diff --git a/README.md b/README.md index 230f241d..fc8462e4 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,57 @@ List of available parameters: - `GATSBY_API_URL`: override api url (defaults to location origin) +### MongoDB Setup + +Mongo needs a couple of extra steps in order to start a secure cluster. + +* Open port 27017 on all nodes that will take part in the cluster. Ideally, you +would only open the port for the other nodes in the cluster. +* Manually run an initialisation `docker run` with extra environment variables +that will initialise the admin user with a password (example below). +* Manually add a `mgkey` file under `./docker/data/mongo` with the respective +secret (see [Mongo's keyfile access control](https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/) for details). +* During the initialisation run mentioned above, we need to make two extra steps +within the container: + * Change the ownership of `mgkey` to `mongodb:mongodb` + * Change its permissions to 400 +* After these steps are done we can open a mongo shell on the master node and +run `rs.add()` in order to add the new node to the cluster. + +Example initialisation docker run command: +``` +docker run \ + --rm \ + --name mg \ + -p 27017:27017 \ + -e MONGO_INITDB_ROOT_USERNAME= \ + -e MONGO_INITDB_ROOT_PASSWORD= \ + -v /home/user/skynet-webportal/docker/data/mongo/db:/data/db \ + -v /home/user/skynet-webportal/docker/data/mongo/mgkey:/data/mgkey \ + mongo --keyFile=/data/mgkey --replSet=skynet +``` +Regular docker run command: +``` +docker run \ + --rm \ + --name mg \ + -p 27017:27017 \ + -v /home/user/skynet-webportal/docker/data/mongo/db:/data/db \ + -v /home/user/skynet-webportal/docker/data/mongo +``` +Cluster initialisation mongo command: +``` +rs.initiate( + { + _id : "skynet", + members: [ + { _id : 0, host : "mongo0.example.com:27017" }, + { _id : 1, host : "mongo1.example.com:27017" }, + ] + } +) +``` + ## Contributing ### Testing Your Code