Sunday, November 3, 2024

How to Install MongoDB with OpenSSL 3 Support on Fedora 39

Must read

In this tutorial, you will learn how to install MongoDB with support for the latest version of OpenSSL on the Fedora Linux operating system.

If you already have it installed, this tutorial will help you fix the mongosh OpenSSL configuration error.

To follow along, you will need a terminal with root access and an internet connection to download the packages.

Here’s what we’ll cover:

The Core of the Problem

If you visit the official MongoDB documentation and look for instructions on how to install it on the Fedora Workstation OS, you won’t find anything. But you can find instructions on how to install it on the Red Hat Enterprise Linux OS.

“The Fedora project is the upstream, community distro of Red Hat® Enterprise Linux.” (Source: Red Hat)

In other words, Fedora and Red Hat Enterprise Linux are very similar.

“The primary difference between community and enterprise distros is who decides what’s important to users. A community distro’s direction is set by contributors, who choose and maintain packages from the wide variety of open source options. The direction of an enterprise distro is set by a vendor, based on the needs of their customers.” (Source: Red Hat)

Now, you may think that you can install MongoDB on Fedora by following the tutorial for installing it on Red Hat. By the way, thattutorial is available at Install MongoDB Community Edition on Red Hat or CentOS.

The problem is that it will not work – and to prove that, I will try to install it and show you what happens.

Note: I use the Node.js MongoDB Driver which, at the time I am writing this article, does not support the current MongoDB version (7.0). So I will try to install its previous version (6.0).

The required steps to install MongoDB on Fedora are as follows:

  1. Configure the package management system
  2. Install the MongoDB packages

To perform the first step, open your terminal, get root access, and type the following:

# touch /etc/yum.repos.d/mongodb-org-6.0.repo

Now, open the file using your preferred text editor (I am using the Gnome Text Editor, because it’s shipped with Fedora):

# gnome-text-editor /etc/yum.repos.d/mongodb-org-6.0.repo

And paste in these lines:

[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc

Save the file and close it.

The second step can be performed by running the following command:

# dnf install -y mongodb-org

After running the command you will get an error similar to this:

Fedora 39 - x86_64 - Updates                     34 kB/s |  46 kB     00:01    
MongoDB Repository                               63  B/s | 391  B     00:06    
Errors during downloading metadata for repository 'mongodb-org-6.0':
  - Status code: 404 for https://repo.mongodb.org/yum/redhat/39/mongodb-org/6.0/x86_64/repodata/repomd.xml (IP: 65.8.214.17)
Error: Failed to download metadata for repo 'mongodb-org-6.0': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: mongodb-org-6.0
Last metadata expiration check: 0:00:02 ago on Thu 30 Nov 2023 09:15:21 AM -03.
No match for argument: mongodb-org
Error: Unable to find a match: mongodb-org

This is a 404 error, which means you need to change the baseurl of the file that configures the repo.

If you try to open the baseurl in your browser you will get a 404 error as well:

Screenshot of the 404 error you will get if you visit the baseurl on a browser.
baseurl 404 error

This is the core of the problem.

Workaround for Installing MongoDB

You can infer that in order to fix the problem you need to change the value assigned to the baseurl. The question becomes: what is the URL that leads to the page containing the packages?

The answers is offered by the official MongoDB documentation:

“You can also download the .rpm files directly from the MongoDB repository. Downloads are organized by Red Hat / CentOS version (e.g. 7), then MongoDB release version (e.g. 6.0), then architecture (e.g. x86_64).” (Source: MongoDB)

Now, visiting the MongoDB repository will take you to this page:

Screenshot of the MongoDB repository page. The title of the page reads "Index of RedHat". The page lists repositories with old versions of MongoDB, as well as repositories with newer versions for different RedHat OS versions.
MongoDB repository page

From here I navigated to the proper repo, selecting my preferred MongoDB version and system architecture. You should do the same.

