Setup a MongoDB Server Container using Docker

MacOS Catalina 10.15.3
Docker Desktop 2.2.0.3
MongoDB 3.6



Goals:

• Install a MongoDB server running as a container using Docker.

Install:

• Create the MongoDB Container:
• By default, MongoDB stores data in the /data/db directory within the Docker container. We can mount a directory from the underlying host system to the container running the MongoDB database. This way, data is stored on your host system and is not going to be erased if a container instance fails or be deleted.
• Create a MongoDB Container that stores data into the container:
• docker container create --name=mongodb-3.6 -p 27017:27017 mongo:3.6
• OR, create a MongoDB Container that stores data on the underlying host:
• mkdir -p /Users/marcus/mongodata
• docker container create --name=mongodb-4.2 -p 27042:27017 -v /Users/marcus/mongodata:/data/db mongo:4.2
• OR passing a parameter to the docker container:
• docker run --name mongodb-4.4 -p 27044:27017 -v /Users/marcus/mongodata-v44:/data/db -d mongo:4.4 --replSet rs1 

• The publish parameter (e.g `-p <HOST-PORT>:<CONTAINER-PORT>`) asks Docker to forward traffic incoming on the host’s port <HOST-PORT> to the container’s port <CONTAINER-PORT>. Containers have their own private set of ports, so if you want to reach one from the network, you have to forward traffic to it in this way. Otherwise, firewall rules will prevent all network traffic from reaching your container, as a default security posture.

• Start the MongoDB Container:
• docker start mongodb-3.6
• OR
• docker start mongodb-4.2

• Check the Docker log:
• docker log mongodb-3.6

• Authorization:
• We can create an administrator through  MONGO_INITDB_ROOT_USERNAME  and  MONGO_INITDB_ROOT_PASSWORD  environment variables (-e argument). Like so:
• docker run -d -e MONGO_INITDB_ROOT_USERNAME=<username> -e MONGO_INITDB_ROOT_PASSWORD=<password> mongo:4.2
• Encrypted connections (optional):
• See this tutotial Enable TLS support for MongoDB server  and/or "The 6 Aspects You Must Secure On Your MongoDB Instances"

Tests:

• Check if the container is running:
• docker ps

• Download, install and connect to MongoDB server using the Robo3T software

More Information:

• Authorization:
• To enable authentication, follow the procedure below.
• Start MongoDB without access control:
• mongod
• Connect to the instance:
• mongo
• Create the user administrator:
• use admin
• db.createUser({user: "myUserAdmin", pwd: passwordPrompt(), roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]})
• Shutdown mongod instance:
• db.adminCommand( { shutdown: 1 } )
• Start MongoDB with access control
• mongod --auth

• To Remove a Database Users:
• db.dropUser("user_to_remove")

• To Update a Database User:
• db.updateUser("user_to_update", { ...  })
• db.updateUser("user_to_update", { pwd: "<passwd>"})

• To Remove a Database:
• use db_to_remove
• db.dropDatabase()

• Superuser Roles
• The following roles provide the ability to assign any user any privilege on any database, which means that users with one of these roles can assign themselves any privilege on any database:
• dbOwner role - when scoped to the admin database
• userAdmin role - when scoped to the admin database
• userAdminAnyDatabase role
• The following role provides full privileges on all resources:
• root role - provides access to the operations and all the resources of the readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase, clusterAdmin, restore, and backup combined

• To Backup and Restore Databases:
• Connect to the MongoDB container running on Docker:
• docker exec -it mongodb-3.6 bash
• OR:
• docker exec -it mongodb-3.6 /bin/sh
• Backup
• One compressed file:
• cd
• mongodump --archive=./<bkp-gzip-file-name> --gzip --uri="mongodb://<user>:<pass>@<host>:27017/<db-name>"
• OR, Many files:
• cd
• mongodump --host <host> --port 27017 --username <user> --password <pass> --db <db-name> --out ./<bkp-folder>
• sudo apt update
• sudo apt install zip
• zip -r ./<bkp-file-name>.zip ./<bkp-folder>/<db-name>

• Restore
• Copy the database backup file from source location to the container running mongodb:
• sudo apt update
• sudo apt install -y ssh-client mongo-tools
• cd
• scp <user>@<host>:./<bkp-gzip-file-name> .
• OR:
• scp <user>@<host>:./<bkp-file-name>.zip .
• Restore the database collections and documents.
• PS: Make sure you are using the <user>:<password> with grants on the <db-name> database.
• One compressed file:
• cd
• mongorestore --uri="mongodb://<user>:<pass>@<server-ip>:<port>/<db-name>" --archive=./<bkp-gzip-file-name> --gzip
• PS: The database will be created during the restore with the same original name.
• OR, Many files:
• cd
• unzip <bkp-file-name>.zip -d .
• mongorestore --uri="mongodb://<user>:<pass>@<server-ip>:<port>/?authSource=<db-name>" -d <db-name> ./<bkp-folder>/<db-name>

• Rename Database:
• mongo --port 27017 -u "<user>" -p --authenticationDatabase "admin"
• show dbs
• use <db-name>
• show collections
• show users
• db.copyDatabase("old-db-name","new-db-name")
• use old-db-name
• db.dropDatabase()
• exit

• Executing the Docker Command without Sudo:
• sudo usermod -aG docker $USER

References:

• MongoDB Docker Official Images 
• Getting Started with MongoDB – Setting up admin and user accounts
• MongoDB Manual - Built-In Roles
• How to setup user authentication in MongoDB 4.0
• How to Add a New User to a MongoDB Database
• The 6 Aspects You Must Secure On Your MongoDB Instances

If you like this content, feel free to

buy me a Coffee $1,00 USD