mongo_ssl=" --sslMode requireSSL --sslPEMKeyFile mongo/mongodb-server.pem \
  --sslAllowInvalidHostnames  "
margs=" --oplogSize 100 --wiredTigerCacheSizeGB 0.25 \
    --bind_ip 127.0.0.1 $mongo_ssl "
hn=`hostname``
ssl=" -subj '/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=$hn'"  
client=" --tls  --tlslAllowInvalidCertificates --host 127.0.0.1 --quiet "


  # If restarting, kill the mogo processes and then do 
rm -rf  mongo/d1 mongo/d2 mongo/d3 mongo/logs
  # Setup 3 directories:
mkdir -p mongo/d1 mongo/d2 mongo/d3 mongo/logs

# Make the certificate -- self signed
cmd="openssl req -newkey rsa:2048 -new -x509 -days 365  -nodes -out mongo/mongodb-cert.crt -keyout mongo/mongodb-cert.key $ssl "
echo "$cmd" | bash

# Make the pem file
cat mongo/mongodb-cert.key mongo/mongodb-cert.crt > mongo/mongodb-server.pem

#openssl req -newkey rsa:2048 -new -x509 -days 365  -nodes -out mongo/mongo-cert.crt -keyout mongo/mongo-cert.key
#cat mongo/mongo-cert.key mongo/mongo-cert.crt > mongo/mongo-client.pem


# If not AWS,	  ignore.  
# sudo  -s -- bash -c   '  echo "127.0.0.1 localhost ">> /etc/hosts '
  # Start once mongo instance
mongod --dbpath mongo/d1 --port 3001 --replSet r $margs  > mongo/logs/1.log 2>&1  & 
sleep 5
  # In  the mongo shell
mongo $client --port 3001 --eval "rs.initiate( { _id: 'r', version: 1, members: [ {_id :0, host: 'localhost:3001' } ] } )"

sleep 5
  # Start and add two other replica sets
mongod --dbpath mongo/d2 --port 3002 --replSet r $margs > mongo/logs/2.log 2>&1  &
mongod --dbpath mongo/d3 --port 3003 --replSet r $margs > mongo/logs/3.log 2>&1  &
sleep 10
mongo $client --port 3001 --eval "rs.add('localhost:3002')"
sleep 3
mongo $client --port 3001 --eval "rs.add('localhost:3003')"
sleep 3
  # Look at the status
mongo $client --port 3001 --eval "rs.status()"

  # Let's check ssl