MongoDB klastri loomine Pilviol

# Loo privaatvõrk (või kasuta vaikimisi võrku)
curl "https://api.pilvio.com/v1/network/network?name=mongodb-cluster" \
  -H "apikey: SINU_PILVIO_TOKEN" \
  -X POST

# Nood 1 (primary)
curl "https://api.pilvio.com/v1/user-resource/vm" \
  -H "apikey: SINU_PILVIO_TOKEN" \
  -X POST \
  -d "name=mongo-node-1" \
  -d "os_name=ubuntu" \
  -d "os_version=24.04" \
  -d "vcpu=2" -d "ram=4096" -d "disks=50" \
  -d "username=deploy" \
  -d "password=TurvalineParool123!" \
  -d "network_uuid=SINU_NETWORK_UUID" \
  -d "reserve_public_ip=False"

# Nood 2 (secondary)
curl "https://api.pilvio.com/v1/user-resource/vm" \
  -H "apikey: SINU_PILVIO_TOKEN" \
  -X POST \
  -d "name=mongo-node-2" \
  -d "os_name=ubuntu" \
  -d "os_version=24.04" \
  -d "vcpu=2" -d "ram=4096" -d "disks=50" \
  -d "username=deploy" \
  -d "password=TurvalineParool123!" \
  -d "network_uuid=SINU_NETWORK_UUID" \
  -d "reserve_public_ip=False"

# Nood 3 (secondary/arbiter)
curl "https://api.pilvio.com/v1/user-resource/vm" \
  -H "apikey: SINU_PILVIO_TOKEN" \
  -X POST \
  -d "name=mongo-node-3" \
  -d "os_name=ubuntu" \
  -d "os_version=24.04" \
  -d "vcpu=2" -d "ram=4096" -d "disks=50" \
  -d "username=deploy" \
  -d "password=TurvalineParool123!" \
  -d "network_uuid=SINU_NETWORK_UUID" \
  -d "reserve_public_ip=False"

mongo-node-1: 10.x.x.1
mongo-node-2: 10.x.x.2
mongo-node-3: 10.x.x.3

curl "https://api.pilvio.com/v1/network/firewall" \
  -H "apikey: SINU_PILVIO_TOKEN" \
  -H "Content-Type: application/json" \
  -X POST \
  --data '{
    "name": "mongodb-cluster-fw",
    "rules": [
      {
        "protocol": "tcp",
        "direction": "inbound",
        "port_start": 22,
        "port_end": 22,
        "endpoint_spec_type": "ip_prefixes",
        "endpoint_spec": ["10.0.0.0/8"]
      },
      {
        "protocol": "tcp",
        "direction": "inbound",
        "port_start": 27017,
        "port_end": 27017,
        "endpoint_spec_type": "ip_prefixes",
        "endpoint_spec": ["10.0.0.0/8"]
      }
    ]
  }'

# MongoDB 7 GPG võti ja repo
curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | \
  sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor

echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | \
  sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list

sudo apt-get update
sudo apt-get install -y mongodb-org

# Nood 1-l:
openssl rand -base64 756 > /tmp/mongodb-keyfile
chmod 400 /tmp/mongodb-keyfile
sudo cp /tmp/mongodb-keyfile /etc/mongodb-keyfile
sudo chown mongodb:mongodb /etc/mongodb-keyfile

# Kopeeri teistele noodidele
scp /tmp/mongodb-keyfile deploy@10.x.x.2:/tmp/
scp /tmp/mongodb-keyfile deploy@10.x.x.3:/tmp/

# Igal noodil:
sudo cp /tmp/mongodb-keyfile /etc/mongodb-keyfile
sudo chown mongodb:mongodb /etc/mongodb-keyfile
sudo chmod 400 /etc/mongodb-keyfile

storage:
  dbPath: /var/lib/mongodb

systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

net:
  port: 27017
  bindIp: 0.0.0.0  # Tulemüür piirab ligipääsu

security:
  keyFile: /etc/mongodb-keyfile
  authorization: enabled

replication:
  replSetName: "pilvio-rs"

sudo systemctl enable --now mongod

mongosh --host 10.x.x.1

# Initsialiseerimne
rs.initiate({
  _id: "pilvio-rs",
  members: [
    { _id: 0, host: "10.x.x.1:27017", priority: 2 },
    { _id: 1, host: "10.x.x.2:27017", priority: 1 },
    { _id: 2, host: "10.x.x.3:27017", priority: 1 }
  ]
})

# Kontrolli staatust
rs.status()

// Kasuta admin andmebaasi
use admin

db.createUser({
  user: "admin",
  pwd: "tugev-admin-parool",
  roles: [{ role: "root", db: "admin" }]
})

// Rakenduse kasutaja
use myapp

db.createUser({
  user: "app_user",
  pwd: "tugev-app-parool",
  roles: [{ role: "readWrite", db: "myapp" }]
})

#!/bin/bash
set -euo pipefail

BUCKET="minu-mongo-backups"
S3_ENDPOINT="https://s3.pilvio.com:8080"
DATE=$(date +%Y%m%d-%H%M%S)
BACKUP_DIR="/tmp/mongo-backups/${DATE}"

# Dump
mongodump \
  --uri="mongodb://admin:tugev-admin-parool@10.x.x.1:27017/myapp?authSource=admin&replicaSet=pilvio-rs" \
  --out="$BACKUP_DIR" \
  --gzip

# Pakendi ja lae üles
tar -cf - -C "$BACKUP_DIR" . | \
  aws s3 cp - "s3://${BUCKET}/mongodb/${DATE}.tar" \
  --endpoint-url "$S3_ENDPOINT"

# Puhasta
rm -rf "$BACKUP_DIR"
echo "[$(date)] MongoDB varundamine lõpetatud"

chmod +x /home/deploy/backup-mongo.sh
(crontab -l 2>/dev/null; echo "0 3 * * * /home/deploy/backup-mongo.sh >> /var/log/mongo-backup.log 2>&1") | crontab -

# Lae alla
aws s3 cp s3://minu-mongo-backups/mongodb/20250211-030000.tar /tmp/ \
  --endpoint-url https://s3.pilvio.com:8080

mkdir -p /tmp/mongo-restore
tar -xf /tmp/20250211-030000.tar -C /tmp/mongo-restore

# Taasta
mongorestore \
  --uri="mongodb://admin:tugev-admin-parool@10.x.x.1:27017/?authSource=admin&replicaSet=pilvio-rs" \
  --gzip \
  /tmp/mongo-restore

# MongoDB connection string (replica set)
mongodb://app_user:tugev-app-parool@10.x.x.1:27017,10.x.x.2:27017,10.x.x.3:27017/myapp?authSource=myapp&replicaSet=pilvio-rs

// Node.js näide
const { MongoClient } = require('mongodb');

const uri = 'mongodb://app_user:tugev-app-parool@10.x.x.1:27017,10.x.x.2:27017,10.x.x.3:27017/myapp?authSource=myapp&replicaSet=pilvio-rs';
const client = new MongoClient(uri);

# Python näide
from pymongo import MongoClient

client = MongoClient(
    'mongodb://app_user:tugev-app-parool@10.x.x.1:27017,10.x.x.2:27017,10.x.x.3:27017/myapp',
    authSource='myapp',
    replicaSet='pilvio-rs'
)