Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.
This version of the manual is no longer supported.

Restore a Replica Set from a Snapshot

When you restore a replica set from backup, Ops Manager provides you with a restore file for the selected restore point. To learn about the restore process, please see Restore Overview.

Considerations

Review change to BinData BSON sub-type

The BSON specification changed the default subtype for the BSON binary datatype (BinData) from 2 to 0. Some binary data stored in a snapshot may be BinData subtype 2. The Backup automatically detects and converts snapshot data in BinData subtype 2 to BinData subtype 0. If your application code expects BinData subtype 2, you must update your application code to work with BinData subtype 0.

See also

The notes on the BSON specification explain the particular specifics of this change.

Restore using settings given in restoreInfo.txt

The backup restore file includes a metadata file named restoreInfo.txt. This file captures the options the database used when the snapshot was taken. The database must be run with the listed options after it has been restored. This file contains:

  • Group name

  • Replica Set name

  • Cluster ID (if applicable)

  • Snapshot timestamp (as Timestamp at UTC)

  • Restore timestamp (as a BSON Timestamp at UTC)

  • Last Oplog applied (as a BSON Timestamp at UTC)

  • MongoDB version

  • Storage engine type

  • mongod startup options used on the database when the snapshot was taken

  • Encryption (Only appears if encryption is enabled on the snapshot)

  • Master Key UUID (Only appears if encryption is enabled on the snapshot)

    If restoring from an encrypted backup, you must have a certificate provisioned for this Master Key.

Backup Considerations

All FCV databases must fulfill the appropriate backup considerations.

Prerequisites

To perform manual restores, you must have the Backup Admin role in Ops Manager.

Restore from Encrypted Backup Requires Same Master Key

To restore from an encrypted backup, you need the same master key used to encrypt the backup and either the same certificate as is on the Backup Daemon host or a new certificate provisioned with that key from the KMIP host.

If the snapshot is encrypted, the restore panel displays the KMIP master key id and the KMIP server information. You can also find the information when you view the snapshot itself as well as in the restoreInfo.txt file.

Client Requests During Restoration

You must ensure that the MongoDB deployment does not receive client requests during restoration. You must either:

  • Restore to new systems with new hostnames and reconfigure your application code once the new deployment is running, or
  • Ensure that the MongoDB deployment will not receive client requests while you restore data.

Restore a Snapshot

To have Ops Manager automatically restore the snapshot:

1

Click Backup, then the Overview tab.

2

Click the deployment, then click Restore or Download.

3

Select the restore point.

  1. Choose the point from which you want to restore your backup.

    Restore Type Description Action
    Snapshot Allows you to choose one stored snapshot. Select an existing snapshot to restore.
    Point In Time

    Creates a custom snapshot that includes all operations up to but not including the selected time. By default, the Oplog Store stores 24 hours of data.

    Example

    If you select 12:00, the last operation in the restore is 11:59:59 or earlier.

    Important

    In FCV 4.0, you cannot perform a PIT restore that covers any time prior to the latest backup resync. For the conditions that cause a resync, see Resync a Backup. This note does not apply to FCV 4.2 or later.

    Select a Date and Time.
    Oplog Timestamp

    Creates a custom snapshot that includes all operations up to and including the entered Oplog timestamp. The Oplog Timestamp contains two fields:

    Timestamp Timestamp in the number of seconds that have elapsed since the UNIX epoch
    Increment Order of operation applied in that second as a 32-bit ordinal.

    Type an Oplog Timestamp and Increment.

    Run a query against local.oplog.rs on your replica set to find the desired timestamp.

  2. Click Next.

Finding the latest Oplog Entry

To find the latest Oplog entry, run the following query in a mongo shell:

db.getSiblingDB('local').oplog.rs.find().sort({$natural:-1}).limit(1).pretty()

A successful result should look like this:

{
  "ts": Timestamp(1537559320, 1),
  "h": NumberLong("-2447431566377702740"),
  "v": 2,
  "op": "n",
  "ns": "",
  "wall": ISODate("2018-09-21T19:48:40.708Z"),
  "o": {
    "msg": "initiating set"
  }
}

The parts of the ts value correspond to the values you need for the Timestamp and Increment boxes.

