I have mongod instance running on 1.2.3.4 for example and have another backup server on 100.90.80.1.
I need to make backup mongodb data from 1.2.3.4 to 100.90.80.1 with the following bash script:
#!/bin/bash
set -e
MONGODUMP_PATH="/usr/bin/mongodump"
MONGO_HOST="1.2.4.4"
MONGO_PORT="27017"
MONGO_DATABASE="db"
MONGO_USERNAME="login"
MONGO_PASSWORD="pass"
TIMESTAMP=`date +%F-%H%M`
BACKUP_FILE_PATH="/var/backups/tokumx-backup-$TIMESTAMP"
error_exit()
{
echo "Backup TokuMX filed due Error: $1" 1>&2
rm -rf $BACKUP_FILE_PATH
rm -rf $BACKUP_FILE_PATH.tar
exit 1
}
# Create backup
$MONGODUMP_PATH --host $MONGO_HOST --port $MONGO_PORT --db $MONGO_DATABASE --use
rname $MONGO_USERNAME --password $MONGO_PASSWORD --out $BACKUP_FILE_PATH
# Make archive
tar cf $BACKUP_FILE_PATH.tar -C $BACKUP_FILE_PATH/ .
# Remove backup folder
rm -rf $BACKUP_FILE_PATH
But I can't connect to 1.2.3.4 due this option in /etc/mongodb.conf
bind_ip = 127.0.0.1
I know that I may to change the restriction above to bind_ip = 0.0.0.0 but it's not secure.
What is the best way to make secure connections to remote mongod server and backup files to another one with my bash script above?
P.S: I run the script above such as the following:
sudo sh /scripts/tokumx_backup_script
On live machine:
Login as test, and do this:
test@gw:~ % ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
02:90:f6:e9:d6:52:32:91:dd:bb:6a:11:7c:58:8c:d5 test@gw.sznet
The key's randomart image is:
+--[ RSA 2048]----+
| .. o =.. |
| o.o o + E |
| . ..+ o . |
| =.= o |
| . =.oS. |
| + o.. |
| . . o |
| o |
| . |
+-----------------+
test@gw:~ %
test@gw:~ % cd .ssh
test@gw:~/.ssh % ls
id_rsa id_rsa.pub
test@gw:~/.ssh % chmod 600 *
test@gw:~/.ssh % mv id_rsa.pub authorized_keys
test@gw:~/.ssh % cd ..
test@gw:~ % chmod 700 .ssh
Then copy the file ~test/.ssh/id_rsa (from live server) to the file ~backupuser/.ssh/id_rsa_live.pem on the backup server.
Next step: login as backupuser on backup machine, cd to .ssh directory and create (or append to) the file "~backupuser/.ssh/config" and enter this:
host live
hostname 1.2.3.4 # your live IP here!
identifyfile /home/backupuser/.ssh/id_rsa_live.pem # your pem file, copied from the live server in the previous step
protocol 2
port 22 # port number of your ssh server on the live server, usually 22
After this, you should be able to connect from the backup server to the live server without entering a password:
ssh test@live
Please test this first. Make sure that you can login without giving a password.
At this point, you have the option to copy from live to backup with the scp command:
scp test@live:/some/path/on/live/server /some/path/on/local/backup/machine
So you could create a backup on the live server and then save it locally on the backup server. You can also send shell commands this way:
ssh test@live -c " some command to execute on the live server with the test user "
Finally, if you still isinst on running the backup on the backup server, you can create a new tunnel with this command:
ssh -nNT -L 12345:127.0.0.1:27017 &
and then you can use 127.0.0.1:12345 for backing up. But please be aware that the tunnel will run in the background, so you will have to find a way to stop it.