HomeLearnArticleAuto Pausing Inactive Clusters

Auto Pausing Inactive Clusters

Updated: Apr 22, 2022 |

Published: Jan 19, 2022

  • Atlas
  • Realm
  • Triggers

By Brian Leonard

Rate this article

#Auto Pausing Inactive Clusters

#Introduction

A couple of years ago I wrote an article on how to pause and/or scale clusters using scheduled triggers. It’s worth familiarizing yourself with those concepts because I will not repeat them here. Rather, I’m adding a wrinkle that will pause clusters across an entire organization based on inactivity. Specifically, I’m looking at the Database Access History to determine activity.

It is important to note this logging limitation:

If a cluster experiences an activity spike and generates an extremely large quantity of log messages, Atlas may stop collecting and storing new logs for a period of time.

Therefore, this script could get a false positive that a cluster is inactive when indeed quite the opposite is happening. Given, however, that the intent of this script is for managing lower, non-production environments, I don’t see the false positives as a big concern.

#Architecture

The implementation uses a Scheduled Trigger. The trigger calls a series of Realm Functions, which use the Atlas Administration APIs to iterate over the organization’s projects and their associated clusters, testing the cluster inactivity (as explained in the introduction) and finally pausing the cluster if it is indeed inactive.

Architecture
Architecture

#API Keys

In order to call the Atlas Administrative APIs, you'll first need an API Key with the Organization Owner role. API Keys are created in the Access Manager, which you'll find in the Organization menu on the left:

Access Manager
Access Manager

Organization Access Manager
Organization Access Manager

Click Create API Key. Give the key a description and be sure to set the permissions to Organization Owner:

Create API Key
Create API Key

When you click Next, you'll be presented with your Public and Private keys. Save your private key as Atlas will never show it to you again.

As an extra layer of security, you also have the option to set an IP Access List for these keys. I'm skipping this step, so my key will work from anywhere.

Create API Key
Create API Key

#Deployment

#Create a Project for Automation

Since this solution works across your entire Atlas organization, I like to host it in its own dedicated Atlas Project.

Create Project
Create Project

#Create a Realm Application

Realm provides a powerful application development backend as a service. To begin using it, just click the Realm tab.

Realm
Realm

You'll see that Realm offers a bunch of templates to get you started. For this use case, just select the first option to Build your own App:

Welcome to MongoDB Realm
Welcome to MongoDB Realm

You'll then be presented with options to link a data source, name your application and choose a deployment model. The current iteration of this utility doesn't use a data source, so you can ignore that step (Realm will create a free cluster for you). You can also leave the deployment model at its default (global), unless you want to limit the application to a specific region.

I've named the application Atlas Cluster Automation:

Welcome to MongoDB Realm
Welcome to MongoDB Realm

From here, you have the option to simply import the Realm application and adjust any of the functions to fit your needs. If you prefer to build the application from scratch, skip to the next section.

#Import Option

#Step 1: Store the API Secret Key.

The extract has a dependency on the API Secret Key, thus the import will fail if it is not configured beforehand.

Use the Values menu on the left to Create a Secret named AtlasPrivateKeySecret containing your private key (the secret is not in quotes):

Secret Value
Secret Value

#Step 1: Install the Realm CLI

Realm CLI is available on npm. To install version 2 of the Realm CLI on your system, ensure that you have Node.js installed and then run the following command in your shell:

npm install -g mongodb-realm-cli

#Step 2: Extract the Application Archive

Download and extract the AtlasClusterAutomation.zip.

#Step 3: Log into Atlas

To configure your app with realm-cli, you must log in to Atlas using your API keys:

1✗ realm-cli login --api-key="<Public API Key>" --private-api-key="<Private API Key>"
2Successfully logged in

#Step 4: Get the Realm Application ID

Select the App Setting menu and copy your Application ID:

Application ID
Application ID

#Step 5: Import the Application

Run the following realm-cli push command from the directory where you extracted the export:

1realm-cli push --remote="<Your App ID>"
2
3...
4A summary of changes
5...
6
7? Please confirm the changes shown above Yes
8Creating draft
9Pushing changes
10Deploying draft
11Deployment complete
12Successfully pushed app up:

After the import, replace the `AtlasPublicKey' with your API public key value.