Note

To translate the epoch time into a human-readable timestamp, try using a tool like Epoch Converter

MongoDB does not endorse this service. Its reference is intended only as informational.

4

Choose to restore the files to another cluster.

  1. Click Choose Cluster to Restore to.

  2. Complete the following fields:

    Field Action
    Project Select a project to which you want to restore the snapshot.
    Cluster to Restore to

    Select a cluster to which you want to restore the snapshot.

    Ops Manager must manage the target replica set.

    Warning

    Automation removes all existing data from the cluster. All backup data and snapshots for the existing cluster are preserved.

  1. Click Restore.

    Ops Manager notes how much storage space the restore requires.

5

Click Restore.

1

Click Backup, then the Overview tab.

2

Click the deployment, then click Restore or Download.

3

Select the restore point.

  1. Choose the point from which you want to restore your backup.

    Restore Type Description Action
    Snapshot Allows you to choose one stored snapshot. Select an existing snapshot to restore.
    Point In Time

    Creates a custom snapshot that includes all operations up to but not including the selected time. By default, the Oplog Store stores 24 hours of data.

    Example

    If you select 12:00, the last operation in the restore is 11:59:59 or earlier.

    Important

    In FCV 4.0, you cannot perform a PIT restore that covers any time prior to the latest backup resync. For the conditions that cause a resync, see Resync a Backup. This note does not apply to FCV 4.2 or later.

    Select a Date and Time.
    Oplog Timestamp

    Creates a custom snapshot that includes all operations up to and including the entered Oplog timestamp. The Oplog Timestamp contains two fields:

    Timestamp Timestamp in the number of seconds that have elapsed since the UNIX epoch
    Increment Order of operation applied in that second as a 32-bit ordinal.

    Type an Oplog Timestamp and Increment.

    Run a query against local.oplog.rs on your replica set to find the desired timestamp.

  2. Click Next.

Finding the latest Oplog Entry

To find the latest Oplog entry, run the following query in a mongo shell:

db.getSiblingDB('local').oplog.rs.find().sort({$natural:-1}).limit(1).pretty()

A successful result should look like this:

{
  "ts": Timestamp(1537559320, 1),
  "h": NumberLong("-2447431566377702740"),
  "v": 2,
  "op": "n",
  "ns": "",
  "wall": ISODate("2018-09-21T19:48:40.708Z"),
  "o": {
    "msg": "initiating set"
  }
}

The parts of the ts value correspond to the values you need for the Timestamp and Increment boxes.

Note

To translate the epoch time into a human-readable timestamp, try using a tool like Epoch Converter

MongoDB does not endorse this service. Its reference is intended only as informational.

4

Click Download to restore the files manually.

5

Configure the snapshot download.

  1. Configure the following download options:

    Pull Restore Usage Limit Select how many times the link can be used. If you select No Limit, the link is re-usable until it expires.
    Restore Link Expiration (in hours) Select the number of hours until the link expires. The default value is 1. The maximum value is the number of hours until the selected snapshot expires.
  2. Click Finalize Request.

  3. If you use 2FA, Ops Manager prompts you for your 2FA code. Enter your 2FA code, then click Finalize Request.

6

Retrieve the snapshots.

Ops Manager creates links to the snapshot. By default, these links are available for an hour and can be used just once.

To download the snapshots:

  1. If you closed the restore panel, click Backup, then Restore History.
  2. When the restore job completes, click (get link) for each replica set appears.
  3. Click:
    • The copy button to the right of the link to copy the link to use it later, or
    • Download to download the snapshot immediately.

Extra step for point-in-time restores

For point-in-time and oplog timestamp restores, additional instructions are shown. The final step shows the full command you must run using the MBRU. It includes all of the necessary options to ensure a full restore.

