Amazon / Bitnami / Dreamfactory / Mongo Setup


#1

Figured out and finally got platform working on Amazon. I needed the DF platform communicating to ‘remote’ Mongo dbs to separate the DreamFactory platform from my dbs. For newbies like me, here’s how I did it using the Bitnami DF stack and the Bitnami MEAN stack.

Sign in or create an Amazon EC2 Account here.

Go to Bitnami and click on the Dreamfactory HVM Application here. This will launch in your EC2 as a new instance. Using all the default settings or customize it if you know what you’re doing. Making sure to add SSH port 22 in your security group and also if you use Mongo from the Dreamfactory stack, or wish to use this security group for your Mongo db on another server (later) also add Custom port 27017. Here is my setup:

Don’t overlook the TAGS, it is handy later. Enter ‘NAME’ as a key and the name of your instance - in my case for the Dreamfactory stack I named it ‘Core’. Also, I added another key called ‘Platform’ and named it ‘Core Platform’ this is also handy to associate the instances we built for this solution.

When you click on ‘Review and Launch’ you’ll be presented a dialogue box to create a security key. Name the key and put it somewhere on your computer you can easily access from the terminal.

While that instance is building, get the Bitnami MEAN stack here and click on the HVM Id. This too will launch as a new instance. Use a new Security Group or if you set up port 27107 in the DreamFactory instance Security Group you can use that one. After clicking ‘Review and Launch’ you’ll be asked to create a new security key or use existing. You’re choice, I just used existing.

While the AMI’s are building (this can be done after build also), go to your dashboard and select ‘ELASTIC IP’. From there allocate 2 new IP addresses. Select one of the IP addresses and go to Actions > Associate. Start typing in the name of the Name Tag you entered during the DF installation in the ‘instance’ field to connect that IP your DF instance by pressing ‘Associate’. Next, select the other Elastic IP in the list and associate it with your MEAN stack instance. This is important because if you do not do this and if you stop or reboot your instance later it will assign a new IP address and screw up your DF connections.

Once the instances are online, select the MEAN (calling it Mongo from here on out) instance and press CONNECT button above your instance list. A dialogue box will show instruction on how to connect. Copy the EXAMPLE that starts with ‘ssh -i…’

Open a terminal on your computer and cd to where you stored your key for the Mongo Instance. Paste in the ssh-i command and hit enter. The terminal will ask you to connect and add to your known hosts. Reply yes. At this point your prompt should show bitnami@ - you’re now logged into your Mongo server. Check to see if Mongo is running by entering $ sudo /opt/bitnami/ctlscript.sh start mongodb. If it is then you’ll get a message that it is already running, if not it should start the Mongo server.

Next, I changed the Mongo root password. It is currently set as ‘bitnami’. Login in to Mongo from your terminal enter: sudo mongo admin --username root --password bitnami It should respond ‘Welcome to the MongoDB shell.’ and probably give a few warnings. I’m not sure if these are anything significant…(sorry) but we’re logged into Mongo now. Your command prompt should be a >

By default, Mongo has an ‘admin’ and ‘local’ database. Enter show dbs and it should return both of these databases.

From the prompt, enter db = db.getSiblingDB('admin') response should be ‘admin’. This instantiates the default Mongo admin database for us. Next, to change the Mongo root password enter db.changeUserPassword("root", "your new password").

If successful, a new prompt will appear (no response). From here we’ll leave Mongo Shell, restart the Mongo server and log back in to create a Mongo Administration user.

To exit the Mongo shell, enter exit at the prompt, you’ll be returned to your server root (bitnami@ip $)

Restart Mongo: sudo /opt/bitnami/ctlscript.sh restart mongodb This should only take a couple of seconds.

Log back into Mongo Shell with your new password sudo mongo admin --username root --password <yournewpassword>

Once logged in, you can enter show dbs to see the ‘admin’ and ‘local’ databases again. Enter use admin to make sure the next steps we do are going to be performed on the admin database.

Mongo uses roles and authentication for access and privileges. The root user you logged in with is a superuser and has all the privileges necessary for creating and managing databases, collections and users, etc. You can see the role assigned to the root user and any other user in the current db (in this case it is ‘admin’) by entering show users

I created another root/superuser so I don’t have to use root - you don’t have to but if you want to (make sure you are in the admin db again by entering use admin):

db.createUser( { user: "new_admin_username", pwd: "new_admin_password", roles: [ "readWriteAnyDatabase", "userAdminAnyDatabase", "dbAdminAnyDatabase", "clusterAdmin" ]})

Make note the of the pre-defined Mongo roles your are assigning readWriteAnyDatabase userAdminAnyDatabase dbAdminAnyDatabase clusterAdmin. Mongo has pre-packaged roles and also allows you to create your own roles to assign specific access and management rights to a user. You can familiarize yourself with these here. For now, this is all we need for complete super-user rights on Mongo.

