Getting the credentials and determining the primary set member
The administrator must get the credentials and determine the primary replica set member. Then, the administrator must choose an option for backing up: either using MongoDB CE pods internally, or by using port forwarding.
Before you begin
Procedure
- Get the credentials.
The password for the admin user is contained in the secret mas-mongo-ce-admin-admin in the mongoce namespace.
- Get the encoded admin password and decode data.password from the
secret.
oc get secret mas-mongo-ce-admin-admin -n mongoce -o yaml | yq .data.password | base64 -d
- Get the encoded ca.crt and decode it.
oc get secret mongo-ca-secret -n mongoce -o yaml | yq '.data["ca.crt"]' | base64 -d > /tmp/ca.crt
- Get the encoded admin password and decode data.password from the
secret.
- Determine the primary replica set member.
- Enter the MongoDB container of any of the MongoDB replica set member pods in the pod mas-mongo-ce and get a
copy. By default, it can be any of the following pods:
- as-mongo-ce-0
- mas-mongo-ce-1
- mas-mongo-ce-2
Note: Any of the listed pods are valid. The example uses mas-mongo-ce-0.oc exec -it mas-mongo-ce-0 -c mongod --namespace mongoce bash
- Optional: The latest version of the MongoCE Community operator uses a
random path to the Certificate Authority (CA). To find the path to the CA in the container,
run:
This command outputs the mongod config file and the path to the CA file.oc exec -it mas-mongo-ce-0 -c mongod --namespace mongoce -- bash -c "cat /data/automation-mongod.conf"
oc exec -it mas-mongo-ce-0 -c mongod --namespace mongoce -- bash -c "cat /data/automation-mongod.conf" net: bindIp: 0.0.0.0 port: 27017 tls: CAFile: /var/lib/tls/ca/10f4a08a1c4ec1c05b550811eda26dc91b8f0e8baf86c37235630373b8e13096.pem allowConnectionsWithoutCertificates: true allowInvalidCertificates: true allowInvalidHostnames: true certificateKeyFile: /var/lib/tls/server/870b9305462bfba1006a0d2af677de0ad5df1db15307313f03902ae55cef1b09.pem mode: requireTLS replication: replSetName: mas-mongo-ce security: authorization: enabled keyFile: /var/lib/mongodb-mms-automation/authentication/keyfile setParameter: authenticationMechanisms: SCRAM-SHA-256,SCRAM-SHA-1 storage: dbPath: /data wiredTiger: engineConfig: journalCompressor: snappy
- Inside the mongod container, make a connection to the replica
set.
mongo "mongodb://admin:{decodedPassword}@mas-mongo-ce-0.mas-mongo-ce-svc.mongoce.svc.cluster.local:27017,mas-mongo-ce-1.mas-mongo-ce-svc.mongoce.svc.cluster.local:27017,mas-mongo-ce-2.mas-mongo-ce-svc.mongoce.svc.cluster.local:27017/admin?replicaSet=mas-mongo-ce" --tls --tlsCAFile=/var/lib/tls/ca/ca.crt
- Use the mongo shell and run the db.runCommand("ismaster"); command
to make the connection to the replica set.
db.runCommand("ismaster");
Obtain the service hostname and the pod of the primary replica set member.Note: The command displays a result with an attribute that is named primary, which is used to identify the primary replica set member.{ ... ... ... "setName" : "mas-mongo-ce", "setVersion" : 1, "ismaster" : true, "secondary" : false, "primary" : "mas-mongo-ce-0.mas-mongo-ce-svc.mongoce.svc.cluster.local:27017", ... ... ... }
- Exit back to the container shell.
mas-mongo-ce:PRIMARY> exit
- Exit out of the container.
2000@mas-mongo-ce-0:/$ exit
- Enter the MongoDB container of any of the MongoDB replica set member pods in the pod mas-mongo-ce and get a
copy.