mongodb-secure/install.sh

raw link view readme
1 yum install firewalld -y
2 sed "s/\"80\"/\"27017\"/;s/WWW (HTTP)/Mongo/;/<description>.*/d" /usr/lib/firewalld/services/http.xml > /etc/firewalld/services/mongo.xml
3 systemctl start firewalld
4 systemctl enable firewalld
5 firewall-cmd --permanent --zone=public --add-interface=eth0
6 firewall-cmd --permanent --add-service=mongo --zone=public
7 firewall-cmd --reload
8
9 rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc
10
11 cat > /etc/yum.repos.d/mongodb-org-3.4.repo <<\EOF
12 [mongodb-org-3.4]
13 name=MongoDB Repository
14 baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
15 gpgcheck=1
16 enabled=1
17 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
18 EOF
19
20 yum install mongodb-org -y
21
22 echo never > /sys/kernel/mm/transparent_hugepage/enabled
23 echo never > /sys/kernel/mm/transparent_hugepage/defrag
24
25 fdisk /dev/sdc <
26 n
27 p
28 1
29
30
31 w
32 EOF
33
34 mkfs.xfs /dev/sdc1
35
36 echo "$(xfs_admin -u /dev/sdc1 | sed "s/ //g") /var/lib/mongo xfs defaults,noatime 0 0" >> /etc/fstab
37
38 mount /var/lib/mongo
39
40 chown mongod:mongod /var/lib/mongo
41 chmod g+s /var/lib/mongo
42
43 openssl req -nodes -new -x509 -keyout /var/lib/mongo/mongodb.key -out /var/lib/mongo/mongodb.crt << EOF
44
45
46
47
48
49
50
51
52
53 EOF
54 cat /var/lib/mongo/mongodb.crt /var/lib/mongo/mongodb.key > /var/lib/mongo/mongodb.pem
55
56 restorecon -vR /var/lib/mongo
57
58 sed -i.original "/bindIp/d" /etc/mongod.conf
59 sed -i -E "s/port: ([0-9]+)/port: \1\n http:\n enabled: false\n RESTInterfaceEnabled: false\n ssl:\n mode: requireSSL\n PEMKeyFile: \/var\/lib\/mongo\/mongodb.pem\n #sslCAFile = \/var\/lib\/mongo\/ca.pem/g" /etc/mongod.conf
60
61 systemctl start mongod
62 systemctl enable mongod
63
64 ##+ for user-level security, see the mongodb lab
65