SlideShare a Scribd company logo

MongoDB World 2019: Terraform New Worlds on MongoDB Atlas

MongoDB, profile picture
MongoDB

Melissa Plunkett, a Senior Product Manager at MongoDB, delivers a training session on using MongoDB Atlas with Terraform for cloud automation, emphasizing the importance of APIs and infrastructure as code. The presentation also introduces HashiCorp's Vault for managing secrets and improving data security, while outlining future plans for integrating MongoDB features with these tools. Participants are encouraged to provide feedback and connect during the event.

Technology
1 of 51
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Melissa Plunkett, Sr. Product Manager Terraform New Worlds on MongoDB Atlas themantissa Melissa Plunkett, Sr. Product Manager Terraform New Worlds on MongoDB Atlas themantissa
Welcome! • Sr. Product Manager in Cloud, focus Automation • Formally a Solution Architect • Before that an ops gal – Started with SGI IRIX and Red Hat pre RHEL. • Tech Mantra: Learn it, Master it (enough). Script it. Rest. Repeat. • And a Trekkie so …
Welcome Cadets! Starfleet Academy for Automation
Today’s Training Agenda MongoDB Atlas MongoDB Atlas API Future Mission Plan Terraform Vault
Cadets, Have You Used? • MongoDB Atlas? • MongoDB Atlas API? • Terraform? • Vault? • Bonus!!! Star Trek Fan? Star Wars Fan? Both?
MongoDB Atlas Starfleet is focused on building applications that allow us to explore strange new worlds & seek out new civilizations • MongoDB Atlas was selected earlier this year • Focus on apps not ops • Can quickly spin up on multiple cloud providers in multiple planetary* regions! • Easy to use UI *currently limited to Earth
MongoDB Atlas UI Demo
MongoDB Atlas – Exploring the API MongoDB Atlas API means UI isn’t required to do much of what we need to do repeatedly to support developers • REST • API key w/ Digest Auth over HTTPS • API keys has RBAC - capabilities match the permissions assigned to the Key • API key whitelist https://docs.atlas.mongodb.com/api/
MongoDB Atlas – Exploring the API - Resources Organization Projects {Group-ID} Clusters Project IP Whitelist Database Users Invoices Custom MDB Roles Global Cluster Configuration Alerts Alert Configurations Maintenance Window LDAP Configuration Continuous Backup Snapshots Continuous Backup Snapshots Schedule Continuous Backup Restore Job Cloud Provider & On Demand Snapshots Cloud Provider Snapshot Restore Job Cloud Provider Snapshot Bkup Policy Checkpoints VPC Programmatic API Keys Monitoring and Logs* Performance Advisor* Auditing Encryption at Rest Root Atlas Users Events Teams https://docs.atlas.mongodb.com/api/
MongoDB Atlas –API Resources Reference Organization Projects {Group-ID} Clusters Project IP Whitelist Database Users Invoices Custom MDB Roles Global Cluster Configuration Alerts Alert Configurations Maintenance Window LDAP Configuration* Continuous Backup Snapshots Continuous Backup Snapshots Schedule Continuous Backup Restore Job Cloud Provider & On Demand Snapshots Cloud Provider Snapshot Restore Job Cloud Provider Snapshot Bkup Policy Checkpoints VPC Programmatic API Keys Monitoring and Logs^ Performance Advisor^ Auditing Encryption at Rest* Root Atlas Users Events CRU R ✓ ✓ ✓ ✓ ✓ ✓ RU R ✓ ✓ ✓ RU R R RUDRU CR R RU ✓ ✓ ✓ CRD CRD Teams ✓✓ https://docs.atlas.mongodb.com/api/
MongoDB Atlas – Exploring the API Two key things to know the location of before you get started … • Project ID • Organization ID
MongoDB Atlas – Exploring the API Organization ID
MongoDB Atlas – Exploring the API Project ID (aka Group ID)
MongoDB Atlas – Exploring the API Create a Programmatic API Key either at the Organization or Project level: • Org level: all the available permissions are for the org level. • Project level: all the available permissions are for the project level • BUT all project keys can be seen in the org level as an Org Member.
MongoDB Atlas – Exploring the API @ Org level go to Access
