quick start - developer-res-cbc-cn.obs.cn-north-1 ...€¦ · quick start issue 04 date 2018-08-03...

Document Database Service

Quick Start

Issue 04

Date 2018-08-03

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://e.huawei.com

Issue 04 (2018-08-03) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://e.huawei.com

Contents

1 Quick Start for Clusters................................................................................................................11.1 Restrictions..................................................................................................................................................................... 11.2 Service Process............................................................................................................................................................... 21.3 Buying a DDS DB Instance............................................................................................................................................31.4 Performing the Initial Configuration............................................................................................................................ 101.4.1 Configuring the Security Group................................................................................................................................ 101.4.2 Enabling or Disabling Public Accessibility............................................................................................................... 111.4.3 Enabling or Disabling SSL........................................................................................................................................ 121.4.4 Connecting to a DB Instance..................................................................................................................................... 131.5 Managing Database Accounts...................................................................................................................................... 151.6 Migrating Data..............................................................................................................................................................171.6.1 Preparing for Data Migration.................................................................................................................................... 171.6.2 Exporting Data...........................................................................................................................................................181.6.3 Importing Data...........................................................................................................................................................19

2 Quick Start for Replica Sets...................................................................................................... 212.1 Restrictions................................................................................................................................................................... 212.2 Service Process............................................................................................................................................................. 222.3 Buying a DDS DB Instance..........................................................................................................................................232.4 Performing the Initial Configuration............................................................................................................................ 292.4.1 Configuring the Security Group................................................................................................................................ 292.4.2 Enabling or Disabling Public Accessibility...............................................................................................................302.4.3 Enabling or Disabling SSL........................................................................................................................................ 312.4.4 Connecting to a DB Instance..................................................................................................................................... 322.5 Managing Database Accounts...................................................................................................................................... 342.6 Migrating Data..............................................................................................................................................................362.6.1 Preparing for Data Migration.................................................................................................................................... 362.6.2 Exporting Data...........................................................................................................................................................372.6.3 Importing Data...........................................................................................................................................................38

3 Quick Start for Single Node...................................................................................................... 403.1 Restrictions................................................................................................................................................................... 403.2 Service Process............................................................................................................................................................. 413.3 Buying a DDS DB Instance..........................................................................................................................................42

Document Database ServiceQuick Start Contents


ii

3.4 Performing the Initial Configuration............................................................................................................................ 463.4.1 Configuring the Security Group................................................................................................................................ 473.4.2 Enabling or Disabling Public Accessibility...............................................................................................................483.4.3 Enabling or Disabling SSL........................................................................................................................................ 493.4.4 Connecting to a DB Instance..................................................................................................................................... 503.5 Managing Database Accounts...................................................................................................................................... 523.6 Migrating Data..............................................................................................................................................................543.6.1 Preparing for Data Migration.................................................................................................................................... 543.6.2 Exporting Data...........................................................................................................................................................553.6.3 Importing Data...........................................................................................................................................................56

A Change History........................................................................................................................... 58

Document Database ServiceQuick Start Contents


iii

1 Quick Start for Clusters

1.1 RestrictionsTo improve the stability and security of DB instances, there are some restrictions on the use ofDDS. For details, see Table 1-1.

Table 1-1 Function restrictions

Operation Restrictions

Access to DDS l To access a DDS DB instance which is not publiclyaccessible, the instance must be in the same VPC subnet asECS.

l By default, DDS cannot be accessed through an ECS in adifferent security group. You need to add an inbound rule tothe DDS security group.

l The default DDS port number is 8635. You can change it ifyou want to access DDS through another port.

Deployment ECSs in which DB instances are deployed are not visible to you.Your applications can access the database only through an IPaddress and port.

Obtaining permissionsof user rwuser

Only the rwuser user permissions are provided on the instancecreation page.

Modifying databaseparameters

Most database parameters in the parameter groups you createdcan be modified. For details, see What Parameters Can IModify on the Console?

Migrating data You can use the mongoexport or mongoimport command linetools to migrate data. For details, see section Migrating Data.

Storage engine Currently, DDS supports the WiredTiger storage engine only.

Restarting a DBInstance or a node

The DDS DB instance must be restarted on the DDS console.

Document Database ServiceQuick Start 1 Quick Start for Clusters


1

https://support-intl.huaweicloud.com/dds_faq/dds_faq_0035.html



Viewing DDS backupfiles

The DDS backup files are stored in OBS buckets and are notvisible to you.

1.2 Service Process

PurposeThis section describes how to buy DDS instances, perform the initial configuration, andconnect to instance databases, helping you quickly know about the process of using DDSinstances.

Intended Audiencel Users who buy the DDS DB instance for the first time.l Users who need to perform the initial configuration after a DB instance is created.l Users who want to know how to connect to the DDS DB instances.

ProcessIf you use DDS for the first time, learn restrictions described in section Restrictions.

The following describes the steps you must follow from buying a DB instance to using it.



2

Figure 1-1 Process

1.3 Buying a DDS DB Instance

Scenarios

This section guides you on how to customize your DDS with appropriate computingcapability and storage space based on service requirements.

