To install the MongoDB BI Connector, you need to have OpenSSL installed on your system. If not installed, you can use the yum command to install it.
yum -y install openssl Installing MongoDB is very simple; execute the following command to extract:
```bash
tar -xzvf mongodb-bi-linux-x86_64-rhel70-v2.14.2.tgz
## 2.3 Configuration
The configuration file for `mongosqld` uses the YAML format, and most of the parameters also have corresponding command-line arguments.
### 2.3.1 Log Parametersyml
systemLog:
logAppend:
logRotate: "rename" or "reopen"
path:
quiet:
verbosity:
Parameter Description:
Parameter|Type|Default|Corresponding Command-line Argument|Description
-|-|-|-|-
systemLog.logAppend|boolean||--logAppend|Appends the log to the log file specified by `systemLog.path`, `systemLog.logRotate` must be set|
systemLog.logRotate|string|rename|--logRotate|Specifies how the log should rotate, with two options: <br> **rename** : Closes the existing file and renames it by appending an [RFC3339 format](https://www.ietf.org/rfc/rfc3339.txt) timestamp. At the same time, it generates a new log file.<br> **reopen** : Closes and reopens the file.|
systemLog.path|string||--logPath|Specifies the file where the output log should be stored|
systemLog.quiet|boolean||--quiet|Hides all log output|
systemLog.verbosity|integer||--verbose / -v|Setting this option will output more detailed logs|
### 2.3.2 Schema Parametersyml
schema:
path:
maxVarcharLength:
Parameter Description:
Parameter|Type|Default|Corresponding Command-line Argument|Description
-|-|-|-|-
schema.path|string||--schema|Specifies the schema file or directory|
schema.maxVarcharLength|integer||--maxVarcharLength|Specifies the maximum character length of varchar fields; if this length is exceeded, it will be truncated to the specified length, and a warning log will be printed|
### 2.3.3 Sample Data Parametersyml
schema:
sample:
size:
prejoin:
namespaces:
uuidSubtype3Encoding: <[old|csharp|java]>
stored:
mode: <[custom|auto]>
source:
name:
refreshIntervalSecs:
Parameter Description:
Parameter|Type|Default|Corresponding Command-line Argument|Description
-|-|-|-|-
schema.stored.mode|integer|custom|--schemaMode|Configures the sample model for `mongosqld`, must be used in conjunction with `schema.stored.source`, with two options: <br> **custom** : `mongosqld` reads the stored schema from the MongoDB database <br> **auto** : `mongosqld` samples the schema and writes it to the MongoDB database|
schema.stored.source|string||--schemaSource|Specifies the database where schema information is stored|
schema.stored.name|string|defaultSchema|--schemaName|The name used for reading and writing the schema|
schema.sample.size|integer|1000|--sampleSize|The number of documents sampled from each database when collecting schema information|
schema.sample.prejoin|boolean||--prejoin|Schema option used to combine array and non-array data into a single table|
schema.sample.namespaces|string or string array||--sampleNamespaces|Specifies the database and collection to include or exclude in the schema creation data sampling process|
schema.sample.uuidSubtype3Encoding|string||--uuidSubtype3Encoding / -b|Specifies the encoding for generating UUID binary subtypes, includes: <br> **old** : Old representation of BSON binary subtype <br> **csharp** : Legacy UUID representation used by C# or .NET <br> **java** : Legacy UUID representation used by Java|
schema.refreshIntervalSecs|integer|0|--schemaRefreshIntervalSecs|The number of seconds for `mongosqld` to resample to create the schema; by default, it is 0, which means that after the initial sample during connection, no further sampling will occur. The value must be a positive integer|
### 2.3.4 Network Parametersyml
net:
bindIp:
port:
unixDomainSocket:
enabled:
pathPrefix:
filePermissions:
ssl:
mode:
allowInvalidCertificates:
PEMKeyFile:
PEMKeyPassword:
CAFile:
minimumTLSVersion:
Parameter Description:
Parameter|Type|Default|Corresponding Command-line Argument|Description
-|-|-|-|-
net.bindIp|string|127.0.0.1|--host portion of --addr|Specifies the host addresses to listen on, multiple addresses separated by ","|
net.port|integer|3307|--port portion of --addr|Specifies the port to listen on|