MongoDB Atlas – Exploring the API @ Project level go to Access Management
Create a Cluster: --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5ce4d39d79358 e873fc12c1f/clusters?pretty=true" --data ' { "name" : "MDBW19-Class-Cluster2-API", "diskSizeGB" : 100, "autoScaling" : { "diskGBEnabled" : false }, "clusterType":"REPLICASET", "providerBackupEnabled" : true,
Create a Cluster: "providerSettings" : { "providerName" : "AWS", "diskIOPS": 340, "instanceSizeName" : "M30", "volumeType" : "PROVISIONED” },
Create a Cluster: "replicationSpecs" : [ { "numShards" : 1, "regionsConfig" : { "US_WEST_1" : { "analyticsNodes" : 1, "electableNodes" : 3, "readOnlyNodes" : 0, "priority" : 7},
Create a Cluster: "US_EAST_1" : { "analyticsNodes" : 0, "readOnlyNodes" : 1, "electableNodes" : 2, "priority" : 6 } } }] }'
Create a MongoDB Database User in the Project: -X POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5ce4d39d79358 e873fc12c1f/databaseUsers?pretty=true" --data ' { "databaseName" : "admin", "roles" : [ { "databaseName" : "admin", "roleName" : "readWriteAnyDatabase" } ], "username" : "spock2", "password" : "badpass123” }'
Add an IP to the Project IP Whitelist: --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5ce4d39d79358 e873fc12c1f/whitelist?pretty=true" --data ' [ { "ipAddress" : "192.0.0.15", "comment" : "IP address added via API" } ]'
Create a Quick Cluster via API
MongoDB Atlas – Exploring the API API is great but… • Requires us to really know the API: e.g. updating via PATCH, or delete via DELETE, etc. • Going to possibly take a lot of time and money. • What if we could just describe what we want and change that when we need to modify it?
Emergency Transmission Top Secret From: Starfleet Command To: Starfleet Engineering MongoDB Cluster needed STAT. Project Genesis is at risk. Deploy at once! Khan seen in sector. Red Alert recommended. . . . .
Emergency Transmission . . . .
HashiCorp’s Terraform Terraform is an open source, declarative Infrastructure as Code (IaC) tool. • Describe desired infrastructure in a configuration file • Terraform takes that file and creates a plan to implement it • One can review the plan, and if all good, apply to create • We can create, change and destroy infrastructure easily!
HashiCorp’s Terraform We can change and destroy infrastructure easily??? • Terraform keeps a state file of what it has done • Change your configuration it only implements the diff • Can import a resource and then apply changes, e.g. import in a cluster and then set it to a bigger size. • Terraform destroy really destroys!
HashiCorp’s Terraform Terraform is a plugin based system: Base diagram from hashicorp.com *.tf 1 2 3 4 5 *.tfstate The Provider understands both Terraform and the Upstream API Terraform Core doesn’t “know” any infrastructure, that’s the Plugins purpose. You simply need to define what you want in the .tf file, do not need to know the API deeply CRUD
variable "mongodb_atlas_api_pub_key" { default = ”PUB-API-KEY"} variable "mongodb_atlas_api_pri_key" { default = ”PRI-API-KEY" } variable "database_username" { default = "spock3" } variable "database_user_password" { default = "blahblah1236" } variable "mongodb_atlas_whitelistip” { default = "192.155.1.1" } variable "mongodb_atlas_org_id" { default = "599eed269f78f769464d1bc3"} variable "mongodb_atlas_project_id" { default = "5ce4d39d79358e873fc12c1f" } Main.tf - Variables Keys and passwords !? Not a great practice and angers Admiral Kirk as Khan could steal these L But we’ll address this soon.
# Configure the MongoDB Atlas Provider provider "mongodbatlas" { username = "${var.mongodb_atlas_api_pub_key}" api_key = "${var.mongodb_atlas_api_pri_key}" } Main.tf – Configure the Provider
resource "mongodbatlas_cluster" "cluster" { name = "MDBW19-Class-Cluster3-TF" group = "${var.mongodb_atlas_project_id}" mongodb_major_version = "4.0" provider_name = "AWS" region = "" size = "M30" disk_size_gb = 100 backup = false provider_backup = true disk_gb_enabled = false replication_factor = 0 Missing? -Disk IOPS -Anything related to replicationSpecs - this uses the deprecated replicationSpec option. -numShards (but it has a default!) Main.tf - Cluster A few issues
