- Back Up and Restore Deployments >
- Restore MongoDB Deployments >
- Restore a Replica Set from a Snapshot
Restore a Replica Set from a Snapshot¶
On this page
When you restore a replica set from backup, Ops Manager provides you with a restore file for the selected restore point. To learn about the restore process, please see Restore Overview.
- FCV of 4.0 or earlier
- FCV of 4.2 or later
Considerations¶
Review change to BinData
BSON sub-type¶
The BSON specification changed the
default subtype for the BSON binary datatype (BinData
) from 2
to 0
. Some binary data stored in a snapshot may be BinData
subtype 2. The Backup automatically detects and converts snapshot
data in BinData
subtype 2 to BinData
subtype 0. If your
application code expects BinData
subtype 2, you must update your
application code to work with BinData
subtype 0.
See also
The notes on the BSON specification explain the particular specifics of this change.
Restore using settings given in restoreInfo.txt
¶
The backup restore file includes a metadata file named
restoreInfo.txt
. This file captures the options the database used
when the snapshot was taken. The database must be run with the listed
options after it has been restored. This file contains:
Group name
Replica Set name
Cluster ID (if applicable)
Snapshot timestamp (as Timestamp at UTC)
Restore timestamp (as a BSON Timestamp at UTC)
Last Oplog applied (as a BSON Timestamp at UTC)
MongoDB version
Storage engine type
mongod startup options
used on the database when the snapshot was takenEncryption (Only appears if encryption is enabled on the snapshot)
Master Key UUID (Only appears if encryption is enabled on the snapshot)
If restoring from an encrypted backup, you must have a certificate provisioned for this Master Key.
Backup Considerations¶
All FCV databases must fulfill the appropriate backup considerations.
Prerequisites¶
To perform manual restores, you must have the Backup Admin role in Ops Manager.
Restore from Encrypted Backup Requires Same Master Key¶
To restore from an encrypted backup, you need the same master key used to encrypt the backup and either the same certificate as is on the Backup Daemon host or a new certificate provisioned with that key from the KMIP host.
If the snapshot is encrypted, the restore panel displays the KMIP
master key id and the KMIP server information. You can also find
the information when you view the snapshot itself as well as in
the restoreInfo.txt
file.
Client Requests During Restoration¶
You must ensure that the MongoDB deployment does not receive client requests during restoration. You must either:
- Restore to new systems with new hostnames and reconfigure your application code once the new deployment is running, or
- Ensure that the MongoDB deployment will not receive client requests while you restore data.
Restore a Snapshot¶
- Automatic Restore
- Manual Restore
To have Ops Manager automatically restore the snapshot:
Click Backup, then the Overview tab.¶
Click the deployment, then click Restore or Download.¶
Select the restore point.¶
Choose the point from which you want to restore your backup.
Restore Type Description Action Snapshot Allows you to choose one stored snapshot. Select an existing snapshot to restore. Point In Time Creates a custom snapshot that includes all operations up to but not including the selected time. By default, the Oplog Store stores 24 hours of data.
Example
If you select
12:00
, the last operation in the restore is11:59:59
or earlier.Important
In FCV 4.0, you cannot perform a PIT restore that covers any time prior to the latest backup resync. For the conditions that cause a resync, see Resync a Backup. This note does not apply to FCV 4.2 or later.
Select a Date and Time. Oplog Timestamp Creates a custom snapshot that includes all operations up to and including the entered Oplog timestamp. The Oplog Timestamp contains two fields:
Timestamp Timestamp in the number of seconds that have elapsed since the UNIX epoch Increment Order of operation applied in that second as a 32-bit ordinal. Type an Oplog Timestamp and Increment.
Run a query against
local.oplog.rs
on your replica set to find the desired timestamp.Click Next.
Finding the latest Oplog Entry
To find the latest Oplog entry, run the following query
in a mongo
shell:
A successful result should look like this:
The parts of the ts
value correspond to the values
you need for the Timestamp and
Increment boxes.
Note
To translate the epoch time into a human-readable timestamp, try using a tool like Epoch Converter
MongoDB does not endorse this service. Its reference is intended only as informational.
