Navigation

Add Existing MongoDB Processes to Cloud Manager

Overview

Cloud Manager provides a wizard for adding your existing MongoDB deployments to monitoring and management. The wizard prompts you to install an Automation Agent if none exists, and then prompts you to identify the cluster, the replica set, or the standalone to add. You can choose to add the deployment to Monitoring or to both Monitoring and Automation.

Considerations

Unique Names

Deployments must have unique names within the projects.

Important

Replica set, sharded cluster, and shard names within the same project must be unique. Failure to have unique names for the deployments will result in broken backup snapshots.

Preferred Hostnames

If the MongoDB process is accessible only by specific hostname or IP address, or if you need to specify the hostname to use for servers with multiple aliases, set up a preferred hostname. For details, see the Preferred Hostnames setting in Project Settings.

Authentication

  • When adding to Monitoring:

    If your MongoDB deployment requires authentication, you must provide the necessary credentials for monitoring when adding the deployment to Cloud Manager. For information on configuring authentication, see Configure MongoDB Authentication and Authorization.

  • When adding to Automation:

    If the Cloud Manager project has MongoDB authentication settings enabled for its deployments, the MongoDB deployment to import must support the projects’s authentication mechanism.

    If either the MongoDB deployment requires authentication or the Cloud Manager project has authentication settings enabled, you must add an automation user with the appropriate roles to the MongoDB process in order to perform the import. If the Cloud Manager project has authentication settings enabled, add the Cloud Manager project’s automation user to the MongoDB process. See Prerequisites.

Automation and Updated Security Settings Upon Import

¬Adding a MongoDB deployment to automation may affect the security settings of the Cloud Manager project or the MongoDB deployment or both.

Enables Cloud Manager Project Security Setting

If the MongoDB deployment requires authentication but the Cloud Manager project does not have authentication settings enabled, upon successful addition of the MongoDB deployment to automation, the project’s security settings will have the security settings of the newly imported deployment.

Note

The import process only enables the Cloud Manager project’s security setting if the project’s security setting is currently not enabled. If the project’s security setting is currently enabled, the import process does not disable the project’s security setting or change its enabled authentication mechanism.

Imports MongoDB Users and Roles

Note

The following applies for situations where at least either the MongoDB deployment requires authentication or the Cloud Manager project has authentication settings enabled.

If the MongoDB deployment contains users or user-defined roles, you can choose to import these users and roles for Cloud Manager to manage. The imported users and roles are Synced to all managed deployments in the Cloud Manager project.

If the Enforce Consistent Set value for the Cloud Manager project is YES, users and roles not imported are deleted from the MongoDB deployment.

If the Enforce Consistent Set value for the Cloud Manager project is No, non-imported users and roles are not managed by Cloud Manager project but remain in the MongoDB deployment. To manage these users and roles, you must connect directly to the MongoDB deployment.

If importing users and roles, before you confirm and deploy the changes, you can, from the Authentication & Users and Authentication & Roles screens, remove specific users and roles from being imported by unmanaging these users. For details on unmanaging MongoDB users, see Manage or Unmanage MongoDB Users.

If the imported MongoDB deployment already has mms-backup-agent and mms-monitoring-agent users in its admin database, the import procedure overrides the roles of these users with the roles for mms-backup-agent and mms-monitoring-agent users as set in the Cloud Manager project.

Applies to All Deployments in Cloud Manager Project

The project’s updated security settings, including all users and roles managed as part of the Cloud Manager project, apply to all deployments in the project, including the imported MongoDB deployment.

Cloud Manager restarts all deployments in the project with the new setting, including the imported MongoDB deployment. All deployments in the project will use the Cloud Manager automation keyfile upon restart.

If the existing deployment or deployments in the project require a different security profile from the imported process, create a new project into which you can import the MongoDB deployment.

Examples of Imported Users

Note

The following applies for situations where at least either the MongoDB deployment requires authentication or the Cloud Manager project has authentication settings enabled.

If you choose to import the MongoDB users and custom roles, once Cloud Manager project manages the MongoDB deployment, regardless of the value of Enforce Consistent Set:

Enforce Consistent Set Results
Yes or No
Cloud Manager project:
  • Authentication is enabled.
  • Manages the imported users and roles.
  • Syncs the new users and roles to all its managed deployments.
The MongoDB deployment:
  • Has access control enabled and requires authentication.
  • All users and roles that the Cloud Manager project manages (i.e. has Synced set to Yes ) exist in the MongoDB deployment.

If you choose not to import the users, once Cloud Manager project manages the MongoDB deployment:

Enforce Consistent Set Results
Yes
Cloud Manager project:
  • Authentication is enabled.
  • Has no changes to its managed users and roles.
The MongoDB deployment:
  • Has access control enabled and requires authentication.
  • The non-imported MongoDB users and roles will be deleted from the MongoDB deployment.
  • All users and roles that the Cloud Manager project manages (i.e. has Synced set to Yes ) exist in the MongoDB deployment.
No
Cloud Manager project:
  • Authentication is enabled.
  • Has no changes to its security settings, including users and roles.
The MongoDB deployment:
  • Has access control enabled and requires authentication.
  • The non-imported MongoDB users and roles remain in the MongoDB deployment.
  • All users and roles managed by the Cloud Manager project (i.e. has Synced set to Yes ) exist in the MongoDB deployment.

Prerequisites

Note

The following prerequisite applies only when adding to Automation.

  • If the Cloud Manager project does not have authentication settings enabled, but the MongoDB process requires authentication, add an automation user for the Cloud Manager project with the appropriate roles. The import process displays the required roles for the user. The added user becomes the project’s Automation Agent user.

  • If the Cloud Manager project has authentication settings enabled, add the Cloud Manager project’s Automation Agent user to the MongoDB process. To find the Automation Agent user, click Deployments, then Security, then Users.

  • To find the password for the Cloud Manager project’s Automation Agent user, you can use the UI, the API or the configuration backup file:

    Using the UI
    1. Navigate to Deployment, Security, and then Authentication & TLS/SSL

    2. Click Edit Settings.

    3. Click Next until you see the Configure Cloud Manager Agents page.

    4. Click Show to the right of the Automation Agent Password field.

      The Automation Agent’s password displays.

    Using the API

    Use the Automation Configuration Resource endpoint:

    curl -u "<username>:<apikey>" --digest -i "<host>/api/public/v1.0/groups/<Group-ID>/automationConfig"
    
    Using the Cloud Manager Configuration Backup file

    Open the mmsConfigBackup file in your preferred text editor and find the autoPwd value.

Example

If the Cloud Manager project has Username/Password mechanism selected for its authentication settings, add the project’s Cloud Manager Automation Agents User mms-automation to the admin database in the MongoDB deployment to import.

use admin

db.createUser(
   {
     user: "mms-automation",
     pwd: <password>,
     roles: [
        'clusterAdmin',
        'dbAdminAnyDatabase',
        'readWriteAnyDatabase',
        'userAdminAnyDatabase',
        'restore'
     ]
   }
)

Important

If you are adding a sharded cluster, you must create this user through the mongos and on every shard. That is, create the user both as a cluster wide user through mongos as well as a shard local user on each shard.

Add MongoDB Processes

1

Click Deployment.

2

Click Add and select Existing MongoDB Deployment.

3

Follow the prompts to add the deployment.