replication_spec { region = "US_WEST_1" priority = 7 read_only_nodes = 0 analytics_nodes = 1 electable_nodes = 3 } Main.tf – Cluster Continued replication_spec { region = "US_EAST_1" priority = 6 read_only_nodes = 1 analytics_nodes = 0 electable_nodes = 2 } }
# Create a Database User resource "mongodbatlas_database_user" "test" { username = "${var.database_username}" password = "${var.database_user_password}" database = "admin" group = "${var.mongodb_atlas_project_id}" roles { name = "readWriteAnyDatabase" database = "admin" } } Main.tf – Database User
# Create an IP Whitelist resource "mongodbatlas_ip_whitelist" "test" { group = "${var.mongodb_atlas_project_id}" ip_address = "${var.mongodb_atlas_whitelistip}” comment = "Added with Terraform" } Main.tf – IP Whitelist
HashiCorp’s Terraform Let’s configure a cluster, MongoDB user and Project IP whitelist with Terraform • Providers can be verified/official (both Hashicorp & Community created) OR community created but not verified • MongoDB Atlas Community Provider created by Akshay Karle: https://github.com/akshaykarle/terraform-provider- mongodbatlas/ (Thank you Akshay!)
Create a Quick Cluster via Terraform
Cadets Save Day and Defeat Khan!
Security of the Mission We have to ensure we handle data securely. Security layers we have utilized thus far: • API communication over HTTPS • RBAC to limit what the API key can do • IP Whitelist But the more secure layers the better so what else can we do?
HashiCorp’s Vault • Manage secrets & protect sensitive data • Focus here - managing secrets, especially dynamic secrets • Secret Engine extends Vault to systems, e.g. physical like a HSM or a service in the Cloud like Atlas. Vault is another HashiCorp product designed for security in the Cloud:
HashiCorp’s Vault • Database Secrets Engine: generate database credentials dynamically based on configured roles, including for MDB. • Atlas creates database users differently (via API) so need a Secrets Engine for that. • Ta da! There’s a community Secrets Engine at https://github.com/mealal/vault-atlas-plugin written by the amazing Alexey Menshikov, a Consulting Engineers @MDB!
HashiCorp’s Vault • Atlas community Secrets Engine examples: $ vault write database/roles/readonly db_name=atlas creation_statements=‘{ "db": "admin", "roles": [{ "role": "readAnyDatabase" }] }' default_ttl="1h" max_ttl="24h" $ vault write database/config/atlas plugin_name=atlas allowed_roles="readonly" apiID="public API key" apiKey="private API key" groupID=”project id" $ vault read database/creds/readonly
HashiCorp’s Vault • What about a Provider for Vault? Yes! https://www.terraform.io/docs/providers/vault/index.html • Read the cautions on using the Provider for Vault and follow the best practices to be as secure as possible!
Cadets Save Day and Defeat Khan!
Future Mission Plan
MongoDB + Hashicorp – Better together! Later in 2019 MongoDB will have an official: Ø MongoDB Atlas Secrets Engine for Vault Ø MongoDB Atlas Terraform Provider
Be the First in the Know! • Go to https://bit.ly/2WS4WMJ • Fill out the brief survey, 6 required q’s, 3 not! < 2m • You will be notified on the progress for which ever mission you are interested in (Vault/Terraform/both)
Questions? Where: Atlas Booth in the Partner Pavilion (A1) When: 1:40 - 5:05 PM today! or Melissa.Plunkett@mongodb.com anytime! Github: themantissa
Please provide Session Feedback 1. MDB World App -> Menu -> “Rate a Session” -> Regent OR 1. Go to slido.com 2. Enter event code #MDBW19 3. Click on Regent Feedback poll will remain open for 10 minutes after the talk ends YOU ARE IN REGENT
Thank you!
MongoDB World 2019: Terraform New Worlds on MongoDB Atlas