You can use your account to create a maximum of 11 clusters in total.

Prerequisitesl You have registered a HUAWEI CLOUD account.

Procedure

Step 1 Log in to the management console.

Step 2 Click in the upper left corner and select a region and a project.

Step 3 Under Database, click Document Database Service.

Step 4 On the Instance Management page, click Buy DB Instance.

Step 5 On the displayed page, configure the information about the DB instance, including billingmode, basic information, specifications, network, and database configuration, and click Next.



3

Figure 1-2 DB instance specifications



4

Table 1-2 Billing Mode

Parameter Description

Billing Mode Select a billing mode, Yearly/Monthly or Pay-per-use.l In Pay-per-use billing mode, after purchasing a DDS configuration,

you do not need to set Validity Period. Then, the system deductsthe fees incurred from your account based on the service duration. Ifyou select this billing mode, skip Step 6 and go to Step 7.

l In Yearly/Monthly billing mode, purchase a DDS configuration andset Validity Period. Then, the system deducts the fees incurred atone time from your account based on the service price. If you selectthis billing mode, go to Step 6.NOTE

The DB instances paid in monthly/yearly mode cannot be deleted. Theysupport only resource unsubscription. For details, see sectionUnsubscriptions in the Billing Center User Guide.

Table 1-3 Basic information


Region A region where the tenant is located. It can be changed in the upper leftcorner.NOTE

DB instances in different regions cannot communicate with each other through aprivate network and you cannot change the region of a DB instance after creatingthe instance. Therefore, exercise caution when selecting a region.

MongoDB Community Edition

HA Type Select Cluster.A cluster instance includes mongos, shard, and config. The shard andconfig use the three-node replica set architecture to ensure highavailability.

DB InstanceName

The DB instance name is a string of 4 to 64 characters in length andmust start with a letter. It can only contain letters, digits, hyphens (-),and underscores (_). After the DB instance is created, you can changethe instance name. For details, see Modifying the DB Instance Name.

DB EngineVersion

l 3.2l 3.4

Storage Engine WiredTiger

AZ A physical region where resources use independent power supplies andnetworks. AZs are physically isolated but interconnected through aninternal network.



5

https://support-intl.huaweicloud.com/usermanual-dds/en-us_topic_0103090711.html


Disk Encryption l Disable: Disable the encryption function.l Enable: Enable the encryption function. This feature improves data

security but negatively affects system performance.Key Name: Select or create a private key, which is the tenant key.NOTE

– After a DB instance is created, the disk encryption status and the keycannot be changed. The backup data stored on OBS is not encrypted.

– After a DB instance is created, do not disable or delete the key that isbeing used. Otherwise, DDS becomes unavailable and data cannot berestored.

– Only professional edition keys can be used to encrypt DB instances. Fordetails about how to create a key, see the "Creating a CMK" section inthe Data Encryption Workshop User Guide.

Table 1-4 Specifications

Item Description

mongos class For details about mongos CPU and memory, see DB InstanceSpecifications. After a DB instance is created, you can change itsCPU and memory. For details, see Changing the CPU orMemory of a DB Instance (Cluster).

mongos quantity This value ranges from 2 to 12. After a DB instance is created, youcan add nodes. For details, see Adding Cluster Instance Nodes.

shard class For details about the shard CPU and memory, see DB InstanceSpecifications. After a DB instance is created, you can change itsCPU and memory. For details, see Changing the CPU orMemory of a DB Instance (Cluster).

shard storage type Ultra-high I/O: uses the SSD disk type.

shard storage space Ranges from 10 GB to 1,000 GB. The value must be a multiple of10. After a DB instance is created, you can scale up its storagespace. For details, see Scaling Up Storage Space (CommunityEdition).

shard quantity shard stores user data. You cannot connect to it.This value ranges from 2 to 12. After a DB instance is created, youcan add nodes. For details, see Adding Cluster Instance Nodes.

config class Stores configurations for DB instances. For details, see DBInstance Specifications. You cannot connect to it.

config storage type Ultra-high I/O: uses the SSD disk type.

config storage space The storage space is 20 GB. Currently, you cannot scale up itsstorage space after creating a DB instance.



6

https://support-intl.huaweicloud.com/productdesc-dds/en-us_topic_0044018366.html




https://support-intl.huaweicloud.com/usermanual-dds/en-us_topic_increase_nodes.html





https://support-intl.huaweicloud.com/usermanual-dds/en-us_topic_increase_storage.html

https://support-intl.huaweicloud.com/usermanual-dds/en-us_topic_increase_storage.html

https://support-intl.huaweicloud.com/usermanual-dds/en-us_topic_increase_nodes.html



Table 1-5 Network


VPC The VPC which a DB instance belongs to implements network isolationfor different services. It allows user to manage and configure internalnetworks and change network configuration, simplifying networkmanagement. You need to create or select the required VPC. For details onhow to create a VPC, see section "Creating a VPC" in the Virtual PrivateCloud User Guide.If no security group is available, DDS allocates resources to you bydefault.