Select and copy the mongodb-backup-restore-util command provided under Run Binary with PIT Options.

7

Restore the snapshot data files to the destination host.

Example

tar -xvf <backupSnapshot>.tar.gz
mv <backupSnapshot> <temp-database-path>
8

Run the MongoDB Backup Restore Utility (Point-in-Time Restore Only).

  1. Download the MongoDB Backup Restore Utility to your host.

    Note

    If you closed the restore panel, click Backup, then More and then Download MongoDB Backup Restore Utility.

  2. Start a mongod instance without authentication enabled using the extracted snapshot directory as the data directory.

    Example

    mongod --port <port number> \
      --dbpath <temp-database-path> \
      --setParameter ttlMonitorEnabled=false
    

    Warning

    The MongoDB Backup Restore Utility doesn’t support authentication, so you can’t start this temporary database with authentication.

  3. Run the MongoDB Backup Restore Utility on your destination host. Run it once for the replica set.

    Pre-configured mongodb-backup-restore-util command

    Ops Manager provides the mongodb-backup-restore-util with the appropriate options for your restore on the restore panel under Run Binary with PIT Options.

    You should copy the mongodb-backup-restore-util command provided in the Ops Manager Application.

    ./mongodb-backup-restore-util --https --host <targetHost> \
      --port <targetPort> \
      --opStart <opLogStartTimeStamp> \
      --opEnd <opLogEndTimeStamp> \
      --logFile <logPath> \
      --oplogSourceAddr <oplogSourceAddr> \
      --apiKey <apiKey> \
      --groupId <groupId> \
      --rsId <rsId> \
      --whitelist <database1.collection1, database2, etc.> \
      --blacklist <database1.collection1, database2, etc.> \
      --seedReplSetMember \
      --oplogSizeMB <size> \
      --seedTargetPort <port> \
      --ssl \
      --sslCAFile </path/to/ca.pem> \
      --sslPEMKeyFile </path/to/pemkey.pem>
      --sslClientCertificateSubject <distinguishedName> \
      --sslRequireValidServerCertificates <true|false> \
      --sslServerClientCertificate </path/to/client.pem> \
      --sslServerClientCertificatePassword <password> \
      --sslRequireValidMMSBackupServerCertificate <true|false> \
      --sslTrustedMMSBackupServerCertificate </path/to/mms-certs.pem> \
      --httpProxy <proxyURL>
    

    The mongodb-backup-restore-util command uses the following options:

    Option Necessity Description check circle icon
    --host Required Provide the hostname, FQDN, IPv4 address, or IPv6 address for the host that serves the mongod to which the oplog should be applied. If you copied the mongodb-backup-restore-util command provided in the Ops Manager Application, this field is pre-configured. check circle icon
    --port Required Provide the port for the host that serves the mongod to which the oplog should be applied. check circle icon
    --opStart Required

    Provide the BSON timestamp for the first oplog entry you want to include in the restore.

    Note

    This value must be less than or equal to the --opEnd value.

    check circle icon
    --opEnd Required

    Provide the BSON timestamp for the last oplog entry you want to include in the restore.

    Note

    This value cannot be greater than the end of the oplog.

    check circle icon
    --logFile Optional Provide a path, including file name, where the MBRU log is written.  
    --oplogSourceAddr Required Provide the URL for the Ops Manager resource endpoint. check circle icon
    --apiKey Required Provide your Ops Manager Agent API Key. check circle icon
    --groupId Required Provide the group ID. check circle icon
    --rsId Required Provide the replica set ID. check circle icon
    --whitelist Optional Provide a list of databases and/or collections to which you want to limit the restore.  
    --blacklist Optional Provide a list of databases and/or collections to which you want to exclude from the restore.  
    --seedReplSetMember Optional

    Use if you need a replica set member to re-create the oplog collection and seed it with the correct timestamp.

    Requires --oplogSizeMB and --seedTargetPort.

