MongoDB session and configuration backend
As we work well on from more then 1 month without any issue let me share with you, our MongoDB configuration that allow us to make an security update on every server without downtime and minimal impact...
So the main idea, is to keep our server(Nginx(LLNG) and MongoDB) up to date. We will skip the NGINX way that simply a VIP in conjunction of small app like HeartBeat. Concerning the MongoDB side, we have a ReplicaSet MongoDB Cluster (ex: 3 servers)
For configuration
type = MongoDB
dbName = llConfDB
collectionName = configuration
host = mongodb://lemonldap_1.test.com:27017,lemonldap_2.test.com:27017,lemonldap_3.test.com:27017
; authentication parameters
db_name = llConfDB
username = llng
password = ***Password***
connect_timeout_ms=3000
read_pref_mode = primaryPreferred
replica_set_name = rs0
w = 1
wtimeout = 3000
And for the session:
globalStorage = Apache::Session::MongoDB
globalStorageOptions = { 'collection' => 'sessions', 'connect_timeout' => '10000', 'db_name' => 'llConfDB', 'host' => 'mongodb://lemonldap_1.test.com:27017,lemonldap_2.test.com:27017,lemonldap_3.test.com:27017', 'ssl' => '0', 'dbName' => 'llConfDB', 'username' => 'llng', 'password' => '***Password***', 'connect_timeout_ms' => '3000', 'read_pref_mode' => 'primaryPreferred', 'replica_set_name' => 'rs0', 'w' => '1', 'wtimeout' => '3000' }
So with that configuration, we could lost or update any server at anytime without downtime... We have a small impact when the master change on MongoServer, we got an error, 1 time, on every LLNG thread. Not sure if is a LLNG issue or in perl driver issue. But in term of HA it's totally acceptable...
Also it's appear the defaut version provided by RedHAt/Centos repo is 2 year old and some bug could crash LLNG after some week of intense usage... Be sure to run on a more up to date version like 2.0.1
At least a version over the 1.8.1 that solve this issue
v1.8.1 2018-01-17 10:44:22-05:00 America/New_York [Bug fixes]
- PERL-770 Repeated find_one queries sometime result in MongoDB::ProtocolError on short network reads.
cpanm MongoDB
So can you add the minimum driver version requirement and also a sample of mongoDB replicaset user in docs https://lemonldap-ng.org/documentation/2.0/mongodbsessionbackend