... where `some-mongo` is the name you want to assign to your container and `tag` is the tag specifying the MongoDB version you want. See the list above for relevant tags.
## Connect to MongoDB from another Docker container
The MongoDB server in the image listens on the standard MongoDB port, `27017`, so connecting via Docker networks will be the same as connecting to a remote `mongod`. The following example starts another MongoDB container instance and runs the `mongo` command line client against the original MongoDB container from the example above, allowing you to execute MongoDB statements against your database instance:
```console
$docker run -it--network some-network --rm mongo mongo --host some-mongo test
```
... where `some-mongo` is the name of your original `mongo` container.
## ... via [`docker stack deploy`](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [`docker-compose`](https://github.com/docker/compose)
Example `stack.yml` for `mongo`:
```yaml
# Use root/example as user/password credentials
version:'3.1'
services:
mongo:
image:mongo
restart:always
environment:
MONGO_INITDB_ROOT_USERNAME:root
MONGO_INITDB_ROOT_PASSWORD:example
mongo-express:
image:mongo-express
restart:always
ports:
-8081:8081
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME:root
ME_CONFIG_MONGODB_ADMINPASSWORD:example
```
Run `docker stack deploy -c stack.yml mongo` (or `docker-compose -f stack.yml up`), wait for it to initialize completely, and visit `http://swarm-ip:8081`, `http://localhost:8081`, or `http://host-ip:8081` (as appropriate).
## Container shell access and viewing MongoDB logs
The `docker exec` command allows you to run commands inside a Docker container. The following command line will give you a bash shell inside your `mongo` container:
```console
$docker exec-it some-mongo bash
```
The MongoDB Server log is available through Docker's container log:
```console
$docker logs some-mongo
```
## Configuration
See the [MongoDB manual](https://docs.mongodb.com/manual/) for information on using and configuring MongoDB for things like replica sets and sharding.
## Customize configuration without configuration file
Most MongoDB configuration can be set through flags to `mongod`. The entrypoint of the image is created to pass its arguments along to `mongod`. See below an example of setting MongoDB to use a different [threading and execution model](https://docs.mongodb.com/manual/reference/program/mongod/#cmdoption-mongod-serviceexecutor) via `docker run`.
```console
$docker run --name some-mongo -d mongo --serviceExecutor adaptive
```
And here is the same with a `docker-compose.yml` file
```yaml
version:'3.1'
services:
mongo:
image:mongo
command:--serviceExecutor adaptive
```
To see the full list of possible options, check the MongoDB manual on [`mongod`](https://docs.mongodb.com/manual/reference/program/mongod/) or check the `--help` output of `mongod`:
```console
$docker run -it--rm mongo --help
```
## Setting WiredTiger cache size limits
By default Mongo will set the `wiredTigerCacheSizeGB` to a value proportional to the host's total memory regardless of memory limits you may have imposed on the container. In such an instance you will want to set the cache size to something appropriate, taking into account any other processes you may be running in the container which would also utilize memory.
Taking the examples above you can configure the cache size to use 1.5GB as:
```console
$docker run --name some-mongo -d mongo --wiredTigerCacheSizeGB 1.5
```
See [the upstream "WiredTiger Options" documentation](https://docs.mongodb.com/manual/reference/program/mongod/#wiredtiger-options) for more details.
## Using a custom MongoDB configuration file
For a more complicated configuration setup, you can still use the MongoDB configuration file. `mongod` does not read a configuration file by default, so the `--config` option with the path to the configuration file needs to be specified. Create a custom configuration file and put it in the container by either creating a custom Dockerfile `FROM mongo` or mounting it from the host machine to the container. See the MongoDB manual for a full list of [configuration file](https://docs.mongodb.com/manual/reference/configuration-options/) options.
For example, `/my/custom/mongod.conf` is the path to the custom configuration file. Then start the MongoDB container like the following:
```console
$docker run --name some-mongo -v /my/custom:/etc/mongo -d mongo --config /etc/mongo/mongod.conf
```
## Environment Variables
When you start the `mongo` image, you can adjust the initialization of the MongoDB instance by passing one or more environment variables on the `docker run` command line. Do note that none of the variables below will have any effect if you start the container with a data directory that already contains a database: any pre-existing database will always be left untouched on container startup.
These variables, used in conjunction, create a new user and set that user's password. This user is created in the `admin`[authentication database](https://docs.mongodb.com/manual/core/security-users/#user-authentication-database) and given [the role of `root`](https://docs.mongodb.com/manual/reference/built-in-roles/#root), which is [a "superuser" role](https://docs.mongodb.com/manual/core/security-built-in-roles/#superuser-roles).
The following is an example of using these two variables to create a MongoDB instance and then using the `mongo` cli to connect against the `admin` authentication database.
```console
$docker run -d--network some-network --name some-mongo \
-e MONGO_INITDB_ROOT_USERNAME=mongoadmin \
-e MONGO_INITDB_ROOT_PASSWORD=secret \
mongo
$docker run -it--rm--network some-network mongo \
mongo --host some-mongo \
-u mongoadmin \
-p secret \
--authenticationDatabase admin \
some-db
>db.getName();
some-db
```
Both variables are required for a user to be created. If both are present then MongoDB will start with authentication enabled (`mongod --auth`).
Authentication in MongoDB is fairly complex, so more complex user setup is explicitly left to the user via `/docker-entrypoint-initdb.d/` (see the *Initializing a fresh instance* and *Authentication* sections below for more details).
### `MONGO_INITDB_DATABASE`
This variable allows you to specify the name of a database to be used for creation scripts in `/docker-entrypoint-initdb.d/*.js` (see *Initializing a fresh instance* below). MongoDB is fundamentally designed for "create on first use", so if you do not insert data with your JavaScript files, then no database is created.
## Docker Secrets
As an alternative to passing sensitive information via environment variables, `_FILE` may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in `/run/secrets/<secret_name>` files. For example:
```console
$docker run --name some-mongo -eMONGO_INITDB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root -d mongo
```
Currently, this is only supported for `MONGO_INITDB_ROOT_USERNAME` and `MONGO_INITDB_ROOT_PASSWORD`.
# Initializing a fresh instance
When a container is started for the first time it will execute files with extensions `.sh` and `.js` that are found in `/docker-entrypoint-initdb.d`. Files will be executed in alphabetical order. `.js` files will be executed by `mongo` using the database specified by the `MONGO_INITDB_DATABASE` variable, if it is present, or `test` otherwise. You may also switch databases within the `.js` script.
...
...
@@ -180,13 +21,4 @@ As noted above, authentication in MongoDB is fairly complex (although disabled b
In addition to the `/docker-entrypoint-initdb.d` behavior documented above (which is a simple way to configure users for authentication for less complicated deployments), this image also supports `MONGO_INITDB_ROOT_USERNAME` and `MONGO_INITDB_ROOT_PASSWORD` for creating a simple user with [the role `root`](https://docs.mongodb.com/manual/reference/built-in-roles/#root) in the `admin`[authentication database](https://docs.mongodb.com/manual/core/security-users/#user-authentication-database), as described in the *Environment Variables* section above.
# Caveats
## Creating database dumps
Most of the normal tools will work, although their usage might be a little convoluted in some cases to ensure they have access to the `mongod` server. A simple way to ensure this is to use `docker exec` and run the tool from the same container, similar to the following:
```console
$docker exec some-mongo sh -c'exec mongodump -d <database_name> --archive'> /some/path/on/your/host/all-collections.archive