Subnet A subnet provides dedicated network resources that are logically isolatedfrom other networks, improving network security.

SecurityGroup

A security group control access to enhance security when DDS and otherservices access each other.If no security group is available, DDS allocates resources to you bydefault.NOTE

Ensure that the security group rule you set allows clients to access DB instances. Forexample, select the TCP protocol with inbound direction, input the default portnumber 8635, and enter a subnet IP address or select a security group that the DBinstance belongs to.

Table 1-6 Database configuration


Administrator The default account is rwuser.

AdministratorPassword

The password is a string of 8 to 32 characters. It must be a combinationof uppercase letters, lowercase letters, digits, and special characters. Youcan also use the following special characters: ~!@#%^*-_=+?The system cannot save you password. Keep the password secure.

ConfirmPassword

The value of this parameter must be the same as the AdministratorPassword.

Table 1-7 Required duration and quantity


Validity Period The system will automatically calculate the configuration fee based onyou selected validity period.

Auto-renew l By default, this option is not selected.l If you select this option, the auto-renew cycle is determined by the

selected required duration.



7

NOTE

DB instance performance is determined by the configurations you set during its creation, including thenode class and storage space.

Step 6 On the displayed page, confirm your specifications for the pay-per-use DB instances.

Figure 1-3 Specifications confirmation

l If you need to modify your settings, click Previous to modify DB instance information.l If you do not need to modify your settings, click Submit to complete the DB instance

application.

Skip Step 7 and Step 8 and go to Step 9.

Step 7 Confirm your order for the yearly/monthly DB instances.



8

Figure 1-4 Order confirmation

l If you need to modify your settings, click Previous to modify DB instance information.l If you do not need to modify your settings, click Pay Now to go to the payment page.l If you are not sure about the settings, you can click Submit & Pay Later. The system

will reserve your order. You can choose Fees > My Orders in the upper right corner andpay or cancel the order.

Step 8 Select a payment method and complete the payment.

NOTE

This operation applies only to the yearly/monthly billing mode.

Step 9 After a DDS DB instance is created, you can view and manage it under the Clusters tab onthe Instance Management page.l When a DB instance is being created, the status displayed in the Status column is

Creating. This process takes about 15 minutes.

l In the upper right corner of the DB instance list, click to refresh the list. Theinstance status changes to Available.

l DDS enables the automated backup policy by default. After a DB instance is created,you can modify or disable the automated backup policy. An automated full backup isimmediately triggered after the creation of a DB instance.

l 8635 by default. You can change the database port after the DB instance is created. DDSuses port 8635 by default, which is different from the default port numbers used by



9

databases. To ensure database accessibility, you need to add the required security grouprule.

l After a DB instance is created, the system selects parameter groups that match mongos,shard, and config by default.

l Yearly/monthly DB instances are created only after you complete the payment.

----End

1.4 Performing the Initial Configuration

1.4.1 Configuring the Security Group

Scenarios

This section guides you on how to add a security group rule to control access from and toDDS DB instances in a security group.

Background Information

You can access the DDS DB instances in either of the following ways:

l Public networkl Internal network

Precautions

The default security group rule allows all outgoing data packets. ECSs and DDS DB instancescan access each other if they are deployed in the same security group. After a security groupis created, you can add security group rules to control the access from and to the DDS DBinstances in the security group.

By default, a tenant can create a maximum of 500 security group rules. An excessive numberof security group rules increases the network latency of the first packet. It is recommendedthat you add a maximum of 50 rules for each security group.

To access the DDS DB instances in a security group from external resources, create aninbound rule for the security group.

To achieve this using a client, you can add an inbound rule in which Protocol is set to TCPand Port/Range is set to 8635.

NOTE

The default value of Source is 0.0.0.0/0, indicating that all IP addresses can access instances in thesecurity group.

Procedure





10

Step 3 On the console homepage, under Network, click Virtual Private Cloud.

Step 4 In the navigation pane on the left, click Security Group.

Step 5 On the Security Group page, click the security group name.

Step 6 On the displayed page showing security group details, click Add Rule. The Add Rule dialogbox is displayed. On the Outbound tab, click Add Rule. In the displayed dialog box, setrequired parameters to add an outbound rule.

Figure 1-5 Add Inbound Rule

Figure 1-6 Add Outbound Rule

Step 7 Add a security group rule as prompted.

l IP Address: This rule takes effect for the specified IP addresses. 0.0.0.0/0 indicates thatthis rule takes effect for all IP addresses.

l Security Group: This rule allows ECSs in specific security groups to access DDS DBinstances in the same security group. This rule allows access from all IP addresses ofECSs in the specific security group.

Step 8 Click OK.

----End

1.4.2 Enabling or Disabling Public Accessibility

Scenarios

After you create a DB instance, you can bind it to an EIP to allow external access. If later youwant to prohibit external access, you can also unbind the EIP from the DB instance. In thecluster instance, only mongos can be bound to an EIP.



11

NOTICETo ensure that a database can be accessed, the security group used by the database must beconfigured to grant access to the database port. For example, if the database port is 8635,ensure that the security group allows incoming traffic on port 8635.

Prerequisitesl You need to apply for an EIP allowed by the security group where the target database

belongs on the VPC console. Otherwise, the target database cannot be accessed throughthe EIP.

l To change the EIP that has been bound to a DB instance, you need to unbind it from theinstance first.

Enabling Public Accessibility

Step 1 On the Instance Management page, locate the target instance on the Clusters tab and clickthe name of the instance.

Step 2 On the mongos tab, choose More > Bind EIP.

Step 3 In the displayed dialog box, all EIPs in the unbound status are listed. Select the required EIPand click OK. If no available EIPs are displayed, click View EIP and create an EIP on theVPC console.

Step 4 In the EIP column on the mongos tab, view the EIP that is successfully bound.

To unbind an EIP from the DB instance, see Disabling Public Accessibility.

----End

Disabling Public Accessibility

Step 1 On the Instance Management page, click the Clusters tab, locate the target instance andclick the name of the instance.

Step 2 On the mongos tab in the Node Information area, locate the node with an EIP assigned andchoose More > Unbind EIP.

Step 3 Click OK.

To bind an EIP to the DB instance again, see Enabling Public Accessibility.

----End

1.4.3 Enabling or Disabling SSL

ScenariosYou can use SSL to encrypt the connection with databases. This section guides you on how toenable or disable SSL on the DDS console. When you create a DB instance, SSL is enabledby default. For details, see SSL Connection.

If the SSL connection is not required, see Common Connection.



12

NOTICEEnabling or disabling SSL will cause DB instance restart. Exercise caution when you performthis operation.

Enabling SSL

Step 1 On the Instance Management page, locate the target DB instance and click its name.

Step 2 In the Instance Information area on the Basic Information tab, click to enable SSLin the SSL field.

Step 3 In the displayed dialog box, click OK.

Step 4 Click in the upper right corner on the Basic Information page to view the modificationresult.

----End

Disabling SSL


Step 2 In the Instance Information area on the Basic Information tab, click to disable SSLin the SSL field.



----End

1.4.4 Connecting to a DB Instance

ScenariosDDS can be accessed only through an ECS. This section guides you on how to connect to DBinstances through a database client using a common connection or an SSL connection. Youare advised to use SSL to encrypt connections to ensure data security.

Prerequisites1. Prepare an ECS or a device that can access the document database.

– To connect to a DB instance through an ECS, you must first create an ECS.For details about how to create and connect to an ECS, see How Can I Create andConnect to an ECS?

– To bind an EIP to a DB instance:

i. Bind the EIP to the DB instance. For details, see Enabling PublicAccessibility.



13



ii. Ensure that your local device can access the EIP that has been bound to the DBinstance.

2. Install the MongoDB client on the ECS or the device that was prepared in 1.For details about how to install a MongoDB client, see How Can I Install a MongoDBClient?

Common Connection

NOTICETo use the common connection mode, you need to disable the SSL connection. For details,see Disabling SSL.

Step 1 Prepare an ECS or a device that can access the document database.

Step 2 Run the following command to connect to a DDS DB instance:

./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

l DB_HOST indicates the IP address of the remotely connected DB instance. Obtain thevalue from the Private IP Address column in the node list in the Node Informationarea. If a device can access the DB instance through an EIP, set this parameter to the EIPdisplayed in EIP column in the node list in the Node Information area.

l DB_PORT indicates the port number. Obtain the value from Database Port in theInstance Information area on the Basic Information page.

l DB_USER indicates a username, that is, a DDS database account. The default value isrwuser.

When the following information is displayed, enter the password of the database account:

Enter password:

For example, run the following command to connect to a DDS DB instance as user rwuser:

./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin

Step 3 Check the connection result. If the following information is displayed, the connection issuccessful.mongos>

----End

SSL Connection

Step 1 On the Instance Management page, locate the target DB instance and click its name. On theBasic Information page, Click Download Certificate in the SSL field to download the rootcertificate.

Step 2 Upload the root certificate to the ECS connecting to the DB instance or save the rootcertificate to a local device that can access DDS.

Select an uploading method based on the platform you are using. In Linux, for example, runthe following command:



14



scp <IDENTITY_FILE> <REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>

l IDENTITY_FILE indicates the directory where the root certificate locates. The fileaccess permission is 600.

l REMOTE_USER indicates the ECS OS user.

l REMOTE_ADDRESS indicates the ECS address.

l REMOTE_DIR indicates the directory of the ECS to which the root certificate isuploaded.

In Windows, upload the root certificate to the ECS using file transfer tools.

Step 3 Connect to a DDS DB instance.

In Linux, for example, run the following command:

./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH>




l FILE_PATH indicates the path where the root certificate is stored.


Enter password:

The following is an example:

./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl--sslCAFile /tmp/ca.crt


----End

1.5 Managing Database Accounts

Scenarios

To manage DDS DB instances, you can create a database account and change the accountpassword for the instances you created.

NOTE

When creating a database account for a specified DB instance, you are advised to enable the SSLconnection to improve data security.



15

Prerequisites

The DDS DB instance has been connected. For details, see section Connecting to a DBInstance.

Account Description

To provide management services for DDS DB instances, users root (or admin), monitor, andbackup are created when you create a DDS DB instance. Attempting to delete, rename,change the passwords, or change privileges for these accounts will result in errors.

For the database administrator rwuser and the account you created, you can change thepassword of the account.

Setting Password Strength for Database Accountsl For details on the database password strength of the DDS console, see Table 1-6.l The DDS instance database uses comprehensive password security policies. The

password of a DDS instance database account must meet the following conditions:– 8 to 32 characters in length– A combination of uppercase letters, lowercase letters, digits, and special characters.

Supported special characters are ~!@#%^*-_=+?

When you create DB instances, your password strength is checked. You can modify passwordstrength as user rwuser. For security reasons, you are advised to set your password to equalor greater strength of the original one.

Creating an Account

Step 1 Run the following command to select the admin database:

use admin

Step 2 Use user1 as an example. Run the following command to create a database account:

db.createUser({user: "user1", pwd: "Test_12345", passwordDigestor:"server", roles:[{role: "root", db: "admin"}]})

l server: indicates that the password is encrypted on the server.l Test_12345: indicates the example new password. The password must be 8 to 32

characters in length and contain uppercase letters, lowercase letters, digits, and specialcharacters, such as ~@#%-_!*+=^?

l roles restricts the rights of the account. If an empty array is specified, the account doesnot have any permission.

Step 3 Check the result:

The account is successfully created if the following information is displayed:

Successfully added user: { "user" : "user1", "passwordDigestor" : "server", "roles" : [ { "role" : "root", "db" : "admin" }



16

]}

----End

Changing a Password


use admin

Step 2 Uses user rwuser as an example. Run the following command to change its password:

db.updateUser("rwuser", {passwordDigestor:"server",pwd:"newPasswd12#"})

l server: indicates that the password is encrypted on the server.l newPasswd12#: indicates the example new password. The password must be 8 to 32

characters in length and contain uppercase letters, lowercase letters, digits, and specialcharacters, such as ~@#%-_!*+=^?

Step 3 Check the setting result.

The password is successfully changed if the following information is displayed:

mongos>

----End

1.6 Migrating Data

1.6.1 Preparing for Data Migration

Scenarios

Before accessing DDS from the external network, you need to bind an EIP to the DB instance.When you access the DB instance from an ECS, this section guides you on how to create anECS and install tools mongoexport and mongoimport.

Preparations1. Prepare an ECS or a device that can access the document database.





2. Install mongoexport and mongoimport on the ECS or the device that was prepared in 1.You can download the tools from the MongoDB official site. For details, see How Can IInstall a MongoDB Client?



17





1.6.2 Exporting Data

Scenarios

Before exporting data from a MongoDB database to DDS, dump the data first.

Procedure

Step 1 Prepare an ECS or a device that can access the document database prepared in sectionPreparing for Data Migration.

Step 2 Use the mongoexport tool to dump data from the source database to a .json file.

The SSL connection is used as an example. If you select a common connection, delete --ssl --sslAllowInvalidCertificates from the following command.

./mongoexport --host <DB_ADDRESS> --port <DB_PORT> --ssl --sslAllowInvalidCertificates --type json --authenticationDatabase <AUTH_DB> -u<DB_USER> --db <DB_NAME> --collection <DB_COLLECTION> --out <DB_PATH>

l DB_ADDRESS indicates the database address.

l DB_PORT indicates the database port.

l AUTH_DB indicates the database storing DB_USER information. Generally, this valueis admin.

l DB_USER indicates the database user.

l DB_NAME indicates the name of the database that data is to be exported from.

l DB_COLLECTION indicates a collection of databases from which data is to beexported.

l DB_PATH indicates the path where the .json file is located.

When the following information is displayed, enter the database account password:

Enter password:

For example, run the following command to generate an exportfile.json file:

./mongoexport --host 192.168.1.21 --port 8635 --ssl --sslAllowInvalidCertificates --typejson --authenticationDatabase admin -u rwuser --db test02 --collection Test --out /tmp/mongodb/export/exportfile.json

Step 3 Check the results.

If information similar to the following is displayed, the data is successfully exported. xindicates the number of dump data records.

exported x records

Step 4 Compress the exported .json file.

gzip exportfile.json

Compressing the file facilitates transmission. The compressed file is exportfile.json.gz.

----End



18

1.6.3 Importing Data

ScenariosLog in to the ECS or the device that can access DDS to import dump files into DDS using themongoimport tool.

Procedure


Step 2 Upload the imported data to the ECS or the device that can access the document database.



l IDENTITY_FILE indicates the directory where the exportfile.json.gz file is located.The file access permission is 600.

l REMOTE_USER indicates the ECS OS user in Step 1.l REMOTE_ADDRESS indicates the ECS address in Step 1.l REMOTE_DIR indicates the directory of the ECS to which the exportfile.json.gz file

is uploaded.

In Windows, upload exportfile.json.gz to the ECS using file transfer tools.

Step 3 Decompress the package.

gzip -d exportfile.json.gz

Step 4 Import the dump file to the DDS database.