net.unixDomainSocket.enabled|boolean||`true` : Indicates listening to the Unix domain socket <br> `false` : Disables listening to the domain socket, equivalent to the command-line argument `--noUnixSocket`|
net.unixDomainSocket.pathPrefix|string|/tmp|--unixSocketPrefix|Specifies the directory for the Unix domain sockets of `mongosqld`, which will create a mysql.sock socket at that path. If not specified, a /tmp/mysql.sock socket will be created|
net.unixDomainSocket.filePermissions|string|448|--filePermissions|Specifies the permissions for the Unix domain socket file|
net.ssl.allowInvalidCertificates|boolean||--sslAllowInvalidCertificates|Allows MySQL clients to provide invalid client TLS/SSL certificates|
net.ssl.mode|string|disabled|--sslMode|Enables or disables TLS/SSL connections to `mongosqld`. Includes these 3 options: <br> **disabled** : `mongosqld` does not accept connections secured with TLS/SSL <br> **allowSSL** : `mongosqld` accepts connections secured with TLS/SSL (this means it also accepts connections not secured with TLS/SSL) <br> **requireSSL** : `mongosqld` **only** accepts connections secured with TLS/SSL|
net.ssl.PEMKeyFile|string||--sslPEMKeyFile|Specifies the `.pem` file containing the TLS/SSL certificate and the key for the MySQL client, which can be specified using a relative or absolute path|
net.ssl.PEMKeyPassword|string||--sslPEMKeyPassword|Specifies the password to decrypt the private key specified by `net.ssl.PEMKeyFile`|
net.ssl.CAFile|string|--sslCAFile|Specifies the `.pem` file for `mongosqld`, which includes the root certificate chain of the certificate authority. Can be specified using a relative or absolute path|
net.ssl.minimumTLSVersion|string|TLS1_1|--minimumTLSVersion|Specifies the minimum TLS version, there are 3 options: **TLS1_0**, **TLS1_1**, **TLS1_2**|
### 2.3.5 Security Parametersyml
security:
enabled:
defaultMechanism:
defaultSource:
gssapi:
hostname:
serviceName:
Parameter Description:
Parameter|Type|Default|Corresponding Command-line Argument|Description
-|-|-|-|-
security.enabled|boolean||--auth|Requires client requests to be authenticated|
security.defaultMechanism|string|SCRAM-SHA-1|--defaultAuthMechanism|Specifies the default authentication mechanism, including **SCRAM-SHA-1**, **SCRAM-SHA-256**, **PLAIN**, **GSSAPI**|
security.defaultSource|string|admin|--defaultAuthSource|Specifies the default source for MongoDB authentication|
security.gssapi.hostname|string|first IP specified by `net.bindIp`|--gssapiHostname|Configures Kerberos authentication FQDN|
security.gssapi.serviceName|string|mongosql|--gssapiServiceName|The service name registered for Kerberos|
security.gssapi.constrainedDelegation|string|False|--gssapiConstrainedDelegation|Uses proxy credentials for Kerberos authorization, enabling constrained delegation|
### 2.3.6 MongoDB Host Parametersyml
mongodb:
versionCompatibility:
net:
uri:
ssl:
enabled:
allowInvalidCertificates:
allowInvalidHostnames:
PEMKeyFile:
PEMKeyPassword:
CAFile:
CRLFile:
FIPSMode:
auth:
username:
password:
source:
mechanism:
gssapiServiceName:
Parameter Description:
Parameter|Type|Default|Corresponding Command-line Argument|Description
-|-|-|-|-
mongodb.versionCompatibility|string||--mongo-versionCompatibility|Limits the capabilities `mongosqld` can offer based on the specified version of MongoDB. Only necessary when replica sets and individual members are using different versions, or when MongoDB is being upgraded in a rolling manner|
mongodb.net.uri|string|mongodb://localhost:27017|--mongo-uri|Specifies the MongoDB connection string|
mongodb.net.ssl.enabled|boolean|False|Indicates whether to use TLS/SSL to connect to a MongoDB instance|
mongodb.net.ssl.allowInvalidCertificates|boolean||--mongo-sslAllowInvalidCertificates|Allows MongoDB to present invalid TLS/SSL certificates|
mongodb.net.ssl.allowInvalidHostnames|boolean||--mongo-sslAllowInvalidHostnames|Allows `mongosqld` to connect to MongoDB with a different hostname than the one in the TLS/SSL certificate|
mongodb.net.ssl.PEMKeyFile|string||--mongo-sslPEMKeyFile|Specifies the `.pem` file that contains the TLS/SSL certificate and the key for `mongosqld` to connect to MongoDB. Can use relative and absolute paths|
