Web Projects Consulting

Setting Up MongoDB on Fedora with Basic Security Options

MongoDB is a popular NoSQL database solution with growing popularity over professional and non-professional users. Blah. Now to setting all up.

MongoDB in Fedora repo will not work with authentication and segfault, get it and install from MongoDB site.

sudo vim /etc/yum.repos.d/mongo.repo

Cut and paste the below:

[10gen]
name=10gen Repository
baseurl=//downloads-distro.mongodb.org/repo/redhat/os/x86_64
gpgcheck=0

Install MongoDB:

sudo yum install mongo-10gen mongo-10gen-server

Edit the default config file.

sudo vim /etc/mongod.conf

Find and edit:

bind_ip = 127.0.0.1
port = 27017
dbpath=/var/lib/mongo

Create a very basic service:

sudo gedit /etc/init.d/mongod

Cut and paste:

#! /bin/sh

<h1>chkconfig: 345 20 80</h1>

<h1>description: mongod daemon</h1>

<h1>processname: mongod</h1>

N=/usr/bin/mongod

set -e

case &quot;$1&quot; in
  start)
$N -f /etc/mongod.conf --journal
;;
  stop|reload|restart|force-reload)
;;
  *)
echo &quot;Usage: $N {start|stop|restart|force-reload}&quot; &gt;&amp;2exit 1
;;
esac

exit 0

Run service:

sudo service mongod start
sudo chkconfig --levels 235 mongod on

Check if all ok:

[user@localhost ~]$ mongo 127.0.0.1:27017/test
MongoDB shell version: 2.0.2
connecting to: 127.0.0.1:27017/test
> db.help()
DB methods:
        db.addUser(username, password[, readOnly=false])
        db.auth(username, password)
# ... blah

Or visit in browser: //localhost:28017 (we are going to close that later).

You can stop the above service from mongo console:

use admin
//when using auth, launch:
//db.auth(username, password)
//and
db.shutdownServer()
// or
db.adminCommand({shutdown : 1, force : true})
// or
db.shutdownServer({force : true})
// or
db.adminCommand({shutdown : 1, timeoutSecs : 5})

Add possibility for PHP to connect to it and restart web server:

sudo pecl install mongo
sudo service httpd restart

Test:

[user@localhost ~]$ php -m |grep -i mongo
mongo

Add more security:

[user@localhost ~]$ mongo 127.0.0.1:27017/test
MongoDB shell version: 2.0.2
connecting to: 127.0.0.1:27017/test
> use admin
switched to db admin
> addUser('SOME_GOOD_USER_NAME', 'SOME_GOOD_PASSWORD')

Edit the config again:

sudo vim /etc/mongod.conf

Find and edit:

noauth = false
auth = true
nohttpinterface = true

Stop and start the server again as described above.

Get and install some web admin tool into a folder on your web server, for instance //code.google.com/p/rock-php/wiki/rock_mongo. To connect, edit the config.php file from this package with the following values:

# uncomment
$MONGO["servers"][$i]["mongo_db"]                 = "local";
$MONGO["servers"][$i]["mongo_user"]               = "USER_FROM_ABOVE";
$MONGO["servers"][$i]["mongo_pass"]               = "PASSWORD_FROM_ABOVE";
$MONGO["servers"][$i]["mongo_auth"]               = true;
# comment
#$MONGO["servers"][$i]["control_auth"]            = true;
#$MONGO["servers"][$i]["control_users"]["admin"]  = "admin";

DISCLAIMER: tested for Fedora 15 only and might require more security fixes.

RockMongo with auth in Fedora 15

Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.