Connecting to a DB Instance Using Mongo Shell

Step 1: Buy a DB Instance

1. Go to the Custom Config page.
2. On the displayed page, select a billing mode and configure information about your DB instance. Then, click Next.
   Figure 1 Basic configurations
   
   Figure 2 Administrator settings
   
   Figure 3 Network and required duration
   
   Figure 4 Advanced settings
   
3. On the displayed page, confirm the instance details.
   • For yearly/monthly instances
     • If you need to modify the settings, click Previous.
     • If you do not need to modify the settings, read and agree to the service agreement and click Pay Now to go to the payment page and complete the payment.
   • For pay-per-use instances
     • If you need to modify the settings, click Previous.
     • If you do not need to modify the settings, read and agree to the service agreement and click Submit to start creating the instance.
4. Click Back to Instance List. Click Back to Instance List. You can view and manage the DB instance on the Instances page.
   • When a DB instance is being created, the status displayed in the Status column is Creating. This process takes about 15 minutes. After the creation is complete, the status changes to Available.
   • Yearly/Monthly instances that were purchased in batches have the same specifications except for the instance name and ID.

Step 2: Buy an ECS

1. Go to the Buy ECS page.
2. Configure basic settings and click Next: Configure Network. Keep the region and AZ of the ECS the same as those of the DDS instance to be connected.
   Figure 5 Basic configurations
   
   Figure 6 Selecting an image
   
3. Configure the ECS network information and click Next: Configure Advanced Settings. Keep the VPC and security group of the ECS the same as those of the DDS instance to be connected.
   Figure 7 Network settings
   
   Figure 8 Selecting an EIP
   
4. Configure the ECS password and click Next: Confirm.
   Figure 9 Advanced settings
   
5. Confirm the configurations and click Submit.
   Figure 10 Confirming the configurations
   
6. View the purchased ECS.

Step 3: Configure Security Group Rules

1. Log in to the management console.
2. Click in the upper left corner and select a region and a project.
3. Click in the upper left corner of the page and choose Databases > Document Database Service.
4. On the Instances page, click the instance name. The Basic Information page is displayed.
5. In the Network Information area on the Basic Information page, click the security group.
   Figure 11 Security Group
   

   You can also choose Connections in the navigation pane on the left. On the Private Connection tab, in the Security Group area, click the security group name.

   Figure 12 Security Group
   

6. On the Security Group page, locate the target security group and click Manage Rule in the Operation column.
7. On the Inbound Rules tab, click Add Rule. The Add Inbound Rule dialog box is displayed.
8. Add a security group rule as prompted.
   Figure 13 Add Inbound Rule
   

   Table 1 Inbound rule settings

   Parameter	Description	Example Value
   Priority	The security group rule priority. The priority value ranges from 1 to 100. The default priority is 1 and has the highest priority. The security group rule with a smaller value has a higher priority.	1
   Action	The security group rule actions. Deny rules take precedence over allow rules of the same priority.	Allow
   Protocol & Port	The network protocol required for access. Available options: TCP, UDP, ICMP, or GRE	TCP
   	Port: the port on which you wish to allow access to DDS. The default port is 8635. The port ranges from 2100 to 9500 or can be 27017, 27018, or 27019.	8635
   Type	IP address type. Only IPv4 and IPv6 are supported.	IPv4
   Source	Specifies the supported IP address, security group, and IP address group, which allow access from IP addresses or instances in other security groups. Example: Single IP address: 192.168.10.10/32 IP address segment: 192.168.1.0/24 All IP addresses: 0.0.0.0/0 Security group: sg-abc IP address group: ipGroup-test If you enter a security group, all ECSs associated with the security group comply with the created rule. For more information about IP address groups, see IP Address Group Overview.	0.0.0.0/0
   Description	(Optional) Provides supplementary information about the security group rule. The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).	-

9. Click OK.

Step 4: Connect to a DDS Cluster Instance Using Mongo Shell

• SSL Connection

1. Log in to the management console.
2. Click in the upper left corner and select a region and a project.
3. Click in the upper left corner of the page and choose Databases > Document Database Service.
4. On the Instances page, click the instance name.
5. In the navigation pane on the left, choose Connections.
6. In the Basic Information area, click next to the SSL field.
7. Upload the root certificate to the ECS to be connected to the instance.

   The following describes how to upload the certificate to a Linux and Windows ECS:

   • In Linux, run the following command:
     scp <IDENTITY_FILE><REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>

     NOTE:

     • IDENTITY_FILE is the directory where the root certificate resides. The file access permission is 600.
     • REMOTE_USER is the ECS OS user.
     • REMOTE_ADDRESS is the ECS address.
     • REMOTE_DIR is the directory of the ECS to which the root certificate is uploaded.
   • In Windows, upload the root certificate using a remote connection tool.

