yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
843c771689457b8ad512fa808c0018683e9583c8
doc-exports/docs/dds/umn/en-us_topic_0105284966.html
Ru, Li Yi 843c771689 dds_umn_1115 
Reviewed-by: Wagner, Fabian <fabian.wagner@t-systems.com>
Co-authored-by: Ru, Li Yi <liyiru7@huawei.com>
Co-committed-by: Ru, Li Yi <liyiru7@huawei.com>
2025-02-26 09:31:42 +00:00

24 KiB
Raw Blame History

Connecting to a Replica Set Instance Over Private Networks

Scenarios

This section describes how to connect to a replica set instance using the MongoDB client over private networks.DDS is compatible with MongoDB.

You can directly perform operations on the primary and secondary nodes. Primary nodes are used for processing read and write requests. Secondary nodes replicate data from the primary and are used for processing read requests only.

The MongoDB client can connect to a DB instance with an unencrypted connection or an encrypted connection (SSL). To improve data transmission security, you are advised to connect to DB instances using the SSL connection.

Different OS scenarios: The following uses Linux ECS and Window client as an example.

Constraints

For details about constraints on connecting to a replica set instance over private networks, see Constraints and Recommendations.

Prerequisites

  1. For details on how to create and log in to an ECS, see "Creating and Logging In to a Windows ECS" or "Creating and Logging In to a Linux ECS" in the Elastic Cloud Server User Guide.
  2. Install the MongoDB client on the ECS.

    For details on how to install a MongoDB client, see How Can I Install a MongoDB Client?

Connecting to a DB Instance Using the MongoDB Client (SSL)

If you connect to a DB instance using this method, enable the SSL connection. For details, see section Enabling SSL.

  1. On the Instance Management page, click the target DB instance.
  2. In the navigation pane on the left, choose Connections.
  3. In the Basic Information area, click next to the SSL field.
  4. Upload the root certificate to the ECS to be connected to the DB instance.

    The following describes how to upload the certificate to a Linux and Window ECS:

    • In Linux, run the following command:
      scp <IDENTITY_FILE> <REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>
      • IDENTITY_FILE indicates the directory where the root certificate resides. The file access permission is 600.
      • REMOTE_USER indicates the ECS OS user.
      • REMOTE_ADDRESS indicates the ECS address.
      • REMOTE_DIR indicates the directory of the ECS to which the root certificate is uploaded.
    • In Windows, upload the root certificate using the remote connection tool.

  5. Connect to a DDS DB instance.

    • Method 1: Using standard parameters
      mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

      Enter the database account password when prompted:

      Enter password:
    • Method 2: Using standard URI format
      mongo "mongodb://rwuser:<password>@<DB_HOST1>:<DB_PORT1>,<DB_HOST2>:<DB_PORT2>/test?authSource=admin&replicaSet=replica" --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

      If the DB instance is connected using the connection address, add double quotation marks before and after the connection information. The connection information can be obtained in the Address column on the Instance Management page.

    • A replica set instance uses the management IP address to generate SSL certificate. --sslAllowInvalidHostnames is needed for the SSL connection through a private network.
    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list on the Connections page.
    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.
    • DB_HOST and DB_PORT can also be obtained from the Node Information area on the Basic Information page.
    • DB_USER indicates the database account name. The default value is rwuser.
    • <password> indicates the password of the database account. If the password contains at signs (@),exclamation marks (!), or percent signs (%), replace them with hexadecimal URL codes %40, %21, and %25 respectively.
    • If user inputs this command then the password will be stored in logfiles and can be found in linux history, and in process list. So please note that plaintext passwords are risky.
    • FILE_PATH indicates the path where the root certificate is stored.
    • Connect to the instance using standard parameters. The following is an example command:
      mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames
    • Connect to the DB instance using standard URI format. The following is an example command:
      mongo "mongodb://rwuser:<password>@192.168.1.6:8635,192.168.1.80:8635/test?authSource=admin&replicaSet=replica" --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

  6. Check the connection result. If the following information is displayed, the connection is successful.

    • Result from connecting to the primary node in a replica set or connecting to the whole replica set:
      replica:PRIMARY>
    • Result from connecting the secondary node in a replica set:
      replica:SECONDARY>

Connecting to a DB Instance Using the MongoDB Client (Non-SSL)

If you connect to a DB instance using this method, disable the SSL connection. For details, see section Disabling SSL.

  1. Connect to a DDS DB instance.

    • Method 1: Using standard parameters
      mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

      Enter the database account password when prompted:

      Enter password:
    • Method 2: Using unencrypted connection
      mongo "mongodb://rwuser:<password>@<DB_HOST1>:<DB_PORT1>,<DB_HOST2>:<DB_PORT2>/test?authSource=admin&replicaSet=replica"

      If the DB instance is connected using the connection address, add double quotation marks before and after the connection information. The connection information can be obtained in the Address column on the Instance Management page.

    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list on the Connections page.
    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.
    • DB_HOST and DB_PORT can also be obtained from the Node Information area on the Basic Information page.
    • DB_USER indicates the database account name. The default value is rwuser.
    • <password> indicates the password of the database account. If the password contains at signs (@),exclamation marks (!), or percent signs (%), replace them with hexadecimal URL codes %40, %21, and %25 respectively.
    • If user inputs this command then the password will be stored in logfiles and can be found in linux history, and in process list. So please note that plaintext passwords are risky.
    • Connect to the instance using standard parameters. The following is an example command:
      mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin
    • Connect to the DB instance using standard URI format. The following is an example command:
      mongo "mongodb://rwuser:<password>@192.168.1.6:8635,192.168.1.80:8635/test?authSource=admin&replicaSet=replica"

  2. Check the connection result. If the following information is displayed, the connection is successful.

    • Result from connecting to the primary node in a replica set or connecting to the whole replica set:
      replica:PRIMARY>
    • Result from connecting the secondary node in a replica set:
      replica:SECONDARY>