More Related Content

PPTX
Vault Open Source vs Enterprise v2
Stenio Ferreira
 
PDF
Continuous Delivery Workshop with Ansible x GitLab CI (2nd+)
Chu-Siang Lai
 
PPTX
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
PDF
VR音ゲーを楽しんでいたら VR音ゲーを作り始めていた話
陸弥 福田
 
PDF
MongoDB to Cassandra
fredvdd
 
PDF
Terraform - Taming Modern Clouds
Nic Jackson
 
PDF
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
PDF
CloudFormation Dark Arts
Chase Douglas
 
Vault Open Source vs Enterprise v2
Stenio Ferreira
 
Continuous Delivery Workshop with Ansible x GitLab CI (2nd+)
Chu-Siang Lai
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
VR音ゲーを楽しんでいたら VR音ゲーを作り始めていた話
陸弥 福田
 
MongoDB to Cassandra
fredvdd
 
Terraform - Taming Modern Clouds
Nic Jackson
 
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
CloudFormation Dark Arts
Chase Douglas
 

Similar to MongoDB World 2019: Terraform New Worlds on MongoDB Atlas (20)

PPTX
Running Airflow Workflows as ETL Processes on Hadoop
clairvoyantllc
 
PPTX
Iac d.damyanov 4.pptx
Dimitar Damyanov
 
PDF
High quality ap is with api platform
Nelson Kopliku
 
PDF
AWS DevOps - Terraform, Docker, HashiCorp Vault
Grzegorz Adamowicz
 
KEY
Django deployment with PaaS
Appsembler
 
PPTX
Achieve big data analytic platform with lambda architecture on cloud
Scott Miao
 
PPTX
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
James Andrew Vaughn
 
PDF
Infrastructure as Code with Terraform
Mathieu Herbert
 
PDF
Scala at Treasure Data
Taro L. Saito
 
PDF
Lessons learned while building Omroep.nl
bartzon
 
PDF
Making your Life Easier with MongoDB and Kafka (Robert Walters, MongoDB) Kafk...
HostedbyConfluent
 
PDF
Deploying Machine Learning Models to Production
Anass Bensrhir - Senior Data Scientist
 
PPTX
Crafting Evolvable Api Responses
darrelmiller71
 
PDF
Can we run the Whole Web on Apache Sling?
Bertrand Delacretaz
 
PDF
MongoDB at Gilt Groupe
MongoDB
 
PDF
Lessons learned while building Omroep.nl
tieleman
 
PDF
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
PPTX
Angular2 inter3
Oswald Campesato
 
PDF
REST easy with API Platform
Antonio Peric-Mazar
 
PDF
«Что такое serverless-архитектура и как с ней жить?» Николай Марков, Aligned ...
it-people
 
Running Airflow Workflows as ETL Processes on Hadoop
clairvoyantllc
 
Iac d.damyanov 4.pptx
Dimitar Damyanov
 
High quality ap is with api platform
Nelson Kopliku
 
AWS DevOps - Terraform, Docker, HashiCorp Vault
Grzegorz Adamowicz
 
Django deployment with PaaS
Appsembler
 
Achieve big data analytic platform with lambda architecture on cloud
Scott Miao
 
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
James Andrew Vaughn
 
Infrastructure as Code with Terraform
Mathieu Herbert
 
Scala at Treasure Data
Taro L. Saito
 
Lessons learned while building Omroep.nl
bartzon
 
Making your Life Easier with MongoDB and Kafka (Robert Walters, MongoDB) Kafk...
HostedbyConfluent
 
Deploying Machine Learning Models to Production
Anass Bensrhir - Senior Data Scientist
 
Crafting Evolvable Api Responses
darrelmiller71
 
Can we run the Whole Web on Apache Sling?
Bertrand Delacretaz
 
MongoDB at Gilt Groupe
MongoDB
 
Lessons learned while building Omroep.nl
tieleman
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
Angular2 inter3
Oswald Campesato
 
REST easy with API Platform
Antonio Peric-Mazar
 
«Что такое serverless-архитектура и как с ней жить?» Николай Марков, Aligned ...
it-people
 
Ad

More from MongoDB (20)