I ended up with the following URL:

https://repo.mongodb.org/yum/redhat/9Server/mongodb-org/6.0/x86_64/RPMS/

This URL leads to the repo where the packages of MongoDB 6.0 can be found for systems based on an x86_64 architecture.

This is what I found there:

Screenshot of the MongoDB repo that contains the packages of its sixth version for systems based on an x86_64 architecture.
MongoDB 6.0 packages for x86_64 systems

After being sure the packages could be found, I updated the file that configures the repo. But the baseurl should point to the parent of RPMS directory, which resulted in the following URL:

https://repo.mongodb.org/yum/redhat/9Server/mongodb-org/6.0/x86_64/

I ran:

# gnome-text-editor /etc/yum.repos.d/mongodb-org-6.0.repo

Updated the baseurl:

[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9Server/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc

And installed the packages:

# dnf install -y mongodb-org

These are the packages that that were installed:

Installed:
  mongodb-database-tools-100.9.3-1.x86_64                                       
  mongodb-mongosh-2.1.0-1.el8.x86_64                                           
  mongodb-org-6.0.12-1.el9.x86_64                                               
  mongodb-org-database-6.0.12-1.el9.x86_64                                     
  mongodb-org-database-tools-extra-6.0.12-1.el9.x86_64                         
  mongodb-org-mongos-6.0.12-1.el9.x86_64                                       
  mongodb-org-server-6.0.12-1.el9.x86_64                                       
  mongodb-org-tools-6.0.12-1.el9.x86_64                                         
  openssl-1:3.1.1-4.fc39.x86_64 

Understanding the Mongosh OpenSSL Error

To confirm the installation of the database server, run this command:

# mongod --version

You will get a message similar to this:

db version v6.0.12
Build Info: {
    "version": "6.0.12",
    "gitVersion": "21e6e8e11a45dfbdb7ca6cf95fa8c5f859e2b118",
    "openSSLVersion": "OpenSSL 3.1.1 30 May 2023",
    "modules": [],
    "allocator": "tcmalloc",
    "environment": {
        "distmod": "rhel90",
        "distarch": "x86_64",
        "target_arch": "x86_64"
    }
}

To confirm the installation of the shell, run this command:

# mongosh --version

And this is the message you will get:

mongosh: OpenSSL configuration error:
00899523A67F0000:error:030000A9:digital envelope routines:alg_module_init:unknown option:../deps/openssl/openssl/crypto/evp/evp_cnf.c:61:name=rh-allow-sha1-signatures, value=yes

Oops! There was an error.

I checked the installed OpenSSL version by running this command:

# openssl version

And got this result:

OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)

With that, I discarded a possible mismatch between the installed and the required OpenSSL versions.

After some research, I discovered that:

“There are two new PPA packages created from the mongosh source: In addition to mongodb-mongosh, mongodb-mongosh-shared-openssl11 and mongodb-mongosh-shared-openssl3 are also provided. These link against a system-installed dynamic OpenSSL library.” (Source: MongoDB Jira)

When I looked at the packages that were installed, I saw the mongodb-mongosh package. So I knew I need to replace it with the mongodb-mongosh-shared-openssl3.

By the way,

“The package name denotes that it’s the cut of mongosh compiled against openssl3.” ― Jack Woehr

Now that we understand the problem, let’s fix it.

Workaround for Fixing the Error on Existing MongoDB Installations

If you already have MongoDB installed, these are the steps required to fix the problem:

  1. Stop MongoDB
  2. Remove the mongodb-org package
  3. Remove the mongodb-mongosh package
  4. Install the mongodb-mongosh-shared-openssl3 package
  5. Enable MongoDB

You have to perform these steps in the correct order. If you try to install the mongodb-mongosh-shared-openssl3 package without uninstalling the mongodb-mongosh package first, you will get a conflict error:

Error: Transaction test error:
  file /usr/bin/mongosh from install of mongodb-mongosh-shared-openssl3-2.1.0-1.el8.x86_64 conflicts with file from package mongodb-mongosh-2.1.0-1.el8.x86_64

If you try to uninstall the mongodb-mongosh package without uninstalling the mongodb-org package first, you will get a dependency error:

error: Failed dependencies:
	mongodb-mongosh is needed by (installed) mongodb-org-6.0.12-1.el9.x86_64

To stop MongoDB, run this command:

# systemctl stop mongod

Note: The command will output nothing if everything goes well.