     
    --oplogSizeMB Conditional

    Provide the oplog size in MB.

    Required if --seedReplSetMember is set.

     
    --seedTargetPort Conditional

    Provide the port for the replica set’s primary. This may be different from the ephemeral port used.

    Required if --seedReplSetMember is set.

     
    --ssl Optional

    Use if you need TLS/SSL to apply the oplog to the mongod.

    Requires --sslCAFile and --sslPEMKeyFile.

     
    --sslCAFile Conditional

    Provide the path to the Certificate Authority file.

    Required if --ssl is set.

     
    --sslPEMKeyFile Conditional

    Provide the path to the PEM certificate file.

    Required if --ssl is set.

     
    --sslPEMKeyFilePwd Conditional

    Provide the password for the PEM certificate file specified in --sslPEMKeyFile.

    Required if --ssl is set and that PEM key file is encrypted.

     
    --sslClientCertificateSubject Optional

    Provide the Client Certificate Subject or Distinguished Name (DN) for the target MongoDB process.

    Required if --ssl is set.

     
    --sslRequireValidServerCertificates Optional Set a flag indicating if the tool should validate certificates that the target MongoDB process presents.  
    --sslServerClientCertificate Optional Provide the absolute path to Client Certificate file to use for connecting to the Ops Manager host.  
    --sslServerClientCertificatePassword Conditional

    Provide the absolute path to Client Certificate file password to use for connecting to the Ops Manager host.

    Required if --sslServerClientCertificate is set and that certificate is encrypted.

     
    --sslRequireValidMMSBackupServerCertificate Optional Set a flag indicating if valid certificates are required when contacting the Ops Manager host. Default value is true.  
    --sslTrustedMMSBackupServerCertificate Optional

    Provide the absolute path to the trusted Certificate Authority certificates in PEM format for the Ops Manager host. If this flag is not provided, the system Certificate Authority is used.

    If Ops Manager is using a self-signed SSL certificate, this setting is required.

     
    --httpProxy Optional Provide the URL of an HTTP proxy server the tool can use.  

    check circle icon means that if you copied the mongodb-backup-restore-util command provided in Ops Manager Application, this field is pre-configured.

9

Unmanage the Replica Set.

Before attempting to restore the data manually, remove the replica set from Automation.

10

Restore the Replica Set Manually.

Follow the tutorial from the MongoDB Manual to restore the replica set.

11

Reimport the Replica Set.

To manage the replica set with automation again, import the replica set back into Ops Manager.

To have Ops Manager automatically restore the snapshot:

1

Click Backup, then the Overview tab.

2

Click the deployment, then click Restore or Download.

3

Select the restore point.

  1. Choose the point from which you want to restore your backup.

    Restore Type Description Action
    Snapshot Allows you to choose one stored snapshot. Select an existing snapshot to restore.
    Point In Time

    Creates a custom snapshot that includes all operations up to but not including the selected time. By default, the Oplog Store stores 24 hours of data.

    Example

    If you select 12:00, the last operation in the restore is 11:59:59 or earlier.

    Important

    In FCV 4.0, you cannot perform a PIT restore that covers any time prior to the latest backup resync. For the conditions that cause a resync, see Resync a Backup. This note does not apply to FCV 4.2 or later.

    Select a Date and Time.
    Oplog Timestamp

    Creates a custom snapshot that includes all operations up to and including the entered Oplog timestamp. The Oplog Timestamp contains two fields:

    Timestamp Timestamp in the number of seconds that have elapsed since the UNIX epoch
    Increment Order of operation applied in that second as a 32-bit ordinal.

    Type an Oplog Timestamp and Increment.

    Run a query against local.oplog.rs on your replica set to find the desired timestamp.

  2. Click Next.

4

Choose to restore the files to another cluster.

  1. Click Choose Cluster to Restore to.

  2. Complete the following fields:

    Field Action
    Project Select a project to which you want to restore the snapshot.
    Cluster to Restore to

    Select a cluster to which you want to restore the snapshot.