PDF
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB
 
PDF
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB
 
PDF
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB
 
PDF
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB
 
PDF
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB
 
PDF
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB
 
PDF
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB
 
PDF
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB
 
PDF
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB
 
PDF
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB
 
PDF
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB
 
PDF
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB
 
PDF
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB
 
PDF
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB
 
PDF
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB
 
PDF
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB
 
PDF
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB
 
PDF
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB
 
PDF
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB
 
PDF
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB
 
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB
 
Ad

Recently uploaded (20)

PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Teaching material agriculture food technology
LiaRayya
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
August Patch Tuesday
Ivanti
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
A Presentation on Artificial Intelligence
memembruh336
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 

MongoDB World 2019: Terraform New Worlds on MongoDB Atlas

  • 1. Melissa Plunkett, Sr. Product Manager Terraform New Worlds on MongoDB Atlas themantissa Melissa Plunkett, Sr. Product Manager Terraform New Worlds on MongoDB Atlas themantissa
  • 2. Welcome! • Sr. Product Manager in Cloud, focus Automation • Formally a Solution Architect • Before that an ops gal – Started with SGI IRIX and Red Hat pre RHEL. • Tech Mantra: Learn it, Master it (enough). Script it. Rest. Repeat. • And a Trekkie so …
  • 5. Cadets, Have You Used? • MongoDB Atlas? • MongoDB Atlas API? • Terraform? • Vault? • Bonus!!! Star Trek Fan? Star Wars Fan? Both?
  • 6. MongoDB Atlas Starfleet is focused on building applications that allow us to explore strange new worlds & seek out new civilizations • MongoDB Atlas was selected earlier this year • Focus on apps not ops • Can quickly spin up on multiple cloud providers in multiple planetary* regions! • Easy to use UI *currently limited to Earth
  • 8. MongoDB Atlas – Exploring the API MongoDB Atlas API means UI isn’t required to do much of what we need to do repeatedly to support developers • REST • API key w/ Digest Auth over HTTPS • API keys has RBAC - capabilities match the permissions assigned to the Key • API key whitelist https://docs.atlas.mongodb.com/api/
  • 9. MongoDB Atlas – Exploring the API - Resources Organization Projects {Group-ID} Clusters Project IP Whitelist Database Users Invoices Custom MDB Roles Global Cluster Configuration Alerts Alert Configurations Maintenance Window LDAP Configuration Continuous Backup Snapshots Continuous Backup Snapshots Schedule Continuous Backup Restore Job Cloud Provider & On Demand Snapshots Cloud Provider Snapshot Restore Job Cloud Provider Snapshot Bkup Policy Checkpoints VPC Programmatic API Keys Monitoring and Logs* Performance Advisor* Auditing Encryption at Rest Root Atlas Users Events Teams https://docs.atlas.mongodb.com/api/
  • 10. MongoDB Atlas –API Resources Reference Organization Projects {Group-ID} Clusters Project IP Whitelist Database Users Invoices Custom MDB Roles Global Cluster Configuration Alerts Alert Configurations Maintenance Window LDAP Configuration* Continuous Backup Snapshots Continuous Backup Snapshots Schedule Continuous Backup Restore Job Cloud Provider & On Demand Snapshots Cloud Provider Snapshot Restore Job Cloud Provider Snapshot Bkup Policy Checkpoints VPC Programmatic API Keys Monitoring and Logs^ Performance Advisor^ Auditing Encryption at Rest* Root Atlas Users Events CRU R ✓ ✓ ✓ ✓ ✓ ✓ RU R ✓ ✓ ✓ RU R R RUDRU CR R RU ✓ ✓ ✓ CRD CRD Teams ✓✓ https://docs.atlas.mongodb.com/api/