./mongoimport --host <DB_ADDRESS> --port <DB_PORT> --ssl --sslAllowInvalidCertificates --type json --authenticationDatabase <AUTH_DB> -u<DB_USER> --db <DB_NAME> --collection <DB_COLLECTION> --file <DB_PATH>

l DB_ADDRESS indicates the DB instance IP address.l DB_PORT indicates the database port.l AUTH_DB indicates the database that authenticates DB_USER. Generally, this value is

admin.l DB_USER indicates the username of the database administrator.l DB_NAME indicates the name of the database that data is to be imported to.l DB_COLLECTION indicates a collection of databases that data is to be imported to.l DB_PATH indicates the path where the dump .json file is located.


Enter password:




19

./mongoimport --host 192.168.1.21 --port 8635 --ssl --sslAllowInvalidCertificates --typejson --authenticationDatabase admin -u rwuser --db test02 --collection Test --file /tmp/mongodb/export/exportfile.json


If information similar to the following is displayed, the data is successfully imported. xindicates the number of dump data records.

imported x records

----End



20

2 Quick Start for Replica Sets




Accessing DDS l To access a DDS DB instance which is not publiclyaccessible, the instance must be in the same VPC subnet asECS.












Document Database ServiceQuick Start 2 Quick Start for Replica Sets


21






2.2 Service Process







22

Figure 2-1 Process


Scenarios


You can use your account to create a maximum of 50 replica sets in total.


Procedure








23


Table 2-2 Billing mode


Billing Mode Select a billing mode, Yearly/Monthly or Pay-per-use.l In Pay-per-use billing mode, after purchasing a DDS configuration,

you do not need to set Validity Period. Then, the system deductsthe fees incurred from your account based on the service duration. Ifyou select this billing mode, skip Step 6 and go to Step 7.

l In Yearly/Monthly billing mode, purchase a DDS configuration andset Validity Period. Then, the system deducts the fees incurred atone time from your account based on the service price. If you selectthis billing mode, go to Step 6.NOTE

The DB instances paid in monthly/yearly mode cannot be deleted. Theysupport only resource unsubscription. For details, see sectionUnsubscriptions in the Billing Center User Guide.



24






HA Type Select Replica Set.A replica set consists of the primary node, secondary node, and hiddennode. When a primary node is faulty, the secondary node becomes theprimary. If the secondary node is unavailable, a hidden nodeautomatically takes over services to ensure high availability.

DB InstanceName


DB EngineVersion

l 3.2l 3.4


AZ A physical region where resources use independent power supplies andnetworks. AZs are physically isolated but interconnected through aninternal network.An instance can be deployed in one AZ or three AZs. If three AZs aredeployed across three AZs, the primary, secondary, and hidden nodesare deployed in three AZs for high availability.








25


Table 2-4 Instance specifications


Node Class For details about the DB instance specifications, see DB InstanceSpecifications.

Storage Type Ultra-high I/O: uses the SSD disk type.

Storage Space Ranges from 10 GB to 2,000 GB. The value must be a multiple of 10.

Table 2-5 Network




SecurityGroup







The password is a string of 8 to 32 characters. It must be a combination ofuppercase letters, lowercase letters, digits, and special characters. You canalso use the following special characters: ~!@#%^*-_=+?The system cannot save you password. Keep the password secure.

ConfirmPassword




26



Table 2-7 Required duration and quantity


Validity Period The system will automatically calculate the configuration fee based onyou selected validity period.

Auto-renew l By default, this option is not selected.l If you select this option, the auto-renew cycle is determined by the

selected required duration.

If you have any question about the price, click Price Details.

NOTE

The performance of your DB instance is determined by how you configure it during the creation. Thehardware configuration items that can be selected include the class and storage space of the replica set.

Step 6 On the displayed page, confirm your specifications for the pay-per-use DB instances.


l If you need to modify your settings, click Previous to modify DB instance information.

l If you do not need to modify your settings, click Submit to complete the DB instanceapplication.

Skip Step 7 and Step 8 and go to Step 9.

Step 7 Confirm your order for the yearly/monthly DB instances.



27

Figure 2-4 Order confirmation

l If you need to modify your settings, click Previous to modify DB instance information.

l If you do not need to modify your settings, click Pay Now to go to the payment page.

l If you are not sure about the settings, you can click Submit & Pay Later. The systemwill reserve your order. You can choose Fees > My Orders in the upper right corner andpay or cancel the order.

Step 8 Select a payment method and complete the payment.

NOTE

This operation applies only to the yearly/monthly billing mode.

Step 9 After a DDS DB instance is created, you can view and manage it on the Replica Sets tab onthe Instance Management page.

l When a DB instance is being created, the status displayed in the Status column isCreating. This process takes about 15 minutes.



l 8635 by default. You can change the database port after the DB instance is created. DDSuses port 8635 by default, which is different from the default port numbers used bydatabases. To ensure database accessibility, you need to add the required security grouprule.

l After a DB instance is created, the system selects a parameter group that matches thereplica set by default.