    Ops Manager must manage the target replica set.

    Warning

    Automation removes all existing data from the cluster. All backup data and snapshots for the existing cluster are preserved.

  1. Click Restore.

    Ops Manager notes how much storage space the restore requires.

5

Click Restore.

Consider Automatic Restore

This procedure involves a large number steps. Some of these steps have severe security implications. If you don’t need to restore to a deployment that Ops Manager doesn’t manage, consider an automated restore.

1

Click Backup, then the Overview tab.

2

Click the deployment, then click Restore or Download.

3

Select the Restore Point.

  1. Choose the point from which you want to restore your backup.

    Restore Type Description Action
    Snapshot Allows you to choose one stored snapshot. Select an existing snapshot to restore.
    Point In Time

    Creates a custom snapshot that includes all operations up to but not including the selected time. By default, the Oplog Store stores 24 hours of data.

    Example

    If you select 12:00, the last operation in the restore is 11:59:59 or earlier.

    Important

    In FCV 4.0, you cannot perform a PIT restore that covers any time prior to the latest backup resync. For the conditions that cause a resync, see Resync a Backup. This note does not apply to FCV 4.2 or later.

    Select a Date and Time.
    Oplog Timestamp

    Creates a custom snapshot that includes all operations up to and including the entered Oplog timestamp. The Oplog Timestamp contains two fields:

    Timestamp Timestamp in the number of seconds that have elapsed since the UNIX epoch
    Increment Order of operation applied in that second as a 32-bit ordinal.

    Type an Oplog Timestamp and Increment.

    Run a query against local.oplog.rs on your replica set to find the desired timestamp.

  2. Click Next.

4

Click Download to Restore the Files Manually.

5

Configure the snapshot download.

  1. Configure the following download options:

    Pull Restore Usage Limit Select how many times the link can be used. If you select No Limit, the link is re-usable until it expires.
    Restore Link Expiration (in hours) Select the number of hours until the link expires. The default value is 1. The maximum value is the number of hours until the selected snapshot expires.
  2. Click Finalize Request.

  3. If you use 2FA, Ops Manager prompts you for your 2FA code. Enter your 2FA code, then click Finalize Request.

6

Retrieve the Snapshots.

Ops Manager creates links to the snapshot. By default, these links are available for an hour and you can use them just once.

To download the snapshots:

  1. If you closed the restore panel, click Backup, then Restore History.
  2. When the restore job completes, click (get link) for each replica set that appears.
  3. Click:
    • The copy button to the right of the link to copy the link to use it later, or
    • Download to download the snapshot immediately.
7

Unmanage the Target Replica Set.

Before attempting to restore the data manually, remove the replica set from Automation.

8

Stop the Target Replica Set.

Depending on your path, you may need to specify the path to the mongo shell. Run:

mongo --port <port> \
      --eval "db.getSiblingDB('admin').shutdownServer()"
9

Verify Hardware and Software Requirements on the Target Replica Set.

Storage Capacity The target host’s hardware needs to have sufficient free storage space for storing the restored data. If you want to keep any existing sharded cluster data on this host, make sure the host has sufficient free space for the sharded cluster data and the restored data.
MongoDB Version The target host on which you are restoring and the source host from which you are restoring must run the same MongoDB Server version. To check the MongoDB version, run mongod --version from a terminal or shell.

To learn more, see installation.

10

Move the Snapshot Data Files to the Target Host.

Before moving the snapshot’s data files to the target host, check whether the target host contains any existing files and delete them.

Unpack the snapshot files and move them to the target host as follows:

tar -xvf <backupSnapshot>.tar.gz
mv <backupSnapshot> </path/to/datafiles>
11

Start the Temporary Standalone Instance on the Ephemeral Port.

In this step, you start the mongod process in standalone mode, and not as a replica set.

Note

Starting mongod in this way is a temporary measure. It allows you to add new configuration parameters to the system.replset collection in subsequent steps.

