Alternative

Mongodb and Mongoose on Ubuntu Linux

Date: 28.02.2020

Author: Patrick Rottländer

In this article I will show you how to install mongodb on a Ubuntu Linux System. I focus on the installation of the official mongodb-org package that is developed and maintained by MongoDB Inc. I will go through the installation process in detail and cover also how authentication can be enabled for your mongodb instance. Finally, I only briefly explain the installation of Mongoose a node js package for data modeling in node js applications.

This Article can be read in pdf format.

In this article I will show you how to install mongodb on a Ubuntu Linux System. For this I use the step by step installation guide from mongodb.

Since the installation of mongodb is developed specifically for certain Ubuntu system versions, the system version of the Ubuntu system must first be found out. This is done by entering the following command in the terminal.

:# lsb_release -dc

Description:    Ubuntu 18.04.3 LTS
Codename:        bionic

So my system is an Ubuntu 18.04.3 LTS (Long Term Support) with the code name bionic. This information is important when, as shown in the following section, the list file entry is created.

The installation itself is carried out with the package manager apt.

Basically there is also a mongodb package managed by Ubuntu that could be installed with the standard apt or apt-get installation from the apt repository. mongodb is not the desired installation and should, if it was installed on the system beforehand, be removed with apt-get remove.

It is therefore recommended to install the mongodb-org package managed by MongoDB Inc.

Since this mongodb-org package comes from a source that has not yet been verified, it is strongly recommended to import the GPG verification key offered by MongoDB Inc. to enable the apt program to check the confidentiality of the package. The corresponding public key must therefore be imported from the mongodb server.

From a terminal, issue the following command to import the MongoDB public GPG Key used by the Ubuntu apt program.

wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -

note: wget is a program that can be used to download files from FTP or HTTP servers from a terminal. The program is often used to start a download of data with the code of a shell script. However, it is also possible to enter a wget command directly in the terminal and thus get data from servers.

The -q option prevents wget from displaying information on the console. The option -O <FILE> writes the content of the downloaded file to a file on the local file system. If you specify the - option after the -O option, wget writes the contents of the downloaded file directly to the standard output (stdout) of the terminal. The latter is useful, for example, for reading GPG key files if these keys are then to be added directly to the keychain.

And that's exactly what we want to do with the apt-key command. With apt-key, various commands can be used to perform actions that are carried out with the keychain.

For example, the apt-key add command adds a new key to the keychain. This key can either be stored in a file and read from there or forwarded from a previous command via the standard output of the terminal (stdout) to the standard input (stdin) for processing apt-key add. The latter is instructed by - at the end of the command.

Since this mongodb-org package is located on external mongodb http or ftp servers, these external servers must be made known to the system as confidential sources by making a corresponding list file entry in the /etc/apt/source.list.d directory.

Create the list file /etc/apt/sources.list.d/mongodb-org-4.2.list for your version of Ubuntu.

echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list

note: With echo, strings and variables can be displayed line by line on the standard terminal output stdout. The string to be output is specified either with single quotation marks 'string' or with double quotation marks "string". Thus with the command echo 'this is an example' "this is an example" can be shown directly in the terminal.

The pipe operator | belongs to the terminal redirects and forwards the output of a command instead of stdout directly to stdin of another command. The subsequent command can then process the result or the output of the first command. In this case here, the output of a string is forwarded to the tee command.

tee reads from the standard input stdin and doubles the read data. The data is then forwarded once to a file and to the standard edition stdout.

Now the GPG key has been added to the keychain and apt can use it to verify the mongodb-org package. In addition, the source directory of the installation packages is known to the system as a verified external source in the list file.

Installation with apt can now begin.

note: APT (Advanced Packaging Tool) is the command line tool for managing installation packages in Debian Linux. Ubuntu and other Linux distributions that come from Debian Linux also use APT. apt is the successor to apt-get and offers a different but also a wider range of functions. The commands of apt are essentially the same as those of apt-get.

Issue the following commands in the terminal.

:# sudo apt-get update

:# sudo apt-get install -y mongodb-org

The repository index is updated with upgrade. This should always be done before each installation. The -y option ensures that all interactive questions are answered with yes during the installation.

After the installation issue the following commands to check the status, start, stop and restart the mongod.

:# sudo service mongod status

:# sudo service mongod start

:# sudo service mongod stop

:# sudo service mongod restart

Mongodb comes with 3 standard dbs pre installed:

  • admin
  • config
  • local

If you want to use mondodb for a project you setup your own database. databases in mongodb contain collections and collections contain the data. So for example you could have the following structure for your project:

your-db -> your-db-users-collection -> your-db-users-collection-user-data

MongoDB by default does not enable client authentication. So you could now setup your new database like your-db and connect to it without authentication. This would mean that everyone in the world is able to access your data.

