Show Table of Contents
8.3.2. MongoDB
The basic installation in Chapter 7, Manually Installing and Configuring a Broker Host demonstrates installing MongoDB where the broker host only has
localhost access. Bind MongoDB to an external IP address and open the correct port in the firewall to use a remote MongoDB with the broker application.
Modify the
bind_ip setting in the /etc/mongodb.conf file to bind MongoDB to an external address. Either use the specific IP address, or substitute 0.0.0.0 to make it available on all interfaces:
# sed -i -e "s/^bind_ip = .*\$/bind_ip = 0.0.0.0/" /etc/mongodb.conf
Restart the MongoDB service for the changes to take effect:
# service mongod restart
Use the
lokkit command to open the MongoDB port in the firewall:
# lokkit --port=27017:tcpImportant
These instructions grant access from any host. Therefore, Red Hat
recommends using
iptables to specify which hosts (in this case, all configured broker hosts) are allowed to connect. Otherwise, use a network topology that only allows authorized hosts to connect. Most importantly, ensure that node hosts are not allowed to connect to MongoDB.
Note
Because MongoDB connections are not encrypted, anyone with the ability to intercept network traffic can capture authentication and usage information in plain text. To avoid this, ensure MongoDB binds to
localhost and use an SSH tunnel from the remote broker hosts to provide access.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.