4.5.4. Install MongoDB Atlas Applier

Note

The steps in this section relate specifically to applying to a MongoDB Atlas Instance. For configuring the applier to work with standatd MongoDB, please refer to the following section: Section 4.5.3, “Install MongoDB Applier”

Installation of the MongoDB replication requires special configuration of the Source and Target hosts so that each is configured for the correct datasource type.

To configure the Applier replicators:

  1. Before installing the applier, the following addition needs adding to the extractor configuration. Apply the following parameters on the extractor host, update the extractor using the details below, and then install the applier

    • For Staging installs:

      shell> cd tungsten-replicator-6.1.25-6
      shell> ./tools/tpm configure alpha \
      --enable-heterogeneous-master=true
      shell> ./tools/tpm update
    • For INI installs: Add the following the /etc/tungsten/tungsten.ini

      [alpha]
      ...Existing Replicator Config...
      enable-heterogeneous-master=true
      
      shell> tpm update
  2. Unpack the Tungsten Replicator distribution in staging directory:

    shell> tar zxf tungsten-replicator-6.1.25-6.tar.gz
  3. Change into the staging directory:

    shell> cd tungsten-replicator-6.1.25-6
  4. Configure the installation using tpm:

    Show Staging

    Show INI

    shell> ./tools/tpm configure defaults \
        --reset \
        --install-directory=/opt/continuent \
        --profile-script=~/.bash_profile \
        --disable-security-controls=false \
        --rmi-ssl=false \
        --thl-ssl=false \
        --rmi-authentication=false \
        --rest-api-admin-user=apiuser \
        --rest-api-admin-pass=secret
    
    shell> ./tools/tpm configure alpha \
        --master=sourcehost \
        --members=localhost \
        --datasource-type=mongodb \
        --replication-user=tungsten \
        --replication-password=secret \
        --svc-applier-filters=dropstatementdata \
        --role=slave \
        --replication-host=atlasendpoint.mongodb.net \
        --replication-port=27017 \
        --property=replicator.applier.dbms.connectString=mongodb+srv://${replicator.global.db.user}:${replicator.global.db.password}@${replicator.global.db.host}/?retryWrites=true&w=majority
    
    shell> vi /etc/tungsten/tungsten.ini
    [defaults]
    install-directory=/opt/continuent
    profile-script=~/.bash_profile
    disable-security-controls=false
    rmi-ssl=false
    thl-ssl=false
    rmi-authentication=false
    rest-api-admin-user=apiuser
    rest-api-admin-pass=secret
    
    [alpha]
    master=sourcehost
    members=localhost
    datasource-type=mongodb
    replication-user=tungsten
    replication-password=secret
    svc-applier-filters=dropstatementdata
    role=slave
    replication-host=atlasendpoint.mongodb.net
    replication-port=27017
    property=replicator.applier.dbms.connectString=mongodb+srv://${replicator.global.db.user}:${replicator.global.db.password}@${replicator.global.db.host}/?retryWrites=true&w=majority
    

    Configuration group defaults

    The description of each of the options is shown below; click the icon to hide this detail:

    Click the icon to show a detailed description of each argument.

    Configuration group alpha

    The description of each of the options is shown below; click the icon to hide this detail:

    Click the icon to show a detailed description of each argument.

  5. Once the prerequisites and configuring of the installation has been completed, the software can be installed:

    shell> ./tools/tpm install

If the installation process fails, check the output of the /tmp/tungsten-configure.log file for more information about the root cause.

Important

The above example assumes SSL is not enabled between the extractor and applier replicators.

If SSL is required, then you must omit the following properties from the example configs displayed above, or change the values to true: rmi-ssl=false, thl-ssl=false, rmi-authentication=false

Once you have installed the replicator, there are a few more steps required to allow the replicator to be able to authenticate with MongoDB Atlas.

4.5.4.1. Import MongoDB Atlas Certificates

MongoDB Atlas requires TLS connections for all Atlas Clusters, therefore we need to configure the replicator to recognise this.

Note

From May 1, 2021, MongoDB Atlas has moved to new TLS Certificiates using ISRG instead of IdenTrust for their root Certificate Authority.

All new clusters created after this time, or any existing clusters that have since been migrated to this new root CA will need to follow the correct procedure to configure the replicator. Both procedures are below, follow the correct one that relates to your configuration.

For MongoDB Atlas Cluster created PRIOR to May 1, 2021, or that have not yet migrated to the new LetsEncrypt root Certificate:

  1. Using the correct Atlas Endpoint, issue the following command to retrieve the Atlas certificates

    shell> openssl s_client -showcerts -connect atlas-endpoint.mongodb.net:27017
  2. The output may be quite long and will include at least two certificates bound by the header/footer as follows

    -----BEGIN CERTIFICATE-----
    xxxx
    xxxx
    -----END CERTIFICATE-----

    Copy each certificate, including the header/footer, into individual files

  3. Using keytool, we now need to load each certificte into the truststore that was created during the replicator installation. Repeat the example below for each certificate, ensuring you use a unique alias name for each certificate.

    shell> keytool -import -alias your-alias1 -file cert1.cer -keystore /opt/continuent/share/tungsten_truststore.ts

    When prompted, the default password for the truststore will be tungsten unless you specified a different password during installation

  4. Once this is complete, you can now start the replicator

    shell> replicator start

For MongoDB Atlas Cluster created AFTER May 1, 2021, or that have been migrated to the new LetsEncrypt root Certificate:

  1. Obtain the LetsEncrypt root Certificate from here

  2. Copy the certificate into a file called letsencrypt.pem in the home directory of the applier host, including the BEGIN an END header/footer, for example:

    -----BEGIN CERTIFICATE-----
    xxxx
    xxxx
    -----END CERTIFICATE-----
  3. Using keytool, we now need to import this certificte into the truststore that was created during the replicator installation.

    shell> keytool -import -alias letsencrypt -file letsencrypt.pem -keystore /opt/continuent/share/tungsten_truststore.ts

    When prompted, the default password for the truststore will be tungsten unless you specified a different password during installation

  4. Once this is complete, you can now start the replicator

    shell> replicator start

Once the replicators have started, the status of the service can be checked using trepctl. See Section 4.5.5, “Management and Monitoring of MongoDB Deployments” for more information.