  • 11. MongoDB Atlas – Exploring the API Two key things to know the location of before you get started … • Project ID • Organization ID
  • 12. MongoDB Atlas – Exploring the API Organization ID
  • 13. MongoDB Atlas – Exploring the API Project ID (aka Group ID)
  • 14. MongoDB Atlas – Exploring the API Create a Programmatic API Key either at the Organization or Project level: • Org level: all the available permissions are for the org level. • Project level: all the available permissions are for the project level • BUT all project keys can be seen in the org level as an Org Member.
  • 15. MongoDB Atlas – Exploring the API @ Org level go to Access
  • 16. MongoDB Atlas – Exploring the API @ Project level go to Access Management
  • 17. Create a Cluster: --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5ce4d39d79358 e873fc12c1f/clusters?pretty=true" --data ' { "name" : "MDBW19-Class-Cluster2-API", "diskSizeGB" : 100, "autoScaling" : { "diskGBEnabled" : false }, "clusterType":"REPLICASET", "providerBackupEnabled" : true,
  • 18. Create a Cluster: "providerSettings" : { "providerName" : "AWS", "diskIOPS": 340, "instanceSizeName" : "M30", "volumeType" : "PROVISIONED” },
  • 19. Create a Cluster: "replicationSpecs" : [ { "numShards" : 1, "regionsConfig" : { "US_WEST_1" : { "analyticsNodes" : 1, "electableNodes" : 3, "readOnlyNodes" : 0, "priority" : 7},
  • 20. Create a Cluster: "US_EAST_1" : { "analyticsNodes" : 0, "readOnlyNodes" : 1, "electableNodes" : 2, "priority" : 6 } } }] }'
  • 21. Create a MongoDB Database User in the Project: -X POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5ce4d39d79358 e873fc12c1f/databaseUsers?pretty=true" --data ' { "databaseName" : "admin", "roles" : [ { "databaseName" : "admin", "roleName" : "readWriteAnyDatabase" } ], "username" : "spock2", "password" : "badpass123” }'
  • 22. Add an IP to the Project IP Whitelist: --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5ce4d39d79358 e873fc12c1f/whitelist?pretty=true" --data ' [ { "ipAddress" : "192.0.0.15", "comment" : "IP address added via API" } ]'
  • 23. Create a Quick Cluster via API
  • 24. MongoDB Atlas – Exploring the API API is great but… • Requires us to really know the API: e.g. updating via PATCH, or delete via DELETE, etc. • Going to possibly take a lot of time and money. • What if we could just describe what we want and change that when we need to modify it?
  • 25. Emergency Transmission Top Secret From: Starfleet Command To: Starfleet Engineering MongoDB Cluster needed STAT. Project Genesis is at risk. Deploy at once! Khan seen in sector. Red Alert recommended. . . . .
  • 27. HashiCorp’s Terraform Terraform is an open source, declarative Infrastructure as Code (IaC) tool. • Describe desired infrastructure in a configuration file • Terraform takes that file and creates a plan to implement it • One can review the plan, and if all good, apply to create • We can create, change and destroy infrastructure easily!
  • 28. HashiCorp’s Terraform We can change and destroy infrastructure easily??? • Terraform keeps a state file of what it has done • Change your configuration it only implements the diff • Can import a resource and then apply changes, e.g. import in a cluster and then set it to a bigger size. • Terraform destroy really destroys!
  • 29. HashiCorp’s Terraform Terraform is a plugin based system: Base diagram from hashicorp.com *.tf 1 2 3 4 5 *.tfstate The Provider understands both Terraform and the Upstream API Terraform Core doesn’t “know” any infrastructure, that’s the Plugins purpose. You simply need to define what you want in the .tf file, do not need to know the API deeply CRUD
  • 30. variable "mongodb_atlas_api_pub_key" { default = ”PUB-API-KEY"} variable "mongodb_atlas_api_pri_key" { default = ”PRI-API-KEY" } variable "database_username" { default = "spock3" } variable "database_user_password" { default = "blahblah1236" } variable "mongodb_atlas_whitelistip” { default = "192.155.1.1" } variable "mongodb_atlas_org_id" { default = "599eed269f78f769464d1bc3"} variable "mongodb_atlas_project_id" { default = "5ce4d39d79358e873fc12c1f" } Main.tf - Variables Keys and passwords !? Not a great practice and angers Admiral Kirk as Khan could steal these L But we’ll address this soon.
