Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Add Existing MongoDB Processes to Ops Manager

Overview

Ops Manager provides a wizard for adding your existing MongoDB deployments to monitoring and management. The wizard prompts you to install an Automation Agent if none exists, and then prompts you to identify the cluster, the replica set, or the standalone to add. You can choose to add the deployment to Monitoring or to both Monitoring and Automation.

Considerations

Unique Names

Deployment items must have unique names within the group.

Important

Replica set, sharded cluster, and shard names within the same group must be unique. Failure to have unique names for the deployment items will result in broken backup snapshots.

Preferred Hostnames

If the MongoDB process is accessible only by specific hostname or IP address, or if you need to specify the hostname to use for servers with multiple aliases, set up a preferred hostname. For details, see the Preferred Hostnames setting in Group Settings.

Authentication

  • When adding to Monitoring:

    If your MongoDB deployment requires authentication, you must provide the necessary credentials for monitoring when adding the deployment to Ops Manager. For information on configuring authentication, see Configure MongoDB Authentication and Authorization.

  • When adding to Automation:

    If the Ops Manager group has MongoDB authentication settings enabled for its deployments, the MongoDB deployment to import must support the group’s authentication mechanism.

    If either the MongoDB deployment requires authentication or the Ops Manager group has authentication settings enabled, you must add an automation user with the appropriate roles to the MongoDB process in order to perform the import. If the Ops Manager group has authentication settings enabled, add the Ops Manager group’s automation user to the MongoDB process. See Prerequisites.

Automation and Updated Security Settings Upon Import

Adding a MongoDB deployment to automation may affect the security settings of the Ops Manager group or the MongoDB deployment or both.

Enables Ops Manager Group Security Setting

If the MongoDB deployment requires authentication but the Ops Manager group does not have authentication settings enabled, upon successful addition of the MongoDB deployment to automation, the group’s security settings will have the security settings of the newly imported deployment.

Note

The import process only enables the Ops Manager group’s security setting if the group’s security setting is currently not enabled. If the group’s security setting is currently enabled, the import process does not disable the group’s security setting or change its enabled authentication mechanism.

Imports MongoDB Users and Roles

Note

The following applies for situations where at least either the MongoDB deployment requires authentication or the Ops Manager group has authentication settings enabled.

If the MongoDB deployment contains users or user-defined roles, you can choose to import these users and roles for Ops Manager to manage. The imported users and roles are Synced to all managed deployments in the Ops Manager group.

If the Enforce Consistent Set value for the Ops Manager group is YES, users and roles not imported are deleted from the MongoDB deployment.

If the Enforce Consistent Set value for the Ops Manager group is No, the Ops Manager group does not manage the non-imported users and roles. All non-imported and existing users and roles remain in the MongoDB deployment. To manage these users and roles, you must connect directly to the MongoDB deployment.

If importing users and roles, before you confirm and deploy the changes, you can, from the Authentication & Users and Authentication & Roles screens, remove specific users and roles from being imported by unmanaging these users. For details on unmanaging MongoDB users, see Manage or Unmanage MongoDB Users.

If the imported MongoDB deployment already has mms-backup-agent and mms-monitoring-agent users in its admin database, the import procedure overrides the roles of these users with the roles for mms-backup-agent and mms-monitoring-agent users as set in the Ops Manager group.

Applies to All Deployments in Ops Manager Group

The group’s updated security settings, including all users and roles managed as part of the Ops Manager group, apply to all deployments in the group, including the imported MongoDB deployment.

Ops Manager restarts all deployments in the group with the new setting, including the imported MongoDB deployment. All deployments in the group will use the Ops Manager automation keyfile upon restart.

If the existing deployment or deployments in the group require a different security profile from the imported process, create a new group into which you can import the MongoDB deployment.

Examples of Imported Users

Note

The following applies for situations where at least either the MongoDB deployment requires authentication or the Ops Manager group has authentication settings enabled.

If you choose to import the MongoDB users and custom roles, once Ops Manager group manages the MongoDB deployment, regardless of the value of Enforce Consistent Set:

Enforce Consistent Set Results
Yes or No
Ops Manager group:
  • Authentication is enabled.
  • Manages the imported users and roles.
  • Syncs the new users and roles to all its managed deployments.
The MongoDB deployment:
  • Has access control enabled and requires authentication.
  • All users and roles that the Ops Manager group manages (i.e. has Synced set to Yes ) exist in the MongoDB deployment.

If you choose not to import the users, once Ops Manager group manages the MongoDB deployment:

Enforce Consistent Set Results
Yes
Ops Manager group:
  • Authentication is enabled.
  • Has no changes to its managed users and roles.
The MongoDB deployment:
  • Has access control enabled and requires authentication.
  • The non-imported MongoDB users and roles will be deleted from the MongoDB deployment.
  • All users and roles that the Ops Manager group manages (i.e. has Synced set to Yes ) exist in the MongoDB deployment.
No
Ops Manager group:
  • Authentication is enabled.
  • Has no changes to its security settings, including users and roles.
The MongoDB deployment:
  • Has access control enabled and requires authentication.
  • The non-imported MongoDB users and roles remain in the MongoDB deployment.
  • All users and roles managed by the Ops Manager group (i.e. has Synced set to Yes ) exist in the MongoDB deployment.

Prerequisites

Note

The following prerequisite applies only when adding to Automation.

  • If the Ops Manager group does not have authentication settings enabled, but the MongoDB process requires authentication, add an automation user for the Ops Manager group with the appropriate roles. The import process displays the required roles for the user. The added user becomes the group’s Automation Agent user.

  • If the Ops Manager group has authentication settings enabled, add the Ops Manager group’s Automation Agent user to the MongoDB process. To find the Automation Agent user, click Deployments, then Security, then Users.

  • To find the password for the Ops Manager group’s Automation Agent user, you can use the API or the configuration backup file:

    Using the API

    Use the Automation Configuration Resource endpoint:

    curl -u "<username>:<apikey>" --digest -i "<host>/api/public/v1.0/groups/<Group-ID>/automationConfig"
    
    Using the Ops Manager Configuration Backup file

    Open the mmsConfigBackup file in your preferred text editor and find the autoPwd value.

Example

If the Ops Manager group has Username/Password mechanism selected for its authentication settings, add the group’s Ops Manager Automation Agents User mms-automation to the admin database in the MongoDB deployment to import.

use admin

db.createUser(
   {
     user: "mms-automation",
     pwd: <password>,
     roles: [
        'clusterAdmin',
        'dbAdminAnyDatabase',
        'readWriteAnyDatabase',
        'userAdminAnyDatabase',
        'restore'
     ]
   }
)

Important

If you are adding a sharded cluster, you must create this user through the mongos and on every shard. That is, create the user both as a cluster wide user through mongos as well as a shard local user on each shard.

Add MongoDB Processes

1

Click Deployment.

2

Click Add and select Existing MongoDB Deployment.

3

Follow the prompts to add the deployment.