Choose to restore the files to another cluster.¶
Click Choose Cluster to Restore to.
Complete the following fields:
Field Action Project Select a project to which you want to restore the snapshot. Cluster to Restore to Select a cluster to which you want to restore the snapshot.
Ops Manager must manage the target replica set.
Warning
Automation removes all existing data from the cluster. All backup data and snapshots for the existing cluster are preserved.
Click Restore.
Ops Manager notes how much storage space the restore requires.
Click Restore.¶
Click Backup, then the Overview tab.¶
Click the deployment, then click Restore or Download.¶
Select the restore point.¶
Choose the point from which you want to restore your backup.
Restore Type Description Action Snapshot Allows you to choose one stored snapshot. Select an existing snapshot to restore. Point In Time Creates a custom snapshot that includes all operations up to but not including the selected time. By default, the Oplog Store stores 24 hours of data.
Example
If you select
12:00
, the last operation in the restore is11:59:59
or earlier.Important
In FCV 4.0, you cannot perform a PIT restore that covers any time prior to the latest backup resync. For the conditions that cause a resync, see Resync a Backup. This note does not apply to FCV 4.2 or later.
Select a Date and Time. Oplog Timestamp Creates a custom snapshot that includes all operations up to and including the entered Oplog timestamp. The Oplog Timestamp contains two fields:
Timestamp Timestamp in the number of seconds that have elapsed since the UNIX epoch Increment Order of operation applied in that second as a 32-bit ordinal. Type an Oplog Timestamp and Increment.
Run a query against
local.oplog.rs
on your replica set to find the desired timestamp.Click Next.
Finding the latest Oplog Entry
To find the latest Oplog entry, run the following query
in a mongo
shell:
A successful result should look like this:
The parts of the ts
value correspond to the values
you need for the Timestamp and
Increment boxes.
Note
To translate the epoch time into a human-readable timestamp, try using a tool like Epoch Converter
MongoDB does not endorse this service. Its reference is intended only as informational.
Click Download to restore the files manually.¶
Configure the snapshot download.¶
Configure the following download options:
Pull Restore Usage Limit Select how many times the link can be used. If you select No Limit
, the link is re-usable until it expires.Restore Link Expiration (in hours) Select the number of hours until the link expires. The default value is 1
. The maximum value is the number of hours until the selected snapshot expires.Click Finalize Request.
If you use 2FA, Ops Manager prompts you for your 2FA code. Enter your 2FA code, then click Finalize Request.
Retrieve the snapshots.¶
Ops Manager creates links to the snapshot. By default, these links are available for an hour and can be used just once.
To download the snapshots:
- If you closed the restore panel, click Backup, then Restore History.
- When the restore job completes, click (get link) for each replica set appears.
- Click:
- The copy button to the right of the link to copy the link to use it later, or
- Download to download the snapshot immediately.
Extra step for point-in-time restores
For point-in-time and oplog timestamp restores, additional instructions are shown. The final step shows the full command you must run using the MBRU. It includes all of the necessary options to ensure a full restore.
Select and copy the mongodb-backup-restore-util
command
provided under Run Binary with PIT Options.
Restore the snapshot data files to the destination host.¶
Example
Run the MongoDB Backup Restore Utility (Point-in-Time Restore Only).¶
Download the MongoDB Backup Restore Utility to your host.
Note
If you closed the restore panel, click Backup, then More and then Download MongoDB Backup Restore Utility.
Start a
mongod
instance without authentication enabled using the extracted snapshot directory as the data directory.Example
Warning
The MongoDB Backup Restore Utility doesn’t support authentication, so you can’t start this temporary database with authentication.
Run the MongoDB Backup Restore Utility on your destination host. Run it once for the replica set.
