Skip to content

Instantly share code, notes, and snippets.

@Olliebrown

Olliebrown/configMacPortsMongo.md

Last active March 24, 2024 21:44
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Olliebrown/32a48df35db9c0c5905a017f8a494acb to your computer and use it in GitHub Desktop.
Save Olliebrown/32a48df35db9c0c5905a017f8a494acb to your computer and use it in GitHub Desktop.
Download ZIP
Configuring MongoDB installed from MacPorts
Raw
configMacPortsMongo.md

This is based on https://github.com/codeforamerica/ohana-api/wiki/Installing-MongoDB-with-MacPorts-on-OS-X

the macports version of MongoDB does not come pre-configured and will not run after installing until you change some settings. The instructions linked above describe a way to fix this but they ignore the fact that many of the directories are already created and owned by the user "_mongo". It also runs the daemon as root rather than _mongo. Below is a modified approach that uses the _mongo user and avoids creating unnecessary directories.

Install and Configure MongoDB

  1. Install mongodb with sudo port install mongodb (you probably want to start with a sudo port selfupdate)
  2. Create configuration directory with sudo mkdir /opt/local/etc/mongodb/
  3. Create configuration file with sudo pico /opt/local/etc/mongodb/mongod.conf

Enter the following and hit ctrl+x and save the file.

# configuration file /opt/local/etc/mongodb/mongod.conf

# Store data alongside MongoDB instead of the default, /data/db/
dbpath = /opt/local/var/db/mongodb

# Only accept local connections
bind_ip = 127.0.0.1

# Running as daemon
fork = true

# Take log
logpath = /opt/local/var/log/mongodb/mongodb.log
logappend = true
  1. Change ownership of the config file with sudo chown _mongo:_mongo /opt/local/etc/mongodb/mongod.conf
  2. Create startup alias for your terminal profile to manually start and stop the mongodb instance.

At the Terminal, enter pico ~/.profile and add the following to the end of the file. When done hit ctrl+x and save the file:

alias mongostart="sudo -u _mongo mongod -f /opt/local/etc/mongodb/mongod.conf --httpinterface"

mongostop_func () {
   local mongopid=`less /opt/local/var/db/mongodb/mongod.lock`;
   if [[ $mongopid =~ [[:digit:]] ]]; then
       sudo kill -15 $mongopid;
       echo mongod process $mongopid terminated;
   else
       echo mongo process $mongopid not exist;
   fi
}

alias mongostop="mongostop_func"

Be sure to close the terminal and start it again so the changes take effect.

Now, to start your MongoDB instance, type mongostart and to stop it type mongostop. You can confirm the database is running by visiting http://localhost:28017/ (be sure not to include the --httpinterface option in a production environment).

Secure MongoDB

Out of the box, the database will allow anyone to connect without providing credentials. Here is a way to configure a basic administration account for access to the DB that requires a password.

  1. Start the Server by running mongostart
  2. Start the Mongo Client by running mongo --port 27017
  3. Create an Admin by issuing the following commands in the mongo client:
use admin
db.createUser(
  {
    user: "admin",
    pwd: "abc123",
    roles: [ { role: "root", db: "admin" } ]
  }
)

exit the client by typing exit and hitting enter.

IMPORTANT: Replace abc123 with your own, strong password. You may also want to research the 'role' as root is a very permissive one and may not fit your needs.

  1. Edit the mongostart alias by running pico ~/.profile and change the line:
alias mongostart="sudo -u _mongo mongod -f /opt/local/etc/mongodb/mongod.conf --httpinterface"

to be

alias mongostart="sudo -u _mongo mongod -f /opt/local/etc/mongodb/mongod.conf --httpinterface --auth"

Now, run mongostop, restart your terminal, and start the server again with mongostart.

From now on, you will need to provide credentials any time you connect to the server. For example, if you connect with the command line client it would now be:

mongo --port 27017 -u admin --authenticationDatabase admin -p

and you will be prompted for a password. As you create other databases you will likely want to create individual accounts that have permissions only for that one database and have more restrictive roles. It is not wise to connect using 'admin' except when debugging or performing administration or maintenance.

Note: if you need to change the admin user password (i.e. maybe you forgot to adjust the above script before you ran it?), and you know the old password, you would proceed as follows:

  1. Start the Client with mongo --port 27017 -u admin --authenticationDatabase admin -p and enter the old password.
  2. Execute the commands below in the client:
use admin
db.changeUserPassword("admin", "newStrongPassword")

where "newStrongPassword" is the new password you wish to use.

Now, exit the client with exit and restart the server with mongostop then mongostart. You will now have to provide the new password when you connect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment