MongoDB Tip: 4.0.x encryption at rest

-
I just want to quickly document what to look for in the log when we have successfully enable encryption at rest for mongodb database

create keyfile

openssl rand -base64 32 > monogdb-ear-keyfile

copy the ear-keyfile into /etc

chmod 600 /etc/mongodb-ear-keyfile

mongod --port 17017 --dbpath /data/earTest/ --logpath /data/earTest/ear.log --enableEncryption --encryptionKeyFile /data/earTest/mongodb-ear-keyfile --fork

check the log after mongod is started

If you see this line, then your mongod has successfully launched in encryption at rest mode

2019-08-05T09:48:12.555-0400 I STORAGE  [initandlisten] Encryption key manager initialized with key file: /etc/monogdb-ear-key


Comments

Post a Comment

Popular posts from this blog

MongoDB Ops Manager Basic Installation and Configuration

-
Image
This post is just a quick guide of MongoDB Ops Manager basic installation and configuration. The bare minimum of getting an instance of MongoDB Ops Manager up and running. We will be working with the latest version of the OpsManager, release version 3.4.7. Prerequisite: To start fresh, we remove any mongodb related RPM. I had Mongod installed as well, therefore, I have extras to be removed. [root@msdlva-dsnops01 ~]# yum autoremove $(rpm -qva | grep mongo) Loaded plugins: langpacks, product-id, rhnplugin, search-disabled-repos, subscription-manager This system is receiving updates from RHN Classic or Red Hat Satellite. Resolving Dependencies --> Running transaction check ---> Package mongodb-enterprise.x86_64 0:3.4.6-1.el7 will be erased ---> Package mongodb-enterprise-mongos.x86_64 0:3.4.6-1.el7 will be erased ---> Package mongodb-enterprise-server.x86_64 0:3.4.6-1.el7 will be erased ---> Package mongodb-enterprise-shell.x86_64 0:3.4.6-1.el7 will be erased...
Read more

Oracle Goldengate Extract, Pump, and Replicat

-
This is just a quick demonstration of setting up extract, pump, and replicate. I prefer to edit the prm files at OS level, but we can also do GGSCI> edit param esource to enter the vi mode to create the prm file. Here are the sample prm files used in the demonstration: prm files: -------------------------------- Source: (2 processes) ~~~~~~~~~~~~~~~~ esource.prm ~~~~~~~~~ EXTRACT ESOURCE SETENV (ORACLE_SID=source) SETENV (ORACLE_HOME="/source/app/oracle/product/11.2.0.3") userid ggg, password ggg EXTTRAIL /ggSource/app/goldengate/product/12.1.0/dirdat/es --Resolves the TABLES to be replicated when they first encounter a dml operation WILDCARDRESOLVE DYNAMIC --Reduce the system I/O overhead of redolog reads EOFDELAY 5 TABLE mine.table; psource.prm ~~~~~~~~~ EXTRACT PDWDSPRD SETENV (ORACLE_SID=source) SETENV (ORACLE_HOME="/source/app/oracle/product/11.2.0.3") userid ggg, password ggg RMTHOST targetServer.example.net, MGRPO...
Read more

Oracle Goldengate Extract and Replicat within same DB from one schema to another plus some issues and fixes

-
This is a quick guide for GoldenGate replication within the same database from one schema to another. Dblogin and add checkpoint table GGSCI > dblogin userid ggs_owner, password ggs_owner GGSCI > add checkpointtable ggg.chk extract parameter file: es1.prm GGSCI > edit param es1 vi mode EXTRACT es1 SETENV (ORACLE_SID=orcl) SETENV (ORACLE_HOME="/a01/app/oracle/product/11.2.0/dbhome_1") userid ggg, password ggg EXTTRAIL /gg_01/app/goldengate/product/12.1.0/dirdat/ea WILDCARDRESOLVE DYNAMIC EOFDELAY 5 TABLE S1.T1; TABLE S2.T2; replicat parameter file: rs1.prm GGSCI > edit param rs1 vi mode REPLICAT rs1 ASSUMETARGETDEFS SETENV (ORACLE_SID=orcl) SETENV (ORACLE_HOME="/a01/app/oracle/product/11.2.0/dbhome_1") REPERROR (-1, IGNORE) REPERROR (1403, IGNORE) userid ggg, password ggg dboptions nosuppresstriggers HANDLECOLLISIONS MAP S1.T1, TARGET S2.T1; MAP S1.T2, TARGET S2.T2; Configure extract process: GGSCI > ADD EXTRACT ES1, TRAN...
Read more