Use the <ephemeralPort> for the temporary standalone mongod process in all steps in this procedure where it is mentioned. This port must differ from the source and target host ports.

Run the mongod process as follows. Depending on your path, you may need to specify the path to the mongod binary.

mongod  --dbpath </path/to/datafiles> \
        --port <ephemeralPort> \

After the mongod process starts accepting connections, continue.

12

Connect to the Temporary Standalone Instance with the mongo Shell.

From the host running this mongod process, start the mongo shell. Depending on your path, you may need to specify the path to the mongo shell.

To connect to the mongod listening to localhost on the same <ephemeralPort> specified in the previous step, run:

mongo  --port <ephemeralPort>

After the mongo shell connects to mongod, continue.

13
14

Add a New Replica Set Configuration.

Insert the following document into the system.replset collection in the local database. Change the following variables:

  • <replaceMeWithTheReplicaSetName> to the name of your replica set. This name does not have to be the same as the old name.
  • <host> to the host serving this replica set member.
  • <ephemeralPort> to the ephemeral port of the replica set that you specified in Step 11 of this procedure.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
db.getSiblingDB("local").system.replset.insert({
  "_id" : "<replaceMeWithTheReplicaSetName>",
  "version" : NumberInt(1),
  "protocolVersion" : NumberLong(1),
  "members" : [
    {
      "_id" : NumberInt(0),
      "host" : "<host>:<ephemeralPort>"
    }
  ],
  "settings" : {

  }
})

A successful response should look like this:

WriteResult({ "nInserted" : 1 })
15

Insert the Minimum Valid Timestamp.

Issue the following command:

db.getSiblingDB("local").replset.minvalid.insert({
  "_id" : ObjectId(),
  "t" : NumberLong(-1),
  "ts" : Timestamp(0,1)
});

A successful response should look like this:

WriteResult({ "nInserted" : 1 })
16

Set the Restore Point to the Values in Restore Timestamp from restoreInfo.txt.

Set the oplogTruncateAfterPoint document to the values provided in the Restore Timestamp field of the restoreInfo.txt file.

The Restore Timestamp field in that file contains two values. In the following example, the first value is the timestamp, and the second value is the increment.

1
2
3
4
5
...
Restore timestamp:  (1609947369, 2)
Last Oplog Applied: Wed Jan 06 15:36:09 GMT 2021 (1609947369, 1)
MongoDB Version: 4.2.11
...

The following example code uses restoreTS.getTime() for the timestamp value and restoreTs.getInc() for the increment value.

truncateAfterPoint = Timestamp(restoreTS.getTime(), restoreTS.getInc())
db.getSiblingDB("local").replset.oplogTruncateAfterPoint.insert({
   "_id": "oplogTruncateAfterPoint",
   "oplogTruncateAfterPoint": truncateAfterPoint
})

A successful response should look like this:

WriteResult({ "nInserted" : 1 })
17

Stop the Temporary Standalone Instance.

Depending on your path, you may need to specify the path to the mongo shell. Run:

mongo --port <ephemeralPort> \
      --eval "db.getSiblingDB('admin').shutdownServer()"
18

Restart the Instance to Recover the Oplog.

Start the mongod using the following command. The mongod replays the oplog up to the Restore timestamp.

mongod  --dbpath </path/to/datafiles> \
        --port <ephemeralPort> \
        --replSet <replaceMeWithTheReplicaSetName>
19

Stop the Temporary Standalone Instance on the Ephemeral Port.

Depending on your path, you may need to specify the path to the mongo shell. Run:

mongo --port <ephemeralPort> \
      --eval "db.getSiblingDB('admin').shutdownServer()"
20

Run the MongoDB Backup Restore Utility (Point-in-Time Restore Only).

In this step, you download and run the MongoDB Backup Restore Utility on the target instance for the replica set, and then stop the instance.