Public Key Value
Public Key Value

#Review the Imported Application

The imported application includes 5 Functions:

Functions
Functions

And the Trigger which calls the pauseInactiveClusters function:

Triggers
Triggers

The trigger is schedule to fire every 30 minutes. Note, the pauseClusters function that the trigger calls currently only logs cluster activity. This is so you can monitor and verify that the fuction behaves as you desire. When ready, uncomment the line that calls the pauseCluster function:

1 if (!is_active) {
2 console.log(`Pausing ${project.name}:${cluster.name} because it has been inactive for more then ${minutesInactive} minutes`);
3 //await context.functions.execute("pauseCluster", project.id, cluster.name, pause);

In addition, the pauseClusters function can be configured to exclude projects (such as those dedicated to production workloads):

1 /*
2 * These project names are just an example.
3 * The same concept could be used to exclude clusters or even
4 * configure different inactivity intervals by project or cluster.
5 * These configuration options could also be stored and read from
6 * and Atlas database.
7 */
8 excludeProjects = ['PROD1', 'PROD2'];

Now that you have reviewed the draft, as a final step go ahead and deploy the Realm application.

Review Draft & Deploy
Review Draft & Deploy

#Build it Yourself Option

To understand what's included in the application, here are the steps to build it yourself from scratch.

#Step 1: Store the API Keys

The functions we need to create will call the Atlas APIs, so we need to store our API Public and Private Keys, which we will do using Values & Secrets. The sample code I provide references these values as AtlasPublicKey and AtlasPrivateKey, so use those same names unless you want to change the code where they’re referenced.

You'll find Values under the Build menu:

Values
Values

First, create a Value for your public key (note, the key is in quotes):

Public Key Value
Public Key Value

Create a Secret containing your private key (the secret is not in quotes):

Secret Value
Secret Value

The Secret cannot be accessed directly, so create a second Value that links to the secret:

Private Key Value
Private Key Value

Review Draft & Deploy
Review Draft & Deploy

#Step 2: Create the Functions

The four functions that need to be created are pretty self-explanatory, so I’m not going to provide a bunch of additional explanations here.

#getProjects

This standalone function can be test run from the Realm console to see the list of all the projects in your organization.

1/* * Returns an array of the projects in the organization * See https://docs.atlas.mongodb.com/reference/api/project-get-all/ * * Returns an array of objects, e.g. * * { * "clusterCount": { * "$numberInt": "1" * }, * "created": "2021-05-11T18:24:48Z", * "id": "609acbef1b76b53fcd37c8e1", * "links": [ * { * "href": "https://cloud.mongodb.com/api/atlas/v1.0/groups/609acbef1b76b53fcd37c8e1", * "rel": "self" * } * ], * "name": "mg-training-sample", * "orgId": "5b4e2d803b34b965050f1835" * } * */
2exports = async function() {
3
4 // Get stored credentials...
5 const username = await context.values.get("AtlasPublicKey");
6 const password = await context.values.get("AtlasPrivateKey");
7
8 const arg = {
9 scheme: 'https',
10 host: 'cloud.mongodb.com',
11 path: 'api/atlas/v1.0/groups',
12 username: username,
13 password: password,
14 headers: {'Content-Type': ['application/json'], 'Accept-Encoding': ['bzip, deflate']},
15 digestAuth:true,
16 };
17
18 // The response body is a BSON.Binary object. Parse it and return.
19 response = await context.http.get(arg);
20
21 return EJSON.parse(response.body.text()).results;
22};

#getProjectClusters

After getProjects is called, the trigger iterates over the results, passing the projectId to this getProjectClusters function.

To test this function, you need to supply a projectId. By default, the Console supplies ‘Hello world!’, so I test for that input and provide some default values for easy testing.

1/* * Returns an array of the clusters for the supplied project ID. * See https://docs.atlas.mongodb.com/reference/api/clusters-get-all/ * * Returns an array of objects. See the API documentation for details. * */
2exports = async function(project_id) {
3
4 if (project_id == "Hello world!") { // Easy testing from the console
5 project_id = "5e8f8268d896f55ac04969a1"
6 }
7
8 // Get stored credentials...
9 const username = await context.values.get("AtlasPublicKey");
10 const password = await context.values.get("AtlasPrivateKey");
11
12 const arg = {
13 scheme: 'https',
14 host: 'cloud.mongodb.com',
15 path: `api/atlas/v1.0/groups/${project_id}/clusters`,
16 username: username,
17 password: password,
18 headers: {'Content-Type': ['application/json'], 'Accept-Encoding': ['bzip, deflate']},
19 digestAuth:true,
20 };
21
22 // The response body is a BSON.Binary object. Parse it and return.
23 response = await context.http.get(arg);
24
25 return EJSON.parse(response.body.text()).results;
26};

#clusterIsActive

This function contains the logic that determines if the cluster can be paused.