To remove the mongodb-org and the mongodb-mongosh packages, run:

# rpm -e mongodb-org mongodb-mongosh

Note: I am not using the dnf command as it would remove mongodb-org and all of its dependencies.

You can also confirm that only the two packages were removed by running:

# rpm -qa | grep mongodb-*

The output should be:

mongodb-org-database-tools-extra-6.0.12-1.el9.x86_64
mongodb-database-tools-100.9.3-1.x86_64
mongodb-org-tools-6.0.12-1.el9.x86_64
mongodb-org-server-6.0.12-1.el9.x86_64
mongodb-org-mongos-6.0.12-1.el9.x86_64
mongodb-org-database-6.0.12-1.el9.x86_64

To install the mongodb-org and the mongodb-mongosh-shared-openssl3 packages, run:

# dnf install -y mongodb-org mongodb-mongosh-shared-openssl3

Finally, to start MongoDB with your operating system, run:

# systemctl start mongod

If you want to be sure the workaround worked, run:

# mongod --version

And then this:

# mongosh --version

Now, if you are concerned about destroying data, know that logs and databases will only be removed if you run the following commands:

# rm -r /var/log/mongodb

And this:

# rm -r /var/lib/mongo

One more thing: if you run mongosh and get the following error:

MongoNetworkError: connect ECONNREFUSED 127.0.0.1:27017

restart your machine. It will solve the problem.

How to Install MongoDB with OpenSSL 3 Support From Scratch

If you are installing MongoDB for the first time, you only have to perform two steps:

  1. Configure the package management system
  2. Install the MongoDB packages specifying them individually

You can perform the first step by following what I did on the The Core of the Problem and Workaround for Installing MongoDB sections of this article.

However, to install the right packages you should replace this command:

# dnf install -y mongodb-org

with this one:

# dnf install -y mongodb-org mongodb-mongosh-shared-openssl3 openssl mongodb-org-database-tools-extra mongodb-database-tools mongodb-org-tools mongodb-org-server mongodb-org-mongos mongodb-org-database

You can confirm that all packages have been installed by running:

# rpm -qa | grep mongodb-*

Which should output something similar to this:

mongodb-org-database-tools-extra-6.0.12-1.el9.x86_64
mongodb-database-tools-100.9.3-1.x86_64
mongodb-org-tools-6.0.12-1.el9.x86_64
mongodb-org-server-6.0.12-1.el9.x86_64
mongodb-org-mongos-6.0.12-1.el9.x86_64
mongodb-org-database-6.0.12-1.el9.x86_64
mongodb-mongosh-shared-openssl3-2.1.0-1.el8.x86_64
mongodb-org-6.0.12-1.el9.x86_64

Keep in mind that the previous command will only output mongodb-related packages. To confirm OpenSSL installation, run:

# openssl version

You should get something like this:

OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)

The packages will be updated with your system as you can see in the screenshot below.

Screenshot of the mongodb-mongosh-shared-openssl3 package being automatically updated with the operating system.
mongodb-mongosh-shared-openssl3 update

Conclusion

Package updates are important, because they bring in new functionality and/or increase applications security. But they can also cause headaches when they case errors like the one we dealt with in this article.

Although you might be tempted to roll back the update to get rid of the problem, don’t do that. Try to solve it instead.

Paying attention to error messages, reading official documentation, and researching the Web will most likely be enough for solving the majority of the problems you come across.

Besides, knowing how different commands affect the way packages are installed/uninstalled on your operating system can salve you time and data (if you are on a metered connection).

If this article was useful to you, bookmark it and share it with your friends. You can can also follow me on Twitter.

See you in the next one!

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

study_png

Latest article