Ops Tools
246 results found
-
Allow SSL Cert Rotation Without Restarting The Agent
It would be great if the agent could be sent a signal to pickup a new cert, or detect the cert changed via file watchers, instead of having to restart it.
1 vote -
deployment metadata resync
Ops Manager needs a way to resync deployments' metadata from the console (or command line, or API), rather than direct undocumented CURD operations in AppDB.
My reason for this suggestion:
See Case: 01438273. One of my deployments had duplicate entries for all 3 nodes. We suspect that happened because we were initially using short name hostnames in the deployment's replica set definition and later changed that to FQDN hostnames. The original entries should have been removed from the AppDB collection, but instead they remained there indicating version 4.0.26, while new ones were created, which were then successively updated as the…1 vote -
adding comments directly during the Review and Deploy process in mongo
Ops Manager currently does not support adding comments directly during the Review and Deploy process.It is essential to add comments in production environments related deployments to keep track of artifacts (such as incident number or change number) to figure out why the change has been deployed.
Kindly consider adding comments section in review and deployment workflow in ops manager to make ops manager deployments much clear and to have substantial information pon why that deployment is done.
1 vote -
Different networks support in Ops Manager
We need Ops Manager being able to manage our infrastructure architecture.
We have a service network and an operational network. The servers, at the physical level, are located in the operational network with their domain (for example servername.operational.network.net, which is what is in /etc/hosts and what you get when you run "hostname -f") and the replica set nodes, at the MongoDB level, are in the service network (for example servername.service.network.net).
When you try to add an existing MongoDB deployment in Ops Manager, as indicated in the wizard, you must do it with the name…
1 vote -
Allow OPS Manager to export as CSV or JSON All projects page information
All projects page in MongoOPS shows cluster name, data size, version, nodes, backup, SSL, Auth, Alerts.
Add export as CSV or JSON All projects page information.
Current MongoDB Usage report doesn't fit due:
1. It doesn't report backup, encryption information
2. Cluster name could be not right if the cluster was unmanaged and added back to OPS manager as managed. (Cluster_0 bogus names)1 vote -
The Backup Daemon auto downloads all old Mongodb versions
If "Backup Versions Auto Download" is set to true on the Admin > General > Ops Manager Config > MISCELLANEOUS tab, then the backup daemon automatically downloads all older major versions of the software.
In my opinion, it would be better if you could either select the version/s which you want or it only downloaded versions equal to or higher than your current version.
All the old versions take up disk space and can only be deleted if the setting is changed to false.
thanks1 vote -
Allow assigning users to an organization via api by adding a bypass parameter
Via the parameter
bypassInviteForExistingUsers
it is possible to a add a user to a project.
It is important to also have this feature for the Organization, so please add a parameterbypassOrgInviteForExistingUser
or similar to enable this.
Without it, we can not automate the creation of new environments.1 vote -
Management capabilities for trusted CA certificates in the Admin UI
Currently it is a manual process per Ops Manager server to add trusted CA certificates to the Java TrustStore. This store is also overwritten on Ops Manager upgrades.
Similar to the S3 block store option to use a specific CA, it would be useful to manage trusted CA certificates for other endpoints such as HTTPS proxies, webhook alerts, and custom download URLs.
1 vote -
Need an alert for KMIP master key rotation
Currently opsmanager has manual rotation of KMIP master keys.
Enhancement required:
Need an alert from project level to rotate keys when nearing the schedule rotation just like SSL expiration alertsNeed for automation of this key rotation would be helpful. If fails, it needs to revert back changes and alert for human intervention.
1 vote -
SAML sign either Response or Assertion in Ops Manager
Ops Manager currently requires both the Response and Assertion to be signed for SAML auth. Our IDMS system cannot authenticate via SAML as it can sign either one or the other, not both. We would like a configurable option in Ops Manager SAML auth to enforce signing of Response or Assertion.
1 vote -
Ops Manager: API endpoint for /databases should not require host
Currently the Ops Manager API to list databases requires a hostname: /groups/{PROJECT-ID}/hosts/{HOST-ID}/databases
It would useful to gather databases on a project or cluster level instead as the databases are the same across replica set members.
1 vote -
Add a cross reference of all projects and roles to user profile
I must click on projects to display all the projects in my list, click the Users link for a project, then search for my ID to see the roles assigned to my ID.
