Welcome to Knowledge Base!

KB at your finger tips

This is one stop global knowledge base where you can learn about all the products, solutions and support features.

Categories
All

Database-MongoDB

Manage Alerts — MongoDB Cloud Manager

Manage Alerts¶

On this page

  • Overview
  • View Alerts
  • View All Activity
  • Retrieve the Activity Feed
  • Acknowledge an Alert
  • Unacknowledge an Alert
  • Disable Alerts for a Specific Process
  • Suspend Alerts by Adding a Maintenance Window

Overview¶

Cloud Manager issues alerts for the database and server conditions configured in your alert settings . When a condition triggers an alert, you receive the alert at regular intervals until the alert resolves or Cloud Manager cancels it. You should fix the immediate problem, implement a long-term solution, and view metrics to monitor your progress.

View Alerts¶

1
2

If it is not already displayed, click the All Alerts tab.¶

View All Activity¶

1
2

Filter the activity feed.¶

You can filter the organization activity feed by event type and time range. You can combine filtering methods together for greater control over the activity feed output.

Filter by event

Select the event categories or specific events you want to see from the activity feed. To exclude specific categories or events from the activity feed, click Select all categories and events , then deselect the categories and events you want to exclude.

You can filter events based on the following categories:

Category Description
Access Events related to Cloud Manager users.
Alerts Events related to alert configuration and monitoring.
Billing Events related to payments and payment methods.
Others Miscellaneous events, including log retrieval and mLab events.
Organization Events related to your Cloud Manager organization.
Projects Events related to Cloud Manager projects.
Filter by time range
Select a Start Date and End Date to view events from within a specified time range. Once you have configured a time range, click Apply Dates to update the activity feed with the specified range.

Retrieve the Activity Feed¶

You can retrieve events for a specified organization or project using the Events API resource.

Acknowledge an Alert¶

When you acknowledge the alert, Cloud Manager sends no further notifications to the alert’s distribution list until the acknowledgment period has passed or until you resolve the alert. The distribution list receives no notification of the acknowledgment.

If the alert condition ends during the acknowledgment period, Cloud Manager sends a notification of the resolution.

If you configure an alert with PagerDuty, a third-party incident management service, you can only acknowledge the alert on your PagerDuty dashboard.

1

Navigate to the Alerts page for your organization.¶

  1. If it is not already displayed, select your desired organization from the office icon Organizations menu in the navigation bar.
  2. Click Alerts in the sidebar.
2

Acknowledge alerts¶

To acknowledge a single alert, on the line item for the alert, click Acknowledge .

To acknowledge multiple, but not all, alerts:

  1. Check the checkbox to the left of each alert to acknowledge.
  2. Click Mark Acknowledge above the table.

To acknowledge all alerts:

  1. Select the checkbox in the table header to select every alert.
  2. Click Mark Acknowledge above the table.
3

Select the time period for which to acknowledge the alert.¶

Click the time frame for which you no longer wish to receive alerts.

Cloud Manager sends no further alert messages for the period of time you select.

4

Optional: If all Alerts were checked, select All Visible or All Open Alerts

If all alerts are checked, then another set of radio buttons appear:

  • Click Acknowledge all visible checked alerts to acknowledge all alerts that were loaded onto the page.
  • Click Acknowledge all open alerts to acknowledge all alerts: checked, unchecked, visible and not visible on the current page.
5

Click Acknowledge to confirm.¶

Unacknowledge an Alert¶

You can undo an acknowledgment and again receive notifications if the alert condition still applies.

1

Navigate to the Alerts page for your organization.¶

  1. If it is not already displayed, select your desired organization from the office icon Organizations menu in the navigation bar.
  2. Click Alerts in the sidebar.
2

On the line item for the alert, click Unacknowledge

3

Click Confirm

If the alert condition continues to exist, Cloud Manager resends the alerts.

Disable Alerts for a Specific Process¶

You can turn off alerts for a given process. This might be useful, for example, if you want to temporarily disable the process but do not want it hidden from monitoring. Use the following procedure both to turn alerts off or on.

1
2

On the line listing the process, click the ellipsis icon and select Monitoring Settings

3

Select Alert Status and then modify the alert settings.¶

Suspend Alerts by Adding a Maintenance Window¶

Specify maintenance windows to temporarily turn off alert notifications for a given resource while you perform maintenance.

To view maintenance windows:

1
2

Click the Maintenance Windows filter.¶

Add or Edit a Maintenance Window¶

1

Navigate to the Alert Settings tab.¶

  1. If it is not already displayed, select the organization that contains your desired project from the office icon Organizations menu in the navigation bar.
  2. If it is not already displayed, select your desired project from the Projects menu in the navigation bar.
  3. Click the bell icon Project Alerts icon in the navigation bar, or click Alerts in the sidebar.
  4. Click the Alert Settings tab.
2

Add or edit a maintenance window.¶

  • To add a maintenance window: Click the Add button and select New Maintenance Window .
  • To edit a maintenance window: Click the Maintenance Windows filter, then click the ellipsis icon for a mainenance window and select Edit .
3

Select the target components for which to suspend alerts.¶

Note that selecting the Host target selects both HOST and HOST_METRIC alert configurations returned through the alertConfigs endpoint .

4

Select the time period for which to suspend alerts.¶

5

Enter an optional description for the maintenance window.¶

6

Click Save

Delete a Maintenance Window¶

1

Navigate to the Alert Settings tab.¶

  1. If it is not already displayed, select the organization that contains your desired project from the office icon Organizations menu in the navigation bar.
  2. If it is not already displayed, select your desired project from the Projects menu in the navigation bar.
  3. Click the bell icon Project Alerts icon in the navigation bar, or click Alerts in the sidebar.
  4. Click the Alert Settings tab.
2

Click the Maintenance Windows filter.¶

3

For the window to delete, click the ellipsis icon and select Delete

4

Click Confirm

Install MongoDB Agent — MongoDB Cloud Manager

Install MongoDB Agent¶

Installation Instructions in Cloud Manager Interface

Cloud Manager displays the MongoDB Agent install instructions after you choose your MongoDB Agent download. You can copy all the necessary commands from the Cloud Manager.

Caution

Please review the MongoDB Agent Prerequisites before installing the MongoDB Agent.

There are two workflows to follow when using MongoDB Agents with MongoDB hosts:

Install the MongoDB Agent to Manage Deployments
Recommended: You have a project and want to install the MongoDB Agent to manage your MongoDB deployments. You can also monitor and back up your MongoDB deployments following this workflow.
Install the MongoDB Agent to Only Monitor or Backup Deployments
You have a project and want to install the MongoDB Agent to monitor and/or back up your MongoDB deployments. You are choosing not to manage your MongoDB deployments at this time.
Read article

View, Retrieve, and Manage Logs — MongoDB Cloud Manager

View, Retrieve, and Manage Logs¶

On this page

  • MongoDB Real-Time Logs
    • View MongoDB Real-Time Logs
    • Enable or Disable Log Collection for a Deployment
    • Enable or Disable Log Collection for the Project
  • MongoDB On-Disk Logs
    • Configure Log Rotation
  • Agent Logs
    • View Agent Logs
    • Configure Agent Log Rotation

Cloud Manager collects log information for both MongoDB processes and its agents. For MongoDB processes, you can access both real-time logs and on-disk logs.

  • The MongoDB logs provide the diagnostic logging information for your mongod and mongos processes.
  • The Agent logs provide insight into the behavior of your Cloud Manager agents.

MongoDB Real-Time Logs¶

The MongoDB Agent issues the getLog command with every monitoring ping. This command collects log entries from RAM cache of each MongoDB process.

Cloud Manager enables real-time log collection by default. You can disable log collection for either all MongoDB deployments in a Cloud Manager project or for individual MongoDB deployments . If you disable log collection, Cloud Manager continues to display previously collected log entries.

View MongoDB Real-Time Logs¶

1
2

(Optional) For sharded clusters, filter which process type is listed.¶

The four buttons are listed in the following order, left to right: Shards , Configs , Mongos , and BIs .

Process Displays
Shards mongod processes that host your data.
Configs mongod processes that run as config servers to store a sharded cluster’s metadata.
Mongos mongos processes that route data in a sharded cluster.
BIs BI processes that access data in a sharded cluster.
3

On the line listing the process, click Metrics

4

Click the Logs tab.¶

The tab displays log information. If the tab is not displayed, see Enable or Disable Log Collection for a Deployment to enable log collection.

5

Refresh the browser window to view updated entries.¶

Enable or Disable Log Collection for a Deployment¶

1

Navigate to the Clusters view for your deployment.¶

  1. If it is not already displayed, select the organization that contains your desired project from the office icon Organizations menu in the navigation bar.
  2. If it is not already displayed, select your desired project from the Projects menu in the navigation bar.
  3. If it is not already displayed, click Deployment in the sidebar.
  4. Click the Clusters view.
2

On the line for any process, click the ellipsis [ ] icon then click Monitoring Settings

3

Toggle Collect Logs For Host as desired.¶

  1. Click the Logs tab.
  2. Toggle the Collect Logs For Host to Off or On , as desired.
4

Click X to close the Monitoring Settings box.¶

If you turn off log collection, existing log entries remain in the Logs tab, but Cloud Manager does not collect new entries.