28

l Yearly/monthly DB instances are created only after you complete the payment.

----End



Scenarios




l Public networkl Internal network

Precautions





NOTE


Procedure








29




Step 7 Add a security group rule as prompted.l IP Address: This rule takes effect for the specified IP addresses. 0.0.0.0/0 indicates that

this rule takes effect for all IP addresses.l Security Group: This rule allows ECSs in specific security groups to access DDS DB

instances in the same security group. This rule allows access from all IP addresses ofECSs in the specific security group.

Step 8 Click OK.

----End


ScenariosAfter you create a DB instance, you can bind it to an EIP to allow external access. If later youwant to prohibit external access, you can also unbind the EIP from the DB instance. In thereplica set instance, only primary and secondary nodes can be bound to an EIP.




30





Step 1 On the Instance Management page, click the Replica Sets tab, locate the target instance andclick the name of the instance.

Step 2 In the Node Information area on the Basic Information page, locate the target node andclick Bind EIP in the Operation column.


Step 4 In the EIP column in the Node Information area, view the EIP that is successfully bound.


----End


Step 1 On the Instance Management page, click a DB instance that has been bound with an EIP.

Step 2 In the Node Information area on the Basic Information page, locate the target node andclick Unbind EIP in the Operation column.

Step 3 In the displayed dialog box, click OK to unbind the EIP.


----End


ScenariosYou can use SSL to encrypt the connection with databases. This section guides you on how toenable or disable SSL on the DDS console. When you create a DB instance, SSL is enabledby default. For details, see "SSL Connection" in section Connecting to a DB Instance.

If the SSL connection is not required, see "Common Connection" in section Connecting to aDB Instance.




31

Enabling SSL





----End

Disabling SSL





----End


Scenarios

DDS can be accessed only through an ECS. This section guides you on how to connect to DBinstances through a database client using a common connection or an SSL connection. Youare advised to use SSL to encrypt connections to ensure data security.









32





Common Connection









Enter password:




----End

SSL Connection









33












Enter password:




----End


Scenarios


NOTE


Prerequisites




34

Account Description



Setting Password Strength for Database Accountsl For details on the database password strength of the DDS console, see Table 2-6.

l The DDS instance database uses comprehensive password security policies. Thepassword of a DDS instance database account must meet the following conditions:

– 8 to 32 characters in length

– A combination of uppercase letters, lowercase letters, digits, and special characters.Supported special characters are ~!@#%^*-_=+?


Creating an Account


use admin



l server: indicates that the password is encrypted on the server.

l Test_12345: indicates the example new password. The password must be 8 to 32characters in length and contain uppercase letters, lowercase letters, digits, and specialcharacters, such as ~@#%-_!*+=^?




Successfully added user: { "user" : "user1", "passwordDigestor" : "server", "roles" : [ { "role" : "root", "db" : "admin" } ]}

----End



35

Changing a Password


use admin




l newPasswd12#: indicates the example new password. The password must be 8 to 32characters in length and contain uppercase letters, lowercase letters, digits, and specialcharacters, such as ~@#%-_!*+=^?



mongos>

----End

2.6 Migrating Data


Scenarios



– To connect to a DB instance through an ECS, you must first create an ECS.

For details about how to create and connect to an ECS, see How Can I Create andConnect to an ECS?




2. Install mongoexport and mongoimport on the ECS or the device that was prepared in 1.

You can download the tools from the MongoDB official site. For details, see How Can IInstall a MongoDB Client?



36






Scenarios


Procedure













Enter password:





exported x records




----End



37



Procedure







is uploaded.










Enter password:




38




imported x records

----End



39

3 Quick Start for Single Node




Accessing DDS l To access a DDS DB instance which is not publiclyaccessible, the instance must be in the same VPC subnet asECS.












Document Database ServiceQuick Start 3 Quick Start for Single Node


40






3.2 Service Process







41

Figure 3-1 Process


Scenarios


You can use your account to create a maximum of 10 single nodes in total.

NOTE

Currently, the single node DB instance is in the OBT period and is free of charge.


Procedure






42




Table 3-2 Billing mode


Billing Mode Currently, only pay-per-use billing mode is supported. During the openbeta test period, all DB instance types are free of charge.



43






HA Type Select Single Node.The single node architecture is another option for you, helping youreduce costs while ensuring data reliability.

DB InstanceName


DB EngineVersion

l 3.2l 3.4


AZ A physical region where resources use independent power supplies andnetworks. AZs are physically isolated but interconnected through aninternal network.






Table 3-4 Specifications


Node Class For details about the DB instance specifications, see DB InstanceSpecifications.

Storage Type Ultra-high I/O: uses the SSD disk type.



44





Storage Space Ranges from 10 GB to 300 GB. The value must be a multiple of10.

Table 3-5 Network




SecurityGroup







The password is a string of 8 to 32 characters. It must be a combinationof uppercase letters, lowercase letters, digits, and special characters. Youcan also use the following special characters: ~!@#%^*-_=+?The system cannot save you password. Keep the password secure.