Pre-configured
mongodb-backup-restore-util
commandOps Manager provides the
mongodb-backup-restore-util
with the appropriate options for your restore on the restore panel under Run Binary with PIT Options.You should copy the
mongodb-backup-restore-util
command provided in the Ops Manager Application.The
mongodb-backup-restore-util
command uses the following options:Option Necessity Description check circle icon --host
Required Provide the hostname, FQDN, IPv4 address, or IPv6 address for the host that serves the mongod to which the oplog should be applied. If you copied the mongodb-backup-restore-util
command provided in the Ops Manager Application, this field is pre-configured.check circle icon --port
Required Provide the port for the host that serves the mongod
to which the oplog should be applied.check circle icon --opStart
Required Provide the BSON timestamp for the first oplog entry you want to include in the restore.
Note
This value must be less than or equal to the
--opEnd
value.check circle icon --opEnd
Required Provide the BSON timestamp for the last oplog entry you want to include in the restore.
Note
This value cannot be greater than the end of the oplog.
check circle icon --logFile
Optional Provide a path, including file name, where the MBRU log is written. --oplogSourceAddr
Required Provide the URL for the Ops Manager resource endpoint. check circle icon --apiKey
Required Provide your Ops Manager Agent API Key. check circle icon --groupId
Required Provide the group ID. check circle icon --rsId
Required Provide the replica set ID. check circle icon --whitelist
Optional Provide a list of databases and/or collections to which you want to limit the restore. --blacklist
Optional Provide a list of databases and/or collections to which you want to exclude from the restore. --seedReplSetMember
Optional Use if you need a replica set member to re-create the oplog collection and seed it with the correct timestamp.
Requires
--oplogSizeMB
and--seedTargetPort
.--oplogSizeMB
Conditional Provide the oplog size in MB.
Required if
--seedReplSetMember
is set.--seedTargetPort
Conditional Provide the port for the replica set’s primary. This may be different from the ephemeral port used.
Required if
--seedReplSetMember
is set.--ssl
Optional Use if you need TLS/SSL to apply the oplog to the
mongod
.Requires
--sslCAFile
and--sslPEMKeyFile
.--sslCAFile
Conditional Provide the path to the Certificate Authority file.
Required if
--ssl
is set.--sslPEMKeyFile
Conditional Provide the path to the PEM certificate file.
Required if
--ssl
is set.--sslPEMKeyFilePwd
Conditional Provide the password for the PEM certificate file specified in
--sslPEMKeyFile
.Required if
--ssl
is set and that PEM key file is encrypted.--sslClientCertificateSubject
Optional Provide the Client Certificate Subject or Distinguished Name (DN) for the target MongoDB process.
Required if
--ssl
is set.--sslRequireValidServerCertificates
Optional Set a flag indicating if the tool should validate certificates that the target MongoDB process presents. --sslServerClientCertificate
Optional Provide the absolute path to Client Certificate file to use for connecting to the Ops Manager host. --sslServerClientCertificatePassword
Conditional Provide the absolute path to Client Certificate file password to use for connecting to the Ops Manager host.
Required if
--sslServerClientCertificate
is set and that certificate is encrypted.--sslRequireValidMMSBackupServerCertificate
Optional Set a flag indicating if valid certificates are required when contacting the Ops Manager host. Default value is true
.--sslTrustedMMSBackupServerCertificate
Optional Provide the absolute path to the trusted Certificate Authority certificates in PEM format for the Ops Manager host. If this flag is not provided, the system Certificate Authority is used.
If Ops Manager is using a self-signed SSL certificate, this setting is required.
--httpProxy
Optional Provide the URL of an HTTP proxy server the tool can use. check circle icon means that if you copied the
mongodb-backup-restore-util
command provided in Ops Manager Application, this field is pre-configured.
Unmanage the Replica Set.¶
Before attempting to restore the data manually, remove the replica set from Automation.
Restore the Replica Set Manually.¶
Follow the tutorial from the MongoDB Manual to restore the replica set.
Reimport the Replica Set.¶
To manage the replica set with automation again, import the replica set back into Ops Manager.
- Automatic Restore
- Manual Restore
To have Ops Manager automatically restore the snapshot:
Click Backup, then the Overview tab.¶
Click the deployment, then click Restore or Download.¶
Select the restore point.¶
Choose the point from which you want to restore your backup.
