8.3.2. MongoDB

The basic installation in Chapter 7, Manually Installing and Configuring a Broker Host demonstrates installing MongoDB where the broker host only has localhost access. Bind MongoDB to an external IP address and open the correct port in the firewall to use a remote MongoDB with the broker application.
Modify the bind_ip setting in the /etc/mongodb.conf file to bind MongoDB to an external address. Either use the specific IP address, or substitute 0.0.0.0 to make it available on all interfaces: 
# sed -i -e "s/^bind_ip = .*\$/bind_ip = 0.0.0.0/" /etc/mongodb.conf
Restart the MongoDB service for the changes to take effect: 
# service mongod restart
Use the lokkit command to open the MongoDB port in the firewall: 
# lokkit --port=27017:tcp

Important

These instructions grant access from any host. Therefore, Red Hat recommends using iptables to specify which hosts (in this case, all configured broker hosts) are allowed to connect. Otherwise, use a network topology that only allows authorized hosts to connect. Most importantly, ensure that node hosts are not allowed to connect to MongoDB.

Note

Because MongoDB connections are not encrypted, anyone with the ability to intercept network traffic can capture authentication and usage information in plain text. To avoid this, ensure MongoDB binds to localhost and use an SSH tunnel from the remote broker hosts to provide access.