Installing the MongoDB for use with BMC AMI DevX Total Test Repository Server

This section describes how to install MongoDB on Linux and set it up for authentication, SSL communication and replication. Most information has been taken from the MongoDB website that provides excellent descriptions of the installation and configuration of MongoDB, (see https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/ for how to install on RHEL. Guides on installing on other Linux and Windows distributions can also be found here.)

Configuration for external access

After installing MongoDB, open the mongod.conf file (in Windows it is called mongod.cfg) and modify the net.bindIp property to also contain the ip-address/domain name of the server used by BMC AMI Products for Web to access it, or remove it. This is only necessary when MongoDB is not installed on the same server as BMC AMI Products for Web and mongod.cfg located in C:\Program Files\MongoDB\server\4.0\bin. It uses a mongod.conf configuration file located in the /etc folder on MongoDB. This file specifies if the authentication is required, if SSL is used, what (local) IP address it is listening at, and if it is part of a replicate set.

If the bindIP property is not defined, the mongod daemon will listen on all network interfaces at the server.

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1,192.168.186.166

Setup authentication

For production usage, MongoDB should be setup with authentication so only authorized users are allowed to access the database. Setup of authentication is described in this MongoDB tutorial: https://docs.mongodb.com/manual/tutorial/enable-authentication/  

Here we describe the same process step by step with BMC AMI Products for Web settings and without too much explanation.

  1. Start a Mongo shell with the command from a terminal: mongo

  2. Create an administrator in the admin database.

    use admin
    db.createUser(  
    {     user: "admin",
          pwd: "xa4mongo",     
          roles: [ { role: "userAdminAnyDatabase", db: "admin" }]   
    }
    )

  3. Change the /etc/mongod.conf file to contain the line 

    security.authorization: enabled

  4. Restart the mongod process with the command 

    sudo service mongod restart

  5. Start a mongo shell from a terminal with the command 

    mongo --port 27017 -u "admin" -p “xa4mongo" --
    authenticationDatabase "admin"

  6. Create a BMC AMI Products for Web user that is allowed read/write access to the xatester-repository database

    use xatester-repository
    db.createUser(
    {     user: "xatester",
               pwd: "xa4mongo",
           roles: [ { role: "readWrite", db: "xatester-repository" }]
        }
    )

It is now possible to connect with authentication to the xatester-repository database by using the user ID xatester and password xa4mongo

The Total TestRepository Server must also be Set up to use authentication to MongoDB. In the application.properties file, you have to set the properties: mongodb.username and mongodb.password and set the mongodb.secured=true. The password can be encrypted by using the encrypter.sh utility program described in Appendix D, or when installing CES and choosing authorization for MongoDB. Start the Total TestRepository Server after making changes to the application.properties file and check the server log (write path to the log directory for Total Test) that a connection has successfully been established to MongoDB.

Set up SSL

The MongoDB server can be setup to use SSL. It is documented how-to in this tutorial: https://docs.mongodb.com/manual/tutorial/configure-ssl/

To setup SSL

  1. Before setting up SSL for a MongoDB server, a valid certificate and a private key is needed. For non-production usage a self-signed certificate can be generated with the command 

    openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key

  2. MongoDB requires a PEM file that is a concatenation of the certificate and private key. The PEM file can be created with this command: 

    cat mongodb-cert.key mongodb-cert.crt > mongodb.pem

  3. Copy the mongodb.pem file to /etc/ssel/certs and edit the mongod.conf file to require SSL and point to this file:

    net:    
      ssl:       
        mode: requireSSL       
        PEMKeyFile: /etc/ssl/certs/mongodb.pem

  4. Restart mongod 

    sudo service mongod restart

  5. Try connecting from outside with 

    mongo --ssl --host <MongoServerIP> --port 27017 -u "xatester" -p "xa4mongo" --authenticationDatabase "xatester-repository" --sslAllowInvalidCertificates

If it is not possible to connect, then look into the MongoDB log file located at /var/log/mongodb/mongod.log

  1. The Total Test Repository Server also needs to be configured to use SSL for communicating with MongoDB. In the application.properties set the property mongodb.ssl=true.
  2. Install the MongoDB server certificate into the Total Test Repository Server JVM truststore or the xatester.keystore file referenced in the application.properties file.
  3. Restart the Total Test Repository Server application.

Set up replicate set

A MongoDB replicate set with minimum three data nodes distributed across three data centers is recommended for production usage to gain bestability and failover possibility. The setup of a MongoDB replicate set is extensively documented in the official MongoDB manual, https://docs.mongodb.com/manual/replication/, and the steps required are also specified in the install_mongo_rhel.sh scripts. These scripts can be used to setup and configure the replicate set.

When a replicate set has been configured, the ip-address and port of each server must be setup in the BMC AMI Products for Web application.properties file. The property mongodb.uri must contain reference to all servers in the form.

mongodb.uri=<ip-address1>:<port1>,<ip-address2>:<port2>,<ip-address3>:<port3>,


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*