Enable or Disable Log Collection for the Project¶

1

Click Settings , then Project Settings

2

Toggle the Collect Logs For All Hosts option to Yes or No , as desired.¶

MongoDB On-Disk Logs¶

Cloud Manager collects on-disk logs even if the MongoDB instance is not running. The MongoDB Agent collects the logs from the location you specified in the MongoDB systemLog.path configuration option. The MongoDB on-disk logs are a subset of the real-time logs and therefore less verbose.

Note

This option isn’t available for deployed MongoDB processes if the systemLog.destination property is set to syslog .

You can configure log rotation for the on-disk logs. Cloud Manager rotates logs by default.

This procedure rotates both system and audit logs for Cloud Manager.

Configure Log Rotation¶

Cloud Manager can rotate and compress logs for clusters that the MongoDB Agent manages. If the MongoDB Agent only monitors a cluster, it ignores that cluster’s logs.

Important

If you’re running MongoDB Enterprise version 5.0 or later and MongoDB Agent 11.11.0.7355 or later, you can:

  • Set separate rules for rotating server logs and audit logs.
  • Compress and delete audit logs using Cloud Manager. For security reasons, we recommend managing your audit log compression and deletion outside of Cloud Manager.

If you’re running earlier versions of MongoDB Enterprise or the MongoDB Agent, Cloud Manager:

  • Uses your System Log Rotation settings to rotate both the server logs and the audit logs.
  • Doesn’t compress or delete audit logs. If you configure compression and deletion, Cloud Manager applies these settings to the server logs only.

MongoDB Community users can rotate, compress, and delete the server logs only.

Note

When using this feature, disable any platform-based log-rotation services like logrotate . If the MongoDB Agent only monitors the cluster, that cluster may use platform-based services.

1

Open the MongoDB Log Settings

  1. Click Deployment .
  2. In the More drop-down list, click MongoDB Log Settings .
2

Enable log rotation.¶

Toggle System Log Rotation to ON to rotate server logs.

MongoDB Enterprise users running MongoDB Enterprise version 5.0 or later and MongoDB Agent 11.11.0.7355 and later can also toggle Audit Log Rotation to ON to rotate audit logs and configure audit log rotation separately.

If you’re running earlier versions of MongoDB Enterprise or the MongoDB Agent, setting System Log Rotation to ON also rotates audit logs.

Set log rotation to OFF if you don’t want Cloud Manager to rotate its logs. Log rotation is OFF by default.

After you enable log rotation, Cloud Manager displays additional log rotation settings.

3

Configure the log rotation settings.¶

Cloud Manager rotates the logs on your MongoDB hosts per the following settings:

Field Necessity Action Default
Size Threshold (MB) Required Cloud Manager rotates log files that exceed this maximum log file size. 1000
Time Threshold (Hours) Required Cloud Manager rotates logs that exceed this duration. 24
Max Uncompressed Files Optional

Log files can remain uncompressed until they exceed this number of files. Cloud Manager compresses the oldest log files first.

If you leave this setting empty, Cloud Manager will use the default of 5 .

5
Max Percent of Disk Optional

Log files can take up to this percent of disk space on your MongoDB host’s log volume. Cloud Manager deletes the oldest log files once they exceed this disk threshold.

If you leave this setting empty, Cloud Manager will use the default of 2% .

2%
Total Number of Files Optional Total number of log files. If a number is not specified, the total number of log files defaults to 0 and is determined by other Rotate Logs settings. 0

When you are done, click Save to review your changes.

4

Click Confirm & Deploy to deploy your changes.¶

Otherwise, click Cancel and you can make additional changes.

Agent Logs¶

Cloud Manager collects logs for all your MongoDB Agents.

View Agent Logs¶

1

Click Deployment , then the Agents tab, then Agent Logs

The page displays logs for the type of agent selected in the View drop-down list. The page filters logs according to any filters selected in through the gear icon.

2

Filter the log entries.¶

To display logs for a different type of agent, use the View drop-down list.

To display logs for a specific hosts or MongoDB processes, click the gear icon and make your selections.

To clear filters, click the gear icon and click Remove Filters .

To download the selected logs, click the gear icon and click Download as CSV File .

Note

To view logs for a specific agent, you can alternatively click the Agents tab’s All Agents list and then click view logs for the agent.

Configure Agent Log Rotation¶

If you use Automation to manage your cluster, follow this procedure to configure rotation of the Agent log files.

Note

If you haven’t enabled Automation, see the following documentation for information about how to manually configure logging settings in the agent configuration files:

  • MongoDB Agent General Logging Settings
  • MongoDB Agent Monitoring Logging Settings
  • MongoDB Agent Backup Logging Settings
1

Click Deployment , then the Agents tab.¶

2

Click Downloads & Settings

3

Scroll down to the Agent Log Settings section.¶

4

Edit the log settings.¶

Click the pencil icon to edit the Monitoring Agent or Backup Agent log settings:

Name Type Description
Linux Log File Path string

Conditional: Logs on a Linux host. The path to which the agent writes its logs on a Linux host.

The suggested value is:

/var/log/mongodb-mms-automation/monitoring-agent.log
Windows Log File Path string

Conditional: Logs on a Windows host. The path to which the agent writes its logs on a Windows host.

The suggested value is:

%SystemDrive%\MMSAutomation\log\mongodb-mms-automation\monitoring-agent.log
Rotate Logs Toggle A toggle to select if the logs should be rotated.
Size Threshold (MB) integer The size where the logs rotate automatically. The default value is 1000 .
Time Threshold (Hours) integer The duration of time when the logs rotate automatically. The default value is 24 .
Max Uncompressed Files integer Optional. The greatest number of log files, including the current log file, that should stay uncompressed. The suggested value is 5 .
Max Percent of Disk integer Optional. The greatest percentage of disk space on your MongoDB hosts that the logs should consume. The suggested value is 2% .
Total Number of Files integer Optional. The total number of log files. If a number is not specified, the total number of log files defaults to 0 and is determined by other Rotate Logs settings.

When you are done, click Save .

5

Click Review & Deploy to review your changes.¶

6

Click Confirm & Deploy to deploy your changes.¶

Otherwise, click Cancel and you can make additional changes.

Read article

Organizations and Projects — MongoDB Cloud Manager

Organizations and Projects¶

On this page

  • Organizations
  • Projects
  • Teams
  • Invitations to Organizations and Projects

New

Cloud Manager provides a new organizations and projects hierarchy to help you manage your Cloud Manager deployments. Groups are now known as projects. You can create many projects in an organization.

Organizations¶

In the organizations and projects hierarchy, an organization can contain many projects (previously referred to as groups). Under this structure, you can:

  • Use the same billing settings across multiple projects in your organization.
  • View all projects within an organization, create teams of users, and assign teams to projects. See Organizations .
  • Connect to Atlas as part of live migration to Atlas. See Connect to Atlas .

Projects¶

Groups are now projects. Previously, users managed deployments by groups, where each group was managed separately even if a user belonged to multiple groups.

Existing Groups¶

If you have existing groups, organizations have been automatically created for your groups (now projects), and your groups have been placed under these organizations.

If your groups share the same billing settings, they have been placed in the same organization.

Deployments¶

Deployments are now associated with projects. As before, deployments must have unique names within projects. See Projects and Edit Project Settings .

Teams¶

You can create teams of users and then assign teams of users to projects. See Cloud Manager Access .

Invitations to Organizations and Projects¶

You can view and accept invitations to organizations and projects. See Invitations to Organizations and Projects .

Read article

Configure Federated Authentication from Okta — MongoDB Cloud Manager

Configure Federated Authentication from Okta¶

On this page

  • Prerequisites
  • Procedures
    • Configure Okta as an Identity Provider
    • Map your Domain
    • Associate Your Domain with Your Identity Provider
    • Test Your Domain Mapping
    • (Optional) Map an Organization
    • (Optional) Configure Advanced Federated Authentication Options
  • Sign in to Cloud Manager Using Your Login URL

This guide shows you how to configure federated authentication using Okta as your IdP .

After integrating Okta and Cloud Manager, you can use your company’s credentials to log in to Cloud Manager and other MongoDB cloud services.

Note

If you are using Okta’s built-in MongoDB Cloud app, you can use Okta’s documentation.

If you are creating your own SAML app, use the procedures described here.

Prerequisites¶

To use Okta as an IdP for Cloud Manager, you must have:

  • An Okta account.
  • A custom, routable domain name.

Procedures¶

Throughout the following procedure, it is helpful to have one browser tab open to your Federation Management Console and one tab open to your Okta account.

Configure Okta as an Identity Provider¶

1

Add a new application to your Okta account¶

  1. In the Okta top navigation, click the Applications tab.
  2. Click the Add Application button.
  3. Click the Create New App button.
  4. Select Web for the Platform field.
  5. Select SAML 2.0 for the Sign on method field.
  6. Click the Create button.
2

Create Okta SAML integration¶

  1. Fill in the App name text field with your desired application name.
  2. Optionally, add a logo image and set app visibility.
  3. Click the Next button.
3

Download Okta certificate¶

  1. Click the Download Okta Certificate button.
  2. Rename the downloaded file to have a .cer extension instead of .cert .
4
5

Create a new Identity Provider¶

  1. In the FMC dashboard, click the Manage Identity Providers button.
  2. Click the Setup Identity Provider button.
6

Enter SAML settings¶

  1. In the FMC dashboard, fill in the data fields with the following values:

    Field Value
    Configuration Name A descriptive name of your choosing.
    Issuer URI and Single Sign-On URL Click the Fill With Placeholder Values button to the right of the text fields. You will get the real values from Okta in a later step.
    Identity Provider Signature Certificate

    Click the Choose File button to upload the .cer file you received from Okta earlier.

    You can either:

    • Upload the certificate from your computer, or
    • Paste the contents of the certificate into a text box.
    Request Binding HTTP POST
    Response Signature Algorithm SHA-256
  2. Click the Next button.

7

Create SAML Integration¶

  1. In this step, copy values from the Cloud Manager FMC to the Okta Create SAML Integration page.

    Okta Data Field Value
    Single sign on URL

    Use the Assertion Consumer Service URL from the Cloud Manager FMC.

    Checkboxes:

    • Use this for Recipient URL and Destination URL : checked
    • Allow this app to request other SSO URLs : unchecked
    Audience URI (SP Entity ID) Use the Audience URI from the Cloud Manager FMC.
    Default RelayState

    Optionally, add a RelayState URL to your IdP to send users to a URL you choose and avoid unnecessary redirects after login. You can use:

    Destination RelayState URL
    MongoDB MongoDB Atlas The Login URL that was generated for your identity provider configuration in the MongoDB Atlas Federation Management App .
    MongoDB Support Portal
    https://auth.mongodb.com/app/salesforce/exk1rw00vux0h1iFz297/sso/saml
    
    MongoDB University
    https://university.mongodb.com
    
    MongoDB Community Forums
    https://auth.mongodb.com/home/mongodbexternal_communityforums_3/0oa3bqf5mlIQvkbmF297/aln3bqgadajdHoymn297
    
    MongoDB Feedback Engine
    https://auth.mongodb.com/home/mongodbexternal_uservoice_1/0oa27cs0zouYPwgj0297/aln27cvudlhBT7grX297
    
    MongoDB JIRA
    https://auth.mongodb.com/app/mongodbexternal_mongodbjira_1/exk1s832qkFO3Rqox297/sso/saml
    
    Name ID format Unspecified
    Application username Email
    Update application username on Create and update
  2. Click the Click Show Advanced Settings link in the Okta configuration page and ensure that the following values are set:

    Okta Data Field Value
    Response Signed
    Assertion Signature Signed
    Signature Algorithm RSA-SHA256
    Digest Algorithm SHA256
    Assertion Encryption Unencrypted
  3. Leave the remaining Advanced Settings fields in their default state.

  4. Scroll down to the Attribute Statements (Optional) section and create three attributes with the following values:

    Name Name Format Value
    email Unspecified user.email
    firstName Unspecified user.firstName
    lastName Unspecified user.lastName

    Important

    The values in the Name column are case-sensitive. Enter them exactly as shown.

    Note

    These values may be different if Okta is connected to an Active Directory. For the appropriate values, use the Active Directory fields that contain a user’s first name, last name, and full email address.

  5. Click the Next button in the Okta configuration.

  6. Select the radio button marked I’m an Okta customer adding an internal app .

  7. Click the Finish button.

8

Copy information back to the Cloud Manager FMC¶

  1. On the Okta application page, click the View Setup Instructions button in the middle of the page.

    Note

    The Okta setup instructions appear in a new browser tab.

  2. In the Cloud Manager FMC , click the Finish button to return to the Identity Providers page. Click the Modify button for your newly created IdP .

  3. Fill in the following text fields:

    FMC Data Field Value
    Issuer URI Use the Identity Provider Issuer value from the Okta Setup Instructions page.
    Single Sign-on URL Use the Identity Provider Single Sign-On URL value from the Okta Setup Instructions page.
  4. Close the Okta setup instructions browser tab.

  5. Click the Next button on the Cloud Manager FMC page.

  6. Click the Finish button the FMC Edit Identity Provider page.

9

Assign users to your Okta application¶

  1. On the Okta application page, click the Assignments tab.
  2. Ensure that all your Cloud Manager organization users who will use the Okta service are enrolled.

Map your Domain¶

Mapping your domain to the IdP lets Cloud Manager know that users from your domain should be directed to the Login URL for your identity provider configuration.

When users visit the Cloud Manager login page, they enter their email address. If the email domain is associated with an IdP, they are sent to the Login URL for that IdP.

Important

You can map a single domain to multiple identity providers. If you do, users who log in using the MongoDB Cloud console are automatically redirected to the first matching IdP mapped to the domain.

To log in using an alternative identity provider, users must either:

  • Initiate the MongoDB Cloud login through the desired IdP , or
  • Log in using the Login URL associated with the desired IdP .

Use the Federation Management Console to map your domain to the IdP :

1

Open the Federation Management Console

  1. Log in to Cloud Manager.
  2. Use the dropdown at the top-left of Cloud Manager to select the organization for which you want to manage federation settings.
  3. Click Settings in the left navigation pane.
  4. In Manage Federation Settings , click Visit Federation Management App .
2

Enter domain mapping information.¶

  1. Click Add a Domain .

  2. On the Domains screen, click Add Domain .

  3. Enter the following information for your domain mapping:

    Field Description
    Display Name Name to easily identify the domain.
    Domain Name Domain name to map.
  4. Click Next .

3

Choose how to verify your domain.¶

Note

You can choose the verification method once. It cannot be modified. To select a different verification method, delete and recreate the domain mapping.

Select the appropriate tab based on whether you are verifying your domain by uploading an HTML file or creating a DNS TXT record:

Upload an HTML file containing a verification key to verify that you own your domain.

  1. Click HTML File Upload .
  2. Click Next .
  3. Download the mongodb-site-verification.html file that Cloud Manager provides.
  4. Upload the HTML file to a web site on your domain. You must be able to access the file at <https://host.domain>/mongodb-site-verification.html .
  5. Click Finish .
4

Verify your domain.¶

The Domains screen displays both unverified and verified domains you’ve mapped to your IdP . To verify your domain, click the target domain’s Verify button. Cloud Manager shows whether the verification succeeded in a banner at the top of the screen.

Associate Your Domain with Your Identity Provider¶

After successfully verifying your domain, use the Federation Management Console to associate the domain with Okta:

1

Click Identity Providers in the left navigation.¶

2

For the IdP you want to associate with your domain, click pencil icon next to Associated Domains

3

Select the domain you want to associate with the IdP .

4

Click Confirm

Test Your Domain Mapping¶

Important

Before you begin testing, copy and save the Bypass SAML Mode URL for your IdP . Use this URL to bypass federated authentication in the event that you are locked out of your Cloud Manager organization.

While testing, keep your session logged in to the Federation Management Console to further ensure against lockouts.

To learn more about Bypass SAML Mode , see Bypass SAML Mode .

Use the Federation Management Console to test the integration between your domain and Okta:

1

In a private browser window, navigate to the Cloud Manager log in page.¶

2

Enter a username (usually an email address) with your verified domain.¶

Example

If your verified domain is mongodb.com , enter alice@mongodb.com .

3

Click Next

If you mapped your domain correctly, you’re redirected to your IdP to authenticate. If authenticating with your IdP succeeds, you’re redirected back to Cloud Manager.

Note

You can bypass the Cloud Manager log in page by navigating directly to your IdP ’s Login URL . The Login URL takes you directly to your IdP to authenticate.

(Optional) Map an Organization¶

Use the Federation Management Console to assign your domain’s users access to specific Cloud Manager organizations:

1

Open the Federation Management Console

  1. Log in to Cloud Manager.
  2. Use the dropdown at the top-left of Cloud Manager to select the organization for which you want to manage federation settings.
  3. Click Settings in the left navigation pane.
  4. In Manage Federation Settings , click Visit Federation Management App .
2

Connect an organization to the Federation Application.¶

  1. Click View Organizations .

    Cloud Manager displays all organizations where you are an Organization Owner .

    Organizations which are not already connected to the Federation Application have Connect button in the Actions column.

  2. Click the desired organization’s Connect button.

3

Apply an Identity Provider to the organization.¶

From the Organizations screen in the management console:

  1. Click the Name of the organization you want to map to an IdP .

  2. On the Identity Provider screen, click Apply Identity Provider .

    Cloud Manager directs you to the Identity Providers screen which shows all IdPs you have linked to Cloud Manager.

  3. For the IdP you want to apply to the organization, click Modify .

  4. At the bottom of the Edit Identity Provider form, select the organizations to which this IdP applies.

  5. Click Next .

  6. Click Finish .

4

Connect an organization to the Federation Application.¶

  1. Click Organizations in the left navigation.
  2. In the list of Organizations , ensure that your desired organization(s) now have the expected Identity Provider .

(Optional) Configure Advanced Federated Authentication Options¶

You can configure the following advanced options for federated authentication for greater control over your federated users and authentication flow:

  • Bypass SAML Mode

Note

The following advanced options for federated authentication require you to map an organization .

  • Assign a Default User Role for an Organization
  • Restrict Access to an Organization by Domain
  • Restrict User Membership to the Federation

Sign in to Cloud Manager Using Your Login URL¶

All users you assigned to the Okta application can log in to Cloud Manager using their Okta credentials on the Login URL . Users have access to the organizations you mapped to your IdP .

Important

You can map a single domain to multiple identity providers. If you do, users who log in using the MongoDB Cloud console are automatically redirected to the first matching IdP mapped to the domain.

To log in using an alternative identity provider, users must either:

  • Initiate the MongoDB Cloud login through the desired IdP , or
  • Log in using the Login URL associated with the desired IdP .

If you selected a default organization role, new users who log in to Cloud Manager using the Login URL have the role you specified.

Read article

Automation Configuration — MongoDB Cloud Manager

Automation Configuration¶

On this page

  • Overview
  • Configuration Version
  • Download Base
  • MongoDB Versions Specifications
  • Automation
  • Monitoring
  • Backup
  • MongoDB Instances
  • Cluster Wide
  • Replica Sets
  • Sharded Clusters
  • Cluster Balancer
  • Authentication
  • SSL
  • MongoDB Roles
  • Kerberos
  • Indexes

Overview¶

The Automation uses an automation configuration to determine the desired state of a MongoDB deployment and to effect changes as needed. If you modify the deployment through the Cloud Manager web interface, you never need manipulate this configuration.

If you are using the Automation without Cloud Manager, you can construct and distribute the configuration manually.

Optional fields are marked as such.

A field that takes a <number> as its value can take integers and floating point numbers.

Configuration Version¶

This lists the version of the automation configuration.

"version" : "<integer>"
Name Type Necessity Description
version integer Required Revision of this automation configuration file.

Download Base¶

Cloud Manager downloads automatic versions and runs starting scripts in the directory set in options.downloadBase .

"options" : {
  "downloadBase" : "<string>",
}
Name Type Necessity Description
options object Required Path for automatic downloads of new versions.
options.downloadBase string Required Directory on Linux and UNIX platforms for automatic version downloads and startup scripts.

MongoDB Versions Specifications¶

The mongoDbVersions[n] array defines specification objects for the MongoDB instances found in the processes array. Each MongoDB instance in the processes array must have a specification object in this array.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
"mongoDbVersions[n]" : [
  {
   "name" : "<string>",
    "builds" : [
      {
       "platform" : "<string>",
        "url" : "<string>",
        "gitVersion" : "<string>",
        "modules" : [ "<string>", ... ],
        "architecture" : "<string>",
        "bits" : "<integer>",
        "win2008plus" : "<Boolean>",
        "winVCRedistUrl" : "<string>",
        "winVCRedistOptions" : [ "<string>", ... ],
        "winVCRedistDll" : "<string>",
        "winVCRedistVersion" : "<string>"
      },
      ...
    ],
  },
  ...
]
Name Type Necessity Description
mongoDbVersions[n] array of objects Required Specification objects for the MongoDB instances found in the processes array. Each MongoDB instance in processes must have a specification object in mongoDbVersions[n] .
mongoDbVersions[n].name string Required Name of the specification object. The specification object is attached to a MongoDB instance through the instance’s processes.version parameter in this configuration.
mongoDbVersions[n].builds[k] array of objects Required Builds available for this MongoDB instance.
mongoDbVersions[n].builds[k].platform string Required Platform for this MongoDB instance.
mongoDbVersions[n].builds[k].url string Required URL from which to download MongoDB for this instance.
mongoDbVersions[n].builds[k].gitVersion string Required Commit identifier that identifies the state of the code used to build the MongoDB process. The MongoDB buildInfo command returns the gitVersion identifier.
mongoDbVersions[n].builds[k].modules array Required List of modules for this version. Corresponds to the modules parameter that the buildInfo command returns.
mongoDbVersions[n].builds[k].architecture string Required Processor’s architecture. Cloud Manager accepts amd64 or ppc64le .
mongoDbVersions[n].builds[k].bits integer Deprecated Processor’s bus width. Don’t remove or make modifications to this parameter.
mongoDbVersions[n].builds[k].win2008plus Boolean Optional Set to true if this is a Windows build that requires either Windows 7 later or Windows Server 2008 R2 or later.
mongoDbVersions[n].builds[k].winVCRedistUrl string Optional URL from which the required version of the Microsoft Visual C++ redistributable can be downloaded.
mongoDbVersions[n].builds[k].winVCRedistOptions array of strings Optional String values that list the command-line options to be specified when running the Microsoft Visual C++ redistributable installer. Each command-line option is a separate string in the array.
mongoDbVersions[n].builds[k].winVCRedistDll string Optional Name of the Microsoft Visual C++ runtime DLL file that the agent checks to determine if a new version of the Microsoft Visual C++ redistributable is needed.
mongoDbVersions[n].builds[k].winVCRedistVersion string Optional Minimum version of the Microsoft Visual C++ runtime DLL that must be present to skip over the installation of the Microsoft Visual C++ redistributable.

Automation¶

agentVersion specifies the version of the MongoDB Agent.

Note

While you can update the MongoDB Agent version through this configuration property, you should use the Update Agent Versions endpoint to ensure your versions are up to date.

"agentVersion" : {
  "name" : "<string>",
  "directoryUrl" : "<string>"
}
Name Type Necessity Description
agentVersion object Optional Version of the MongoDB Agent to run. If the running version does not match this setting, the MongoDB Agent downloads the specified version, shuts itself down, and starts the new version.
agentVersion.name string Optional Desired version of the MongoDB Agent.
agentVersion.directoryUrl string Optional URL from which to download the MongoDB Agent.

Monitoring¶

The monitoringVersions array specifies the version of the Monitoring Agent. Cloud Manager has made this parameter obsolete. To update the monitoring log settings, use the Update Monitoring Configuration Settings endpoint.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
"monitoringVersions" : [
  {
    "name" : "<string>",
    "hostname" : "<string>",
    "urls" : {
      "<platform1>" : {
        "<build1>" : "<string>",
        ...,
        "default" : "<string>"
      },
      ...
    },
    "baseUrl" : "<string>",
    "logPath" : "<string>",
    "logRotate" : {
      "sizeThresholdMB" : <number>,
      "timeThresholdHrs" : <integer>,
      "numUncompressed": <integer>,
      "percentOfDiskspace" : <number>,
      "numTotal" : <integer>
    }
  },
  ...
]
Name Type Necessity Description
monitoringVersions array of objects Optional Objects that define version information for each Monitoring Agent.
monitoringVersions.name string Required

Version of the Monitoring Agent.

See also

MongoDB Compatibility Matrix

Important

This property is read-only. Any modifications made to this property are not reflected when updating the Monitoring Agent through the API .

To update the Monitoring Agent version, use this endpoint .

monitoringVersions.hostname string Required FQDN of the host that runs the Monitoring Agent. If the Monitoring Agent is not running on the host, Cloud Manager installs the agent from the location specified in monitoringVersions.urls .
monitoringVersions.urls object Required Platform- and build-specific URL s from which to download the Monitoring Agent.
monitoringVersions.urls.<platform> object Required Label that identifies an operating system and its version. The field contains an object with key-value pairs, where each key is either the name of a build or default and each value is a URL for downloading the Monitoring Agent. The object must include the default key set to the default download URL for the platform.
monitoringVersions.baseUrl string Required Base URL used for the mmsBaseUrl setting.
monitoringVersions.logPath string Optional Directory where the agent stores its logs. The default is to store logs in /dev/null .
monitoringVersions.logRotate object Optional Enables log rotation for the MongoDB logs for a process.
monitoringVersions.logRotate.sizeThresholdMB number Required Maximum size in MB for an individual log file before rotation.
monitoringVersions.logRotate.timeThresholdHrs integer Required Maximum time in hours for an individual log file before rotation.
monitoringVersions.logRotate.numUncompressed integer Optional Maximum number of total log files to leave uncompressed, including the current log file. The default is 5 . In earlier versions of Cloud Manager, this field was named maxUncompressed . The earlier name is still recognized, though the new version is preferred.
monitoringVersions.logRotate.percentOfDiskspace number Optional Maximum percentage of total disk space all log files should take up before deletion. The default is .02 .
monitoringVersions.logRotate.numTotal integer Optional Total number of log files. If a number is not specified, the total number of log files defaults to 0 and is determined by other monitoringVersions.logRotate settings.

Backup¶

The backupVersions array specifies the version of the Backup Agent. Cloud Manager has made this parameter obsolete. To update the backup log settings, use the Update Backup Configuration Settings endpoint.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
"backupVersions[n]" : [
  {
   "name" : "<string>",
    "hostname" : "<string>",
    "urls" : {
     "<platform1>" : {
       "<build1>" : "<string>",
        ...,
        "default" : "<string>"
      },
      ...
    },
    "baseUrl" : "<string>",
    "logPath" : "<string>",
    "logRotate" : {
     "sizeThresholdMB" : "<number>",
      "timeThresholdHrs" : "<integer>",
      "numUncompressed": "<integer>",
      "percentOfDiskspace" : "<number>",
      "numTotal" : "<integer>"
    }
  },
  ...
]
Name Type Necessity Description
backupVersions[n] array of objects Optional Objects that define version information for each Backup Agent.
backupVersions[n].name string Required

Version of the Backup Agent.

See also

MongoDB Compatibility Matrix

Important

This property is read-only. Any modifications made to this property are not reflected when updating the Backup Agent through the API . To update the Backup Agent version, see this endpoint .

backupVersions[n].hostname string Required FQDN of the host that runs the Backup Agent. If the Backup Agent is not running on the host, Cloud Manager installs the agent from the location specified in backupVersions[n].urls .
backupVersions[n].urls object Required Platform- and build-specific URL s from which to download the Backup Agent.
backupVersions[n].urls.<platform> object Required Label that identifies an operating system and its version. The field contains an object with key-value pairs, where each key is either the name of a build or default and each value is a URL for downloading the Backup Agent. The object must include the default key set to the default download URL for the platform.
backupVersions[n].baseUrl string Required Base URL used for the mothership and https settings in the Custom Settings . For example, for “baseUrl”=https://cloud.mongodb.com , the backup configuration fields would have these values: mothership=api-backup.mongodb.com and https”=true .
backupVersions[n].logPath string Optional Directory where the agent stores its logs. The default is to store logs in /dev/null .
backupVersions[n].logRotate object Optional Enables log rotation for the MongoDB logs for a process.
backupVersions[n].logRotate.sizeThresholdMB number Required Maximum size in MB for an individual log file before rotation.
backupVersions[n].logRotate.timeThresholdHrs integer Required Maximum time in hours for an individual log file before rotation.
backupVersions[n].logRotate.numUncompressed integer Optional Maximum number of total log files to leave uncompressed, including the current log file. The default is 5 .
backupVersions[n].logRotate.percentOfDiskspace number Optional Maximum percentage of total disk space all log files should take up before deletion. The default is .02 .
backupVersions[n].logRotate.numTotal integer Optional If a number is not specified, the total number of log files defaults to 0 and is determined by other backupVersion.logRotate settings.

MongoDB Instances¶

The processes array determines the configuration of your MongoDB instances. Using this array, you can:

  • Restore an instance.
  • Start an initial sync process on one or more MongoDB instances.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
"processes": [{
  "<args>": {},
  "alias": "<string>",
  "authSchemaVersion": "<integer>",
  "backupRestoreUrl": "<string>",
  "cluster": "<string>",
  "defaultRWConcern": {
    "defaultReadConcern": {
      "level": "<string>"
    },
    "defaultWriteConcern": {
      "j": "<boolean>",
      "w": "<string>",
      "wtimeout": "<integer>"
    }
  }
  "disabled": "<Boolean>",
  "featureCompatibilityVersion": "<string>",
  "hostname": "<string>",
  "lastCompact" : "<dateInIso8601Format>",
  "lastRestart" : "<dateInIso8601Format>",
  "lastResync" : "<dateInIso8601Format>",
  "lastKmipMasterKeyRotation" : "<dateInIso8601Format>",
  "logRotate": {
    "sizeThresholdMB": "<number>",
    "timeThresholdHrs": "<integer>",
    "numUncompressed": "<integer>",
    "percentOfDiskspace": "<number>",
    "numTotal": "<integer>"
  },
  "manualMode": "<Boolean>",
  "name": "<string>",
  "numCores": "<integer>",
  "processType": "<string>",
  "version": "<string>"
}]
Name Type Necessity Description
processes array Required Contains objects that define the mongos and mongod instances that Cloud Manager monitors. Each object defines a different instance.
processes[n].args2_6 object Required

MongoDB configuration object for MongoDB versions 2.6 and later.

See also

Supported configuration options .

processes[n].alias string Optional Hostname alias (often a DNS CNAME) for the host on which the process runs. If an alias is specified, the MongoDB Agent prefers this alias over the hostname specified in processes.hostname when connecting to the host. You can also specify this alias in replicaSets.host and sharding.configServer .
processes[n].authSchemaVersion integer Required

Schema version of the user credentials for MongoDB database users. This should match all other elements of the processes array that belong to the same cluster.

  • Cloud Manager accepts 3 and 5 for this parameter.
  • MongoDB 3.x and 4.x clusters default to 5 .
  • MongoDB 2.6 clusters default to 3 .

See also

Upgrade to SCRAM-SHA-1 in the MongoDB 3.0 release notes.

processes[n].backupRestoreUrl string Optional

Delivery URL for the restore. Cloud Manager sets this when creating a restore.

See also

Automate Backup Restoration through the API .

processes[n].cluster string Conditional

Name of the sharded cluster. Set this value to the same value in the sharding.name parameter in the sharding array for the mongos .

  • Required for a mongos .
  • Not needed for a mongod .
defaultRWConcern.defaultReadConcern.level string Optional

Consistency and isolation properties set for the data read from replica sets and replica set shards. MongoDB Atlas accepts the following values:

  • “available”
  • “local”
  • “majority”
defaultRWConcern.defaultWriteConcern.j boolean Optional Flag that indicates whether the write acknowledgement must be written to the on-disk journal.
defaultRWConcern.defaultWriteConcern.w string Optional

Desired number of mongod instances that must acknowledge a write operation in a replica sets and replica set shards. MongoDB Atlas accepts the following values:

  • Any number 0 or greater
  • “majority”
defaultRWConcern.defaultWriteConcern.wtimeout number Optional Desired time limit for the write concern expressed in milliseconds. Set this value when you set defaultRWConcern.defaultWriteConcern.w to a value greater than 1 .
processes[n].disabled Boolean Optional Flag that indicates if this process should be shut down. Set to true to shut down the process.
processes[n].featureCompatibilityVersion string Required

Version of MongoDB with which this process has feature compatibility. Changing this value can enable or disable certain features that persist data incompatible with MongoDB versions earlier or later than the featureCompatibilityVersion you choose.

  • Cloud Manager accepts 3.2 , 3.6 , 4.2 and 4.4 as parameter values. If you have an existing deployment, Cloud Manager only accepts a featureCompatibilityVersion equal to or one release older than the MongoDB version you deployed. To learn which of these parameter values is supported for each MongoDB version, and which features each of these values enable or disable, see setFeatureCompatibilityVersion in the MongoDB Manual.
  • Cloud Manager sets this parameter to match the MongoDB version for new deployments.
  • Cloud Manager doesn’t automatically increment this parameter when you upgrade a host from one MongoDB version to the next.

See also

setFeatureCompatibilityVersion

processes[n].hostname string Required Name of the host that serves this process. This defaults to localhost .
processes[n].lastCompact string Optional

Timestamp in ISO 8601 date and time format in UTC when Cloud Manager last reclaimed free space on a cluster’s disks. During certain operations, MongoDB might move or delete data but it doesn’t free the currently unused space. Cloud Manager reclaims the disk space in a rolling fashion across members of the replica set or shards.

To reclaim this space:

  • Immediately, set this value to the current time as an ISO 8601 timestamp.
  • Later, set this value to a future ISO 8601 timestamp. Cloud Manager reclaims the space after the current time passes the provided timestamp.

To remove any ambiguity as to when you intend to reclaim the space on the cluster’s disks, specify a time zone with your ISO 8601 timestamp. For example, to set processes.lastCompact to 28 January 2021 at 2:43:52 PM US Central Standard Time, use "processes.lastCompact" : "2021-01-28T14:43:52-06:00"

processes[n].lastRestart string Optional Timestamp in ISO 8601 date and time format in UTC when Cloud Manager last restarted this process. If you set this parameter to the current timestamp, Cloud Manager forces a restart of this process after you upload this configuration. If you set this parameter for multiple processes in the same cluster, the Cloud Manager restarts the selected processes in a rolling fashion across members of the replica set or shards.
processes[n].lastResync string Optional

Timestamp in ISO 8601 date and time format in UTC of the last initial sync process that Cloud Manager performed on the node.

To trigger the init sync process on the node immediately, set this value to the current time as an ISO 8601 timestamp.

Warning

Use this parameter with caution. During initial sync, Automation removes the entire contents of the node’s dbPath directory.

If you set this parameter:

  • On the secondary node, the MongoDB Agent checks whether the specified timestamp is later than the time of the last resync, and if confirmed, starts init sync on this node.

    Example

    To set processes.lastResync on the secondary node to 28 May 2021 at 2:43:52 PM US CentralStandard Time, use:

    "processes.lastResync" : "2021-05-28T14:43:52-06:00" .

    If the MongoDB Agent confirms that this timestamp is later than the recorded time of the last resync, it starts init sync on the node.

  • On the primary node, the MongoDB Agent waits until you ask the primary node to become the secondary with the rs.stepDown() method, and then starts init sync on this node.

  • On all of the nodes in the same cluster, including the primary, the MongoDB Agent checks whether the specified timestamp is later than the time of the last resync, and if confirmed, starts init sync on the secondary nodes in a rolling fashion. The MongoDB Agent waits until you ask the primary node to become the secondary with the rs.stepDown() method, and then starts init sync on this node.

See also

Initial Sync

processes[n].lastKmipMasterKeyRotation string Optional Timestamp in ISO 8601 date and time format in UTC when Cloud Manager last rotated the master KMIP key. If you set this parameter to the current timestamp, Cloud Manager rotate the key after you upload this configuration.
processes[n].logRotate object Optional MongoDB configuration object for rotating the MongoDB logs of a process.
processes[n].logRotate. numTotal integer Optional Total number of log files that Cloud Manager retains. If you don’t set this value, the total number of log files defaults to 0 . Cloud Manager bases rotation on your other processes.logRotate settings.
processes[n].logRotate. numUncompressed integer Optional Maximum number of total log files to leave uncompressed, including the current log file. The default is 5 .
processes[n].logRotate. percentOfDiskspace number Optional

Maximum percentage of total disk space that Cloud Manager can use to store the log files expressed as decimal. If this limit is exceeded, Cloud Manager deletes compressed log files until it meets this limit. Cloud Manager deletes the oldest log files first.

The default is 0.02 .

processes[n].logRotate. sizeThresholdMB number Required Maximum size in MB for an individual log file before Cloud Manager rotates it. Cloud Manager rotates the log file immediately if it meets the value given in either this sizeThresholdMB or the processes.logRotate.timeThresholdHrs limit.
processes[n].logRotate. timeThresholdHrs integer Required

Maximum duration in hours for an individual log file before the next rotation. The time is since the last rotation.

Cloud Manager rotates the log file once the file meets either this timeThresholdHrs or the processes.logRotate.sizeThresholdMB limit.

processes[n].manualMode Boolean Optional

Flag that indicates if MongoDB Agent automates this process.

  • This defaults to false .
  • Set to true to disable Automation on this process. The MongoDB Agent takes no further actions on this process.
  • Set to false to enable Automation on this process. The MongoDB Agent automates actions on this process.
processes[n].name string Required Unique name to identify the instance.
processes[n].numCores integer Optional Number of cores that Cloud Manager should bind to this process. The MongoDB Agent distributes processes across the cores as evenly as possible.
processes[n].processType string Required Type of MongoDB process being run. Cloud Manager accepts mongod or mongos for this parameter.
processes[n].version string Required Name of the mongoDbVersions specification used with this instance.

Cluster Wide¶

clusterWideConfigurations specifies the parameters to set across a replica set or sharded cluster without requiring a rolling restart .

1
2
3
4
5
6
7
8
9
"clusterWideConfigurations" : {
  "<replicaSetID/clusterName>": {
    "changeStreamOptions": {
      "preAndPostImages": {
        "expireAfterSeconds": <integer>
      }
    }
  }
}
Name Type Necessity Description
replicaSetID/clusterName object Optional The change stream options to apply to the replica set or sharded cluster. MongoDB Agent only checks if this configuration is in a valid JSON format but doesn’t check the values for correctness.
changeStreamOptions.preAndPostImages.expireAfterSeconds number Required

Retention policy of change stream pre- and post-images in seconds. If you omit the value, the cluster retains the pre- and post-images until it removes the corresponding change stream events from the oplog.

If you remove this value, MongoDB Agent only removes this parameter from its automation configuration, but not from the server.

See also

changeStreamOptions.

Replica Sets¶

The replicaSets array defines each replica set’s configuration. This field is required for deployments with replica sets.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
"replicaSets":
[
  {
    "_id": "<string>",
    "protocolVersion": "<string>",
    "members":
    [
      {
        "_id": "<integer>",
        "host": "<string>",
        "arbiterOnly": "<boolean>",
        "buildIndexes": "<boolean>",
        "hidden": "<boolean>",
        "priority": "<number>",
        "tags": "<object>",
        "secondaryDelaySecs": "<integer>",
        "votes": "<number>"
      },{
        "_id": "<integer>",
        "host": "<string>",
        "arbiterOnly": "<boolean>",
        "buildIndexes": "<boolean>",
        "hidden": "<boolean>",
        "priority": "<number>",
        "tags": "<object>",
        "secondaryDelaySecs": "<integer>",
        "votes": "<number>"
      },{
        "_id": "<integer>",
        "host": "<string>",
        "arbiterOnly": "<boolean>",
        "buildIndexes": "<boolean>",
        "hidden": "<boolean>",
        "priority": "<number>",
        "tags": "<object>",
        "secondaryDelaySecs": "<integer>",
        "votes": "<number>"
      }
    ],
    "force":
    {
      "currentVersion": "<integer>"
    }
  }
]
Name Type Necessity Description
replicaSets array Optional

Configuration of each replica set . The MongoDB Agent uses the values in this array to create valid replica set configuration documents . The agent regularly checks that replica sets are configured correctly. If a problem occurs, the agent reconfigures the replica set according to its configuration document. The array can contain the following top-level fields from a replica set configuration document: _id ; version ; and members .

See also

replSetGetConfig

replicaSets[n]._id string Required The name of the replica set.
replicaSets[n].protocolVersion string Optional Protocol version of the replica set.
replicaSets[n].members array Optional

Objects that define each member of the replica set. The members.host field must specify the host’s name as listed in processes.name . The MongoDB Agent expands the host field to create a valid replica set configuration.

See also

replSetGetConfig.

replicaSets[n].members[m]._id integer Optional Any positive integer that indicates the member of the replica set.
replicaSets[n].members[m].host string Optional Hostname, and port number when applicable, that serves this replica set member.
replicaSets[n].members[m].arbiterOnly boolean Optional Flag that indicates whether this replica set member acts as an arbiter.
replicaSets[n].members[m].buildIndexes boolean Optional Flag that indicates whether the mongod process builds indexes on this replica set member.
replicaSets[n].members[m].hidden boolean Optional Flag that indicates whether the replica set allows this member to accept read operations.
replicaSets[n].members[m].priority number Optional Relative eligibility for Cloud Manager to select this replica set member as a primary. Larger number increase eligibility. This value can be between 0 and 1000, inclusive for data-bearing nodes. Arbiters can have values of 0 or 1.
replicaSets[n].members[m].tags object Optional List of user-defined labels and their values applied to this replica set member.
replicaSets[n].members[m].secondaryDelaySecs integer Optional Amount of time in seconds that this replica set memberr should lag behind the primary.
replicaSets[n].members[m].votes number Optional Quantity of votes this replica set member can cast for a replica set election. All data bearing nodes can have 0 or 1 votes. Arbiters always have 1 vote.
replicaSets[n].force object Optional

Instructions to the MongoDB Agent to force a replica set to use the Configuration Version specified in replicaSets.force.CurrentVersion .

With this object, the MongoDB Agent can force a replica set to accept a new configuration to recover from a state in which a minority of its members are available.

replicaSets[n].force.currentVersion integer Optional

Configuration Version that the MongoDB Agent forces the replica set to use. Set to -1 to force a replica set to accept a new configuration.

Warning

Forcing a replica set reconfiguration might lead to a rollback of majority-committed writes.

Proceed with caution. Contact MongoDB Support if you have questions about the potential impacts of this operation.

Sharded Clusters¶

The sharding array defines the configuration of each sharded cluster. This parameter is required for deployments with sharded clusters.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
"sharding" : [
  {
    "managedSharding" : <boolean>,
    "name" : "<string>",
    "configServerReplica" : "<string>",
    "collections" : [
      {
        "_id" : "<string>",
        "key" : [
          [ "shard key" ],
          [ "shard key" ],
          ...
        ],
        "unique" : <boolean>
      },
      ...
    ],
    "shards" : [
      {
        "_id" : "<string>",
        "rs" : "<string>",
        "tags" : [ "<string>", ... ]
      },
      ...
    ],
    "tags" : [
      {
        "ns" : "<string>",
        "min" : [
          {
            "parameter" : "<string>",
            "parameterType" : "<string>",
            "value" : "<string>"
          }
        ],
        "max" : [
          {
            "parameter" : "<string>",
            "parameterType" : "<string>",
            "value" : "<string>"
          }
        ],
        "tag" : "<string>"
      },
      ...
    ]
  },
  ...
]
Name Type Necessity Description
sharding array of objects Optional Objects that define the configuration of each sharded cluster . Each object in the array contains the specifications for one cluster. The MongoDB Agent regularly checks each cluster’s state against the specifications. If the specification and cluster don’t match, the agent will change the configuration of the cluster, which might cause the balancer to migrate chunks.
sharding.managedSharding boolean Conditional Flag that indicates whether Cloud Manager Automation manages all sharded collections and tags in the deployment
sharding.name string Conditional Name of the cluster. This must correspond with the value in processes.cluster for a mongos .
sharding.configServerReplica string Conditional

Name of the config server replica set .

You can add this array parameter if your config server runs as a replica set.

If you run legacy mirrored config servers that don’t run as a replica set, use sharding.configServer .

sharding.configServer array of strings Conditional

Names of the config server hosts. The host names match the names used in each host’s processes.name parameter.

If your sharded cluster runs MongoDB 3.4 or later, use sharding.configServerReplica .

Important

MongoDB 3.4 removes support for mirrored config servers.

sharding.collections array of objects Conditional Objects that define the sharded collections and their shard keys .
sharding.collections._id string Conditional namespace of the sharded collection. The namespace is the combination of the database name and the name of the collection. For example, testdb.testcoll .
sharding.collections.key array of arrays Conditional

Collection’s shard keys . It contains:

  • One array if your cluster uses one shard key.
  • Multiple arrays if your cluster uses a compound shard key.
sharding.collections.unique boolean Conditional Flag that indicates whether MongoDB enforces uniqueness for the shard key.
sharding.shards array of objects Conditional Cluster’s shards .
sharding.shards._id string Conditional Name of the shard.
sharding.shards.rs string Conditional Name of the shard’s replica set. This is specified in the replicaSets._id parameter.
sharding.shards.tags array of strings Conditional

Zones assigned to this shard.