ConfirmPassword


NOTE

The performance of your DB instance is determined by how you configure it during the creation. Thehardware configuration items that can be selected include the node class and storage space.



45

Step 6 On the page for you to confirm specifications, check all specifications.


l If you need to modify your settings, click Previous to modify DB instance information.l If you do not need to modify your settings, click Submit to complete the DB instance

application.

Step 7 After a DDS DB instance is created, you can view and manage it on the Single Nodes tab onthe Instance Management page.l When a DB instance is being created, the status displayed in the Status column is

Creating. This process takes about 15 minutes.



l 8635 by default. You can change the database port after the DB instance is created. DDSuses port 8635 by default, which is different from the default port numbers used bydatabases. To ensure database accessibility, you need to add the required security grouprule.

l After a DB instance is created, the system selects parameter groups that match the singlenode by default.

----End




46


Scenarios




l Public network

l Internal network

Precautions





NOTE


Procedure









47



Step 7 Add a security group rule as prompted.l IP Address: This rule takes effect for the specified IP addresses. 0.0.0.0/0 indicates that

this rule takes effect for all IP addresses.l Security Group: This rule allows ECSs in specific security groups to access DDS DB

instances in the same security group. This rule allows access from all IP addresses ofECSs in the specific security group.

Step 8 Click OK.

----End


ScenariosAfter you create a DB instance, you can bind it to an EIP to allow external access. If later youwant to prohibit external access, you can also unbind the EIP from the DB instance.






48



Step 1 On the Instance Management page, click the Single Nodes tab, locate the target instance andclick the name of the instance.

Step 2 In the Node Information area on the Basic Information page, click Bind EIP in theOperation column.


Step 4 In the EIP column in the Node Information area, check that the EIP is successfully bound.


----End


Step 1 On the Instance Management page, click the Single Nodes tab, locate the target instance andclick the name of the instance.

Step 2 In the Node Information area on the Basic Information page, click Unbind EIP in theOperation column.

Step 3 In the displayed dialog box, click OK to unbind the EIP.


----End


Scenarios

You can use SSL to encrypt the connection with databases. This section guides you on how toenable or disable SSL on the DDS console. When you create a DB instance, SSL is enabledby default. For details, see "SSL Connection" in section Connecting to a DB Instance.

If the SSL connection is not required, see "Common Connection" in section Connecting to aDB Instance.




49

Enabling SSL





----End

Disabling SSL





----End


Scenarios

DDS can be accessed only through an ECS. This section guides you on how to connect to DBinstances through a database client using a common connection or an SSL connection. Youare advised to use SSL to encrypt connections to ensure data security.









50





Common Connection









Enter password:




----End

SSL Connection









51












Enter password:




----End


Scenarios


NOTE


Prerequisites




52

Account Description



Setting Password Strength for Database Accountsl For details on the database password strength of the DDS console, see Table 3-6.

l The DDS instance database uses comprehensive password security policies. Thepassword of a DDS instance database account must meet the following conditions:

– 8 to 32 characters in length

– A combination of uppercase letters, lowercase letters, digits, and special characters.Supported special characters are ~!@#%^*-_=+?


Creating an Account


use admin




l Test_12345: indicates the example new password. The password must be 8 to 32characters in length and contain uppercase letters, lowercase letters, digits, and specialcharacters, such as ~@#%-_!*+=^?




Successfully added user: { "user" : "user1", "passwordDigestor" : "server", "roles" : [ { "role" : "root", "db" : "admin" } ]}

----End



53

Changing a Password


use admin




l newPasswd12#: indicates the example new password. The password must be 8 to 32characters in length and contain uppercase letters, lowercase letters, digits, and specialcharacters, such as ~@#%-_!*+=^?



mongos>

----End

3.6 Migrating Data


Scenarios



– To connect to a DB instance through an ECS, you must first create an ECS.

For details about how to create and connect to an ECS, see How Can I Create andConnect to an ECS?




2. Install mongoexport and mongoimport on the ECS or the device that was prepared in 1.

You can download the tools from the MongoDB official site. For details, see How Can IInstall a MongoDB Client?



54






Scenarios


Procedure













Enter password:





exported x records




----End



55



Procedure







is uploaded.










Enter password:




56




imported x records

----End



57

A Change History

Release Date What's New

2018-08-03 This issue is the fourth official release,which incorporates the following changes:l Optimized the page for purchasing a DB

instance.l Supported creation of yearly/monthly

DB instances.l Supported automatic renewal of yearly/

monthly replica set instances.

2018-07-02 This issue is the third official release, whichincorporates the following change:l Supported creating a replica set instance

in multiple AZs.l Adjusted the position of HA Type

displayed on the console page.l Changed the maximum storage space of

replica sets to 2,000 GB.

2018-06-01 This issue is the second official release,which incorporates the following change:l Supported MongoDB community edition

3.4.l Supported allocation of default VPC

resources during the DB instancecreation.

2018-05-04 This issue is the first official release.

Document Database ServiceQuick Start A Change History


58

quick start - developer-res-cbc-cn.obs.cn-north-1 ...€¦ · quick start issue 04 date 2018-08-03...

Documents