /usr/share/zoneinfo
replication:
replSetName: rs0
sharding:
clusterRole: shardsvr
security:
authorization: enabled
keyFile: /etc/mongodb-keyfile
net:
maxIncomingConnections: 999999
Connect to mongo and initiate the mongo replica set. DO THIS ONLY ON ONE OF YOUR REPLICA SERVERS. For example on mdb-rs0-0 and on mdb-rs1-0.
Adjust the "_id" acordingly
mongosh
rs.initiate(
{
_id : "rs0",
members: [
{ _id : 0, host : "mdb-rs0-0:27017" },
{ _id : 1, host : "mdb-rs0-1:27017" },
{ _id : 2, host : "mdb-rs0-2:27017" }
]
}
)
Restart mongod afterwards
systemctl restart mongod.service
Add the following config file for your MONGO CONFIG SERVERS (mdb-configX) only
Adjust the following:
- bindIP(set this to the respective IP of your config server)
/etc/mongod.conf
storage:
dbPath: /var/lib/mongodb
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
net:
port: 27019
bindIp: 127.0.0.1,10.128.10.101
processManagement:
timeZoneInfo: /usr/share/zoneinfo
replication:
replSetName: configReplSet
sharding:
clusterRole: configsvr
security:
authorization: enabled
keyFile: /etc/mongodb-keyfile
net:
maxIncomingConnections: 999999
Connect to mongo and initiate the mongo config replica set. ONLY ON ONE OF YOUR CONFIG SERVERS!
mongosh --port 27019
rs.initiate(
{
_id: "configReplSet",
configsvr: true,
members: [
{ _id : 0, host : "mdb-config1:27019" },
{ _id : 1, host : "mdb-config2:27019" },
{ _id : 2, host : "mdb-config3:27019" }
]
}
)
Restart mongod afterwards
systemctl restart mongod.service
Add the following mongoS config file for your MONGO ROUTER (mdb-router) only
Adjust the following:
- bindIP (your mongo router IP)
- configDB (if your /etc/hosts have different names)
First stop the mongod service
systemctl stop mongod
Create this file:
/etc/mongos.conf
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongos.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1,10.128.10.100
sharding:
configDB: configReplSet/mdb-config1:27019,mdb-config2:27019,mdb-config3:27019
security:
keyFile: /etc/mongodb-keyfile
Now move the old mongoD service file to a new mongoS service file
mv /lib/systemd/system/mongod.service /lib/systemd/system/mongos.service
Change the "ExecStart" to this:
ExecStart=/usr/bin/mongos --config /etc/mongos.conf
Restart and enable mongos afterwards
systemctl restart mongos.service
systemctl enable mongos.service
Create an admin user
db.getSiblingDB("admin").createUser(
{
"user" : "mongo-admin",
"pwd" : passwordPrompt(),
roles: [ { "role" : "root", "db" : "admin" } ]
}
)
Add both shards
sh.addShard( "rs0/mdb-rs0-0:27017,mdb-rs0-1:27017,mdb-rs0-2:27017")
sh.addShard( "rs1/mdb-rs1-0:27017,mdb-rs1-1:27017,mdb-rs1-2:27017" )
If anything is unclear or you want to add something please register an account and comment under this post. Im happy to help!
Credits:
- https://www.mongodb.com/docs/manual/tutorial/deploy-shard-cluster/