mongodb-secure/install.sh

raw link view readme

1	sed "s/\"80\"/\"27017\"/;s/WWW (HTTP)/Mongo/;/.*/d" /usr/lib/firewalld/services/http.xml > /etc/firewalld/services/mongo.xml
2	systemctl start firewalld
3	systemctl enable firewalld
4	firewall-cmd --permanent --zone=public --add-interface=eth0
5	firewall-cmd --permanent --add-service=mongo --zone=public
6	firewall-cmd --reload
7
8	rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc
9
10	cat > /etc/yum.repos.d/mongodb-org-3.4.repo <<\EOF
11	[mongodb-org-3.4]
12	name=MongoDB Repository
13	baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
14	gpgcheck=1
15	enabled=1
16	gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
17	EOF
18
19	yum install mongodb-org -y
20
21	echo never > /sys/kernel/mm/transparent_hugepage/enabled
22	echo never > /sys/kernel/mm/transparent_hugepage/defrag
23
24	fdisk /dev/sdc <
25	n
26	p
27	1
28
29
30	w
31	EOF
32
33	mkfs.xfs /dev/sdc1
34
35	echo "$(xfs_admin -u /dev/sdc1 \| sed "s/ //g") /var/lib/mongo xfs defaults,noatime 0 0" >> /etc/fstab
36
37	mount /var/lib/mongo
38
39	chown mongod:mongod /var/lib/mongo
40	chmod g+s /var/lib/mongo
41
42	openssl req -nodes -new -x509 -keyout /var/lib/mongo/mongodb.key -out /var/lib/mongo/mongodb.crt << EOF
43
44
45
46
47
48
49
50
51
52	EOF
53	cat /var/lib/mongo/mongodb.crt /var/lib/mongo/mongodb.key > /var/lib/mongo/mongodb.pem
54
55	restorecon -vR /var/lib/mongo
56
57	sed -i.original "/bindIp/d" /etc/mongod.conf
58	sed -i -E "s/port: ([0-9]+)/port: \1\n http:\n enabled: false\n RESTInterfaceEnabled: false\n ssl:\n mode: requireSSL\n PEMKeyFile: \/var\/lib\/mongo\/mongodb.pem\n #sslCAFile = \/var\/lib\/mongo\/ca.pem/g" /etc/mongod.conf
59
60	systemctl start mongod
61	systemctl enable mongod
62
63	##+ for user-level security, see the mongodb lab
64