Most of the work in this function is manipulating the timestamp in the database access log so it can be compared to the current time and lookback window.

In addition to returning true (active) or false (inactive), the function logs it’s findings, for example:

Checking if cluster 'SA-SHARED-DEMO' has been active in the last 60 minutes

1 Wed Nov 03 2021 19:52:31 GMT+0000 (UTC) - job is being run
2 Wed Nov 03 2021 18:52:31 GMT+0000 (UTC) - cluster inactivity before this time will be reported inactive
3 Wed Nov 03 2021 19:48:45 GMT+0000 (UTC) - last logged database access
4Cluster is Active: Username 'brian' was active in cluster 'SA-SHARED-DEMO' 4 minutes ago.

Like getClusterProjects, there’s a block you can use to provide some test project ID and cluster names for easy testing from the Realm console.

1/* * Used the database access history to determine if the cluster is in active use. * See https://docs.atlas.mongodb.com/reference/api/access-tracking-get-database-history-clustername/ * * Returns true (active) or false (inactive) * */
2exports = async function(project_id, clusterName, minutes) {
3
4 if (project_id == 'Hello world!') { // We're testing from the console
5 project_id = "5e8f8268d896f55ac04969a1";
6 clusterName = "SA-SHARED-DEMO";
7 minutes = 60;
8 } /*else { console.log (`project_id: ${project_id}, clusterName: ${clusterName}, minutes: ${minutes}`) }*/
9
10 // Get stored credentials...
11 const username = await context.values.get("AtlasPublicKey");
12 const password = await context.values.get("AtlasPrivateKey");
13
14 const arg = {
15 scheme: 'https',
16 host: 'cloud.mongodb.com',
17 path: `api/atlas/v1.0/groups/${project_id}/dbAccessHistory/clusters/${clusterName}`,
18 //query: {'authResult': "true"},
19 username: username,
20 password: password,
21 headers: {'Content-Type': ['application/json'], 'Accept-Encoding': ['bzip, deflate']},
22 digestAuth:true,
23 };
24
25 // The response body is a BSON.Binary object. Parse it and return.
26 response = await context.http.get(arg);
27
28 accessLogs = EJSON.parse(response.body.text()).accessLogs;
29
30 now = Date.now();
31 const MS_PER_MINUTE = 60000;
32 var durationInMinutes = (minutes < 30, 30, minutes); // The log granularity is 30 minutes.
33 var idleStartTime = now - (durationInMinutes * MS_PER_MINUTE);
34
35 nowString = new Date(now).toString();
36 idleStartTimeString = new Date(idleStartTime).toString();
37 console.log(`Checking if cluster '${clusterName}' has been active in the last ${durationInMinutes} minutes`)
38 console.log(` ${nowString} - job is being run`);
39 console.log(` ${idleStartTimeString} - cluster inactivity before this time will be reported inactive`);
40
41 clusterIsActive = false;
42
43 accessLogs.every(log => {
44 if (log.username != 'mms-automation' && log.username != 'mms-monitoring-agent') {
45
46 // Convert string log date to milliseconds
47 logTime = Date.parse(log.timestamp);
48
49 logTimeString = new Date(logTime);
50 console.log(` ${logTimeString} - last logged database access`);
51
52 var elapsedTimeMins = Math.round((now - logTime)/MS_PER_MINUTE, 0);
53
54 if (logTime > idleStartTime ) {
55 console.log(`Cluster is Active: Username '${log.username}' was active in cluster '${clusterName}' ${elapsedTimeMins} minutes ago.`);
56 clusterIsActive = true;
57 return false;
58 } else {
59 // The first log entry is older than our inactive window
60 console.log(`Cluster is Inactive: Username '${log.username}' was active in cluster '${clusterName}' ${elapsedTimeMins} minutes ago.`);
61 clusterIsActive = false;
62 return false;
63 }
64 }
65 return true;
66
67 });
68
69 return clusterIsActive;
70
71};

#pauseCluster

Finally, if the cluster is inactive, we pass the project Id and cluster name to pauseCluster. This function can also resume a cluster, although that feature is not utilized for this use case.

