Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Add Monitored Processes to Automation

On this page

Overview

Ops Manager Automation lets you deploy, reconfigure, and upgrade your MongoDB databases directly from the Ops Manager console.

If Ops Manager is already monitoring your MongoDB processes, you can add them to Automation using this procedure. If you have processes that are not yet monitored by Ops Manager, you must first add them to monitoring before adding them to Automation.

Automation relies on the Automation Agent, which you install on each server that hosts a process to be added to automated management. The Automation Agents regularly poll Ops Manager to determine goal configuration and deploy changes as needed. An Automation Agent must run as the same user and in the same group as the MongoDB process it will manage.

Considerations

Restrictions and Limitations

  • Automation Agents can run only on 64-bit architectures.
  • Automation supports most but not all available MongoDB options. Automation supports the options described in Supported MongoDB Options for Automation.

Updated Security Settings

If the imported MongoDB process requires authentication but the Ops Manager group does not have authentication settings enabled, upon successful addition of the MongoDB process to automation, the group’s security settings will have the security settings of the newly imported deployment.

Note

The import process only enables the Ops Manager group’s security setting if the group’s security setting is currently not enabled. If the group’s security setting is currently enabled, the import process does not disable the group’s security setting or change its enabled authentication mechanism.

If the imported MongoDB process already has mms-backup-agent and mms-monitoring-agent users in the admin database, and the group’s authentication settings are already enabled or will become enabled by the import process, the roles assigned to mms-backup-agent and mms-monitoring-agent will be overriden with the roles designated by the group.

Regardless of the group’s security setting, if the MongoDB process to import contains users, the import process will add these users to the group and apply the updated list of users to all processes in the group’s deployment. During the import process, you can remove the users from importing into the group while allowing them to remain in an unmanaged state in the database. Only import the users you want managed since once imported, users cannot be “forgotten”.

If the MongoDB process contains user-defined roles, the import process will add these roles to the group. You can only remove these roles after the import process completes. That is, you can only remove roles from the group and all its managed processes as a whole.

Note

Custom roles are fully managed by Ops Manager, and the Automation agent will remove custom roles manually added to a database.

The group’s updated security settings apply to all deployments in the group and will restart all deployments in the group with the new setting, including the imported process. All processes will use the Ops Manager automation keyfile upon restart.

If the existing deployment or deployments in the group require a different security profile from the imported process, create a new group to import the MongoDB process.

Restart of the MongoDB Process

The import procedure will perform a rolling restart of the added MongoDB process with a configuration file maintained by Ops Manager.

If the security settings for the group becomes enabled because of the import, all processes under the group will restart with the updated security settings.

Prerequisites

Ops Manager is Monitoring the Processes

Ops Manager must be currently monitoring the MongoDB processes, and the Monitoring Agent must be running. The processes must appear in the Ops Manager Deployment tab. If this is not the case, see Add Existing MongoDB Processes to Monitoring.

The Automation Agent must have:

  • Permission to stop the MongoDB processes. The Automation Agent will restart the processes using the agent’s own set of MongoDB binaries. If you had installed MongoDB with a package manager, use the same package manager to install the Automation Agent. This gives the agent the same owner as MongoDB.
  • Read and Write permissions on the MongoDB data directories and log directories.

The Process UID and GID must Match the Automation Agent

The user (UID) and group (GID) of the MongoDB process must match that of the Automation Agent. For example, if your Automation Agent runs as the “mongod” user in the “mongod” group, the MongoDB process must also run as the “mongod” user in the “mongod” group.

Server Networking Access

The servers that host the MongoDB processes must have full networking access to each other through their fully qualified domain names (FQDNs). You can view a server’s FQDN by issuing hostname -f in a shell connected to the server. Each server must be able to reach every other server through the FQDN.

Ensure that your network configuration allows each Automation Agent to connect to every MongoDB process listed on the Deployment tab. Ensure that the network and security systems, including all interfaces and firewalls, allow these connections.

Access Control

If the Ops Manager group has authentication settings enabled, the MongoDB process to import must support the group’s authentication mechanism.

If either the MongoDB process to import requires authentication or the Ops Manager group has authentication settings enabled, you must add an automation user with the appropriate roles to the MongoDB process in order to perform the import.

Important

If you are adding a sharded cluster, you must create this user through the mongos and on every shard; i.e. create the user as a cluster wide user through mongos as well as a shard local user on each shard.

If the Ops Manager group has authentication settings enabled, the automation user for the Ops Manager group can be found in the MongoDB Users section for the group. If the MongoDB process also requires authentication, the import process will also display this information. Otherwise, go to the MongoDB Users section for the Ops Manager group.

If the Ops Manager group does not have authentication settings enabled, but the MongoDB process requires authentication, add a automation user for the Ops Manager group with the appropriate roles. The import process will display the required roles for the user. The added user will become the group’s Automation Agent user.

For example, if the Ops Manager group has MongoDB-CR/SCRAM-SHA-1 enabled in its deployment settings, add the group’s Ops Manager Automation User mms-automation to the admin database.

If you are adding a sharded cluster, you must create this user through the mongos and on every shard; i.e. create the user as a cluster wide user through mongos as well as a shard local user on each shard.

copy 
use admin

db.createUser(
   {
     user: "mms-automation",
     pwd: <password>,
     roles: [
        'clusterAdmin',
        'dbAdminAnyDatabase',
        'readWriteAnyDatabase',
        'userAdminAnyDatabase',
        'restore'
     ]
   }
)

To find the password for the automation user, if you have enabled the Public REST API for this group, you can use the Get the Automation Configuration endpoint to retrieve the current configuration and find the autoPwd value:

copy 
curl -u "<username>:<apikey>" --digest -i "<host>/api/public/v1.0/groups/<Group-ID>/automationConfig"

You can also find the autoPwd value in the mmsConfigBackup file.

Procedure

Add Monitored Processes to Automation

1

Select the Deployment tab and then the Deployment page.

2

Click Add and select Import Existing for Automation.

3

Select the MongoDB processes to import.

Click the Deployment Item field to display your currently monitored processes. Select the cluster, replica set or standalone to import.

If either the Ops Manager group’s Automation Agent or the selected deployment item requires authentication, an automation user with the appropriate roles must exist in the deployment. See Access Control Prerequisites.

If the selected deployment item requires authentication, specify the appropriate athentication mechanism, username and password for the automation agent.

4

Click Start Import.

Ops Manager displays the progress of the import for each MongoDB process, including any errors. If you need to correct errors, click Stop Import, correct them, and restart this procedure.

5

Click Show Imported Deployment.

Ops Manager displays the unpublished changes to import the deployment, including changes to the group’s authentication settings and any users and user-defined roles to be imported.

Before the next step, you can modify the group’s authentication settings and remove users to be imported. However, as an alternative, if you do not wish to have the imported deployment alter your group’s existing security configuration, consider canceling the import and adding to a new group instead.

6

Click Review & Deploy.

7

Click Confirm & Deploy.

Ops Manager Automation takes over the management of the processes and peforms a rolling restart. To view progress, click View Agent Logs.

If you diagnose an error that causes Automation to fail to complete the deployment, click Edit Configuration to correct the error.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.