How To Securely Manage Secrets with HashiCorp Vault on Ubuntu 16.04


Regular database backups are an essential step up guarding against unintended information loss occasions. As a whole, there are two main broad kinds of backups: filesystem-level (“physical”) backups and backups that are logical. Filesystem-level backups involve snapshotting the underlying data files at a point in time, and allowing the database to cleanly restore itself using the state captured in the files that are snapshotted. Logical backups include making use of an instrument (age.g. mongodump or pg_dump) to export information from database into backup files, that are then restored making use of a restore that is corresponding (age.g. mongorestore or psql <).

In this guide, we will show just how to perform a backup that is filesystem-level of running MongoDB installation making use of Droplet Snapshots. Also, we will protect just how to perform a restore from snapshot image.

Note: As detail by detail within the DigitalOcean backups guide, there clearly was some performance effect when utilizing Droplet snapshots, specially on very packed databases. You ought to try this procedure first making use of a database that is non-production simulated load to confirm that technique will continue to work inside manufacturing implementation.


Before you will get started with this specific guide, always’ve finished the next steps that are prerequisite***********)

This guide will assume you have got MongoDB 3.2+ set up, utilising the standard WiredTiger storage space motor with journaling enabled. Also, to utilize this guide, it is important your dbpath directory (the directory containing the info files, automagically /var/lib/mongodb) is mapped to a volume that is single. You can follow this guide.( if you haven’t attached additional block storage volumes to your Droplet,***********)

Once you are logged into your Droplet and up have MongoDB and operating, you are willing to get going.

Step 1 — validate your MongoDB Setup

We’re first likely to be sure journaling is enabled.

Journaling is a MongoDB function providing you with durability in case of a database failure by composing operations to journal files. To find out more about MongoDB journaling, consult the MongoDB handbook.

If you implemented the guide that is above journaling will be enabled by default. To confirm that this is the full situation, we are able to examine the MongoDB setup file.

Open up /etc/mongod.conf making use of your text that is favorite editor such as for instance nano as an example:

You should start to see the block that is following***********)


  • # In which and exactly how to keep information.
  • storage:
  • dbPath: /var/lib/mongodb
  • log:
  • enabled: real
  • # motor:
  • # mmapv1:
  • # wiredTiger:

This shows that journaling is enabled. If you are on MongoDB 3.2+, the standard storage space motor is WiredTiger (MMAPv1 ended up being MongoDB's initial storage space motor).

We'll now place some data that are dummy test the back-up and restore procedure.

Step 2 — Insert Test Data

If you have got started with a server that is clean haven't any information yet, we are able to place some test information into a dummy restaurants collection for demonstration purposes. In the event that you have some collections and papers saved inside database, please feel free to skip this step.

First, hook up to the database that is running the MongoDB shell:

You should start to see the Mongo shell prompt that is following:

  • MongoDB shell variation: 3.2.19
  • connecting to: test
  • Server has warnings that are startup
  • 2018-02-16T02:40:13.071+0000 We CONTROL [initandlisten]
  • 2018-02-16T02:40:13.071+0000 We CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
  • 2018-02-16T02:40:13.071+0000 We CONTROL [initandlisten] ** We recommend establishing it to 'never'
  • 2018-02-16T02:40:13.071+0000 We CONTROL [initandlisten]
  • 2018-02-16T02:40:13.071+0000 We CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
  • 2018-02-16T02:40:13.071+0000 We CONTROL [initandlisten] ** We recommend establishing it to 'never'
  • 2018-02-16T02:40:13.071+0000 We CONTROL [initandlisten]
  • >

The standard database the shell uses could be the test database.

Let's list the collections within the test database:

Since we'ven't placed any such thing in to the database yet, there are not any collections, and now we're cut back on prompt without any production.

Let's insert a document into a dummy restaurants collection, which we will produce as well:

  • db.restaurants.insert({'name': 'Sammy's Pizzeria'})

You should start to see the output that is following***********)

  • WriteResult({ "nInserted" : 1 })

This shows your insert procedure ended up being effective. Because the restaurants collection don't formerly occur, it had been produced within time that is same

Let's list collections once more:

We now see our newly produced restaurants collection:

Now we've saved some test information within the database, we are willing to straight back it.

Step 3 — Snapshot the MongoDB Droplet

To perform the back-up, we will benefit from DigitalOcean Droplet Snapshots. Droplet Snapshots let us produce a picture of this Droplet within true point in time the snapshot was initiated. This image can then be restored to a new Droplet, where recovery that is further takes destination.

Given we're making use of MongoDB 3.2+ (with WiredTiger and journaling enabled), we do not must suspend writes on filesystem although the snapshot does occur. As we restore the image and begin the database up, MongoDB will restore it self from a checkpoint, and replay operations from log files until it reaches the purpose over time your snapshot happened. If you are thinking about checking out journaling further, consult the MongoDB handbook),

To start the snapshot procedure, get on your DigitalOcean account, navigate towards MongoDB Droplet, and then click the Snapshots website link within the sidebar.

