Installing MongoDB

Stream requires at least MongoDB version 4.4.2. For support reasons, EVERTRUST recommends to use the latest available version, which is MongoDB 6 at the time of writing.

Stream relies on MongoDB to store its data, whether it be configuration elements or certificate data. The necessary packages are mongodb-org-server, mongodb-mongosh, mongodb-org-tools, mongodb-database-tools and mongodb-org-database-tools-extra. To install and configure MongoDB on a Redhat-based OS, follow these steps using an account with administrative privileges:

Installation with Internet Access

These steps are for when the server has internet access

1. Follow step 1 of the official MongoDB installation tutorial.

2. Run the following command to install the RPMs:

# yum install -y mongodb-org-server mongodb-mongosh mongodb-org-tools mongodb-org-database-tools-extra mongodb-database-tools

Installation without Internet Access

1. Download the .rpm files directly from the MongoDB repository. Downloads are organized by Red Hat / CentOS version (e.g. 7 - do not select the Server folders), then MongoDB release version (e.g. 6.0), then architecture (e.g. x86_64). Upload the files to the server.

2. Run the following command to install the RPMs:

# yum localinstall mongodb-org-server-x.y.z.arch.rpm mongodb-mongosh-x.y.z.arch.rpm mongodb-org-tools-x.y.z.arch.rpm mongodb-org-database-tools-extra-x.y.z.arch.rpm mongodb-database-tools-x.y.z.arch.rpm

Common installation steps

3. Enable the service at startup with the following command:

# systemctl enable mongod

4. Start the mongod service with the following command:

# systemctl start mongod

5. Start the mongosh executable using the following command to check that the database is up and running:

# mongosh

For now, since we did not set up access control, everyone using localhost as DB URI can connect as administrator, which is something that needs to be prevented before setting-up Stream.

The following section is not mandatory to get Stream up and running, but is highly recommended for security purposes.

6. In the mongo shell that was just opened, run the following commands:

> use admin;
> db.createUser(
  {
    user: "stream_db_admin",
    pwd:  "AComplexPassword",
    roles: [ { role: "dbOwner", db: "stream" } ]
  }
)

This way, the created stream_db_admin user has owner permissions on the database named stream.
You can change the stream_db_admin value to what you want to use as database username, the password to be what you want to use as a database password to match your password policies and the database name (the value to the db key) to what you want to use as the stream database. For the password, you can also passwordPrompt() (without quotes) as the password value, which will prompt you for a password upon pressing Enter. Be careful though as this is a password prompt without confirmation.

If you plan on using special characters in the password, be careful as the MongoDB engine has trouble with some of them. For more information on this topic, please refer to the MongoDB documentation.

7. Edit the /etc/mongod.conf file and add the following section at the end:

security:
  authorization: enabled

setParameter:
  enableLocalhostAuthBypass: false

These options will prevent anonymous login to the MongoDB instance and will disable the localhost bypass.

8. Restart the MongoDB daemon to make the changes effective:

# systemctl restart mongod

9. When setting up Stream, use this connection string as the MongoDB URI :

mongodb://stream_db_admin:[email protected]:27017/stream?authSource=admin

If you used another username for the MongoDB user, replace the stream_db_admin part with the username that you used. Replace the AComplexPassword in the URI by the password that you chose when creating the account.
Replace /stream in the URI by /databaseName if you chose to use another name for your Stream database when creating the user.