8. Connect to the instance in the directory where the MongoDB client is located.

   Method 1: Using the private HA connection address (recommended)

   DDS provides a private HA connection address that consists of IP addresses and ports of all dds mongos nodes in a cluster instance. You can use this address to connect to the cluster instance to improve availability of the cluster instance.

   Command:

   ./mongo <Private HA connection address> --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

   Parameter description:

   • Private HA Connection Address: On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections. Click the Private Connection tab and obtain the connection address of the current instance from the Private HA Connection Address field.
     Figure 14 Obtaining the private HA connection address
     

     The format of the private HA connection address is as follows. The database username rwuser and authentication database admin cannot be changed.

     mongodb://rwuser:<password>@192.168.xx.xx:8635,192.168.xx.xx:8635/test?authSource=admin

     The following table lists the required parameters in the private HA address.

     Table 2 Parameter information

     Parameter	Description
     rwuser	Database username
     <password>	Password for the database username. Replace it with the actual password. If the password contains at signs (@), exclamation marks (!), dollar signs ($), or percent signs (%), replace them with hexadecimal URL codes (ASCII) %40, %21, %24, and %25 respectively. For example, if the password is ****@%***!$, the corresponding URL code is ****%40%25***%21%24.
     192.168.***.***:8635,192.168.***.***:8635	IP addresses and ports of the dds mongos nodes of the cluster instance to be connected.
     test	The name of the test database. You can set this parameter based on your service requirements.
     authSource=admin	The authentication database of user rwuser must be admin. authSource=admin is fixed in the command.

   • FILE_PATH is the path for storing the root certificate.
   • --sslAllowInvalidHostnames: To ensure that the internal communication of the cluster does not occupy resources such as the user IP address and bandwidth, the cluster certificate is generated using the internal management IP address. --sslAllowInvalidHostnames is needed for the SSL connection through a private network.

   Command example:

   ./mongo mongodb://rwuser:<password>@192.168.xx.xx:8635,192.168.xx.xx:8635/test?authSource=admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

   Method 2: Using the private HA connection address (user-defined database and account)

   Command:

   ./mongo <Private HA connection address> --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

   Parameter description:

   • Private HA Connection Address: On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections. Click the Private Connection tab and obtain the connection address of the current instance from the Private HA Connection Address field.
     Figure 15 Obtaining the private HA connection address
     

     The format of the obtained private HA connection address is as follows:

     mongodb://rwuser:<password>@192.168.xx.xx:8635,192.168.xx.xx:8635/test?authSource=admin

     The following table lists the required parameters in the private HA address.

     Table 3 Parameter information

     Parameter	Description
     rwuser	Database username. The default value is rwuser. You can change the value to the username based on your service requirements.
     <password>	Password for the database username. Replace it with the actual password. If the password contains at signs (@), exclamation marks (!), dollar signs ($), or percent signs (%), replace them with hexadecimal URL codes (ASCII) %40, %21, %24, and %25 respectively. For example, if the password is ****@%***!$, the corresponding URL code is ****%40%25***%21%24.
     192.168.***.***:8635,192.168.***.***:8635	IP addresses and ports of the dds mongos nodes of the cluster instance to be connected.
     test	The name of the test database. You can set this parameter based on your service requirements.
     authSource=admin	The authentication database of user rwuser is admin. NOTE: If you use a user-defined database for authentication, change the authentication database in the HA connection address to the name of the user-defined database. In addition, replace rwuser with the username created in the user-defined database.

   • FILE_PATH is the path for storing the root certificate.
   • --sslAllowInvalidHostnames: To ensure that the internal communication of the cluster does not occupy resources such as the user IP address and bandwidth, the cluster certificate is generated using the internal management IP address. --sslAllowInvalidHostnames is needed for the SSL connection through a private network.

   For example, if you create a user-defined database Database and user test1 in the database, the connection command is as follows:

   ./mongo mongodb://test1:<password>@192.168.xx.xx:8635,192.168.xx.xx:8635/Database?authSource=Database --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

   Method 3: Using a private IP address

   Command:

   ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

   Parameter description:

   • DB_HOST is the IP address of the dds mongos node of the cluster instance to be connected.

     Click the instance name. On the Basic Information page, choose Connections > Private Connection, obtain the private IP address of the dds mongos node on the dds mongos tab in the Node Information area.

     Figure 16 Obtaining the private IP address
     

   • DB_PORT is the port of the instance to be connected. The default port is 8635.

     Click the instance name. On the Basic Information page, choose Connections. On the Private Connection tab, obtain the database port information in the Database Port field in the Basic Information area.

     Figure 17 Obtaining the port
     
   • DB_USER is the database user. The default value is rwuser.
   • FILE_PATH is the path for storing the root certificate.
   • --sslAllowInvalidHostnames: To ensure that the internal communication of the cluster does not occupy resources such as the user IP address and bandwidth, the cluster certificate is generated using the internal management IP address. --sslAllowInvalidHostnames is needed for the SSL connection through a private network.

