• Document Database Service

dds
  1. Help Center
  2. Document Database Service
  3. User Guide
  4. Getting Started
  5. Performing the Initial Configuration
  6. Connecting to a DB Instance

Connecting to a DB Instance

Scenarios

This section guides you on how to connect to DB instances through a database client using a common connection or an SSL connection. You are advised to use SSL to encrypt connections to ensure data security.

Prerequisites

  1. An ECS is ready for use.

    For details on how to create an ECS, see section How Can I Create and Connect to an ECS?

  2. A MongoDB client has been installed on the prepared ECS.

    For details on how to install a MongoDB client, see section How Can I Install a MongoDB Client?

Common Connection

To use the common connection mode, you need to disable the SSL connection. For details, see section Disabling SSL.

  1. Log in to the prepared ECS.
  2. Connect to a DDS DB instance.

    ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin

    Enter the database account password when prompted:

    Enter password:
    NOTE:
    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list in the Node Information area.
    • DB_PORT indicates the port number. Obtain the value from Database Port in the Instance Information area on the Basic Information page.
    • DB_USER indicates an account name, that is, a DDS database account. The default value is rwuser.

    Example:

    ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin

  3. Check the connection result. If the following information is displayed, the connection is successful.

    • Result from connecting mongos:
      mongos>
    • Result from connecting the primary node in a replica set:
      replica:PRIMARY>
    • Result from connecting the secondary node in a replica set:
      replica:SECONDARY>

SSL Connection

  1. On the Instance Management page, locate the target DB instance and click its name. On the Basic Information page, Click Download Certificate in the SSL field to download the root certificate.
  2. Upload the root certificate to the ECS connecting to the DB instance.

    Select an uploading method based on the OS you are using. In Linux, for example, run the following command:

    scp <IDENTITY_FILE> <REMOTE_USER>@<REMOTE_ADDRESS>:<REMOTE_DIR>

    NOTE:
    • IDENTITY_FILE indicates the directory where the root certificate locates. The file access permission is 600.
    • REMOTE_USER indicates the ECS OS user.
    • REMOTE_ADDRESS indicates the ECS address.
    • REMOTE_DIR indicates the directory of the ECS to which the root certificate is uploaded.

    In Windows, upload the root certificate to the ECS using file transfer tools.

  3. Connect to a DDS DB instance.

    The Linux OS is used as an example.

    ./mongo --host <DB_HOST> --port <DB_PORT> -u <DB_USER> -p --authenticationDatabase admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

    Enter the database account password when prompted:

    Enter password:
    NOTE:
    • A replica set instance uses the management IP address to generate SSL certificate. --sslAllowInvalidHostnames is needed for the SSL connection.
    • A cluster instance supports both internal and external certificates. --sslAllowInvalidHostnames is not needed for the SSL connection.
    • DB_HOST indicates the IP address of the remotely connected DB instance. Obtain the value from the Private IP Address column in the node list in the Node Information area.
    • DB_PORT indicates the port number. Obtain the value from Database Port in the Instance Information area on the Basic Information page.
    • DB_USER indicates an account name, that is, a DDS database account. The default value is rwuser.
    • FILE_PATH indicates the path where the root certificate is stored.

    Example:

    ./mongo --host 192.168.1.6 --port 8635 -u rwuser -p --authenticationDatabase admin --ssl --sslCAFile /tmp/ca.crt --sslAllowInvalidHostnames

  4. Check the connection result. If the following information is displayed, the connection is successful.

    • Result from connecting mongos:
      mongos>
    • Result from connecting the primary node in a replica set:
      replica:PRIMARY>
    • Result from connecting the secondary node in a replica set:
      replica:SECONDARY>