  1. Download the MongoDB Backup Restore Utility to your host.

    If you closed the restore panel, click Backup, then More and then Download MongoDB Backup Restore Utility.

  2. Start a mongod instance without authentication enabled using the extracted snapshot directory as the data directory. Depending on your path, you may need to specify the path to the mongod binary.

    mongod  --port <ephemeralPort> \
            --dbpath </path/to/datafiles> \
            --setParameter ttlMonitorEnabled=false
    

    Warning

    The MongoDB Backup Restore Utility doesn’t support authentication, so you can’t start this temporary database with authentication.

  3. Run the MongoDB Backup Restore Utility on your target host. Run it once for the replica set.

    Pre-configured mongodb-backup-restore-util command

    Ops Manager provides the mongodb-backup-restore-util with the appropriate options for your restore on the restore panel under Run Binary with PIT Options.

    You should copy the mongodb-backup-restore-util command provided in the Ops Manager Application.

    ./mongodb-backup-restore-util --https --host <targetHost> \
      --port <targetPort> \
      --opStart <opLogStartTimeStamp> \
      --opEnd <opLogEndTimeStamp> \
      --logFile <logPath> \
      --oplogSourceAddr <oplogSourceAddr> \
      --apiKey <apiKey> \
      --groupId <groupId> \
      --rsId <rsId> \
      --whitelist <database1.collection1, database2, etc.> \
      --blacklist <database1.collection1, database2, etc.> \
      --seedReplSetMember \
      --oplogSizeMB <size> \
      --seedTargetPort <port> \
      --ssl \
      --sslCAFile </path/to/ca.pem> \
      --sslPEMKeyFile </path/to/pemkey.pem>
      --sslClientCertificateSubject <distinguishedName> \
      --sslRequireValidServerCertificates <true|false> \
      --sslServerClientCertificate </path/to/client.pem> \
      --sslServerClientCertificatePassword <password> \
      --sslRequireValidMMSBackupServerCertificate <true|false> \
      --sslTrustedMMSBackupServerCertificate </path/to/mms-certs.pem> \
      --httpProxy <proxyURL>
    

    The mongodb-backup-restore-util command uses the following options:

    Option Necessity Description check circle icon
    --host Required Provide the hostname, FQDN, IPv4 address, or IPv6 address for the host that serves the mongod to which the oplog should be applied. If you copied the mongodb-backup-restore-util command provided in the Ops Manager Application, this field is pre-configured. check circle icon
    --port Required Provide the port for the host that serves the mongod to which the oplog should be applied. check circle icon
    --opStart Required

    Provide the BSON timestamp for the first oplog entry you want to include in the restore.

    Note

    This value must be less than or equal to the --opEnd value.

    check circle icon
    --opEnd Required

    Provide the BSON timestamp for the last oplog entry you want to include in the restore.

    Note

    This value cannot be greater than the end of the oplog.

    check circle icon
    --logFile Optional Provide a path, including file name, where the MBRU log is written.  
    --oplogSourceAddr Required Provide the URL for the Ops Manager resource endpoint. check circle icon
    --apiKey Required Provide your Ops Manager Agent API Key. check circle icon
    --groupId Required Provide the group ID. check circle icon
    --rsId Required Provide the replica set ID. check circle icon
    --whitelist Optional Provide a list of databases and/or collections to which you want to limit the restore.  
    --blacklist Optional Provide a list of databases and/or collections to which you want to exclude from the restore.  
    --seedReplSetMember Optional

    Use if you need a replica set member to re-create the oplog collection and seed it with the correct timestamp.

    Requires --oplogSizeMB and --seedTargetPort.

     
    --oplogSizeMB Conditional

    Provide the oplog size in MB.

    Required if --seedReplSetMember is set.

     
    --seedTargetPort Conditional

    Provide the port for the replica set’s primary. This may be different from the ephemeral port used.

    Required if --seedReplSetMember is set.

     
    --ssl Optional

    Use if you need TLS/SSL to apply the oplog to the mongod.

