Connecting to a DB Instance Through a Client

Scenarios

This section guides you on how to connect to DB instances through a database client using a common connection or an SSL connection. You are advised to use SSL to encrypt connections to ensure data security.

Based on the application scenario, you can determine whether to access a DB instance through an EIP. For details, see Scenarios.

You can directly perform operations on the primary and secondary nodes. Primary nodes are used for processing read and write requests. Secondary nodes replicate data from the primary and are used for processing read requests only.

This section uses the Linux OS as an example to describe how to connect to a replica set instance.

Restrictions

For details about restrictions on connecting to a DB instance, see Restrictions.

Prerequisites

  1. An ECS or a device that can access DDS is ready for use.

    • To connect to a DDS DB instance from an ECS, you need to create and log in to the ECS. For details, see How Can I Create and Log In to an ECS?

    • To connect to a DB instance through an EIP:

      1. Bind an EIP to a DB instance node. For details, see section Binding an EIP.

      2. Ensure that your local device can access the EIP that has been bound to the DB instance.

  2. A MongoDB client has been installed on the prepared ECS or the device.

    For details on how to install a MongoDB client, see How Can I Install a MongoDB Client?

SSL Connection

  1. On the Instance Management page, click the target DB instance.

  2. In the navigation pane on the left, choose Connections.

  3. In the Basic Information area, click image1 next to the SSL field to download the root certificate.

  4. Upload the root certificate to the ECS that connects to the DB instance or save the root certificate to a local device that can access DDS.

    The following describes how to upload the certificate to a Linux and Window ECS:

    • In Linux, run the following command:

      scp <IDENTITY_FILE> <REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>

      Note

      • IDENTITY_FILE indicates the directory where the root certificate locates. The file access permission is 600.

      • REMOTE_USER indicates the ECS OS user.

      • REMOTE_ADDRESS indicates the ECS address.

      • REMOTE_DIR indicates the directory of the ECS to which the root certificate is uploaded.

    • In Windows, upload the root certificate using file transfer tools.

  5. Connect to a DDS DB instance.

    The Linux OS is used as an example.

    ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

    Enter the database account password when prompted:

    Enter password:

    Note

    • A replica set instance uses the management IP address to generate SSL certificate. --sslAllowInvalidHostnames is needed for the SSL connection.

    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list on the Connections page. If a device can access the DB instance through an EIP, set this parameter to the EIP displayed in EIP column in the node list on the Connections page.

    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.

    • DB_USER indicates the database account name. The default value is rwuser.

    • FILE_PATH indicates the path where the root certificate is stored.

    Example:

    ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

  6. Check the connection result. If the following information is displayed, the connection is successful.

    • Result from connecting the primary node in a replica set:

      replica:PRIMARY>

    • Result from connecting the secondary node in a replica set:

      replica:SECONDARY>

Common Connection

Important

To use the common connection mode, you need to disable the SSL connection. For details, see section Disabling SSL.

  1. Log in to the prepared ECS or the device that can access the document database.

  2. Connect to a DDS DB instance.

    ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

    Enter the database account password when prompted:

    Enter password:

    Note

    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list on the Connections page. If a device can access the DB instance through an EIP, set this parameter to the EIP displayed in EIP column in the node list on the Connections page.

    • DB_PORT indicates the port number. Obtain the value from Database Port in the Basic Information area on the Connections page.

    • DB_USER indicates the database account name. The default value is rwuser.

    Example:

    ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin

  3. Check the connection result. If the following information is displayed, the connection is successful.

    • Result from connecting the primary node in a replica set:

      replica:PRIMARY>

    • Result from connecting the secondary node in a replica set:

      replica:SECONDARY>
last updated: 2023-09-04 00:04