Ops Tools
26 results found
-
Documentation: API equivalents for each action on OpsManager
In the documentation, for each action on OpsManager it should be explained how to achieve the same result using the OpsManager API (or an equivalent mongocli command, if it exists).
For example, in the pages describing how to configure Backup stores in the OpsManager UI, it should also be explained which APIs to use (admin/backup).2 votes -
Authentication support for OpenID connect (OIDC)
I would like to connect to MongoDB as part of a Terraform IaC project from bitbucket pipelines. Currently this is possible only through API keys.
It would be great if there was support for OIDC as it provides rotated keys and solid support of various pipelines (GitHub actions, Bitbucket pipelines, ...). Also with OIDC the client is not exposed to any credentials, so this would allow for a "zero-trust" approach when it comes to IaC (Infrastructure as Code).
1 vote -
Add cluster_id parameter in host detail API
As per the link https://www.mongodb.com/docs/ops-manager/current/reference/api/measures/get-host-process-system-measurements/ and below API :
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest
--header "Accept: application/json"
--include
--request GET "https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0/groups/{PROJECT-ID}/hosts/{HOST-ID}/measurements?granularity={TIME-INCREMENT}&period={PERIOD}}&pretty=true"This will give us the details pertaining to one host and one project. However what if one host has multiple processes and part of multiple replica sets within same project in OPS Manager? Then it becomes difficult to gather gather data. Hence a clusterid parameter should also be added to distinguish details based on host pertaining to which cluster or replica set along with projectid which is already present.
1 vote -
Logging: attr.error field type conflicts
Hey!
We are using fluent-bit to push MongoDB logs to Elasticsearch. When there are already logs in the elastic index, where attr.error is an object, then it does not accept log lines in which this field is a string:
“error”:{“type”:“mapperparsingexception”,“reason”:“object mapping for [attr.error] tried to parse field [error] as object, but found a concrete value”}
There is log with string attr.error:
{“t”:{"$date":“2022-05-13T15:16:31.203+00:00”},“s”:“I”, “c”:“CONNPOOL”, “id”:22572, “ctx”:“MirrorMaestro”,“msg”:“Dropping all pooled connections”,“attr”:{“hostAndPort”:“mongodb-1.mongodb-headless.mongodb.svc.cluster.local:27017”,“error”:“ShutdownInProgress: Pool for mongodb-1.mongodb-headless.mongodb.svc.cluster.local:27017 has expired.”}}
There is log with object attr.error:
{“t”:{"$date":“2022-05-13T15:20:56.857+00:00”},“s”:“I”, “c”:“REPL_HB”, “id”:23974, “ctx”:“ReplCoord-680”,“msg”:“Heartbeat failed after max retries”,“attr”:{“target”:“alerta-mongodb-arbiter-0.alerta-mongodb-arbiter-headless.monitoring. svc.cluster.local:27017”,“maxHeartbeatRetries”:2,“error”:{“code”:93,“codeName”:“InvalidReplicaSetConfig”,“errmsg”:“replica set IDs do not match, ours: 61ea35f29cfd494fef169571; remote node’s: 61eef8589d065c56e61d6e52”}}}…
1 vote -
Ops Manager help with index compliance across cluster
One of the problems is that we found some nodes would have indexes and others don't. Is there anything in Ops Manager to make sure that indexes are applied (in compliance) across all the nodes?
1 vote -
Provide AWS CloudFormation template starter
It would make things easier for our users if they had at least a starter/example AWS CloudFormation template to use for provisioning AWS resources required for an Ops Manager deployment.
2 votes -
Incorrect Agent version Alert/Banner
If someone upgrades from Ops Manager v4.2 -> v4.4 and then downgrades by reinstalling Ops Manager v4.2, there is no Alert or Banner that the Agent is incompatible.
Attempts to modify deployments with this incompatible Agent displays "Initializing Automation for your Deployment" but never actually does anything. It is only after reviewing the Ops Manager logs that you see "Unrecognized field".
It would be helpful if there was a validation check that displays an Alert or Banner that indicates that the version of the Agent is unknown/incompatible. Perhaps something similar to what is displayed after upgrading Ops Manager that will…
3 votes -
mongocli - allow to enable/disable agent modules
As of mongocli version 1.17.0 there is no way to enable monitoring and backup modules for a cloud manager or ops manager project.
You can only query the agents and the modules enabled.
This won't allow you to use mongocli to setup a new project from scratch and will require to use the Cloud Manager or Ops Manager API updating the automation config manually for this purpose.
1 vote -
Automated rotation of the Keyfile
Hello,
I have an idea about the Keyfile rotation. So actually you can rotate the Keyfile only through the ops manager manually. But I would recommend to do this automatically with an API. This would help us alot since we have alot of mongoDB instances and this would save alot of time.
2 votes -
Allow Ops Manager to only download specific MongoDB binary packages
We would like to have an option in the Ops Manager UI to select certain MongoDB versions to be automatically downloaded by Automation in order to avoid downloading all major binaries.
