- Security >
- Configure the Connections to the Backing MongoDB Instances
Configure the Connections to the Backing MongoDB Instances¶
On this page
Overview¶
If you set up your backing MongoDB instances to use access control or to run over SSL, then you must update Ops Manager’s configuration files with the necessary information for accessing the MongoDB instances.
The conf-mms.properties
file configures the connection from Ops Manager
to the Ops Manager Application database.
If you are using Backup, you also need to update the conf-daemon.properties
file
so that the Backup Daemon can connect to the Ops Manager Application Database,
and configure the Backup databases in the Ops Manager UI.
Prerequisites¶
This tutorial assumes that you have deployed the Ops Manager Application Database and Backup Blockstore Database, and that you have configured them to use access control and/or SSL. For information on deploying MongoDB with access control or to use SSL, see Security Concepts in the MongoDB manual.
Procedures¶
Configure Ops Manager to Connect to Backing Databases with Access Control¶
MongoDB deployments can use MONGODB-CR
/SCRAM-SHA-1
username-password
authentication, Kerberos authentication, LDAP authentication, or x.509
Client Certificate authentication to manage access to the database.
If your Ops Manager Application database uses access control, you must configure Ops Manager and the Backup Daemon to be able to connect to the database.
Open the Ops Manager configuration files with root privileges.¶
Open the files listed below. Ops Manager Configuration Files describes the locations of each file:
conf-mms.properties
, which configures Ops Manager’s connection to the Ops Manager Application Database.- Optional
conf-daemon.properties
, which configures the Backup Daemon’s connection to the Ops Manager Application Database. You only need to openconf-daemon.propeties
if you have installed the Backup Daemon.
Configure Ops Manager to connect to the Ops Manager Application database.¶
mongo.mongoUri
contains the connection string used to access
the Ops Manager Application Database.
The mongo.mongoUri
reference provides examples of the
connection string format for each authentication mechanism and details
the required permissions for the connecting user.
For an Ops Manager Application database using
Kerberos authentication, the mongo.mongoUri
setting
would resemble:
Optional: Configure the Backup Daemon to connect to the Ops Manager Application database.¶
If you have installed the Backup Daemon,
you must configure mongo.mongoUri
in conf-daemon.properties
so that the Backup Daemon can connect to the Ops Manager Application database.
mongo.mongoUri
contains the connection string used to access
the Ops Manager Application Database.
The mongo.mongoUri
reference provides examples of the
connection string format for each authentication mechanism and details
the required permissions for the connecting user.
For an Ops Manager Application database using
Kerberos authentication, the mongo.mongoUri
setting
would resemble:
mongo.mongoUri
should be idential in both conf-mms.properties
and conf-daemon.properties
.
Configure any other authentication mechanism-specific settings in both conf-mms.properties
and conf-daemon.properties
.¶
If you are using Kerberos authentication, you must configure the Kerberos settings, as in the following:
If you are using x.509 Client Certificate Authentication, you must also be connecting over SSL. See: Configure SSL Connections to the Ops Manager Application Database for the SSL configuration instructions.
Restart Ops Manager and the Backup Daemon.¶
If the Ops Manager Application database is running over SSL, proceed to the SSL configuration tutorial.
Restart Ops Manager and the Backup Daemon using the appropriate command for your distribution:
Installed on Linux with DEB or RPM packages:
Installed on Linux from an Archive:
Installed on Windows:
- Open
Control Panel
, thenSystem and Security
, thenAdministrative Tools
, and thenServices
. In the Services list, right-click on theMongoDB Ops Manager HTTP Service
and selectRestart
. - On the Backup Daemon server, open
Control Panel
, thenSystem and Security
, thenAdministrative Tools
, and thenServices
. Right-click on theMMS Backup Daemon Service
and selectRestart
.
Configure SSL Connections to the Ops Manager Application Database¶
Open the Ops Manager configuration files with root privileges.¶
Open the files listed below. Ops Manager Configuration Files describes the locations of each file:
conf-mms.properties
, which configures Ops Manager’s connection to the Ops Manager Application Database.- Optional
conf-daemon.properties
, which configures the Backup Daemon’s connection to the Ops Manager Application Database. You only need to openconf-daemon.propeties
if you have installed the Backup Daemon.
Configure Ops Manager to connect to the Ops Manager Application database over SSL.¶
Configure the following settings in conf-mms.properties
:
mongo.ssl
: Set this to true
to indicate that the
Ops Manager Application Database is using SSL.
mongodb.ssl.CAFile
: Specify the PEM file that contains the root
certificate chain from the Certificate Authority that signed the MongoDB
server certificate.
mongodb.ssl.PEMKeyFile
: If the MongoDB instance is running
with --sslCAFile
option, specify the PEM
file containing an x.509 certificate and private key.
mongodb.ssl.PEMKeyFilePassword
: If the client PEM file contains
an encrypted private key, specify the password for PEM file. To encrypt
this password in the configuration file, use the Ops Manager credentialstool
tool. See Encrypt MongoDB User Credentials.
Optional: Configure the Backup Daemon to connect to the Ops Manager Application database over SSL.¶
If you are using Backup, set the following settings in conf-daemon.properties
:
Set mongo.ssl
to true
. This setting should match the
mongo.ssl
setting in conf-mms.properties
.
Update the SSL settings with the SSL client certificate information to use to
connect to the backing databases. mongodb.ssl.CAFile
,
mongodb.ssl.PEMKeyFile
, and
mongodb.ssl.PEMKeyFilePassword
should match the settings
in conf-mms.properties
.
Restart Ops Manager and the Backup Daemon.¶
Restart Ops Manager and the Backup Daemon using the appropriate command for your distribution:
Installed on Linux with DEB or RPM packages:
Installed on Linux from an Archive:
Installed on Windows:
- Open
Control Panel
, thenSystem and Security
, thenAdministrative Tools
, and thenServices
. In the Services list, right-click on theMongoDB Ops Manager HTTP Service
and selectRestart
. - On the Backup Daemon server, open
Control Panel
, thenSystem and Security
, thenAdministrative Tools
, and thenServices
. Right-click on theMMS Backup Daemon Service
and selectRestart
.