  • 31. # Configure the MongoDB Atlas Provider provider "mongodbatlas" { username = "${var.mongodb_atlas_api_pub_key}" api_key = "${var.mongodb_atlas_api_pri_key}" } Main.tf – Configure the Provider
  • 32. resource "mongodbatlas_cluster" "cluster" { name = "MDBW19-Class-Cluster3-TF" group = "${var.mongodb_atlas_project_id}" mongodb_major_version = "4.0" provider_name = "AWS" region = "" size = "M30" disk_size_gb = 100 backup = false provider_backup = true disk_gb_enabled = false replication_factor = 0 Missing? -Disk IOPS -Anything related to replicationSpecs - this uses the deprecated replicationSpec option. -numShards (but it has a default!) Main.tf - Cluster A few issues
  • 33. replication_spec { region = "US_WEST_1" priority = 7 read_only_nodes = 0 analytics_nodes = 1 electable_nodes = 3 } Main.tf – Cluster Continued replication_spec { region = "US_EAST_1" priority = 6 read_only_nodes = 1 analytics_nodes = 0 electable_nodes = 2 } }
  • 34. # Create a Database User resource "mongodbatlas_database_user" "test" { username = "${var.database_username}" password = "${var.database_user_password}" database = "admin" group = "${var.mongodb_atlas_project_id}" roles { name = "readWriteAnyDatabase" database = "admin" } } Main.tf – Database User
  • 35. # Create an IP Whitelist resource "mongodbatlas_ip_whitelist" "test" { group = "${var.mongodb_atlas_project_id}" ip_address = "${var.mongodb_atlas_whitelistip}” comment = "Added with Terraform" } Main.tf – IP Whitelist
  • 36. HashiCorp’s Terraform Let’s configure a cluster, MongoDB user and Project IP whitelist with Terraform • Providers can be verified/official (both Hashicorp & Community created) OR community created but not verified • MongoDB Atlas Community Provider created by Akshay Karle: https://github.com/akshaykarle/terraform-provider- mongodbatlas/ (Thank you Akshay!)
  • 37. Create a Quick Cluster via Terraform
  • 38. Cadets Save Day and Defeat Khan!
  • 39. Security of the Mission We have to ensure we handle data securely. Security layers we have utilized thus far: • API communication over HTTPS • RBAC to limit what the API key can do • IP Whitelist But the more secure layers the better so what else can we do?
  • 40. HashiCorp’s Vault • Manage secrets & protect sensitive data • Focus here - managing secrets, especially dynamic secrets • Secret Engine extends Vault to systems, e.g. physical like a HSM or a service in the Cloud like Atlas. Vault is another HashiCorp product designed for security in the Cloud:
  • 41. HashiCorp’s Vault • Database Secrets Engine: generate database credentials dynamically based on configured roles, including for MDB. • Atlas creates database users differently (via API) so need a Secrets Engine for that. • Ta da! There’s a community Secrets Engine at https://github.com/mealal/vault-atlas-plugin written by the amazing Alexey Menshikov, a Consulting Engineers @MDB!
  • 42. HashiCorp’s Vault • Atlas community Secrets Engine examples: $ vault write database/roles/readonly db_name=atlas creation_statements=‘{ "db": "admin", "roles": [{ "role": "readAnyDatabase" }] }' default_ttl="1h" max_ttl="24h" $ vault write database/config/atlas plugin_name=atlas allowed_roles="readonly" apiID="public API key" apiKey="private API key" groupID=”project id" $ vault read database/creds/readonly
  • 43. HashiCorp’s Vault • What about a Provider for Vault? Yes! https://www.terraform.io/docs/providers/vault/index.html • Read the cautions on using the Provider for Vault and follow the best practices to be as secure as possible!
  • 44. Cadets Save Day and Defeat Khan!
  • 46. MongoDB + Hashicorp – Better together! Later in 2019 MongoDB will have an official: Ø MongoDB Atlas Secrets Engine for Vault Ø MongoDB Atlas Terraform Provider
  • 47. Be the First in the Know! • Go to https://bit.ly/2WS4WMJ • Fill out the brief survey, 6 required q’s, 3 not! < 2m • You will be notified on the progress for which ever mission you are interested in (Vault/Terraform/both)
  • 48. Questions? Where: Atlas Booth in the Partner Pavilion (A1) When: 1:40 - 5:05 PM today! or Melissa.Plunkett@mongodb.com anytime! Github: themantissa
  • 49. Please provide Session Feedback 1. MDB World App -> Menu -> “Rate a Session” -> Regent OR 1. Go to slido.com 2. Enter event code #MDBW19 3. Click on Regent Feedback poll will remain open for 10 minutes after the talk ends YOU ARE IN REGENT