Efficiently Installing MongoDB on Ubuntu 22.04: Production-Focused Steps

Large-scale applications—analytics, e-commerce, event processing—require a database backend that scales and adapts. MongoDB 6.0 delivers performant NoSQL data storage; pairing it with Ubuntu 22.04 LTS forms a robust platform for iterative deployment cycles and steady-state workloads.

Below: essential steps for clean MongoDB integration, with practical tuning points for a secure and supportable deployment. Uncluttered by extraneous steps or outdated habits.

When Not to Use the Default Ubuntu MongoDB Package

The default mongodb in Ubuntu’s repositories is frequently out-of-date and lacks upstream support.

• Production deployments: Always pull from MongoDB’s official repo. Direct support, security patches, versioning control.
• Lab or legacy environments: Ubuntu’s package suffices for prototyping or backward migration, but expect feature misalignment.

1. Patch Your System First

Before touching repositories or keys:

sudo apt-get update && sudo apt-get upgrade -y

Note: Pending kernel or systemd upgrades? Reboot if running workloads can tolerate it. Invisible dependency issues here have killed many late-night rollouts.

2. Import MongoDB 6.0 Public GPG Key

Package integrity is non-negotiable. MongoDB 6.0’s signed repo key is required.
On Ubuntu 22.04, use the modern GPG keyring location:

wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo tee /usr/share/keyrings/mongodb-server-6.0.gpg >/dev/null

Gotcha:
Corrupted key downloads (e.g., during ISP incident) result in:

NO_PUBKEY E52529D4CF1587AA

If in doubt, purge and repeat the command above.

3. Register the MongoDB APT Repository

Point APT at the officially maintained repository:

echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" \
 | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list

• jammy = Ubuntu 22.04 codename.
• multiverse houses non-free/open-source binaries.

4. Reload APT Index

sudo apt-get update

Sometimes, caching proxies or regional mirrors go stale. Confirm new packages appear:

apt-cache policy mongodb-org

Should display packages from the mongodb-org-6.0 repo. If not, revisit previous steps.

5. Install MongoDB Components

Install the meta-package. Also brings in mongodb-org-server, mongodb-org-shell (mongosh), and associated tools.

sudo apt-get install -y mongodb-org

Known issue:
Partial installation owing to missing dependencies results in:

Unable to locate package mongodb-org

If this occurs, review your sources and keyring setup.

6. Start and Enable the MongoDB Service

sudo systemctl start mongod
sudo systemctl enable mongod

Verify:

systemctl status mongod

Expected:
Active: active (running)
For forensics, logs are at /var/log/mongodb/mongod.log.

7. Basic Operational Check

Open the MongoDB shell:

mongosh

The prompt should look like:

test>

Sanity check: enumerate available databases.

show dbs

If authentication is off (the default), you’ll see admin, config, and local.

8. Secure the MongoDB Instance—Minimum Viable Hardening

Critically:
By default, the server listens only on localhost, but no authentication is enforced. On multitenant hosts or after network binding changes, this is a large risk.

a) Create Initial Admin User

Within mongosh:

use admin
db.createUser({
  user: "admin",
  pwd: "ChangeThisPassword42!",
  roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
})

Tip: Use a credential vault, not plain-text files in /home/user. Password rotation is rare in practice, so choose carefully.

b) Edit the mongod Configuration

Open /etc/mongod.conf and append (or edit) the security section:

security:
  authorization: enabled

Note: YAML indentation must be exact. mongod will quietly fail on bad format.

Restart the service:

sudo systemctl restart mongod

c) Validate Authentication

mongosh -u admin -p 'ChangeThisPassword42!' --authenticationDatabase admin

Failed logins output:

MongoServerError: Authentication failed.

Investigation point: typo in username, wrong auth database, or missing roles.

9. Optional—Bind to a Network Interface

For remote connections, adjust bindIp:

net:
  bindIp: 127.0.0.1,<your.server.ip>

Then restart mongod. Firewall configuration is your responsibility. Exposing MongoDB to a public interface is a known risk unless additional controls are in place.

10. Cleanup and Practical Validation

• Confirm all services start after reboot.
• Monitor /var/log/mongodb/mongod.log for errors such as address already in use or configuration warnings.
• Test backup/restore flows (e.g., mongodump, mongorestore) before putting into production.

Practical Example: Quick User Bootstrap

For a staging cluster with basic read/write requirements:

use myapp
db.createUser({
  user: "appuser",
  pwd: "AppUserRandomPass",
  roles: [ { role: "readWrite", db: "myapp" } ]
})

-- Usage in Node.js:
mongodb://appuser:AppUserRandomPass@localhost:27017/myapp?authSource=myapp

Non-Obvious Tip

MongoDB auto-starts on system boot (due to enable). For CI environments or containers, explicitly disable if you require ephemeral behavior:

sudo systemctl disable mongod

Summary Table

Note:
No install process is perfect; real-world deployments may require tuning for SELinux/AppArmor, disk IOPS, or cloud firewall. Automate these steps in an Ansible playbook or shell script for repeatability.

Questions or failures? Share errors and configs—postmortem starts with data, not guesswork.