mongodb.net.ssl.PEMKeyPassword|string||--mongo-sslPEMKeyPassword|Specifies the file path that contains the certificate and private key for connecting to MongoDB|
mongodb.net.ssl.CAFile|string||--mongo-sslCAFile|Specifies MongoDB's `.pem` file, which contains the root certificate chain of the certificate authority. Can be specified using a relative or absolute path|
mongodb.net.ssl.CRLFile|string||--mongo-sslCRLFile|Specifies the MongoDB `.pem` file that contains the revoked certificate list|
mongodb.net.ssl.FIPSMode|boolean||--mongo-sslFIPSMode|Enables FIPS mode in the installed OpenSSL library|
mongodb.net.ssl.minimumTLSVersion|string||--mongo-minimumTLSVersion|Specifies the minimum version of TLS, with 3 options: **TLS1_0**, **TLS1_1**, **TLS1_2**|
mongodb.net.auth.username|string||--mongo-username / -u|Specifies the username, required only if --auth is enabled. Must be a valid MongoDB user with `listDatabases` permission|
mongodb.net.auth.password|string||--mongo-password / -p|Specifies the user password|
mongodb.net.auth.source|string|admin|--mongo-authenticationSource|Specifies the database used for authentication|
mongodb.net.auth.mechanism|string|SCRAM-SHA-1|--mongo-authenticationMechanism|Specifies the authentication mechanism, including **SCRAM-SHA-1**, **SCRAM-SHA-256**, **PLAIN**, **GSSAPI**|
mongodb.net.auth.gssapiServiceName|string|mongodb|--mongo-gssapiServiceName|Sets the Kerberos SPN for Kerberos authentication|
### 2.3.7 Process Management Parametersyml
processManagement:
service:
name:
displayName:
description:
Parameter Description:
Parameter|Type|Default|Corresponding Command-line Argument|Description
-|-|-|-|-
processManagement.service.name|string||--serviceName|The system service name to run `mongosqld`|
processManagement.service.displayName|string||--serviceDisplayName|The display name of the system service running `mongosqld`|
processManagement.service.description|string||--serviceDescription|The description of the system service running `mongosqld`|
## 2.4 Example Configuration File
Below is a sample configuration file:yml
systemLog:
logAppend: false
path: "/var/log/mongosqld/mongosqld.log"
verbosity: 2
security:
enabled: true
mongodb:
net:
uri: "mongo.example.com:27017"
auth:
username: "root"
password: "changeme"
net:
bindIp: 192.0.2.14
port: 3307
ssl:
mode: "allowSSL"
PEMKeyFile: "/vagrant/certificates/mongosqld-server.pem"
CAFile: "/vagrant/certificates/ca.crt"
schema:
sample:
namespaces: "inventory.*"
processManagement:
service:
name: mongosqld
displayName: mongosqld
description: "BI Connector SQL proxy server"
# 3. Starting Up
1. Start using command-line argumentsbash
bin/mongosqld --mongo-uri "mongodb://127.0.0.1:27017" --auth -u root -p 123456 --addr "0.0.0.0:3307"
2. Start using the configuration filebash
bin/mongosqld --config
# 4. Containerization
## 4.1 Building the Image
1. Write the Dockerfiledockerfile
FROM ubuntu:xenial
COPY mongo* /usr/local/bin/
RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates numactl procps gnupg dirmngr gnupg-curl \
&& apt-get install -y rsyslog \
&& service rsyslog start
EXPOSE 3307
ENTRYPOINT ["mongosqld"]
2. Write the build.sh scriptbash
#! /bin/sh
cd $(dirname $0)
set -ex
DOCKER_FILE=mongodb-bi.Dockerfile
IMAGE_NAME=mongodb-bi-connector
IMAGE_VERSION=2.14.2
MONGODB_BI="mongodb-bi-linux-x86_64-ubuntu1604-v${IMAGE_VERSION}"
MONGODB_BI_URL="https://info-mongodb-com.s3.amazonaws.com/mongodb-bi/v2/${MONGODB_BI}.tgz"
wget -N ${MONGODB_BI_URL}
tar -xzvf ${MONGODB_BI}.tgz
docker build -f $DOCKER_FILE -t ${IMAGE_NAME}:${IMAGE_VERSION} ${MONGODB_BI}/bin/
3. Create the image
Execute the following commandbash
sh build.sh
## 4.2 Starting Up
Assuming a MongoDB installation is already in place with the following details
|Configuration|Value|
|-|-|
|Address|192.16.1.10|
|Port|27017|
|Username|mongodb|
|Password|mongodb|
Then the start command is as followsbash
docker run --name mongodb-bi -i -t -p 3307:3307 -d mongodb-bi-connector:2.l4.2 --mongo-uri "mongodb://192.168.1.10:27017" --auth -u mongodb -p mongodb --addr "0.0.0.0:3307"
```
https://docs.mongodb.com/bi-connector/current/local-quickstart/