1/* * Pauses the named cluster * See https://docs.atlas.mongodb.com/reference/api/clusters-modify-one/ * */
2exports = async function(projectID, clusterName, pause) {
3
4 // Get stored credentials...
5 const username = await context.values.get("AtlasPublicKey");
6 const password = await context.values.get("AtlasPrivateKey");
7
8 const body = {paused: pause};
9
10 const arg = {
11 scheme: 'https',
12 host: 'cloud.mongodb.com',
13 path: `api/atlas/v1.0/groups/${projectID}/clusters/${clusterName}`,
14 username: username,
15 password: password,
16 headers: {'Content-Type': ['application/json'], 'Accept-Encoding': ['bzip, deflate']},
17 digestAuth:true,
18 body: JSON.stringify(body)
19 };
20
21 // The response body is a BSON.Binary object. Parse it and return.
22 response = await context.http.patch(arg);
23
24 return EJSON.parse(response.body.text());
25};

#pauseInactiveClusters

This function will be called by a trigger. As it's not possible to pass a parameter to a scheduled trigger, it uses a hard-coded lookback window of 60 minutes that you can change to meet your needs. You could even store the value in an Atlas database and build a UI to manage its setting :-).

The function will evaluate all projects and clusters in the organization where it’s hosted. Understanding that there are likely projects or clusters that you never want paused, the function also includes an excludeProjects array, where you can specify a list of project names to exclude from evaluation.

Finally, you’ll notice the call to pauseCluster is commented out. I suggest you run this function for a couple of days and review the Trigger logs to verify it behaves as you’d expect.

1/* * Iterates over the organizations projects and clusters, * pausing clusters inactive for the configured minutes. */
2exports = async function() {
3
4 minutesInactive = 60;
5
6 /* * These project names are just an example. * The same concept could be used to exclude clusters or even * configure different inactivity intervals by project or cluster. * These configuration options could also be stored and read from * and Atlas database. */
7 excludeProjects = [PROD1, 'PROD2'];
8
9 const projects = await context.functions.execute("getProjects");
10
11 projects.forEach(async project => {
12
13 if (excludeProjects.includes(project.name)) {
14 console.log(`Project '${project.name}' has been excluded from pause.`)
15 } else {
16
17 console.log(`Checking project '${project.name}'s clusters for inactivity...`);
18
19 const clusters = await context.functions.execute("getProjectClusters", project.id);
20
21 clusters.forEach(async cluster => {
22
23 if (cluster.providerSettings.providerName != "TENANT") { // It's a dedicated cluster than can be paused
24
25 if (cluster.paused == false) {
26
27 is_active = await context.functions.execute("clusterIsActive", project.id, cluster.name, minutesInactive);
28
29 if (!is_active) {
30 console.log(`Pausing ${project.name}:${cluster.name} because it has been inactive for more then ${minutesInactive} minutes`);
31 //await context.functions.execute("pauseCluster", project.id, cluster.name, true);
32 } else {
33 console.log(`Skipping pause for ${project.name}:${cluster.name} because it has active database users in the last ${minutesInactive} minutes.`);
34 }
35 }
36 }
37 });
38 }
39 });
40
41 return true;
42};

#Step 3: Create the Scheduled Trigger

Yes, we’re still using a scheduled trigger, but this time the trigger will run periodically to check for cluster inactivity. Now, your developers working late into the night will no longer have the cluster paused underneath them.

trigger
image_tooltip

#Step 4: Deploy

As a final step you need to deploy the Realm application.

Review Draft & Deploy
Review Draft & Deploy

#Summary

The genesis for this article was a customer, when presented my previous article on scheduling cluster pauses, asked if the same could be achieved based on inactivity. It’s my belief that with the Atlas APIs, anything could be achieved. The only question was what constitutes inactivity? Given the heartbeat and replication that naturally occurs, there’s always some “activity” on the cluster. Ultimately, I settled on database access as the guide. Over time, that metric may be combined with some additional metrics or changed to something else altogether, but the bones of the process are here.

Rate this article

Related

Atlas Cluster Automation Using Scheduled Triggers
MongoDB logo
© 2021 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2021 MongoDB, Inc.