Restore Type Description Action Snapshot Allows you to choose one stored snapshot. Select an existing snapshot to restore. Point In Time Creates a custom snapshot that includes all operations up to but not including the selected time. By default, the Oplog Store stores 24 hours of data.
Example
If you select
12:00
, the last operation in the restore is11:59:59
or earlier.Important
In FCV 4.0, you cannot perform a PIT restore that covers any time prior to the latest backup resync. For the conditions that cause a resync, see Resync a Backup. This note does not apply to FCV 4.2 or later.
Select a Date and Time. Oplog Timestamp Creates a custom snapshot that includes all operations up to and including the entered Oplog timestamp. The Oplog Timestamp contains two fields:
Timestamp Timestamp in the number of seconds that have elapsed since the UNIX epoch Increment Order of operation applied in that second as a 32-bit ordinal. Type an Oplog Timestamp and Increment.
Run a query against
local.oplog.rs
on your replica set to find the desired timestamp.Click Next.
Choose to restore the files to another cluster.¶
Click Choose Cluster to Restore to.
Complete the following fields:
Field Action Project Select a project to which you want to restore the snapshot. Cluster to Restore to Select a cluster to which you want to restore the snapshot.
Ops Manager must manage the target replica set.
Warning
Automation removes all existing data from the cluster. All backup data and snapshots for the existing cluster are preserved.
Click Restore.
Ops Manager notes how much storage space the restore requires.
Click Restore.¶
Consider Automatic Restore
This procedure involves a large number steps. Some of these steps have severe security implications. If you don’t need to restore to a deployment that Ops Manager doesn’t manage, consider an automated restore.
Click Backup, then the Overview tab.¶
Click the deployment, then click Restore or Download.¶
Select the Restore Point.¶
Choose the point from which you want to restore your backup.
Restore Type Description Action Snapshot Allows you to choose one stored snapshot. Select an existing snapshot to restore. Point In Time Creates a custom snapshot that includes all operations up to but not including the selected time. By default, the Oplog Store stores 24 hours of data.
Example
If you select
12:00
, the last operation in the restore is11:59:59
or earlier.Important
In FCV 4.0, you cannot perform a PIT restore that covers any time prior to the latest backup resync. For the conditions that cause a resync, see Resync a Backup. This note does not apply to FCV 4.2 or later.
Select a Date and Time. Oplog Timestamp Creates a custom snapshot that includes all operations up to and including the entered Oplog timestamp. The Oplog Timestamp contains two fields:
Timestamp Timestamp in the number of seconds that have elapsed since the UNIX epoch Increment Order of operation applied in that second as a 32-bit ordinal. Type an Oplog Timestamp and Increment.
Run a query against
local.oplog.rs
on your replica set to find the desired timestamp.Click Next.
Click Download to Restore the Files Manually.¶
Configure the snapshot download.¶
Configure the following download options:
Pull Restore Usage Limit Select how many times the link can be used. If you select No Limit
, the link is re-usable until it expires.Restore Link Expiration (in hours) Select the number of hours until the link expires. The default value is 1
. The maximum value is the number of hours until the selected snapshot expires.Click Finalize Request.
If you use 2FA, Ops Manager prompts you for your 2FA code. Enter your 2FA code, then click Finalize Request.
Retrieve the Snapshots.¶
Ops Manager creates links to the snapshot. By default, these links are available for an hour and you can use them just once.
To download the snapshots:
- If you closed the restore panel, click Backup, then Restore History.
- When the restore job completes, click (get link) for each replica set that appears.
- Click:
- The copy button to the right of the link to copy the link to use it later, or
- Download to download the snapshot immediately.
Unmanage the Target Replica Set.¶
Before attempting to restore the data manually, remove the replica set from Automation.
Verify Hardware and Software Requirements on the Target Replica Set.¶
Storage Capacity | The target host’s hardware needs to have sufficient free storage space for storing the restored data. If you want to keep any existing sharded cluster data on this host, make sure the host has sufficient free space for the sharded cluster data and the restored data. |
---|---|
MongoDB Version | The target host on which you are restoring and the source host
from which you are restoring must run the same MongoDB
Server version. To check the MongoDB version, run mongod
--version from a terminal or shell. |
To learn more, see installation.
