Getting the credentials and determining the primary set member

The administrator must get the credentials and determine the primary replica set member. Then, the administrator must choose an option for backing up: either using MongoDB CE pods internally, or by using port forwarding.

Before you begin

You need to log in by using oc and have administrative privileges for the mongoce namespace.

Procedure

  1. Get the credentials.

    The password for the admin user is contained in the secret mas-mongo-ce-admin-admin in the mongoce namespace.

    1. Get the encoded admin password and decode data.password from the secret.
      oc get secret mas-mongo-ce-admin-admin -n mongoce -o yaml  | yq .data.password |  base64 -d
    2. Get the encoded ca.crt and decode it.
      oc get secret mongo-ca-secret -n mongoce -o yaml | yq '.data["ca.crt"]' | base64 -d > /tmp/ca.crt
  2. Determine the primary replica set member.
    1. Enter the MongoDB container of any of the MongoDB replica set member pods in the pod mas-mongo-ce and get a copy.
      By default, it can be any of the following pods:
      • as-mongo-ce-0
      • mas-mongo-ce-1
      • mas-mongo-ce-2
      Note: Any of the listed pods are valid. The example uses mas-mongo-ce-0.
      oc exec -it mas-mongo-ce-0 -c mongod --namespace mongoce bash
    2. Optional: The latest version of the MongoCE Community operator uses a random path to the Certificate Authority (CA). To find the path to the CA in the container, run:
      oc exec -it mas-mongo-ce-0 -c mongod --namespace mongoce -- bash -c "cat /data/automation-mongod.conf"
      This command outputs the mongod config file and the path to the CA file.
      oc exec -it mas-mongo-ce-0 -c mongod --namespace mongoce -- bash -c "cat /data/automation-mongod.conf"
      net:
        bindIp: 0.0.0.0
        port: 27017
        tls:
          CAFile: /var/lib/tls/ca/10f4a08a1c4ec1c05b550811eda26dc91b8f0e8baf86c37235630373b8e13096.pem
          allowConnectionsWithoutCertificates: true
          allowInvalidCertificates: true
          allowInvalidHostnames: true
          certificateKeyFile: /var/lib/tls/server/870b9305462bfba1006a0d2af677de0ad5df1db15307313f03902ae55cef1b09.pem
          mode: requireTLS
      replication:
        replSetName: mas-mongo-ce
      security:
        authorization: enabled
        keyFile: /var/lib/mongodb-mms-automation/authentication/keyfile
      setParameter:
        authenticationMechanisms: SCRAM-SHA-256,SCRAM-SHA-1
      storage:
        dbPath: /data
        wiredTiger:
          engineConfig:
            journalCompressor: snappy
      
    3. Inside the mongod container, make a connection to the replica set.
      mongo "mongodb://admin:{decodedPassword}@mas-mongo-ce-0.mas-mongo-ce-svc.mongoce.svc.cluster.local:27017,mas-mongo-ce-1.mas-mongo-ce-svc.mongoce.svc.cluster.local:27017,mas-mongo-ce-2.mas-mongo-ce-svc.mongoce.svc.cluster.local:27017/admin?replicaSet=mas-mongo-ce"  --tls --tlsCAFile=/var/lib/tls/ca/ca.crt
    4. Use the mongo shell and run the db.runCommand("ismaster"); command to make the connection to the replica set.
      db.runCommand("ismaster");
      
      Obtain the service hostname and the pod of the primary replica set member.
      Note: The command displays a result with an attribute that is named primary, which is used to identify the primary replica set member.
      {
          ...
          ...
          ...
      
      	"setName" : "mas-mongo-ce",
      	"setVersion" : 1,
      	"ismaster" : true,
      	"secondary" : false,
      	"primary" : "mas-mongo-ce-0.mas-mongo-ce-svc.mongoce.svc.cluster.local:27017",
      
          ...
          ...
          ...
      }
    5. Exit back to the container shell.
      mas-mongo-ce:PRIMARY> exit
    6. Exit out of the container.
      2000@mas-mongo-ce-0:/$ exit