    Requires --sslCAFile and --sslPEMKeyFile.

     
    --sslCAFile Conditional

    Provide the path to the Certificate Authority file.

    Required if --ssl is set.

     
    --sslPEMKeyFile Conditional

    Provide the path to the PEM certificate file.

    Required if --ssl is set.

     
    --sslPEMKeyFilePwd Conditional

    Provide the password for the PEM certificate file specified in --sslPEMKeyFile.

    Required if --ssl is set and that PEM key file is encrypted.

     
    --sslClientCertificateSubject Optional

    Provide the Client Certificate Subject or Distinguished Name (DN) for the target MongoDB process.

    Required if --ssl is set.

     
    --sslRequireValidServerCertificates Optional Set a flag indicating if the tool should validate certificates that the target MongoDB process presents.  
    --sslServerClientCertificate Optional Provide the absolute path to Client Certificate file to use for connecting to the Ops Manager host.  
    --sslServerClientCertificatePassword Conditional

    Provide the absolute path to Client Certificate file password to use for connecting to the Ops Manager host.

    Required if --sslServerClientCertificate is set and that certificate is encrypted.

     
    --sslRequireValidMMSBackupServerCertificate Optional Set a flag indicating if valid certificates are required when contacting the Ops Manager host. Default value is true.  
    --sslTrustedMMSBackupServerCertificate Optional

    Provide the absolute path to the trusted Certificate Authority certificates in PEM format for the Ops Manager host. If this flag is not provided, the system Certificate Authority is used.

    If Ops Manager is using a self-signed SSL certificate, this setting is required.

     
    --httpProxy Optional Provide the URL of an HTTP proxy server the tool can use.  

    check circle icon means that if you copied the mongodb-backup-restore-util command provided in Ops Manager Application, this field is pre-configured.

  4. Stop the mongod on the instance. Depending on your path, you may need to specify the path to the mongo shell. Run:

    mongo --port <EphemeralPort> \
          --eval "db.getSiblingDB('admin').shutdownServer()"
    
21

Restart the Instance to Recover the Oplog.

Start the mongod using the following command. The mongod replays the oplog up to the Restore timestamp. Depending on your path, you may need to specify the path to the mongod binary.

mongod  --dbpath </path/to/datafiles> \
        --port <ephemeralPort> \
        --replSet <replaceMeWithTheReplicaSetName>

After you complete this step, the actual restore process is completed. In the following steps, you restore the configuration of the replica set and reimport it.

22

Stop the Instance on the Ephemeral Port.

Depending on your path, you may need to specify the path to the mongo shell. Run:

mongo --port <ephemeralPort> \
      --eval "db.getSiblingDB('admin').shutdownServer()"
23

Restart the Replica Set as a Standalone Instance.

Start the mongod process as a standalone instance using the following command. For <port>, use the actual port on which this node in the replica set is intended to run. Depending on your path, you may need to specify the path to the mongod binary.

mongod  --dbpath </path/to/datafiles> \
        --port <port>

After the mongod process starts accepting connections, continue.

24

Remove the Temporary Replica Set Configuration.

Run the following command:

mongo --port <port> \
      --eval db.getSiblingDB("local").system.replset.remove({})
25

Stop the Standalone Instance.

Depending on your path, you may need to specify the path to the mongo shell. Run:

mongo --port <port> \
      --eval "db.getSiblingDB('admin').shutdownServer()"
26

Repeat Steps 10 to 25 for each node in the Replica Set.

27

Set up Your Replica Set Configuration.

At this point, the data files in the replica set are in a consistent state, but the replica set configuration needs to be updated so that each node is aware of each other.

Deploy the replica set with the required configuration.

28

Reimport the Replica Set.

To manage the replica set with automation again, import the replica set back into Ops Manager.

Rotate Master Key after Restoring Snapshots Encrypted with AES256-GCM

If you restore an encrypted snapshot that Ops Manager encrypted with AES256-GCM, rotate your master key after completing the restore.