emqx/.ci/docker-compose-file/docker-compose-mongo-replicaset-tls.yaml

version: "3"

services:
  mongo1:
    hostname: mongo1
    container_name: mongo1
    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
    environment:
      MONGO_INITDB_DATABASE: mqtt
    networks:
      - emqx_bridge
    expose:
      - 27017
    ports:
      - 27011:27017
    restart: always
    volumes:
      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem
      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem
    command:
      - /bin/bash
      - -c
      - |
        cat /etc/certs/key.pem /etc/certs/cert.pem >  /etc/certs/mongodb.pem
        mongod --ipv6 --bind_ip_all --tlsMode requireTLS --tlsCertificateKeyFile /etc/certs/mongodb.pem --replSet rs0        
      
  mongo2:
    hostname: mongo2
    container_name: mongo2
    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
    environment:
      MONGO_INITDB_DATABASE: mqtt
    networks:
      - emqx_bridge
    expose:
      - 27017
    ports:
      - 27012:27017
    restart: always
    volumes:
      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem
      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem
    command:
      - /bin/bash
      - -c
      - |
        cat /etc/certs/key.pem /etc/certs/cert.pem >  /etc/certs/mongodb.pem
        mongod --ipv6 --bind_ip_all --tlsMode requireTLS --tlsCertificateKeyFile /etc/certs/mongodb.pem --replSet rs0        

  mongo3:
    hostname: mongo3
    container_name: mongo3
    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
    environment:
      MONGO_INITDB_DATABASE: mqtt
    networks:
      - emqx_bridge
    expose:
      - 27017
    ports:
      - 27013:27017
    restart: always
    volumes:
      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem
      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem
    command:
      - /bin/bash
      - -c
      - |
        cat /etc/certs/key.pem /etc/certs/cert.pem >  /etc/certs/mongodb.pem
        mongod --ipv6 --bind_ip_all --tlsMode requireTLS --tlsCertificateKeyFile /etc/certs/mongodb.pem --replSet rs0        
      
  mongo_client:
    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
    container_name: mongo_client
    networks:
      - emqx_bridge
    depends_on:
      - mongo1
      - mongo2
      - mongo3
    volumes:
      - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/cacert.pem
    command:
      - /bin/bash
      - -c
      - |
        while ! mongo --host mongo1 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
            sleep 1
        done
        while ! mongo --host mongo2 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
            sleep 1
        done
        while ! mongo --host mongo3 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
            sleep 1
        done
        mongo --host mongo1 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval "rs.initiate( { _id : 'rs0', members: [ { _id : 0, host : 'mongo1:27017' }, { _id : 1, host : 'mongo2:27017' }, { _id : 2, host : 'mongo3:27017' } ] })" --quiet
        mongo --host mongo1 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval "rs.status()" --quiet