You can add this array parameter if you use zoned sharding.

sharding.tags array of objects Conditional Definition of zones for zoned sharding. Each object in this array defines a zone and configures the shard key range for that zone.
sharding.tags.ns string Conditional

Namespace of the collection that uses zoned sharding. The namespace combines the database name and the name of the collection.

Example

testdb.testcoll

sharding.tags.min array Conditional

Minimum value of the shard key range.

Specify the field name, field type, and value in a document of the following form.

{
  "field" : <string>,
  "fieldType" : <string>,
  "value" : <string>
}

fieldType must be one of the following:

  • string
  • integer
  • long
  • double
  • decimal
  • date
  • timestamp
  • oid
  • minKey
  • maxKey

value must be passed in as a string value.

To use a compound shard key, specify each field in a separate document, as shown in the example after this table. For more information on shard keys, see Shard Keys in the MongoDB manual.

sharding.tags.max array Conditional

Maximum value of the shard key range.

Specify the field name, field type, and value in a document of the following form.

{
  "field" : <string>,
  "fieldType" : <string>,
  "value" : <string>
}

fieldType must be one of the following:

  • string
  • integer
  • long
  • double
  • decimal
  • date
  • timestamp
  • oid
  • minKey
  • maxKey

value must be passed in as a string value.

To use a compound shard key, specify each field in a separate document, as shown in the example after this table. For more information on shard keys, see Shard Keys in the MongoDB manual.

sharding.tags.tag string Conditional Name of the zone associated with the shard key range specified by sharding.tags.min and sharding.tags.max .

Example

The sharding.tags Array with Compound Shard Key

The following example configuration defines a compound shard key range with a min value of { a : 1, b : ab } and a max value of { a : 100, b : fg } . The example defines the range on the testdb.test1 collection and assigns it to zone zone1 .

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
"tags" : [
  {
    "ns" : "testdb.test1",
    "min" : [
      {
        "parameter" : "a",
        "parameterType" : "integer",
        "value" : "1"
      },
      {
        "parameter" : "b",
        "parameterType" : "string",
        "value" : "ab"
      }
    ],
    "max" : [
      {
        "parameter" : "a",
        "parameterType" : "integer",
        "value" : "100"
      },
      {
        "parameter" : "b",
        "parameterType" : "string",
        "value" : "fg"
      }
    ],
    "tag" : "zone1"
  }
]

Cluster Balancer¶

The balancer object is optional and defines balancer settings for each cluster.

1
2
3
4
5
"balancer": {
  "<clusterName1>": {},
  "<clusterName2>": {},
  ...
}
Name Type Necessity Description
balancer object Optional Parameters named according to clusters, each parameter containing an object with the desired balancer settings for the cluster. The object uses the stopped and activeWindow parameters, as described in the procedure to schedule the balancing window in this tutorial in the MongoDB manual.

Authentication¶

Cloud Manager doesn’t require the auth object. This object defines authentication-related settings.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{
  "auth": {
    "authoritativeSet": "<boolean>",
    "autoUser": "<string>",
    "autoPwd": "<string>",
    "disabled": "<boolean>",
    "deploymentAuthMechanisms": ["<string>", "<string>"],
    "autoAuthMechanisms": ["<string>"],
    "key": "<string>",
    "keyfile": "<string>",
    "newAutoPwd": "<string>",
    "newKey": "<string>",
    "usersDeleted": [{
      "user": "<string>",
      "dbs": ["<string>", "<string>"]
    }],
    "usersWanted": [{
      "authenticationRestrictions": [{
        "clientSource": ["(IP | CIDR range)", "(IP | CIDR range)"],
        "serverAddress": ["(IP | CIDR range)", "(IP | CIDR range)"]
      }],
      "db": "<string>",
      "initPwd": "<string>",
      "otherDBRoles": {
        "<string>": ["<string>", "<string>"]
      },
      "roles": [{
        "db": "<string>",
        "role": "<string>"
      }],
      "pwd": "<string>",
      "user": "<string>"
    }]
  }
}
Name Type Necessity Description
auth object Optional

Defines authentication-related settings.

Note

If you omit this parameter, skip the rest of this section.

auth.authoritativeSet boolean Conditional

Sets whether or not Cloud Manager enforces a consistent set of managed MongoDB users and roles in all managed deployments in the project.

  • If “auth.authoritativeSet” : true , then Cloud Manager enforces consistent users and roles .
  • If “auth.authoritativeSet” : false , then Cloud Manager doesn’t enforce consistent users and roles .

auth.authoritativeSet defaults to false .

Required if “auth” : true .

auth.autoUser string Conditional

Username that the Automation uses when connecting to an instance.

Required if “auth” : true .

auth.autoPwd string Conditional

Password that the Automation uses when connecting to an instance.

Required if “auth” : true .

auth.disabled boolean Optional Flag indicating if auth is disabled. If not specified, disabled defaults to false .
auth.deploymentAuthMechanisms array of strings Conditional

Lists the supported authentication mechanisms for the processes in the deployment.

Required if “auth” : true .

Specify:

Value Authentication Mechanism
MONGODB-CR SCRAM-SHA-1
SCRAM-SHA-256 SCRAM-SHA-256
MONGODB-X509 x.509 Client Certificate
PLAIN LDAP
GSSAPI Kerberos
auth.autoAuthMechanisms array of strings Conditional

Sets the authentication mechanism used by the Automation. If not specified, disabled defaults to false .

Required if “auth” : true .

Note

This parameter contains more than one element only when it’s configured for both SCRAM-SHA-1 and SCRAM-SHA-256.

Specify:

Value Authentication Mechanism
MONGODB-CR SCRAM-SHA-1
SCRAM-SHA-256 SCRAM-SHA-256
MONGODB-X509 x.509 Client Certificate
PLAIN LDAP
GSSAPI Kerberos
auth.key string Conditional

Contents of the key file that Cloud Manager uses to authenticate to the MongoDB processes.

Required if “auth” : true and “auth.disabled” : false .

Note

If you change the auth.key value, you must change the auth.keyfile value.

auth.keyfile string Conditional

Path and name of the key file that Cloud Manager uses to authenticate to the MongoDB processes.

Required if “auth” : true and “auth.disabled” : false .

Note

If you change the auth.keyfile value, you must change the auth.key value.

auth
.newAutoPwd
string Optional

New password that the Automation uses when connecting to an instance. To rotate passwords without losing the connection:

  1. Set auth.newAutoPwd and leave auth.autoPwd with its current password.
  2. Wait for the goal state.
  3. auth.newAutoPwd copies over the auth.autoPwd password automatically.

Note

You can set this option only when you include SCRAM-SHA-1 or SCRAM-SHA-256 as one of the authentication mechanisms for the Automation in auth.autoAuthMechanisms .

auth.newKey string Optional

Contents of a new key file that you want Cloud Manager to use to authenticate to the MongoDB processes.

When you set this option, Cloud Manager rotates the key that the application uses to authenticate to the MongoDB processes in your deployment. When all MongoDB Agents use the new key, Cloud Manager replaces the value of auth.key with the new key that you provided in auth.newKey and removes auth.newKey from the automation configuration.

auth.usersDeleted array of objects Optional Objects that define the authenticated users to be deleted from specified databases or from all databases. This array must contain auth.usersDeleted.user and auth.usersDeleted.dbs .
auth.usersDeleted[n].user string Optional Username of user that Cloud Manager should delete.
auth.usersDeleted[n].dbs array of strings Optional List the names of the databases from which Cloud Manager should delete the authenticated user.
auth.usersWanted array of objects Optional Contains objects that define authenticated users to add to specified databases. Each object must have the auth.usersWanted[n].db , auth.usersWanted[n].user , and auth.usersWanted[n].roles parameters, and then have exactly one of the following parameters: auth.usersWanted[n].pwd , auth.usersWanted[n].initPwd , or auth.usersWanted[n].userSource .
auth.usersWanted[n].db string Conditional Database to which to add the user.
auth.usersWanted[n].user string Conditional Name of the user that Cloud Manager should add.
auth.usersWanted[n].roles array Conditional List of the roles to be assigned to the user from the user’s database, which is specified in auth.usersWanted[n].db .
auth.usersWanted[n].pwd string Conditional

32-character hex SCRAM-SHA-1 hash of the password currently assigned to the user.

Cloud Manager doesn’t use this parameter to set or change a password.

Required if:

  • “auth” : true ,
  • “auth.deploymentAuthMechanisms” : “MONGODB-CR” , and
  • “auth.usersWanted[n].initPwd” is unset.
auth.usersWanted[n].initPwd string Conditional

Cleartext password that you want to assign to the user.