Thefore you should enable client authentication and follow the given steps. Here we will implement a very simple security concept.

The following steps include the setup of an admin user in standard admin db and the creation of a project database with a seperate user. The admin user will be able to create databases and manage users for all databases in the mondodb instance. Each seperate project database become a seperate user and this user will be the owner and can do everything.

First we create an admin user in mongo shell. After we create that admin user we test if authentication works with db.auth and exit mongo shell.

:# mongo

> use admin
switched to db admin

> db
admin

> db.createUser({ user: "myUserAdmin", pwd: "adminpassword", roles: [{ role: "userAdminAnyDatabase", db: "admin" }, {"role" : "readWriteAnyDatabase", "db" : "admin"}] })

> db.auth("myUserAdmin", "adminpassword")
1

> show users
{
    "_id" : "admin.myUserAdmin",
    "userId" : UUID("5cbe2fc4-1e54-4c2d-89d1-317340429571"),
    "user" : "myUserAdmin",
    "db" : "admin",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        },
        {
            "role" : "readWriteAnyDatabase",
            "db" : "admin"
        }
    ],
    "mechanisms" : [
        "SCRAM-SHA-1",
        "SCRAM-SHA-256"
    ]
}

> exit

In this case the admin user got the role userAdminAnyDatabase and the role readWriteAnyDatabase. With userAdminAnyDatabase the admin user will be able to create, update, delete users on all databases except local and config.

readWriteAnyDatabase provides all the privileges to read plus the ability to modify data on all non-system collections.

Then open /etc/mongod.conf file in your editor an add the following lines to the file if they do not already exist. Therefore pls. note the security: option (security: authorization: enabled).

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1


#processManagement:

#security:
security:
  authorization: enabled

#operationProfiling:

#replication:

#sharding:

## Enterprise-Only Options:

#auditLog:

#snmp:

Pls. note the net:option (net: port: 27017 bindIp: 127.0.0.1). For security reasons it is necessary that the mongodb instance only connects on the loopback interface (127.0.0.1). Mongodb may only accept connections from this interface and never from outside, such as from an interface that is connected to the internet. Therefore bindIp must be configured with 127.0.0.1 in mongod.conf as is the case in this configuration above.

Then you should stop and start or simply restart your mongod.

:# sudo service mongod restart

Authentication is now enabled and we can logon with the admin user to a create a new project database with a user that will be the owner.

:# mongo

> use admin
switched to db admin

> db.auth("myUserAdmin", "adminpassword")
1

> use yourdatabase
switched to db yourdatabase

> db.createUser({ user: "youruser", pwd: "yourpassword", roles: [{ role: "dbOwner", db: "yourdatabase" }] })

> db.auth("youruser", "yourpassword")
1

> exit

The database owner can perform any administrative action on yourdatabase (database that has just been created by the admin). The owner role is something like the master role and combines privileges granted by the readWrite, dbAdmin and userAdmin roles.

Now you can connect to yourdatabase using the following connection string.

mongodb://youruser:yourpassword@localhost/yourdatabase

Install Mongoose local package in a project directory

Mongoose offers a schema-based solution to apply modeling and structure to application data and then to save the data in a Mongodb. mongoose is an open source node.js package and is ideal for the development of database-based node js web applications such as node express.

note: This article focuses on the installation and commissioning of Mongodb. Mongoose is required for the development of node js applications and is only briefly described here. Scheme and data modeling as well as CRUD application examples are explained in one of the next articles in the context of an express application.

Suppose we have created a project directory called express on our computer. Then we will now change to this directory and list all currently installed npm packages with the command npm list --depth 0.

:# cd /software/dev/express

:# npm list --depth 0

In the project directory, the following command is executed in the terminal to install mongoose for your project.

:# npm install mongoose

server@1.0.0 /home/patrick/software/dev/express
`-- mongoose@5.8.9  extraneous

**note: ** If you have problems with installing packages pls. create the package.json file with all the dependencies and then run npm install.

:# cat package.json

{
  "name": "server",
  "version": "1.0.0",
  "private": true,
  "description": "this is test node application",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "start": "node server.js"
  },
  "author": "Patrick Rottländer",
  "license": "ISC",
  "dependencies": {
    "envy": "^2.0.0",
    "express": "^4.17.1",
    "mongoose": "^5.8.3"
  },
  "devDependencies": {}
}

:# npm install