Log out of the Mongo shell by typing exit then log back in to the Mongo shell with your new superuser by entering: sudo mongo admin --username "new_admin_username" --password "new_admin_password"

Now, we are going to create a database and single user to read/write records from Dreamfactory. Seting up a new db is pretty simple - enter use yourdbname this creates a new instance of the db with whatever name you come up with but…doesn’t create the database until a collection is added. You can see this by now entering show dbs - you won’t see the instance you just created in the db list. Now anytime I do a command on a db I like to make sure I am ‘on’ that db and didn’t mistakenly switch dbs by entering use dbname. dbname being whatever db name I want to perform actions on. So make sure you are on your new db instance by entering use yourdbname again. The response will return your db name.

Now I am going to create a user that will set up in the dreamfactory Service to read and write to this database. Enter on the command prompt: db.createUser( { user: "yourDFusername", pwd: "yourDFpassword", roles: [ "readWrite"]})

Notice the readWrite role. this will only allow the user we set up later in DreamFactory to read/write to this database - not admin, change logs, or anything else.

Verify the user was added to the database to entering use yourdbname and then show users. You should see just that user was created for yourdbname - you shouldn’t see the root or admin users as they are in the ‘admin’ db. Now enter show dbs. You’ll see the admin and local db’s but youdbname is not on the db list…yet. This is because the database isn’t created until you add a ‘Collection’ (table). Next we are going to create a collection with a few vars. You can reference setting up a collection and the vars here.

Enter use yourdbname then enter db.createCollection( "yourcollectionname" ). you should get an { “ok” : 1 } response. Now enter show dbs. You should see yourdbname in the list

That’s it on the Mongo Db for general purposes. The only thing to note is that after we get our Dreamfactory connected and start developing our app, you need to create the Collection names in Mongo before you can write to them. Unlike SQL, Mongo will dynamically create the Document (fields) on the fly so you do not need to pre-define your fields/table schema, just POST the field name and value to the Collection and it will automatically create the field. Mongo performance can be improved for writes and queries by indexing certain fields but that can happen after the fact and I’m not experienced enough to guess at the optimal setup yet - their is plenty of opinion in Google…

We aren’t quite done on the Mongo server yet. Mongo is set up to only allow localhost access. This means if you have it set up locally on your computer you can get to it no problem, but if you want to make it accessible from another IP on the Internet you need to modify the mongod.conf file on the server.

Exit the Mongo shell by entering exit to return to the server prompt.

Enter sudo nano /opt/bitnami/mongodb/mongodb.conf to read/write the mongo configuration file. Find ‘bind_ip’ and change that value to 0.0.0.0 to allow all internet access - or - you can specify exclusive IP addresses to access Mongo by entering an IP address followed by a comma for multiple. For my case, only the Dreamfactory server will be accessing this Mongo database so I went to my EC2 Console, copied the Elastic IP address (example 52.123.23.34) and entered it as the bind_ip value (bind_ip = 52.123.23.34). Save and quit.

Now on to configure DreamFactory. This is pretty simple.

Go to your EC2 Console and copy the Public DNS for your DreamFactory instance (ec2-52-123-23-34.compute-1.amazonaws.com

Log in the first time with user@example.com and bitnami as your password. Set up your administrator account.

Go to services and create a service. Select ‘Mongo DB’ for service type and whatever you want for name, label and description. Go to the Config tab.

Enter your Connection string mongodb://yourDFusername:yourDFpassword@yourMongoIP:27017/yourdbname

  • yourDFusername is the user you set up for yourdbname in Mongo
  • yourDFpassword is the password you set up for yourDFusername in Mongo
  • yourMongoIp is the Elastic IP address or Public DNS name of your Amazon Mongo instance
  • 27107 is the port Mongo listens to on your Amazon Mongo instance
  • yourdbname is the db you created in Mongo

Now go to the Roles tab and Create new. Enter whatever you want for name and label. Click on the Access Tab, click the + for Advanced Filters. In the Service dropdown, select the Service you just created. After selecting, give it a second or two and the Components should populate (if they did then you are CONNECTED!). Select _table/* to give your users read/write access to tables that already exist in the Mongo db (you don’t need to set _table/ without * because this DF user connecting to the Mongo DB does not create tables). Select all 5 API verbs and Save Role.

That’s it, you are now connected to the Mongo DB and users assigned to the new role will be able to read/write to your remote Mongo server.

Couple final notes:

  • You can (and should) replace your Mongo credentials and use Lookup Keys in the User Role. To do this in yuor Mongo DB service Connection string enter mongodb://{yourdbnameusername}:{yourdbpassword}@yourMongoIP:27017/yourdbname and in your Roll / Lookup Keys tab press the + twice and enter:

KEY yourdbnameusername VALUE yourDFusername PRIVATE = true
KEY yourdbnamepassword VALUE yourDFpassword PRIVATE = true

  • If you are running two Amazon servers and on the free plan while you rare developing, make sure you STOP them when you are not using them. The free tier gives you 750 hours per month which is enough for a single instance running 24-hours - not 2 instances…

About the Lookup Keys
#2

@RJP This is awesome, the community is designed for just this! I believe other users will appreciate your detailed and well thought out solution to this problem :slightly_smiling: Kudos!


#3

I agree. Thanks so much for posting this @RJP!