You should start to see the after ( that is prompt***********)

Take Snapshot

Note: though it's suggested to power your Droplet down before taking a snapshot, in production deployments this may not always be possible. MongoDB's journaling feature enables consistent and snapshots that are valid while the database and Droplet are operating.

Give your snapshot a descriptive title and then click the Take real time Snapshot key to start the snapshot procedure.

You should start to see the after progress indicator:( that is snapshot***********)

Snapshot Progress

Once the snapshot completes, you can actually produce a Droplet that is new from image, or restore the operating Droplet on state captured inside snapshot image.

We're now willing to perform a restore and validation of this procedure that is backup

Step 4 — Restore the MongoDB Droplet

We'll now produce a Droplet that is new that be restored from the image we just created. The data available in our MongoDB database will be the data that are same at the full time the snapshot ended up being taken.

Navigate back once again to Snapshots utilising the sidebar, and find your finished Droplet snapshot.

Completed Snapshot

Click into More and choose Create Droplet.

You'll be studied on Create Droplet menu, in which you can actually spin up a droplet that is new your snapshot.

Choose the image corresponding on snapshot you took early in the day. Inside full situation, we will utilize the mongo-backup-test image.

Choose Image

Finish configuring your restore Droplet and then click Create. As soon as your restore Droplet is ready to go, log involved with it.

(it should now be running********)If you configured MongoDB to start upon Droplet boot. You can examine this making use of systemctl:

  • sudo systemctl status mongod

You should start to see the output that is following***********)


● mongod.service - High-performance, schema-free database that is document-oriented Loaded: loaded (/lib/systemd/system/mongod.service; enabled; merchant preset: enabled) Active: active (operating) since Wed 2018-02-14 21:14:40 UTC; 4min 53s ago Docs: Principal PID: 1302 (mongod) Tasks: 19 Memory: 87.2M Central Processing Unit: 1.802s CGroup: /system.slice/mongod.service └─1302 /usr/bin/mongod --quiet --config /etc/mongod.conf

Indicating that most is well and MongoDB began up precisely.

If MongoDB just isn't operating, we will first must delete the lock file, and start the service then:

  • rm /var/lib/mongodb/mongod.lock
  • sudo systemctl begin mongod

Verify that MongoDB began up precisely making use of systemctl status.

Once MongoDB is ready to go, it's going to start to clean it self up and restore its state to the level over time as soon as the snapshot happened. This might simply take minutes that are several the mongo shell might not be available until this completes.

Once the host becomes available, we are able to join utilising the mongo demand:

You'll now be provided with the mongo shell ( that is prompt***********)


MongoDB shell variation: 3.2.19 linking to: test Server has warnings that are startup 2018-02-14T21:14:41.923+0000 We CONTROL [initandlisten] 2018-02-14T21:14:41.923+0000 We CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2018-02-14T21:14:41.923+0000 We CONTROL [initandlisten] ** We recommend establishing it to 'never' 2018-02-14T21:14:41.923+0000 We CONTROL [initandlisten] 2018-02-14T21:14:41.923+0000 We CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2018-02-14T21:14:41.923+0000 We CONTROL [initandlisten] ** We recommend establishing it to 'never' 2018-02-14T21:14:41.923+0000 We CONTROL [initandlisten] >

If you have made it until now, congratulations! You have effectively done a restore and backup of the MongoDB database.

As one more measure that is precautionary we are able to check out the integrity of our collections.

Step 5 — Check Information Integrity

Before manufacturing usage of this back-up information, it is beneficial to always check restored collections for invalid BSON items.

Note: The validate demand may be sluggish on extremely collections that are large. Also, all reads and writes will likely be obstructed on collection before the validate demand comes back.

In this instance, we've an assortment called restaurants which we should run the validate demand.

From the mongo shell, run the validate demand:

  • db.restaurants.validate({full:true})

You should see comparable production on ( that is following***********)

  • {
  • "ns" : "test.restaurants",
  • "nrecords" : 1,
  • "nIndexes" : 1,
  • "keysPerIndex" : {
  • "test.restaurants.$_id_" : 1
  • },
  • "indexDetails" : {
  • "test.restaurants.$_id_" : {
  • "valid" : real
  • }
  • },
  • "valid" : real,
  • "errors" : [ ],
  • "ok" : 1
  • }

If the thing is valid: real, all facets of your collection are legitimate and you will properly make use of information with this collection in manufacturing.


In this guide we have discovered just how to finish a filesystem-level that is physical of an operating MongoDB database host.

To find out about different types of copying a MongoDB database, consult the MongoDB manual.

This specific back-up strategy ended up being permitted as a result of DigitalOcean's convenient Droplet Snapshots function. To find out more about Droplet Snapshots, consult the Snapshot docs.

In addition, it is possible to schedule these snapshots that occurs immediately utilising the Backups function. To find out more about Droplet Backups, consult the Backups Introduction.

HDMI, DisplayPort, VGA, and DVI as soon as possible

Previous article

Servers vs Desktop PCs as quickly as possible

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *