Docs Menu

Docs HomeMongoDB Cloud Manager

Query a Backup Snapshot

On this page

  • Considerations
  • Prerequisites
  • Query Backup (Use Tunnel to Connect)
  • Query Backup (Handle TLS Authentication Manually)
  • Next Steps

Cloud Manager provides queryable backups. This functionality allows you to more quickly query specific backup snapsnots. You can use the queryable backups to:

  • Restore a subset of data within the MongoDB deployment.

  • Compare previous versions of data against the current data.

  • Identify the best point in time to restore a system by comparing data from multiple snapshots.

Cloud Manager provisions these queryable snapshots as read-only MongoDB instances.

Important

These instances are available for up to 24 hours.

You cannot perform the following operations on queryable snapshots:

  • Map-reduce operations.

  • Queries that require disk usage, such as running aggregation with the allowDiskUse option to perform large sort operations.

If you encrypted your snapshots, you can't query those encrypted snapshots.

If you applied namespace filters to a snapshot, you can't query that snapshot.

Connections to these instances are over TLS/SSL and require x.509 authentication. Cloud Manager provides:

  • An executable that creates a tunnel which handles the connection, including the client TLS/SSL and the x.509 authentication.

  • x.509 certificates if you want to handle the connection details manually, including the TLS/SSL and the x.509 authentication.

Queryable backups are available for MongoDB 3.2 or later replica sets or MongoDB 3.2 or later sharded clusters with CSRS.

Important

Use the latest versions of MongoDB Database Tools, which include mongodump and mongorestore. Use the latest version of mongosh.

Older versions of mongodump include an issue that can cause keys in collection options to be dumped in the wrong order. To learn more, see TOOLS-3411.

Note

The tunnel handles the security (TLS/SSL and x.509 authentication) for connecting to the instance.

1

For the deployment whose backup you want to query, click the ellipsis button under Options column and select Query.

You can also click the deployment to view its snapshots and click the Query button under the Actions column.

2
  1. Select the snapshot to query and click Next.

  2. Start the process to query a snapshot. You will be prompted for 2-factor verification.

  3. Select Backup Tunnel as the connection method to the queryable snapshot.

  4. Select your Platform and download.

  5. Uncompress the downloaded file.

  6. Open a terminal or command prompt and go to the uncompressed <tunnel> directory. Run the executable to start the tunnel.

    The default port for the tunnel is 27017. To change the port, use the --local flag, as in the following example:

    ./<tunnel executable> --local localhost:27020

    Note

    If you change the port, you must include the port information when connecting.

    For the full list of options you can pass to the tunnel, run the tunnel exectuable with the -h option:

    ./<tunnel executable> -h
  7. Use mongosh or a MongoDB driver to connect to the backup via the tunnel.

    • If connecting locally from the same machine as where the tunnel is running, you do not need to specify a connection string or host information. Otherwise, specify a connection string or host information for the machine where the tunnel is running.

    • If you have changed the port that the tunnel is listening on, you must specify the port information when connecting.

Tip

Once you have finished querying this snapshot, you can terminate the queryable instance:

  1. Go to the Restore History and hover over the Status column for the deployment item.

  2. Click Cancel.

Important

Rotate Master Key after Restoring Snapshots Encrypted with AES256-GCM

If you restore an encrypted snapshot that Cloud Manager encrypted with AES256-GCM, rotate your master key after completing the restore.

Note

The X.509 certificates are valid for 24 hours.

1

For the deployment whose backup you want to query, click under Options column then select Query.

You can also click the deployment to view its snapshots and click the Query button under the Actions column.

2
  1. Select the snapshot to query and click Next.

  2. Start the process to query a snapshot. If prompted for your password, enter your password to verify.

  3. Select Connect Manually as the connection method to the queryable snapshot.

  4. Download the X.509 client PEM file.

  5. Download the Certificate Authority PEM file.

  6. Use mongosh or a MongoDB driver to connect to the queryable backup host. To connect, you must specify the hostname and port, the TLS option, and the X.509 certificates.

    Example

    If using mongosh to connect to the instance:

    mongosh my-queryable-backup-host.mongodb.com:27217 \
    --tls --tlsCertificateKeyFile <client certificate> \
    --tlsCAFile mms-backup-ca.pem

Tip

Once you have finished querying this snapshot, you can terminate the queryable instance:

  1. Go to the Restore History and hover over the Status column for the deployment item.

  2. Click Cancel.

Important

Rotate Master Key after Restoring Snapshots Encrypted with AES256-GCM

If you restore an encrypted snapshot that Cloud Manager encrypted with AES256-GCM, rotate your master key after completing the restore.

To restore a database or a collection using the queryable backup MongoDB instance, see Restore a Database or Collection from Queryable Backup.

←  Restore a Replica Set from a SnapshotRestore a Single Database or Collection →