Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.
  • Security >
  • Configure the Connections to the Backing MongoDB Instances

Configure the Connections to the Backing MongoDB Instances

On this page

Overview

If you set up your backing MongoDB instances to use access control or to run over SSL, then you must update Ops Manager’s configuration files with the necessary information for accessing the MongoDB instances.

The conf-mms.properties file configures the connection from Ops Manager to the Ops Manager Application database.

If you are using Backup, you also need to update the conf-daemon.properties file so that the Backup Daemon can connect to the Ops Manager Application Database, and configure the Backup databases in the Ops Manager UI.

Prerequisites

This tutorial assumes that you have deployed the Ops Manager Application Database and Backup Blockstore Database, and that you have configured them to use access control and/or SSL. For information on deploying MongoDB with access control or to use SSL, see Security Concepts in the MongoDB manual.

Procedures

Configure Ops Manager to Connect to Backing Databases with Access Control

MongoDB deployments can use MONGODB-CR/SCRAM-SHA-1 username-password authentication, Kerberos authentication, LDAP authentication, or x.509 Client Certificate authentication to manage access to the database.

If your Ops Manager Application database uses access control, you must configure Ops Manager and the Backup Daemon to be able to connect to the database.

1

Open the Ops Manager configuration files with root privileges.

Open the files listed below. Ops Manager Configuration Files describes the locations of each file:

  • conf-mms.properties, which configures Ops Manager’s connection to the Ops Manager Application Database.
  • Optional conf-daemon.properties, which configures the Backup Daemon’s connection to the Ops Manager Application Database. You only need to open conf-daemon.propeties if you have installed the Backup Daemon.
2

Configure Ops Manager to connect to the Ops Manager Application database.

mongo.mongoUri contains the connection string used to access the Ops Manager Application Database.

The mongo.mongoUri reference provides examples of the connection string format for each authentication mechanism and details the required permissions for the connecting user.

For an Ops Manager Application database using Kerberos authentication, the mongo.mongoUri setting would resemble:

copy 
mongo.mongoUri=mongodb://username%40REALM.example.net@mydb1.example.net:40000/?authMechanism=GSSAPI
3

Optional: Configure the Backup Daemon to connect to the Ops Manager Application database.

If you have installed the Backup Daemon, you must configure mongo.mongoUri in conf-daemon.properties so that the Backup Daemon can connect to the Ops Manager Application database.

mongo.mongoUri contains the connection string used to access the Ops Manager Application Database.

The mongo.mongoUri reference provides examples of the connection string format for each authentication mechanism and details the required permissions for the connecting user.

For an Ops Manager Application database using Kerberos authentication, the mongo.mongoUri setting would resemble:

copy 
mongo.mongoUri=mongodb://username%40REALM.example.net@mydb1.example.net:40000/?authMechanism=GSSAPI

mongo.mongoUri should be idential in both conf-mms.properties and conf-daemon.properties.

4

Configure any other authentication mechanism-specific settings in both conf-mms.properties and conf-daemon.properties.

If you are using Kerberos authentication, you must configure the Kerberos settings, as in the following:

copy 
jvm.java.security.krb5.kdc=kdc.example.com
jvm.java.security.krb5.realm=EXAMPLE.COM
mms.kerberos.principal=mms/mmsweb.example.com@EXAMPLE.COM
mms.kerberos.keyTab=/path/to/mms.keytab

If you are using x.509 Client Certificate Authentication, you must also be connecting over SSL. See: Configure SSL Connections to the Ops Manager Application Database for the SSL configuration instructions.

5

Restart Ops Manager and the Backup Daemon.

If the Ops Manager Application database is running over SSL, proceed to the SSL configuration tutorial.

Restart Ops Manager and the Backup Daemon using the appropriate command for your distribution:

Installed on Linux with DEB or RPM packages:

copy 
sudo service mongodb-mms restart
sudo service mongodb-mms-backup-daemon restart

Installed on Linux from an Archive:

copy 
<install_dir>/bin/mongodb-mms restart
<install_dir>/bin/mongodb-mms-backup-daemon restart

Installed on Windows:

  • Open Control Panel, then System and Security, then Administrative Tools, and then Services. In the Services list, right-click on the MongoDB Ops Manager HTTP Service and select Restart.
  • On the Backup Daemon server, open Control Panel, then System and Security, then Administrative Tools, and then Services. Right-click on the MMS Backup Daemon Service and select Restart.

Configure SSL Connections to the Ops Manager Application Database

1

Open the Ops Manager configuration files with root privileges.

Open the files listed below. Ops Manager Configuration Files describes the locations of each file:

  • conf-mms.properties, which configures Ops Manager’s connection to the Ops Manager Application Database.
  • Optional conf-daemon.properties, which configures the Backup Daemon’s connection to the Ops Manager Application Database. You only need to open conf-daemon.propeties if you have installed the Backup Daemon.
2

Configure Ops Manager to connect to the Ops Manager Application database over SSL.

Configure the following settings in conf-mms.properties:

mongo.ssl: Set this to true to indicate that the Ops Manager Application Database is using SSL.

mongodb.ssl.CAFile: Specify the PEM file that contains the root certificate chain from the Certificate Authority that signed the MongoDB server certificate.

mongodb.ssl.PEMKeyFile: If the MongoDB instance is running with --sslCAFile option, specify the PEM file containing an x.509 certificate and private key.

mongodb.ssl.PEMKeyFilePassword: If the client PEM file contains an encrypted private key, specify the password for PEM file. To encrypt this password in the configuration file, use the Ops Manager credentialstool tool. See Encrypt MongoDB User Credentials.

3

Optional: Configure the Backup Daemon to connect to the Ops Manager Application database over SSL.

If you are using Backup, set the following settings in conf-daemon.properties:

Set mongo.ssl to true. This setting should match the mongo.ssl setting in conf-mms.properties.

Update the SSL settings with the SSL client certificate information to use to connect to the backing databases. mongodb.ssl.CAFile, mongodb.ssl.PEMKeyFile, and mongodb.ssl.PEMKeyFilePassword should match the settings in conf-mms.properties.

4

Restart Ops Manager and the Backup Daemon.

Restart Ops Manager and the Backup Daemon using the appropriate command for your distribution:

Installed on Linux with DEB or RPM packages:

copy 
sudo service mongodb-mms restart
sudo service mongodb-mms-backup-daemon restart

Installed on Linux from an Archive:

copy 
<install_dir>/bin/mongodb-mms restart
<install_dir>/bin/mongodb-mms-backup-daemon restart

Installed on Windows:

  • Open Control Panel, then System and Security, then Administrative Tools, and then Services. In the Services list, right-click on the MongoDB Ops Manager HTTP Service and select Restart.
  • On the Backup Daemon server, open Control Panel, then System and Security, then Administrative Tools, and then Services. Right-click on the MMS Backup Daemon Service and select Restart.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.