Ops Tools
480 results found
-
Need an alert for KMIP master key rotation
Currently opsmanager has manual rotation of KMIP master keys.
Enhancement required:
Need an alert from project level to rotate keys when nearing the schedule rotation just like SSL expiration alertsNeed for automation of this key rotation would be helpful. If fails, it needs to revert back changes and alert for human intervention.
1 vote -
Allow service spec changes via MongoDBCommunity CR
I aim to include extra sidecar containers, such as a metrics sidecar, allowing me to deploy an external metrics exporter alongside that would be scraped via service. I intend to configure annotations on the service for Prometheus automatic discovery, enabling the scraping of metrics and exposing the exporter container at the service level, similar to the one exposed when prometheus integration is enabled.
Updating the service spec is not currently possible, and as result, a lot of manual steps are required, like creating a custom service for each cluster, which points to the sidecar container with the required annotations in…
1 vote -
disable auth on metrics
Opentelemtry-Collector does not support secrets for ServiceMonitor/PodMonitor resources, which generates authorization issues while trying to scrape the metrics endpoint of MongoDB.
I'm looking for a way to disable the basic_auth on the metrics endpoint of MongoDB, I already tried a lot of ways, including an empty username/password, but nothing worked, any help would be highly appreciated.
1 vote -
Add comprehensive configuration options for persistent volumes
From a project point of view, we need additional configuration options for persistent volumes. For instance, as far as we know, each MongoDB Deployment that uses a persistent volume is configured with Access Mode ReadWriteOnce per default. We need to customise this option for optimal usage. For configuration options would be a plus.
1 vote -
SAML sign either Response or Assertion in Ops Manager
Ops Manager currently requires both the Response and Assertion to be signed for SAML auth. Our IDMS system cannot authenticate via SAML as it can sign either one or the other, not both. We would like a configurable option in Ops Manager SAML auth to enforce signing of Response or Assertion.
1 vote -
mongod startupWarnings
Create an "alert" to send notificactions when a mongod proccess has, for any reason, startup warnings.
e.g.
1)
The configured WiredTiger cache size is more than 80% of available RAM. See http://dochub.mongodb.org/core/faq-memory-diagnostics-wt2)
/sys/kernel/mm/transparent_hugepage/defrag is 'always'.3) Others.
1 vote -
Disable point-in-time restores
It would be nice to have the ability to set the parameter "Allow point-in-time restores going back" to ZERO (disabling PIT restores). This could be useful in situation where a database is producing a lot of oplog and DBA wants to avoid the saturation of oplog-store. In other words: "I want to mantain shapshot backup functionality, but deactivate PIT functionality".
1 vote -
Incremental backup with reduced snapshots size
The actual size of EACH snapshot is equal to datapath filesystem size. Every snapshot is essentially a copy of all db files. This prevents the use of OPS Manager Backup for large databases. It would be desirable to have a "real" incremental backup, based on one "baseline-snapshot" plus "delta-snapshots" of reduced size.
1 vote -
Ops Manager: API endpoint for /databases should not require host
Currently the Ops Manager API to list databases requires a hostname: /groups/{PROJECT-ID}/hosts/{HOST-ID}/databases
It would useful to gather databases on a project or cluster level instead as the databases are the same across replica set members.
1 vote -
reencrypt existing snapshot with new kmip key
Customer may decide to migrate from one KMIP provider to another or from one KMIP server to another. If you need store backups for a long period of time (7 years for compliant reason is not an exception), it becomes difficult to make sure that you can restore snapshots from old keys and all old KMIP servers still up and running.
it turns out that it's not possible to export old keys from one kmip provider and import into another kmip provider due to security reasons.
But at the same time - it looks like much easier to implement option…
1 vote -
Replica Set size Alert
Have an Alert in Ops Manager to notify that a Replica Set is approaching the maximum recommended size (ie: 2TB) and that it should be converted into a Sharded Cluster.
1 vote -
Add a cross reference of all projects and roles to user profile
I must click on projects to display all the projects in my list, click the Users link for a project, then search for my ID to see the roles assigned to my ID.
My idea is to consolidate this information and display it under my user profile similar to the Organization page. 3 clicks display my roles for each project on a single page.
1 vote -
Add options to the connection string through the MongoDBUser
We would like to add options to the connection string that is generated by the operator when creating a new MongoDBUser.
The idea is to include these options in the MongoDBUser CRD so the operator can then add them to the connectionString stored in the generated secret.1 vote -
Ability to export/import index definition from mongoexport/mongoimport and/or mongodump/mongorestore
Mongodump/mongorestore and/or mongoexport/mongoimport (whichever makes more sense) should provide an option to export/import only indexes. This would aid in non-conventional migration approaches, moving data to lower environments, etc.
1 vote -
Add a variable for set the RS name
Add own variable to set the RS name so that the deployment name can be used to name the pod
1 vote -
Added features to improve backup performance on filesystem
Currently, the ability to use multiple workers in Ops Manager is only available for S3. If possible adding this capability, or additional enhancements, to filesystem storage would be beneficial.
1 vote -
Ops Manager should allow to perform restore/recovery on individual replica node
Currently Ops manager automatic restore process does not support restoring snapshots to a single node of a existing replicaSet instead Ops Manager restore snapshots to an existing replicaSet.
This will be require in case any individual replica node down for longer period and oplog overwrite on primary.
Thank You1 vote -
Enable external-dns integration via per-service annotations on each generated service
Currently the MongoDB Kubernetes Operator allows specification of annotations on services created by the operator, but only annotations with the same value across all services. The external-dns operator can create DNS names based on annotations on services. In order to support external-dns integration the MongoDB Kubernetes Operator would need to allow one to specify specific annotations for each generated service.
Current spec for external access services:
externalAccess:
externalService:
annotations:
# Same annotations will be applied on all servicesYou could consider a placeholder/substitution scheme like:
externalAccess:
externalService:
annotations:
external-dns.alpha.kubernetes.io/hostname: mydb-db-<instance number>.mydns.comOr some other way of assigning a per-service annotation…
1 vote -
Set log file permissions using Ops Manager
Currently there is no way to set the log file permissions from Ops Manager and the default value is 600. Our organization uses Splunk and with the current settings the Splunk user is not able to read the log files. Config file options such as processUmask and honorSystemUmask can be used to change the log file permissions, but they will also change other files such as journal files, wiredtiger files, etc. The only option we have is to add the Splunk user to our role group in Unix, but this causes a security issue.
1 vote -
Agent authentication to opsmanager using x509 credentials
Similar to how Opsmanger can use x509 to manage deployments, it should be possible to configure the agents to use x509 credentials to communicate with Opsmanager. This will allow for a more consistent security posture across the whole mongodb/opsmanager stack. It would also simplify security procedures such as credential rotation by unifying the authentication mechanism.
This will be an alternative to the existing API Key approach https://www.mongodb.com/docs/ops-manager/current/tutorial/manage-agent-api-key/index.html
1 vote
- Don't see your idea?