Ops Tools
464 results found
-
Kubernetes Operator - Prefix Annotations and Labels
Labels and annotations added to Kubernetes resources by the MongoDB Enterprise Operator should include a prefix designating that it was added by MongoDB. The lack of a prefix suggests the field and values are private to the user.
For example, the MongoDB statefulset and service selector should use a label prefixed with a MongoDB domain.
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
4 votesWe're gradually starting to change things to prefix most annotations and labels with mdb.
It's a gradual thing but in progress.
-
Mongoimport should support delimiter option when importing csv txt files such as |,: etc
Mongoimport should support delimiter option when importing csv txt files such as |,: etc
Mongoimport ....... --delimitor :4 votes -
Change MongoDB Log Settings via API
You can set MongoDB log rotation for mongod process on project level in the Ops Manager through: Deployment -> More -> MongoDB Log Settings. However there is no option to set it via API.
It looks like there is option to set this parameters on process level (in the Automation Config), but Ops Manager is not accepting new value, like it does when setting values for Monitoring Log rotation and Backup Log rotation.
It would be great to have option to automate this when creating a new project via API and setting all other attributes with script.4 votes -
Improvements for Datadog integration
Some parameters for Datadog are not configurable in Ops Manager. For example, "tagging". Adding this functionality would make using Datadog easier.
4 votes -
Use separate tls.crt and tls.key items in a kubernetes secret for certificates instead of a combined item named server.pem for a MondoDB rep
There should be a way to use separate
tls.crtandtls.keyitems in a kubernetes secret for certificates instead of a combined item namedserver.pem.We request our certs using cert-manager which generates secrets from the cert CRD and will get auto renewed every so often. These secrets have 2 items,
tls.crtandtls.key.So far the only way I have seen to enable tls is to combine these 2 items and rename it into a new secret in kubernetes as item called
server.pem. This however means that when a cert auto renews that the wrong secret…4 votesSupport for Cert Manager as well as support for separate crt and key is on a roadmap.
We will look into updating our docs to describe cert rotation. -
Allow to generate/download MongoDB Server Audit process logs
Problem Statement,
What is the problem? As of now (2021-03-17) Ops Manager does not support downloading MongoDB Server Audit process logs via UI/API. Atlas does have support for it (viaGET /groups/{GROUP-ID}/clusters/{HOSTNAME}/logs/{LOG-NAME}API call).Why is this a problem? Users needs to be able to download MongoDB Server Audit process logs via Ops Manager, same way as they do for MongoDB Server process logs/FTDC and MongoDB Agent logs (this significantly simplify troubleshooting, when required). Some users require to download MongoDB Server Audit process logs programmatically to store them in Security Information and Event Management (SIEM) system.
Proposal,
* Add MongoDB…4 votes -
Add ability to configure Pod Distruption Budget for STS
During maintenance work EKS admins may need to evict nodes. This should not cause outage for MongoDB cluster/replicaset running on these nodes. we can create manually PDB for STS, but it would be nice to have an option to do it as part of MongoDB Kubernetes Operator.
4 votesSupporting Pod Disruption Budget natively is something we do hope to do at some point.
But for now it is still possible by creating the PodDisruptionBudget resource and targeting the deployment using labels. (As per https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
-
Ops Manager and Backup infrastracture Disaster Recovery support with K8s Operator
We have carried out tests with MongoDB v1.5.5 K8s Operator and Ops Manager 4.2.18 with Backup infrastructure (S3 Snapshots) in an Openshift 3.11 environment (MongoDB Support case attached).
In this case, a "Disaster Recovery" simulation has been carried out. However, several components created by the Operator had to be restored to obtain a similar state to the one before the "disaster".
Furthermore, it is very likely that the S3 Snapshots will be lost if the process is not completed in a certain manner.
It would be great to have an official approach to deploy/restore an OM resource using MongoDB K8s…
4 votesThere is no current supported mechanism for backing up Ops Manager in a way that guarantees the data. As Ops Manager is itself a backup tool, it's challenging to maintain the integrity of the data in DR scenarios.