Move the Snapshot Data Files to the Target Host.¶
Before moving the snapshot’s data files to the target host, check whether the target host contains any existing files and delete them.
Unpack the snapshot files and move them to the target host as follows:
Start the Temporary Standalone Instance on the Ephemeral Port.¶
In this step, you start the mongod
process in standalone mode, and not as
a replica set.
Note
Starting mongod
in this way is a temporary measure. It allows you to
add new configuration parameters to the system.replset
collection in
subsequent steps.
Use the <ephemeralPort>
for the temporary standalone mongod
process
in all steps in this procedure where it is mentioned. This port must differ from
the source and target host ports.
Run the mongod
process as follows. Depending on your path, you may
need to specify the path to the mongod
binary.
After the mongod
process starts accepting connections, continue.
Connect to the Temporary Standalone Instance with the mongo
Shell.¶
From the host running this mongod
process, start the
mongo
shell. Depending on your path, you may need to
specify the path to the mongo
shell.
To connect to the mongod
listening to localhost on
the same <ephemeralPort>
specified in the previous step, run:
After the mongo
shell connects to mongod
, continue.
Add a New Replica Set Configuration.¶
Insert the following document into the system.replset
collection
in the local
database. Change the following variables:
<replaceMeWithTheReplicaSetName>
to the name of your replica set. This name does not have to be the same as the old name.<host>
to the host serving this replica set member.<ephemeralPort>
to the ephemeral port of the replica set that you specified in Step 11 of this procedure.
A successful response should look like this:
Insert the Minimum Valid Timestamp.¶
Issue the following command:
A successful response should look like this:
Set the Restore Point to the Values in Restore Timestamp
from restoreInfo.txt
.¶
Set the oplogTruncateAfterPoint
document to the
values provided in the Restore Timestamp
field of the
restoreInfo.txt file.
The Restore Timestamp
field in that file contains two
values. In the following example, the first value is the
timestamp, and the second value is the increment.
The following example code uses restoreTS.getTime()
for the timestamp value and restoreTs.getInc()
for
the increment value.
A successful response should look like this:
Run the MongoDB Backup Restore Utility (Point-in-Time Restore Only).¶
In this step, you download and run the MongoDB Backup Restore Utility on the target instance for the replica set, and then stop the instance.
Download the MongoDB Backup Restore Utility to your host.
If you closed the restore panel, click Backup, then More and then Download MongoDB Backup Restore Utility.
Start a
mongod
instance without authentication enabled using the extracted snapshot directory as the data directory. Depending on your path, you may need to specify the path to themongod
binary.Warning
The MongoDB Backup Restore Utility doesn’t support authentication, so you can’t start this temporary database with authentication.
Run the MongoDB Backup Restore Utility on your target host. Run it once for the replica set.
Pre-configured
mongodb-backup-restore-util
commandOps Manager provides the
mongodb-backup-restore-util
with the appropriate options for your restore on the restore panel under Run Binary with PIT Options.You should copy the
mongodb-backup-restore-util
command provided in the Ops Manager Application.The
mongodb-backup-restore-util
command uses the following options:Option Necessity Description check circle icon --host
Required Provide the hostname, FQDN, IPv4 address, or IPv6 address for the host that serves the mongod to which the oplog should be applied. If you copied the mongodb-backup-restore-util
command provided in the Ops Manager Application, this field is pre-configured.check circle icon --port
Required Provide the port for the host that serves the mongod
to which the oplog should be applied.check circle icon --opStart
Required Provide the BSON timestamp for the first oplog entry you want to include in the restore.
Note
This value must be less than or equal to the
--opEnd
value.check circle icon --opEnd
Required Provide the BSON timestamp for the last oplog entry you want to include in the restore.
