Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Backup Agent Configuration

On this page

Connection Settings

For the Backup Agent communication with the MMS Servers, the following connection settings are required:

mmsApiKey

Type: string

The MMS agent API key for a MMS group. The API Key can be found in the MMS interface on the Settings in the Agent API Settings section. For example:

copy 
mmsApiKey=abc123
mothership

Type: string

The hostname of the MMS Backup Web Server.

https

Type: boolean

Toggles communication with the MMS Backup web server over HTTPS.

HTTP Proxy Settings

httpProxy

New in version 1.4.4.34-1.

Type: string

To connect to the MMS HTTP Service via a proxy, specify the URL of the proxy. For example:

copy 
httpProxy=http://example-proxy.com:8080

MongoDB SSL Settings

Specify these settings when the Backup Agent is connecting to MongoDB instances with SSL.

sslClientCertificate

Type: string

The path to the private key, client certificate, and optional intermediate certificates in PEM format. The agent will use the client certificate when connecting to any configured MongoDB that use SSL and require client certificates, i.e. that are running using the --sslCAFile option.

sslClientCertificatePassword

Type: string

The password needed to decrypt the private key in the sslClientCertificate file. This setting is only necessary if the client certificate PEM file is encrypted.

sslTrustedServerCertificates

Type: string

The path on disk that contains the trusted certificate authority certificates in PEM format. These certificates will verify the server certificate returned from any MongoDBs running with SSL. For example:

copy 
sslTrustedServerCertificates=/etc/mongodb-mms/mongodb-certs.pem
sslRequireValidServerCertificates

Type: boolean

Use this option to disable certificate verification by setting this value to false. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.

MongoDB Kerberos Settings

Specify these settings if the Backup Agent authenticates to hosts using Kerberos. For more information, see Connect to Hosts with Kerberos Authentication.

krb5Principal

Type: string

The Kerberos principal used by the agent. For example:

copy 
krb5Principal=mmsagent/myhost@EXAMPLE.COM
krb5Keytab

Type: string

The absolute path to Kerberos principal’s keytab file. For example:

copy 
krb5Keytab=/etc/mongodb-mms/backup-agent.keytab

MMS Server SSL Settings

Advanced SSL settings used by the Backup Agent when communicating to the MMS Backup Web Server.

sslTrustedMMSBackupServerCertificate

By default the Backup Agent will use the trusted root CAs installed on the system. If the agent cannot find the trusted root CAs, configure these settings manually.

If the MMS Backup Server is using a self-signed SSL certificate this setting is required.

The path on disk that contains the trusted certificate authority certificates in PEM format. The agent will use this certificate to verify that the agent is communicating with the designated MMS Backup Server. For example:

copy 
sslTrustedMMSBackupServerCertificate=/etc/mongodb-mms/mms-certs.pem
sslRequireValidMMSBackupServerCertificate

Type: boolean

You can disable certificate verification by setting this value to false. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.