It is not good to have several MongoDB binaries using disk space and not being used.
1 vote -
MongoDB Agent (Automation Module): don't attempt to auth with `net.tls.clusterFile` / `net.tls.certificateKeyFile` and use Agent X.509 cert
Problem Statement,
What is the problem? MongoDB Agent (Automation Module) attempts to auth withnet.tls.clusterFile
/net.tls.certificateKeyFile
X.509 certificate first, pretending it is a Replica Set member.Why is this a problem? MongoDB Server process logs are flooded by unnecessary noise from such MongoDB Agent (Automation Module) auth attempts pretending it is Replica Set member. MongoDB Server will always log Replica Set member auth certificate usage outside of internal MongoDB Server client (https://github.com/mongodb/mongo/blob/6212e50e73dd032b448a514fe6893c6490a28a9f/src/mongo/db/commands/authentication_commands.cpp#L294-L300),
Example,
{"t":{"$date":"2021-05-10T11:08:03.110+0000"},"s":"W", "c":"ACCESS", "id":20430, "ctx":"conn116","msg":"Client isn't a mongod or mongos, but is connecting with a certificate with cluster membership"}Proposal,
* Don't attempt to auth…10 votes -
update monitoring & backup agent credentials via automationConfig API instead of separate API calls
Right now if you want to change the credentials for the monitoring agent or the backup agent, you've got to make separate API calls. Why not make it so that you can specify everything at once in the same automationConfig API PUT?
2 votes -
Add ability to transition WiredTiger encryption-at-rest from local keyfile encryption (LKE) to KMIP
If you are using local key file encryption and backing up your MongoDB deployment using Ops Manager, backups won't work correctly if you upgrade to MongoDB 4.2. The correct solution is to switch your encryption to KMIP. But if you try doing that, automation will get stuck!
6 votes -
Warn if deploying changes will require a rolling restart
When reviewing changes in automation, warn if deploying changes will require a rolling restart.
As an example, look at the documentation for server parameters. Many parameters include the description "You can only set THIS during start-up", but the the warning that setting this parameter necessitates a restart is missing from Ops Manager (or Cloud Manager).
2 votes -
SAML support in Ops Manager API
SAML is available as an authentication mechanism and we're currently using it with keycloack (centralized identity provider).
It works well with Ops Manager but there seems to be no support whatsoever in Ops Manager 4.4 API to programmatically add / update / delete SAML groups on Organizations or Projects.
The official API documentation doesn't even recognize that SAML is available.
Mongo support has confirmed that and it's a target feature in their internal backlog.
This idea will hopefully speed up things.10 votes -
3 votes
-
Automation web UI - Validate the TLS/SSL settings passed in the UI
It is possible to make all agents in a project fail by setting a wrong CA file value.
For example a customer set in the CA file field a directory instead of a file, and it caused Agents to stop reporting to OM.
Eg. the montioring module logged:
{code}
Error starting new module : <Monitoring Module Manager> [15:25:38.817] Error starting Monitoring module : error parsing settings:map[logFile:/var/log/mongodb-mms-automation/monitoring-agent.log maxLogFileDurationHrs:24 maxLogFileSizeBytes:1048576000 maxProcs:0 mmsApiKey:*** mmsBaseUrl:https://api-agents.mongodb.com mmsGroupId:yyyy sslTrustedServerCertificates:/opt/mongodb/db1/pki version:10.19.2.6597]
. Monitoring unable to start. Error: SSL trusted server certificates file/etc/ssl/pki
can not be read. Err: read /etc/ssl/pki: is a directory
{code}Similar errors…
2 votes -
Configure MongoDB Automation Agent collecting stats on some collection to not trigger alerts
We just had a support case about some alerts being raised on our cluster because the MongoDB Automation Agent collecting stats on some collection doing queries without index triggers "Scanned Objects / Returned" ratio has went over 1000.
It would be really nice to at least not raise alerts when it's the mongodb automation agent that triggered it. Were monitoring our alerts a lot and these are false positive we can't do anything about it seems other than create all the indexes it needs, which might change over time. We have no guarantee of which index it needs.
Another alternative…
9 votes -
Install Managed MongoDB Processes as Services in Linux
In Windows, managed MongoDB processes are installed as services. In Linux, they are not. It would be great if managed processes were installed as services so that system administrators would have better control over startup and shutdown behavior, among other things.
4 votes -
Automation should handle multiple hostname aliases for each server
In order to separate replication, client and administrative traffic, servers may have multiple network interfaces using different IP and hostname aliases associated with them.
According to the requirements described on https://docs.opsmanager.mongodb.com/current/tutorial/provisioning-prep/#server-networking-access Automation currently can use only the server hostname defined as
hostname -f
and cannot use any of the other aliases matching to other IP addresses for the other machine host aliases.Please add some way to customize which host alias Automation should use as a configuration parameter for the Agent.
5 votes
- Don't see your idea?