Comments Off on Installing MongoDB on OSX (Yosemite)
Installing MongoDB on OS X is an easy task. However, if you want the service to start each time your computer is restarted, some additional effort is required. The easiest way to get MongoDB installers is to use Homebrew.
[korey@localhost ~]$ brew install mongodbAt this point MongoDB is installed. To start it manually, first create the location where the DB will be stored (default is /data/db):
[korey@localhost ~]$ mkdir /data/db [korey@localhost ~]$ mongdNote that the user running mongod needs to have write access to the DB folder. The downside here is that the DB needs to be started manually each time and it will run as your userid. In order to automatically start the service, it is necessary to create a LaunchDaemon which will allow the service to start as soon as the computer starts.
1. The first step is to create a service account so the service does not run as root.
2. Next, is to create a proper location for the log and database location:
[korey@localhost ~]$ sudo mkdir -p /var/lib/mongodb [korey@localhost ~]$ sudo mkdir -p /var/log/mongo [korey@localhost ~]$ sudo chown -R _mongo:_mongo /var/lib/mongodb [korey@localhost ~]$ sudo chown -R _mongo:_mongo /var/log/mongo3. Now that we have an account and location, it is time to create the daemon plist file:
Store this file at: /Library/LaunchDaemons and name it: org.mongo.mongod.plist.
Label org.mongo.mongod ProgramArguments /usr/local/bin/mongod --dbpath /var/lib/mongodb/ --logpath /var/log/mongo/mongodb.log KeepAlive UserName _mongo GroupName _mongo
[korey@localhost ~]$ sudo launchctl load /Library/LaunchDaemons/org.mongo.mongod.plist [korey@localhost ~]$ sudo launchctl unload /Library/LaunchDaemons/org.mongo.mongod.plistread more
Comments Off on Creating a service account on OS X (Yosemite)
Creating service users on OS X is not as straight forward as doing so on Linux system. For starters, the useradd command is not available. So in order to perform the same action on OS X, open a terminal window and run the following commands. For this example, I will create a group and user in order to run MongoDB.
[korey@localhost ~]$ sudo dscl . -list /Users UniqueID _amavisd 83 _appleevents 55 _appowner 87 _appserver 79 _ard 67 _assetcache 235 _astris 245 _atsserver 97 _avbdeviced 229 _calendar 93 _ces 32 _clamav 82 _coreaudiod 202 _coremediaiod 236 _cvmsroot 212 ....The above command lists all the current users along with their UID. This is necessary so that we can pick an unused ID below 500 (UIDs above 500 are for normal users). You can run the same command with /Groups instead of /Users to get a list of groups. First, lets create a group for the users with the same name:
[korey@localhost ~]$ sudo dscl . -create /Groups/_mongo gid 300 [korey@localhost ~]$ sudo dscl . -create /Groups/_mongo RealName "Mongo DB Server Group" [korey@localhost ~]$ sudo dscl . -create /Groups/_mongo passwd "*"As you can see the group ID is set to 300, and the password is set to “*”. This is a special password not to allow logins as that group of user. I am not certain if this is necessary, but looking at other similar groups on OS X, it seems to be the right way to do this. Now, lets create the user and make sure that it will not show up as a user on the login screen:
[korey@localhost ~]$ sudo dscl . -create /Users/_mongo [korey@localhost ~]$ sudo dscl . -create /Users/_mongo uid 300 [korey@localhost ~]$ sudo dscl . -create /Users/_mongo gid 300 [korey@localhost ~]$ sudo dscl . -create /Users/_mongo NFSHomeDirectory /var/empty [korey@localhost ~]$ sudo dscl . -create /Users/_mongo UserShell /usr/bin/false [korey@localhost ~]$ sudo dscl . -create /Users/_mongo RealName "Mongo DB Server" [korey@localhost ~]$ sudo dscl . -create /Users/_mongo passwd "*"At this point, the service account is created, and its primary group set to the one we just created. Setting the shell and home folders are necessary to make sure that the account does not show up on the login screen and to ensure that even if someone does login as that user, they will not have access to anything. Once again, the account password here is set to “*” in order to not allow logins. If you look at /etc/passwd on your OS X machine, you’ll notice that most service accounts are listed in there, but the above account is not. I am not sure if this will be problematic over the long term, but for all intents and purposes, the service account works as expected. Naturally, I searched a good while before I came up with the above command set and here are some links that helped me: