Continuent Documentation

Manual Home
Tungsten Replicator 7.0 Manual
Page in Other Manuals
Tungsten Clustering (for MySQL) 7.0 Manual
Breadcrumbs
> Tungsten Replicator 7.0 Manual

       > 4. Deploying Appliers

       > 4.5. Deploying the MongoDB Applier
Related Pages
9.8. tpm Configuration Options
9.1. Comparing Staging and INI tpm Methods
Chapters
Preface
1. Introduction
2. Deployment Overview
3. Deploying MySQL Extractors
4. Deploying Appliers
5. Deployment: Advanced
6. Deployment: Security
7. Operations Guide
8. Command-line Tools
9. The tpm Deployment Command
10. Tungsten REST API (APIv2)
11. Replication Filters
12. Performance and Tuning
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
4.5. Deploying the MongoDB Applier
Parent Sections
4.5.2. Preparing for MongoDB Replication
4.5.3. Install MongoDB Applier
4.5.4. Install MongoDB Atlas Applier
4.5.5. Management and Monitoring of MongoDB Deployments
4.5.4. Install MongoDB Atlas Applier
Prev  ^Up4.5. Deploying the MongoDB Applier Next

4.5.4. Install MongoDB Atlas Applier

4.5.4.1. Import MongoDB Atlas Certificates

Note

The steps in this section relate specifically to applying to a MongoDB Atlas Instance. For configuring the applier to work with standatd MongoDB, please refer to the following section: Section 4.5.3, “Install MongoDB Applier”

Installation of the MongoDB replication requires special configuration of the Source and Target hosts so that each is configured for the correct datasource type.

To configure the Applier replicators:

  1. Before installing the applier, the following addition needs adding to the extractor configuration. Apply the following parameters on the extractor host, update the extractor using the details below, and then install the applier

    • For Staging installs:

      copy
      shell> cd tungsten-replicator-7.0.3-141
shell> ./tools/tpm configure alpha \
--enable-heterogeneous-master=true
shell> ./tools/tpm update

    • For INI installs: Add the following the /etc/tungsten/tungsten.ini

      copy
      [alpha]
...Existing Replicator Config...
enable-heterogeneous-master=true

shell> tpm update

  2. Unpack the Tungsten Replicator distribution in staging directory:

    copy
    shell> tar zxf tungsten-replicator-7.0.3-141.tar.gz

  3. Change into the staging directory:

    copy
    shell> cd tungsten-replicator-7.0.3-141

  4. Configure the installation using tpm:

    Show Staging

    copy
    copy
    shell> vi /etc/tungsten/tungsten.ini
    copy
    [defaults]
install-directory=/opt/continuent
profile-script=~/.bash_profile
disable-security-controls=false
rmi-ssl=false
thl-ssl=false
rmi-authentication=false
rest-api-admin-user=apiuser
rest-api-admin-pass=secret

[alpha]
master=sourcehost
members=localhost
datasource-type=mongodb
replication-user=tungsten
replication-password=secret
svc-applier-filters=dropstatementdata
role=slave
replication-host=atlasendpoint.mongodb.net
replication-port=27017
property=replicator.applier.dbms.connectString=mongodb+srv://${replicator.global.db.user}:${replicator.global.db.password}@${replicator.global.db.host}/?retryWrites=true&w=majority

    Configuration group defaults

    The description of each of the options is shown below; click the icon to hide this detail:

    Click the icon to show a detailed description of each argument.

    Configuration group alpha

    The description of each of the options is shown below; click the icon to hide this detail:

    Click the icon to show a detailed description of each argument.

  5. Note

    If you plan to make full use of the REST API (which is enabled by default) you will need to also configure a username and password for API access. This must be done by specifying the following options in your configuration: 

    rest-api-admin-user=tungsten
rest-api-admin-pass=secret

  6. Once the prerequisites and configuring of the installation has been completed, the software can be installed:

    copy
    shell> ./tools/tpm install

If the installation process fails, check the output of the /tmp/tungsten-configure.log file for more information about the root cause.

Important

The above example assumes SSL is not enabled between the extractor and applier replicators.

If SSL is required, then you must omit the following properties from the example configs displayed above, or change the values to true: rmi-ssl=false, thl-ssl=false, rmi-authentication=false

Once you have installed the replicator, there are a few more steps required to allow the replicator to be able to authenticate with MongoDB Atlas.

4.5.4.1. Import MongoDB Atlas Certificates

MongoDB Atlas requires TLS connections for all Atlas Clusters, therefore we need to configure the replicator to recognise this.

Note

From May 1, 2021, MongoDB Atlas has moved to new TLS Certificiates using ISRG instead of IdenTrust for their root Certificate Authority.

All new clusters created after this time, or any existing clusters that have since been migrated to this new root CA will need to follow the correct procedure to configure the replicator. Both procedures are below, follow the correct one that relates to your configuration.

For MongoDB Atlas Cluster created PRIOR to May 1, 2021, or that have not yet migrated to the new LetsEncrypt root Certificate:

  1. Using the correct Atlas Endpoint, issue the following command to retrieve the Atlas certificates

    copy
    shell> openssl s_client -showcerts -connect atlas-endpoint.mongodb.net:27017

  2. The output may be quite long and will include at least two certificates bound by the header/footer as follows 

    -----BEGIN CERTIFICATE-----
xxxx
xxxx
-----END CERTIFICATE-----

    Copy each certificate, including the header/footer, into individual files

  3. Using keytool, we now need to load each certificte into the truststore that was created during the replicator installation. Repeat the example below for each certificate, ensuring you use a unique alias name for each certificate.

    copy
    shell> keytool -import -alias your-alias1 -file cert1.cer -keystore /opt/continuent/share/tungsten_truststore.ts

    When prompted, the default password for the truststore will be tungsten unless you specified a different password during installation

  4. Once this is complete, you can now start the replicator

    copy
    shell> replicator start

For MongoDB Atlas Cluster created AFTER May 1, 2021, or that have been migrated to the new LetsEncrypt root Certificate:

  1. Obtain the LetsEncrypt root Certificate from here

  2. Copy the certificate into a file called letsencrypt.pem in the home directory of the applier host, including the BEGIN an END header/footer, for example: 

    -----BEGIN CERTIFICATE-----
xxxx
xxxx
-----END CERTIFICATE-----

  3. Using keytool, we now need to import this certificte into the truststore that was created during the replicator installation.

    copy
    shell> keytool -import -alias letsencrypt -file letsencrypt.pem -keystore /opt/continuent/share/tungsten_truststore.ts

    When prompted, the default password for the truststore will be tungsten unless you specified a different password during installation

  4. Once this is complete, you can now start the replicator

    copy
    shell> replicator start

Show Copy-friendly Text

Once the replicators have started, the status of the service can be checked using trepctl. See Section 4.5.5, “Management and Monitoring of MongoDB Deployments” for more information.

Show Copy-friendly Text

Prev Up Next
4.5.3. Install MongoDB Applier  ^Level 4.5.5. Management and Monitoring of MongoDB Deployments
Copyright © 2016-2023 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits