This repository contains the configuration for deploying a NoSQL cluster of a MongoDB database with sharding and replication. Connections between all shards in a replica are authenticated using x509 certificates and communicate with each other over a TLS connection. Communication between replicas occurs in a similar way. Communications with Config Server and MongoS are protected in a similar way. The client side connection to MongoS is protected in a similar way.
This project automatically deploys a MongoDB cluster in Docker containers, creates its own certificate authority, generates and distributes authentication keys and keys for a TLS connection for each element of the MongoDB cluster, as well as for a client that will connect to MongoS. The cluster consists of a MongoS router, three Config Server, three replicas, each with 3 shards.
The general scheme of the MongoDB cluster is shown in the image:
Step 1
- Go to home directory and clone repository from github:
cd ~ && git clone https://SergeyIvanovDevelop@github.com/SergeyIvanovDevelop/MongoDB-Cluster-TLS
Step 2
- Go to the directory of the downloaded repository:
cd ~/MongoDB-Cluster-TLS
Step 3
- You must have installed openssl, docker, docker-compose and MongoDB.
Step 4
- You need to build
Dockerimages/containers and generate keys:./run_all.sh build
Step 5
- You need to recreate/run
Dockercontainers:./run_all.sh run
Step 6
- Check the connection from the client with
MongoS:./connect_tls_to_mongos.sh
If you manage to enter the MongoDB command line, then everything is done correctly and the cluster is functioning correctly.
Mongodb logs from Docker containers can be viewed in the shared folder SHARE_WITH_ALL_DOCKER_CONTAINERS.
Note: Since this project is a demo, it was decided to put the test generated private keys in the github repository as well (of course, you can’t upload non-test keys) to visualize the whole picture to the person who will use this project for their personal developments
MongoDB-Cluster-TLS is CC BY-NC-SA 3.0 licensed.