?? MongoDB Setup for Cloud Server (Database Server) – Key Considerations for Admins and DevOps Engineers ??

?? Setting Up MongoDB on Ubuntu for a Secure and Fully Permission-Controlled Database Environment ??

As a Server Administrator and DevOps Engineer, I recently deployed MongoDB on a cloud server, with a particular focus on managing roles and permissions to ensure robust security. In this post, I'll walk through the key steps involved in setting up MongoDB on an Ubuntu server and configuring user permissions so that the developer user has restricted access and cannot drop collections or databases.

1. Cloud Server Preparation:

First, I provisioned a clean server instance on my preferred cloud provider (AWS, GCP, Azure), ensuring that it met the necessary specifications (memory, CPU, storage) for MongoDB to perform optimally. I chose Ubuntu 22.04 LTS for its reliability and long-term support, a great fit for database deployment.

?

2. MongoDB Installation:

To ensure a stable and up-to-date setup, I installed the MongoDB 7.0 Community Edition from the official MongoDB repositories. Here are the steps I followed:

this process is mongodb installation on debian based ubuntu

• Import the MongoDB Public Key: $sudo apt-get install gnupg curl $curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
• Create the MongoDB List File for Ubuntu 22.04: $echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
• Update the package database and install MongoDB: $sudo apt-get update $sudo apt-get install -y mongodb-org
• Start MongoDB: $sudo systemctl start mongod $sudo systemctl enable mongod
• Verify MongoDB has started successfully: $sudo systemctl status mongod
• if, you have received any failed status of mongodb, then you can remove the mongodb socket file temporary.

$ sudo rm /tmp/mongodb-27017.sock

$ sudo systemctl restart mongod

$ sudo systemctl status mongod

3. Configuring Roles and Permissions:

MongoDB allows for fine-grained control over user roles, which is crucial when deploying databases in a production environment. For this setup, I created two users:

• Admin User: Full permissions over the database.

$ mongosh --> (this command fire on your terminal for access the mongodb-cli).

$ use admin --> (to change the database for using this command).

$ use ravikant --> (to create the new database).

$ show dbs --> (to show all the current databases).

$ show collections --> ( to show all the current create and previous collections).

$ db.getUsers() --> (to check the all users).

$ db.getRoles() --> (to check the created roles).

$ db.createCollection("ravikant") --> (to create the collection in database).

$ db.dropUser("username") --> (to delete the user).

$ db.dropRole("rolename") --> (to delete the role).

$ db.collectionname.drop() -->(to delete the collections).

$ currentOp() --> (to check the total number of connections are active now).

$ db.serverStatus().

$ mongosh -u admin -p Admin --authenticationDatabase admin --> (to login as a admin).

$ mongosh -u developer -p Password --authenticationDatabase ravikant -->(to login as a dev).

login for mongodb compass

mongodb://developer:[email protected]:27017/ravikant

• Developer User: Limited permissions to prevent dropping collections or databases.
• Create the Admin User: admin> db.createUser({ user: "admin", pwd: "AdminPassword", roles: [{ role: "root", db: "admin" }] });
• Create the Developer User: admin> db.createUser({ user: "developer", pwd: "DeveloperPassword", roles: [{ role: "readWriteNoDrop", db: "ravikant" }] });
• Define Custom Role for the Developer: The role restricts the developer from dropping collections or the database.

admin> db.createRole({

role: "developerRole",

privileges: [{

resource: { db: "ravikant", collection: "" },

actions: ["find", "insert", "update", "remove", "createCollection", "createIndex", "collStats", "listIndexes", "dbHash", "validate"]

}],

roles: []

});

• Assign the Role to the Developer User:

admin> db.updateUser("developer", {

roles: [{ role: "developerRole", db: "ravikant" }]

});

• Additional Restrictions: I added a further layer of restrictions to limit the developer’s access to non-destructive actions only. admin> db.grantRolesToUser("developer", [{ role: "read", db: "ravikant" }]);
• go to the /etc/mongod.conf and then paste this security when you use the developer permissions and create other user this is most important for securty, otherwise your developer user permissions will not be work in mongodb.

security:

authorization: enabled

• from this developer restrictions user permissions, will not be delete any database and any collections.

4. Monitoring MongoDB Connections:

To monitor active connections, I utilized the following script to check and print the unique connections to MongoDB:

admin> const ops = db.currentOp().inprog; const uniqueClients = new Set(ops.map(op => op.client)); print(`Unique Connections Count: ${uniqueClients.size}`);

5. Security and Scalability Considerations:

When deploying databases, security and scalability are paramount. For MongoDB in production, it's crucial to configure:

• Authentication: Using role-based access control (RBAC) and enforcing strong password policies.
• Backup: Ensure regular database backups to prevent data loss.
• Monitoring: Set up monitoring using tools like MongoDB Atlas, Datadog, or Prometheus to track performance and detect potential issues early.

By following these steps, I successfully deployed a fully secured and permission-controlled MongoDB instance on my cloud server, providing both admin and developer users with the appropriate level of access.

Feel free to reach out if you're interested in discussing database deployments, cloud infrastructure, or DevOps practices!

#MongoDB #DevOps #Cloud #ServerAdministration #DatabaseSecurity #DataEngineering #CloudInfrastructure #Ubuntu #DatabaseDeployment

?