Required if:

  • “auth” : true ,
  • “auth.deploymentAuthMechanisms” : “MONGODB-CR” , and
  • “auth.usersWanted[n].pwd” is unset.
auth.usersWanted[n].userSource string Deprecated No longer supported.
auth.usersWanted[n].otherDBRoles object Optional If you assign the user’s database “auth.usersWanted[n].db” : “admin” , then you can use this object to assign the user roles from other databases as well. The object contains key-value pairs where the key is the name of the database and the value is an array of string values that list the roles be assigned from that database.
auth.usersWanted[n].authenticationRestrictions array of documents Optional

Authentication restrictions that the host enforces on the user.

Warning

If a user inherits multiple roles with incompatible authentications restrictions, that user becomes unusable. For example, if a user inherits one role in which the clientSource field is [198.51.100.0] and another role in which the clientSource field is [203.0.113.0] , the server is unable to authenticate the user.

For more information about authentication in MongoDB, see Authentication.

auth.usersWanted[n].authenticationRestrictions[k].clientSource array of strings Conditional If present when authenticating a user, the host verifies that the given list contains the client’s IP address CIDR range. If the client’s IP address is not present, the host does not authenticate the user.
auth.usersWanted[n].authenticationRestrictions[k].serverAddress array of strings Conditional Comma-separated array of IP addresses to which the client can connect. If present, the host verifies that Cloud Manager accepted the client’s connection from an IP address in the given array. If the connection was accepted from an unrecognized IP address, the host doesn’t authenticate the user.

SSL¶

The ssl object enables TLS for encrypting connections. This object is optional.

"ssl" : {
  "CAFilePath" : "<string>"
}
Name Type Necessity Description
ssl object Optional

Enables TLS for encrypting connections. To use TLS , choose a package that supports TLS .

All platforms that support MongoDB Enterprise also support TLS .

ssl.clientCertificateMode string Conditional Indicates whether connections to Cloud Manager require a TLS certificate. The values are OPTIONAL and REQUIRE .
ssl.CAFilePath string Conditional

Absolute file path to the certificate used to authenticate through TLS on a Linux or UNIX host.

Cloud Manager requires either ssl.CAFilePath or ssa.CAFilePathWindows if:

  • You’re using TLS or X.509 authentication, and
  • The CA file is not in your operating system’s root certificates.
ssl.CAFilePathWindows string Conditional

Absolute file path to the certificate used to authenticate through TLS on a Windows host.

Cloud Manager requires either ssl.CAFilePath or ssa.CAFilePathWindows if:

  • You’re using TLS or X.509 authentication, and
  • The CA file is not in your operating system’s root certificates.
ssl.autoPEMKeyFilePath string Conditional

Absolute file path to the client private key (PEM) file that authenticates the TLS connection on a Linux or UNIX host.

Cloud Manager requires either ssl.autoPEMKeyFilePath or ssa.autoPEMKeyFilePathWindows if you’re using TLS or X.509 authentication.

ssl.autoPEMKeyFilePathWindows string Conditional

Absolute file path to the client private key (PEM) file that authenticates the TLS connection on a Windows host.

Cloud Manager requires either ssl.autoPEMKeyFilePath or ssa.autoPEMKeyFilePathWindows if you’re using TLS or X.509 authentication.

ssl.autoPEMKeyFilePwd string Conditional Password for the private key (PEM) file specified in ssl.autoPEMKeyFilePath or ssa.autoPEMKeyFilePathWindows . Cloud Manager requires this password if the PEM file is encrypted.

MongoDB Roles¶

The roles array is optional and describes user-defined roles.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
"roles" : [
  {
    "role" : "<string>",
    "db" : "<string>",
    "privileges" : [
      {
        "resource" : { ... },
        "actions" : [ "<string>", ... ]
      },
      ...
    ],
    "roles" : [
      {
        "role" : "<string>",
        "db" : "<string>"
      }
    ]
    "authenticationRestrictions" : [
     {
      "clientSource": [("<IP>" | "<CIDR range>"), ...],
      "serverAddress": [("<IP>" | "<CIDR range>"), ...]
    }, ...
  ]
  },
  ...
]
Name Type Necessity Description
roles array of objects Optional Roles and privileges that MongoDB has assigned to a cluster’s user-defined roles. Each object describes a different user-defined role. Objects in this array contain the same fields as documents in the system roles collection, except for the _id field.
roles[n].role string Conditional Name of the user-defined role.
roles[n].db string Conditional Database to which the user-defined role belongs.
roles[n].privileges array of documents Conditional Privileges this role can perform.
roles[n].privileges[k].resource string Conditional Specifies the resources upon which the privilege actions apply.
roles[n].privileges[k].actions string Conditional

Actions permitted on the resource.

See also

Privilege Actions

roles[n].roles array of documents Conditional Roles from which this role inherits privileges.
roles[n].authenticationRestrictions array of documents Optional

Authentication restrictions that the MongoDB server enforces on this role.

Warning

If a user inherits multiple roles with incompatible authentications restrictions, that user becomes unusable. For example, if a user inherits one role in which the clientSource field is [198.51.100.0] and another role in which the clientSource field is [203.0.113.0] , the server is unable to authenticate the user.

For more information about authentication in MongoDB, see Authentication.

roles[n].authenticationRestrictions[k].clientSource array of strings Conditional If present, when authenticating a user, the MongoDB server verifies that the client’s IP address is either in the given list or belongs to a CIDR range in the list. If the client’s IP address is not present, the MongoDB server does not authenticate the user.
roles[n].authenticationRestrictions[k].serverAddress array of strings Conditional Comma-separated array of IP addresses to which the client can connect. If present, the MongoDB server verifies that it accepted the client’s connection from an IP address in the given array. If the MongoDB server accepts a connection from an unrecognized IP address, the MongoDB server does not authenticate the user.

Kerberos¶

The kerberos object is optional and defines a kerberos service name used in authentication.

"kerberos": {
  "serviceName": "<string>"
}
Name Type Necessity Description
kerberos object Optional Key-value pair that defines the kerberos service name agents use to authenticate via kerberos.
kerberos.serviceName string Required

Label that sets:

  • The service name that the agents use to authenticate to a mongod or mongos via Kerberos.
  • The saslServiceName option in the MongoDB Server Parameters.

Indexes¶

The indexConfigs array is optional and defines indexes to be built for specific replica sets.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
"indexConfigs": [{
  "key": [
    ["<string>", "<value>"]
  ],
  "rsName": "<string>",
  "dbName": "<string>",
  "collectionName": "<string>",
  "collation": {
    "locale": "<string>",
    "caseLevel": <boolean>,
    "caseFirst": "<string>",
    "strength": <number>,
    "numericOrdering": <boolean>,
    "alternate": "<string>",
    "maxVariable": "<string>",
    "normalization": <boolean>,
    "backwards": <boolean>
  },
  "options": {
    "<key>": "<value>"
  }
}]
Name Type Necessity Description
indexConfigs array of objects Optional Specific indexes to be built for specific replica sets.
indexConfigs.key array of arrays Required Keys in the index. This “array of arrays” contains a single array if the index has just one key.
indexConfigs.rsName string Required Replica set on which MongoDB builds the index.
indexConfigs.dbName string Required Database that MongoDB indexes.
indexConfigs.collectionName string Required Collection that MongoDB indexes.
indexConfigs.collation object Optional

Language-specific rules to use when sorting and matching strings if the index uses collation.

If you include the indexConfigs.collation object, you must include the indexConfigs.collation.locale parameter. All other parameters are optional.

If you don’t include the indexConfigs.collation object, the index can’t include collation.

indexConfigs.collation.locale string Required

Locale that the ICU defines.

The MongoDB Server Manual lists the supported locales in its Collation Locales and Default Parameters section.

To specify simple binary comparison, set this value to simple .

indexConfigs.collation.caseLevel boolean Optional

Flag that indicates how the index uses case comparison.

If you set this parameter to true , the index uses case comparison.

This parameter applies only if you set indexConfigs.collation.strength to 1 or 2 .

See also

Collation

indexConfigs.collation.caseFirst string Optional

Sort order of case differences during tertiary level comparisons.

The MongoDB Server Manual lists the possible values in its Collation section.

indexConfigs.collation.strength number Optional

Level of comparison to perform. Corresponds to ICU Comparison Levels.

The MongoDB Server Manual lists the possible values in its Collation section.

indexConfigs.collation.numericOrdering boolean Optional

Flag that indicates how to compare numeric strings.

Value Collation Method Example
true numeric strings compared as numbers 10 > 2 .
false numeric strings compared as strings 10 < 2 .

The default is false .

See also

Collation

indexConfigs.collation.alternate string Optional

Setting that determines how collation should consider whitespace and punctuation as base characters during comparisons.

The MongoDB Server Manual lists the possible values in its Collation section.

indexConfigs.collation.maxVariable string Optional

Characters the index can ignore. This parameter applies only if indexConfigs.collation.alternate is set to shifted .

The MongoDB Server Manual lists the possible values in its Collation section.

indexConfigs.collation.normalization boolean Optional

Flag that indicates if the text should be normalized.

If you set this parameter to true , collation:

  • Checks if text requires normalization.
  • Performs normalization to compare text.

The default is false .

See also

Collation

indexConfigs.collation.backwards boolean Optional

Flag that indicates how the index should handle diacritic strings.

If you set this parameter to true , strings with diacritics sort from the back to the front of the string.

The default is false .

See also

Collation

indexConfigs.options document Required Index options that the MongoDB Go Driver supports.
Read article