Ops Tools
415 results found
-
Backup Daemon should check for the available filesystem before starting a groom job
When a groom job starts, it might get stuck or fail if the available disk space is not enough to copy all live blocks to another directory.
It would be helpful if the Backup Daemon checks the available disk space before starting a groom job, and notifies the user:
1. via Ops Manager UI
2. report it in the logs
3. sends an alert that the upcoming/scheduled groom job would not start due to low disk space.5 votes -
Use Custom S3 buckets for backup storage on cloud manager
Requesting new functionality to be able to use a custom S3 bucket to store backups taken from cloud manager.
6 votes -
Send activity feed event by email similar to Alerts
We need to be informed and or react on some activity feed events. So we want to either be able to configure alert on specific activity type and/or be able to push activity feeds somewhere similar to alerts. then we would be able to configure actions based on activity type.
4 votes -
allow to configure startupOptions for monitoring/backup agent logs
Allow to configure startupOptions for monitoring/backup agent logs in yaml for deployments. Similar as we have for AppDB - spec.applicationDatabase.monitoringAgent.startupOptions
3 votes -
Custom Pod Annotations
This is regarding usage of service mesh / policy agent automations for stateful sets.
1 vote -
custom defined roles In OPS Manager
We need a custom defined role to perform specific functions in the OPS Manager.
For Example --> We need a custom defined role which can perform subset of functions from Project Automation Admin Role + Project Read Only Role + rs.stepDown() functionality
Project Automation Admin Role:
View deployments.
Provision machines.
Edit configuration files.
Download the MongoDB Agent.
+ Project Read Only role.Project Read Only Role:
Activity
Operational data
Ops Manager Users
Ops Manager User roles.** This feature becomes very useful to contain the access of certain privileges and to have the flexibility tailormade privileges instead of giving the…
5 votes -
clear text password for mongodb ldap authorization
Add the feature to Encrypt the queryPassword parameter for LDAP in the config file directly via Ops Manager , so that text password should not be present in config file.
Keeping direct password is a security concern.
Sample format of the config file:ldap:
authz:
queryTemplate: '{USER}?memberOf?base'
bind:
method: simple
queryPassword: <Password>
queryUser: <username>
servers: serevername:port
transportSecurity: tls
userToDNMapping: '[ { match : "xxxxx)))"
} ]2 votes -
Add Health Endpoint to Mongosync
Mongosync is a constant running process with an API. Please add a /health endpoint for Kubernetes liveness and readyness probes.
2 votes -
Build Ops Manager packages for ARM architecture
The new Graviton instance types in AWS seem very promising from a cost/peformance perspective. We would love to be able to run our Ops Manager cluster on these new instance types, but there currently aren't any packages available for ARM architectures!
4 votes -
monitoring opt
Allow to configure startupOptions for monitoring/backup agent logs in yaml for deployments. Similar as we have for AppDB - spec.applicationDatabase.monitoringAgent.startupOptions
1 vote -
Ops Manager should allow to perform restore/recovery on individual replica node
Currently Ops manager automatic restore process does not support restoring snapshots to a single node of a existing replicaSet instead Ops Manager restore snapshots to an existing replicaSet.
This will be require in case any individual replica node down for longer period and oplog overwrite on primary.
Thank You1 vote -
Enable external-dns integration via per-service annotations on each generated service
Currently the MongoDB Kubernetes Operator allows specification of annotations on services created by the operator, but only annotations with the same value across all services. The external-dns operator can create DNS names based on annotations on services. In order to support external-dns integration the MongoDB Kubernetes Operator would need to allow one to specify specific annotations for each generated service.
Current spec for external access services:
externalAccess:
externalService:
annotations:
# Same annotations will be applied on all servicesYou could consider a placeholder/substitution scheme like:
externalAccess:
externalService:
annotations:
external-dns.alpha.kubernetes.io/hostname: mydb-db-<instance number>.mydns.comOr some other way of assigning a per-service annotation…
1 vote -
Add flexibility to disable and enable specific fetures of managing mongodb instance in OPS Manager (like user Sync)
Currently , Mongodb admin can not select to disable or enable feature after put mongodb manageed under OPS Manager. like security control .
Normally , Security control is not mongodb or Ops manager admin's responsibility , which is managed by a enterprice access control team.
1 , In opsmanager , there is not role for security control, like useradmin in mongodb.
2 , When ACCESS control team create role in mongodb. Ops Manager sycn it back.
3 , Opsmanager admin have to be engaged to work with ACCESS control team to complete the task.It is kind of not least…
1 vote -
ops manager agent support for Rocky Linux
Ops manager and Mongodb work on Rocky, but it seems there is no option for Rocky in the Ops Manager agent manifest, the current agent detects no Linux flavor for Rocky Linux. This already works on RHEL/CentOS and Rocky is supposed to be fully compatible with these OS's.
4 votes -
Set log file permissions using Ops Manager
Currently there is no way to set the log file permissions from Ops Manager and the default value is 600. Our organization uses Splunk and with the current settings the Splunk user is not able to read the log files. Config file options such as processUmask and honorSystemUmask can be used to change the log file permissions, but they will also change other files such as journal files, wiredtiger files, etc. The only option we have is to add the Splunk user to our role group in Unix, but this causes a security issue.
1 vote -
Allow drag-and-drop of metric graphs from different replica set members
Our use case is we have a replica set, but the east nodes and west nodes are on disk mounts with different names, so they won't appear on the same line in the Metrics tab. We should be able to drag and drop on a replica set member level, not just the metrics level. This allows more customization of metric graph layout.
1 vote -
“Content-Security-Policy” header
Hello,
We want to add the “Content-Security-Policy” header to the OpsManager/MongoDB answers to increase the security level:
frame-ancestors 'none' (Do not render in frames)
script-src 'self': only loads scripts originating on the site (subdomains excluded)
default-src 'none': recommended for services returning HTML.
Could you please tell us how to set up these elements ?Thank you in advance for your support.
Regards
7 votes -
OPS Manager should call updateUser to change password to trace it in DB Audit.
If you enable auditing in database, you can't trace change password actions. The reason is OPS Manager updates system.user collection record directly. as a result, this action is not traceble in audit if parameter auditAuthorizationSuccess is not enabled.
But enabling this parameter cause performance degradation as all DML/DDL will be sent through audit layer.
Dropping user at the same time happening as expected and traceable in audit files.
1 vote -
Documentation: API equivalents for each action on OpsManager
In the documentation, for each action on OpsManager it should be explained how to achieve the same result using the OpsManager API (or an equivalent mongocli command, if it exists).
For example, in the pages describing how to configure Backup stores in the OpsManager UI, it should also be explained which APIs to use (admin/backup).2 votes -
Agent authentication to opsmanager using x509 credentials
Similar to how Opsmanger can use x509 to manage deployments, it should be possible to configure the agents to use x509 credentials to communicate with Opsmanager. This will allow for a more consistent security posture across the whole mongodb/opsmanager stack. It would also simplify security procedures such as credential rotation by unifying the authentication mechanism.
This will be an alternative to the existing API Key approach https://www.mongodb.com/docs/ops-manager/current/tutorial/manage-agent-api-key/index.html
1 vote
- Don't see your idea?