From ae99566ed3858651b94b7a8f310d52c2015dc7d3 Mon Sep 17 00:00:00 2001 From: Ivaylo Novakov Date: Wed, 18 Nov 2020 15:23:17 +0100 Subject: [PATCH 1/2] Update the README with instructions on initialising the mongo replica set. --- README.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/README.md b/README.md index 230f241d..f7bf9ffd 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,56 @@ List of available parameters: - `GATSBY_API_URL`: override api url (defaults to location origin) +### MongoDB Setup + +Mongo needs a couple of extra steps in order to start a secure cluster. + +* Open port 27017 to all nodes that will take part in the cluster. +* Manually run an initialisation `docker run` with extra environment variables +that will initialise the admin user with a password (example below). +* Manually add a `mgkey` file under `./docker/data/mongo` with the respective +secret (see Mongo's keyfile access control for details). +* During the initialisation run mentioned above, we need to make two extra steps +within the container: + * Change the ownership of `mgkey` to `mongodb:mongodb` + * Change its permissions to 400 +* After these steps are done we can open a mongo shell on the master node and +run `rs.add()` in order to add the new node to the cluster. + +Example initialisation docker run command: +``` +docker run \ + --rm \ + --name mg \ + -p 27017:27017 \ + -e MONGO_INITDB_ROOT_USERNAME= \ + -e MONGO_INITDB_ROOT_PASSWORD= \ + -v /home/user/skynet-webportal/docker/data/mongo/db:/data/db \ + -v /home/user/skynet-webportal/docker/data/mongo/mgkey:/data/mgkey \ + mongo --keyFile=/data/mgkey --replSet=skynet +``` +Regular docker run command: +``` +docker run \ + --rm \ + --name mg \ + -p 27017:27017 \ + -v /home/user/skynet-webportal/docker/data/mongo/db:/data/db \ + -v /home/user/skynet-webportal/docker/data/mongo +``` +Cluster initialisation mongo command: +``` +rs.initiate( + { + _id : "skynet", + members: [ + { _id : 0, host : "helsinki.siasky.net:27017" }, + { _id : 1, host : "us-va-1.siasky.net:27017" }, + ] + } +) +``` + ## Contributing ### Testing Your Code From 30a22ad94c5a8eb040998946bb514b077d704e4f Mon Sep 17 00:00:00 2001 From: Ivaylo Novakov Date: Wed, 25 Nov 2020 13:12:29 +0100 Subject: [PATCH 2/2] Address PR remarks. --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f7bf9ffd..fc8462e4 100644 --- a/README.md +++ b/README.md @@ -19,11 +19,12 @@ List of available parameters: Mongo needs a couple of extra steps in order to start a secure cluster. -* Open port 27017 to all nodes that will take part in the cluster. +* Open port 27017 on all nodes that will take part in the cluster. Ideally, you +would only open the port for the other nodes in the cluster. * Manually run an initialisation `docker run` with extra environment variables that will initialise the admin user with a password (example below). * Manually add a `mgkey` file under `./docker/data/mongo` with the respective -secret (see Mongo's keyfile access control for details). +secret (see [Mongo's keyfile access control](https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/) for details). * During the initialisation run mentioned above, we need to make two extra steps within the container: * Change the ownership of `mgkey` to `mongodb:mongodb` @@ -58,8 +59,8 @@ rs.initiate( { _id : "skynet", members: [ - { _id : 0, host : "helsinki.siasky.net:27017" }, - { _id : 1, host : "us-va-1.siasky.net:27017" }, + { _id : 0, host : "mongo0.example.com:27017" }, + { _id : 1, host : "mongo1.example.com:27017" }, ] } )