- Create or Import a MongoDB Deployment >
- Add Existing MongoDB Processes to Ops Manager
Add Existing MongoDB Processes to Ops Manager¶
On this page
Overview¶
Ops Manager provides a wizard for adding your existing MongoDB deployments to monitoring and management. The wizard prompts you to install an Automation Agent if none exists, and then prompts you to identify the cluster, the replica set, or the standalone to add. You can choose to add the deployment to Monitoring or to both Monitoring and Automation.
Considerations¶
Unique Names¶
Deployment items must have unique names within the group.
Important
Replica set, sharded cluster, and shard names within the same group must be unique. Failure to have unique names for the deployment items will result in broken backup snapshots.
Preferred Hostnames¶
If the MongoDB process is accessible only by specific hostname or IP address, or if you need to specify the hostname to use for servers with multiple aliases, set up a preferred hostname. For details, see the Preferred Hostnames setting in Group Settings.
Authentication¶
- When adding to Monitoring:
If your MongoDB deployment requires authentication, you must provide the necessary credentials for monitoring when adding the deployment to Ops Manager. For information on configuring authentication, see Configure MongoDB Authentication and Authorization.
- When adding to Automation:
If the Ops Manager group has MongoDB authentication settings enabled for its deployments, the MongoDB deployment to import must support the group’s authentication mechanism.
If either the MongoDB deployment requires authentication or the Ops Manager group has authentication settings enabled, you must add an automation user with the appropriate roles to the MongoDB process in order to perform the import. If the Ops Manager group has authentication settings enabled, add the Ops Manager group’s automation user to the MongoDB process. See Prerequisites.
Automation and Updated Security Settings Upon Import¶
Adding a MongoDB deployment to automation may affect the security settings of the Ops Manager group or the MongoDB deployment or both.
Enables Ops Manager Group Security Setting¶
If the MongoDB deployment requires authentication but the Ops Manager group does not have authentication settings enabled, upon successful addition of the MongoDB deployment to automation, the group’s security settings will have the security settings of the newly imported deployment.
Note
The import process only enables the Ops Manager group’s security setting if the group’s security setting is currently not enabled. If the group’s security setting is currently enabled, the import process does not disable the group’s security setting or change its enabled authentication mechanism.
Imports MongoDB Users and Roles¶
Note
The following applies for situations where at least either the MongoDB deployment requires authentication or the Ops Manager group has authentication settings enabled.
If the MongoDB deployment contains users or user-defined roles, you can choose to import these users and roles for Ops Manager to manage. The imported users and roles are Synced to all managed deployments in the Ops Manager group.
If the Enforce Consistent Set
value for the Ops Manager group is YES
,
users and roles not imported are deleted from the MongoDB deployment.
If the Enforce Consistent Set
value for the Ops Manager group is No
,
the Ops Manager group does not manage the non-imported users and roles. All
non-imported and existing users and roles remain in the MongoDB
deployment. To manage these users and roles, you must connect directly
to the MongoDB deployment.
If importing users and roles, before you confirm and deploy the changes, you can, from the Authentication & Users and Authentication & Roles screens, remove specific users and roles from being imported by unmanaging these users. For details on unmanaging MongoDB users, see Manage or Unmanage MongoDB Users.
If the imported MongoDB deployment already has mms-backup-agent
and
mms-monitoring-agent
users in its admin
database, the import
procedure overrides the roles of these users with the roles for
mms-backup-agent
and mms-monitoring-agent
users as set in the
Ops Manager group.
Applies to All Deployments in Ops Manager Group¶
The group’s updated security settings, including all users and roles managed as part of the Ops Manager group, apply to all deployments in the group, including the imported MongoDB deployment.
Ops Manager restarts all deployments in the group with the new setting, including the imported MongoDB deployment. All deployments in the group will use the Ops Manager automation keyfile upon restart.
If the existing deployment or deployments in the group require a different security profile from the imported process, create a new group into which you can import the MongoDB deployment.
Examples of Imported Users¶
Note
The following applies for situations where at least either the MongoDB deployment requires authentication or the Ops Manager group has authentication settings enabled.
If you choose to import the MongoDB users and custom roles, once Ops Manager
group manages the MongoDB deployment, regardless of the value of Enforce
Consistent Set
:
Enforce Consistent Set |
Results |
---|---|
Yes or No |
|
If you choose not to import the users, once Ops Manager group manages the MongoDB deployment:
Enforce Consistent Set |
Results |
---|---|
Yes |
|
No |
|
Prerequisites¶
Note
The following prerequisite applies only when adding to Automation.
If the Ops Manager group does not have authentication settings enabled, but the MongoDB process requires authentication, add an automation user for the Ops Manager group with the appropriate roles. The import process displays the required roles for the user. The added user becomes the group’s Automation Agent user.
If the Ops Manager group has authentication settings enabled, add the Ops Manager group’s Automation Agent user to the MongoDB process. To find the Automation Agent user, click Deployments, then Security, then Users.
To find the password for the Ops Manager group’s Automation Agent user, you can use the API or the configuration backup file:
- Using the API
Use the Automation Configuration Resource endpoint:
- Using the Ops Manager Configuration Backup file
Open the
mmsConfigBackup
file in your preferred text editor and find theautoPwd
value.
Example
If the Ops Manager group has Username/Password mechanism
selected for its authentication settings, add the group’s Ops Manager
Automation Agents User mms-automation
to the admin
database
in the MongoDB deployment to import.
Important
If you are adding a sharded cluster, you must create this user through the mongos and on every shard. That is, create the user both as a cluster wide user through mongos as well as a shard local user on each shard.