Note
This value cannot be greater than the end of the oplog.
check circle icon --logFile
Optional Provide a path, including file name, where the MBRU log is written. --oplogSourceAddr
Required Provide the URL for the Ops Manager resource endpoint. check circle icon --apiKey
Required Provide your Ops Manager Agent API Key. check circle icon --groupId
Required Provide the group ID. check circle icon --rsId
Required Provide the replica set ID. check circle icon --whitelist
Optional Provide a list of databases and/or collections to which you want to limit the restore. --blacklist
Optional Provide a list of databases and/or collections to which you want to exclude from the restore. --seedReplSetMember
Optional Use if you need a replica set member to re-create the oplog collection and seed it with the correct timestamp.
Requires
--oplogSizeMB
and--seedTargetPort
.--oplogSizeMB
Conditional Provide the oplog size in MB.
Required if
--seedReplSetMember
is set.--seedTargetPort
Conditional Provide the port for the replica set’s primary. This may be different from the ephemeral port used.
Required if
--seedReplSetMember
is set.--ssl
Optional Use if you need TLS/SSL to apply the oplog to the
mongod
.Requires
--sslCAFile
and--sslPEMKeyFile
.--sslCAFile
Conditional Provide the path to the Certificate Authority file.
Required if
--ssl
is set.--sslPEMKeyFile
Conditional Provide the path to the PEM certificate file.
Required if
--ssl
is set.--sslPEMKeyFilePwd
Conditional Provide the password for the PEM certificate file specified in
--sslPEMKeyFile
.Required if
--ssl
is set and that PEM key file is encrypted.--sslClientCertificateSubject
Optional Provide the Client Certificate Subject or Distinguished Name (DN) for the target MongoDB process.
Required if
--ssl
is set.--sslRequireValidServerCertificates
Optional Set a flag indicating if the tool should validate certificates that the target MongoDB process presents. --sslServerClientCertificate
Optional Provide the absolute path to Client Certificate file to use for connecting to the Ops Manager host. --sslServerClientCertificatePassword
Conditional Provide the absolute path to Client Certificate file password to use for connecting to the Ops Manager host.
Required if
--sslServerClientCertificate
is set and that certificate is encrypted.--sslRequireValidMMSBackupServerCertificate
Optional Set a flag indicating if valid certificates are required when contacting the Ops Manager host. Default value is true
.--sslTrustedMMSBackupServerCertificate
Optional Provide the absolute path to the trusted Certificate Authority certificates in PEM format for the Ops Manager host. If this flag is not provided, the system Certificate Authority is used.
If Ops Manager is using a self-signed SSL certificate, this setting is required.
--httpProxy
Optional Provide the URL of an HTTP proxy server the tool can use. check circle icon means that if you copied the
mongodb-backup-restore-util
command provided in Ops Manager Application, this field is pre-configured.Stop the
mongod
on the instance. Depending on your path, you may need to specify the path to themongo
shell. Run:
Restart the Instance to Recover the Oplog.¶
Start the mongod
using the following command. The mongod
replays the oplog
up to the Restore timestamp
. Depending on your path, you may need to specify
the path to the mongod
binary.
After you complete this step, the actual restore process is completed. In the following steps, you restore the configuration of the replica set and reimport it.
Restart the Replica Set as a Standalone Instance.¶
Start the mongod
process as a standalone instance using the
following command. For <port>
, use the actual port on which
this node in the replica set is intended to run. Depending on your
path, you may need to specify the path to the mongod
binary.
After the mongod
process starts accepting connections, continue.
Remove the Temporary Replica Set Configuration.¶
Run the following command:
Repeat Steps 10 to 25 for each node in the Replica Set.¶
Set up Your Replica Set Configuration.¶
At this point, the data files in the replica set are in a consistent state, but the replica set configuration needs to be updated so that each node is aware of each other.
Deploy the replica set with the required configuration.
Reimport the Replica Set.¶
To manage the replica set with automation again, import the replica set back into Ops Manager.
Rotate Master Key after Restoring Snapshots Encrypted with AES256-GCM
If you restore an encrypted snapshot that Ops Manager encrypted with AES256-GCM, rotate your master key after completing the restore.