My idea is to consolidate this information and display it under my user profile similar to the Organization page. 3 clicks display my roles for each project on a single page.
1 vote -
Set log file permissions using Ops Manager
Currently there is no way to set the log file permissions from Ops Manager and the default value is 600. Our organization uses Splunk and with the current settings the Splunk user is not able to read the log files. Config file options such as processUmask and honorSystemUmask can be used to change the log file permissions, but they will also change other files such as journal files, wiredtiger files, etc. The only option we have is to add the Splunk user to our role group in Unix, but this causes a security issue.
1 vote -
Agent authentication to opsmanager using x509 credentials
Similar to how Opsmanger can use x509 to manage deployments, it should be possible to configure the agents to use x509 credentials to communicate with Opsmanager. This will allow for a more consistent security posture across the whole mongodb/opsmanager stack. It would also simplify security procedures such as credential rotation by unifying the authentication mechanism.
This will be an alternative to the existing API Key approach https://www.mongodb.com/docs/ops-manager/current/tutorial/manage-agent-api-key/index.html
1 vote -
Ability to remove parameter tlsCertificateKeyFilePassword from Advanced configuration
Currently the behavior around this parameter is tricky -once you added this parameter to advanced config - you can't remove it. if you try to remove it - OPS Manager simply ignores this action and when you run "Review and Deploy" - it displays nothing but still let you deploy this "nothing". similar if you want to set the value of this parameter to empty string from something - OPS Manager ignores it and deploy empty list of actions.
the workaround is to remove both tlsCertificateKeyFile and tlsCertificateKeyFilePassword in advanced config, but don't deploy it. then add back tlsCertificateKeyFile parameter…
1 vote -
When changing snapshot retention, prompt user to apply new policy to existing snapshots
Currently when you change the snapshot schedule, the changes only apply to NEW snapshots.
Please allow the user the option to apply the new policy automatically to all existing snapshots. Or at the very least, notify them of them of snapshots that exist which do not meet the current policy!
Let me provide an example of the problem. If you have a retention policy of 10 days and on DAY1 you change it to 30 days, your retention will look like this:
DAY1 - 10 snapshots
DAY2 - 10 snapshots
...
DAY10 - 10 snapshots
DAY11 - 11 snapshots
DAY12…1 vote -
Lock enableLocalConfigurationServer setting on OPS Manager side
To harden security for mongodb deployment managed by OPS Manager, we can use setting enableLocalConfigurationServer = true so automation-mongod.conf won't have any passwords for ssl certs and agent will retrieve them from OPS Manager.
to disable this feature and to read all passwords for ssl certs (and hence get access to mongodb data) it's enough to comment out this parameter an restart automation service (or wait until host will be restarted).
Linux root user can modify any file on mongodb host including this file and can restart any services, so it's impossible to protect getting all passwords and mongod.conf from…
1 vote -
I found what I believe to be an error in the following document
I found what I believe to be an error in the following document.
https://www.mongodb.com/docs/ops-manager/current/tutorial/install-simple-test-deployment/In the section "5. Create the Ops Manager Application Database directory," it instructs to execute the following command
sudo chown -R mongod:mongod /dataIn my environment, the mongod user does not exist and I get an error, but looking at the passwd file, the mongodb user and mongodb group seem to exist. The version is 11.7.
I think the correct command is as follows
sudo chown -R mongodb:mongodb /data1 vote -
Operating System distribution and version of a host in OPS Manager API
Hi,
would be useful having the operating system distribution and version of a host for our automation scripts.
This info is not available in any OPS Manager API request, as the case 01119828.
My suggestion is add this info at "Get Host by ID" https://www.mongodb.com/docs/ops-manager/current/reference/api/hosts/get-one-host-by-id/
Best regards,
Danilo1 vote -
Ability to mark a deployment as an INELIGIBLE restore target
Restoring to a cluster is one of the few destructive actions that Ops Manager takes and it's terrifying to see our main production cluster listed as a possible restore target!
I would love to be able to toggle a setting on this cluster to indicate that it is NOT available as a restore target.
This could be similar to the AWS "DisableApiTermination" feature that prevents instance termination.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination1 vote
- Don't see your idea?