   Enter the password of the database account if the following information is prompted:

   Enter password:

   Command example:

   ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

9. Check the connection result. If the following information is displayed, the connection is successful.

   mongos>

• Unencrypted Connection

1. Connect to the ECS.
2. Connect to the instance in the directory where the MongoDB client is located.

   Method 1: Using the private HA connection address (recommended)

   Command:

   ./mongo "<Private HA Connection Address>"

   Private HA Connection Address: On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections. Click the Private Connection tab and obtain the connection address of the current instance from the Private HA Connection Address field.

   Figure 18 Obtaining the private HA connection address
   

   The format of the private HA connection address is as follows. The database username rwuser and authentication database admin cannot be changed.

   mongodb://rwuser:<password>@192.168.xx.xx:8635,192.168.xx.xx:8635/test?authSource=admin

   The following table lists the required parameters in the private HA address.

   Table 4 Parameter information

   Parameter	Description
   rwuser	Database username.
   <password>	Password for the database username. Replace it with the actual password. If the password contains at signs (@), exclamation marks (!), dollar signs ($), or percent signs (%), replace them with hexadecimal URL codes (ASCII) %40, %21, %24, and %25 respectively. For example, if the password is ****@%***!$, the corresponding URL code is ****%40%25***%21%24.
   192.168.xx.xx:8635,192.168.xx.xx:8635	IP addresses and ports of the dds mongos nodes of the cluster instance to be connected.
   test	The name of the test database. You can set this parameter based on your service requirements.
   authSource=admin	The authentication database of user rwuser must be admin. authSource=admin is fixed in the command.

   Command example:

   ./mongo mongodb://rwuser:<password>@192.168.xx.xx:8635,192.168.xx.xx:8635/test?authSource=admin

   Method 2: Using the private HA connection address (user-defined database and account)

   Command:

   ./mongo "<Private HA Connection Address>"

   Private HA Connection Address: On the Instances page, click the instance name. The Basic Information page is displayed. Choose Connections. Click the Private Connection tab and obtain the connection address of the current instance from the Private HA Connection Address field.

   Figure 19 Obtaining the private HA connection address
   

   The format of the obtained private HA connection address is as follows:

   mongodb://rwuser:<password>@192.168.xx.xx:8635,192.168.xx.xx:8635/test?authSource=admin

   The following table lists the required parameters in the private HA address.

   Table 5 Parameter information

   Parameter	Description
   rwuser	Database username. The default value is rwuser. You can change the value to the username based on your service requirements.
   <password>	Password for the database username. Replace it with the actual password. If the password contains at signs (@), exclamation marks (!), dollar signs ($), or percent signs (%), replace them with hexadecimal URL codes (ASCII) %40, %21, %24, and %25 respectively. For example, if the password is ****@%***!$, the corresponding URL code is ****%40%25***%21%24.
   192.168.xx.xx:8635,192.168.xx.xx:8635	IP addresses and ports of the dds mongos nodes of the cluster instance to be connected.
   test	The name of the test database. You can set this parameter based on your service requirements.
   authSource=admin	The authentication database of user rwuser is admin. NOTE: If you use a user-defined database for authentication, change the authentication database in the HA connection address to the name of the user-defined database. In addition, replace rwuser with the username created in the user-defined database.

   For example, if you create a user-defined database Database and user test1 in the database, the connection command is as follows:

   ./mongo mongodb://test1:<password>@192.168.xx.xx:8635,192.168.xx.xx:8635/Database?authSource=Database

   Method 3: Using a private IP address

   Command:

   ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

   Parameter description:

   • DB_HOST is the IP address of the dds mongos node of the cluster instance to be connected.

     Click the instance name. On the Basic Information page, choose Connections > Private Connection, obtain the private IP address of the dds mongos node on the dds mongos tab in the Node Information area.

     Figure 20 Obtaining the private IP address
     
   • DB_PORT is the port of the instance to be connected. The default port is 8635.

     Click the instance name. On the Basic Information page, choose Connections. On the Private Connection tab, obtain the database port information in the Database Port field in the Basic Information area.

     Figure 21 Obtaining the port
     
   • DB_USER is the database user. The default value is rwuser.
   Enter the password of the database account if the following information is prompted:

   Enter password:

   Command example:

   ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin

3. Check the connection result. If the following information is displayed, the connection is successful.

   mongos>

Step 5: Create a Database and Writing Data to the Database

1. Create a database.

   use dbname

   dbname: indicates the name of the database to be created.

   Figure 22 Creating a database
   

2. After a database is created, insert data into the database so that you can view the database in the database list.
   Figure 23 Inserting data
   
   NOTE:

   There are three system databases created by default: admin, local, and test. If you directly insert data without creating a database, the data is inserted to the test database by default.

   Figure 24 Viewing the database
   

3. View data in the database.
   Figure 25 Viewing data