Scenarios

This section describes how to connect to a single-node instance using the MongoDB client over private networks.

The MongoDB client can connect to a DB instance with a common connection or an encrypted connection (SSL). To improve data transmission security, you are advised to connect to DB instances using the SSL connection.

Different OS scenarios: The following uses Linux ECS and Window client as an example.

• For best practices about connections to DB instances over private networks, see Connecting to a DB Instance Through an ECS.

Constraints

For details about constraints on connecting to a single node instance over private networks, see Constraints.

Prerequisites

1. For details on how to create and log in to an ECS, see Purchasing an ECS and Logging In to an ECS.
2. Install the MongoDB client on the ECS.

   For details on how to install a MongoDB client, see How Can I Install a MongoDB Client?

Connecting to a DB Instance Using the MongoDB Client (SSL)

1. On the Instance Management page, click the target DB instance.
2. In the navigation pane on the left, choose Connections.
3. In the Basic Information area, click next to the SSL field.
4. Upload the root certificate to the ECS to be connected to the DB instance.

   The following describes how to upload the certificate to a Linux and Window ECS:

   • In Linux, run the following command:
     scp <IDENTITY_FILE> <REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>

     

     • IDENTITY_FILE indicates the directory where the root certificate resides. The file access permission is 600.
     • REMOTE_USER indicates the ECS OS user.
     • REMOTE_ADDRESS indicates the ECS address.
     • REMOTE_DIR indicates the directory of the ECS to which the root certificate is uploaded.
   • In Windows, upload the root certificate using the remote connection tool.

5. Connect to a DDS DB instance.
   • Method 1: Using Linux commands

     ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

     Enter the database account password when prompted:

     Enter password:

   • Method 2: Using the private connection address

     ./mongo mongodb://rwuser:****@<DB_HOST>:<DB_PORT>/test?authSource=admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

     The connection information can be obtained in the Address column on the Instance Management page.

     Figure 1 Connections
     
   

   • A single node instance uses the management IP address to generate SSL certificate. --sslAllowInvalidHostnames is needed for the SSL connection over private networks.
   • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list on the Connections page.
   • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.
   • DB_USER indicates the database account name. The default value is rwuser.
   • **** indicates the password of the database account. If you use the connection address to connect to a DB instance:
     • If the password contains the at sign (@), change @ to %40.
     • If the password contains the exclamation mark (!), add an escape character (\) before the exclamation mark (!).
   • FILE_PATH indicates the path where the root certificate is stored.
   • Connect to the DB instance using Linux commands. The following is an example command:

     ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

   • Connect to the DB instance using the private connection address. The following is an example command:

     ./mongo mongodb://rwuser:****@192.168.1.6:8635/test?authSource=admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

6. Check the connection result. If the following information is displayed, the connection is successful.

   replica:PRIMARY>

Connecting to a DB Instance Using the MongoDB Client (Non-SSL)

If you connect to a DB instance using this method, you need to disable the SSL connection. For details about how to disable the SSL connection, see section Enabling or Disabling SSL.

1. Connect to the ECS.
2. Connect to a DDS DB instance.
   • Method 1: Using Linux commands

     ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

     Enter the database account password when prompted:

     Enter password:

   • Method 2: Using the private connection address

     ./mongo mongodb://rwuser:****@<DB_HOST>:<DB_PORT>/test?authSource=admin

     The connection information can be obtained in the Address column on the Instance Management page.

   

   • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list on the Connections page.
   • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.
   • DB_USER indicates the database account name. The default value is rwuser.
   • **** indicates the password of the database account. If you use the connection address to connect to a DB instance:
     • If the password contains the at sign (@), change @ to %40.
     • If the password contains the exclamation mark (!), add an escape character (\) before the exclamation mark (!).
   • Connect to the DB instance using Linux commands. The following is an example command:

     ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin

   • Connect to the DB instance using the private connection address. The following is an example command:

     ./mongo mongodb://rwuser:****@192.168.1.6:8635/test?authSource=admin

3. Check the connection result. If the following information is displayed, the connection is successful.

   replica:PRIMARY>