For this reason we recommend multi-site high availability for OM and AppDB. This is already possible when running OM on hardware of in VMs, but not currently supported in Kubernetes (unless a Kubernetes cluster is spanning sites).
Later this year (2023) we hope to support OM deployments across multiple Kubernetes clusters - as we already support (in beta) for Replica Sets (full release in April 2023 with Sharded cluster support in May/June 2023). Doing so will reduce the criticality of a OM/AppDB backup solution within Kubernetes.
-
sharding
Should provide sharding feature in community Operator.
4 votes -
Add command for upgrade a cluster
Currently there is no easy way to upgrade a cluster but we need to modify the file describing the cluster and push the full description.
Would be nice to have a command like:mongocli om upgrade --version "4.2.10" --fcv "4.2" MyReplicaset
4 votes -
Allow to create custom roles
Allow to create custom roles for Atlas/CM/OM
4 votes -
Support TLS configuration
Add options to the config file for deploy clusters with TLS enabled.
4 votes -
Changes to Backup Configuration
Ability for changes in a project's Backup Configuration page to take effect without having to terminate and restart backups. Terminating backups removes all existing backups thus exposing an organization to risk. Backups can be stopped and restarted for the changes to take effect but not completely terminate them. This would help when changes are needed into terms of backup daemons, blockstores, types of blockstores, etc.
4 votes -
Add Alert for Projects which are not in Goal State
Add an Alert type that is triggered if a project has not reached the goal state for certain amount of time.
4 votes -
Create AppDB user with backup role to allow execution of mongodump
For the purpose of regularly performing backups of the AppDB using mongodump --oplog.
4 votes -
Ability to send SNMPv3 Alert Traps for configured Ops Manager Alerts
What is the problem that needs to be solved? Ops Manager Alerts should have possibility to send SNMPv3 Alert Traps to configured destinations. SNMPv3 provides better authentication, data encryption and message integrity in comparison to SNMPv2c protocol.
Why is it a problem? (the pain) It is mandatory to use SNMPv3 in many enterprise deployments as SNMPv2c does plaintext community string authentication without encryption (SNMPv3 does MD5/SHA1 hashing for passwords and provides encryption for SNMP data).
4 votes -
Install Managed MongoDB Processes as Services in Linux
In Windows, managed MongoDB processes are installed as services. In Linux, they are not. It would be great if managed processes were installed as services so that system administrators would have better control over startup and shutdown behavior, among other things.
4 votes -
Automation - Improve import for automation when keyfile doesn't match
Starting with MongoDB 4.2 we are able to rotate the internal authentication keyfiles in a rolling fashion with the procedure described here:
https://docs.mongodb.com/manual/tutorial/rotate-key-sharded-cluster/Currently when you import for automation a cluster that is using a different keyfile than the one in the automation config a bouncerestart is triggered. We can avoid it by doing a rolling rotation of the keyfile.
The old keyfile should be kept and the new one appended to it in a rolling fashion. We may have already this implemented for the "Rotate keyfile" feature present in the Security tab page.
4 votes -
Webpage session expiry - introduce inactivity timeout
Currently one can specify a "Session Max Hours" - The number of hours before a website session expires and a user must login again.
This should be replaced or enhanced with an "Inactivity timeout".
We have the requirement to set a timeout due to PCI.
However with the current implementation I have to re-login to the website even when working actively with OPS Manager. An inactivity timeout would allow to be logged out when I am not working on the OPS Manager, but not whilst working with it.4 votes -
Grant permission to access Real Time tab to Project Read Only users
Accessing the Real Time metrics tab requires at least the Project Monitoring Admin role but this role has other privileges to administer alerts and manage hosts as well.
It is more appropriate to enable the read-only access user (Project Read Only role) to access the Real Time metrics tab.
4 votes
- Don't see your idea?