Docs Menu
Docs Home
/
MongoDB Cloud Manager
/

MongoDB Agent Settings

On this page

  • Configuration File & Settings Locations
  • MongoDB Agent Settings
  • Logging Settings
  • Connection Settings
  • HTTP Proxy Settings
  • Configuration Backup Settings
  • Cloud Manager TLS Settings
  • Push Live Migration Settings
  • Externally Sourced Configuration Settings
  • Transparent Huge Page (THP) Settings
  • Automation Settings
  • MongoDB Kerberos Settings
  • Monitoring Settings
  • Log Settings
  • Custom Settings
  • Backup Settings
  • Log Settings
  • Custom Settings

This page describes possible settings for the MongoDB Agent. These values are set after first launching Cloud Manager and not through manual editing of these files.

Warning

If you edit authentication or TLS settings through Settings or Deployments in the Cloud Manager interface, those changes overwrite any manual changes in this configuration file.

The location of the MongoDB Agent configuration file is C:\MMSData\Automation\automation-agent.config.

Note

The MongoDB Agent configuration file is named automation-agent.config as a way to enable easier upgrades for those using legacy agents.

The location of the MongoDB Agent configuration file is /etc/mongodb-mms/automation-agent.config.

Note

The MongoDB Agent configuration file is named automation-agent.config as a way to enable easier upgrades for those using legacy agents.

The location of the MongoDB Agent configuration file is /etc/mongodb-mms/automation-agent.config.

Note

The MongoDB Agent configuration file is named automation-agent.config as a way to enable easier upgrades for those using legacy agents.

The location of the MongoDB Agent configuration file is /path/to/install/local.config.

You can configure additional Monitoring settings and Backup settings through the Cloud Manager Console.

The following settings are required. All other settings are set to default values.

mmsGroupId

Type: string

Required.

Specifies the ID of your Cloud Manager project. To locate this value:

  1. In MongoDB Cloud Manager, go to the Deployment page for your project.

    1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

    2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

    3. If the Deployment page is not already displayed, click Deployment in the sidebar.

      The Deployment page displays.

  2. Click the Agents tab for your deployment.

    The Agents page displays.

  3. Select the appropriate operating system under Downloads & Settings.

  4. To copy this value directly, in the Install Agent Instructions box, click .

This setting is usually set when the MongoDB Agent is installed and is required to bind the server to a project.

mmsGroupId=8zvbo2s2asigxvmpnkq5yexf
mmsApiKey

Type: string

Required.

Specifies the Cloud Manager agent API key of your Cloud Manager project.

You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys.

To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab:

  1. In MongoDB Cloud Manager, go to the Deployment page for your project.

    1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

    2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

    3. If the Deployment page is not already displayed, click Deployment in the sidebar.

      The Deployment page displays.

  2. Click the Agents tab for your deployment.

    The Agents page displays.

  3. Click the Agent API Keys tab.

Important

When you generate an Agent API Key, Cloud Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Cloud Manager never displays the full key again.

This setting is usually set when the MongoDB Agent is installed and is required to bind the server to a project.

Note

To enable the MongoDB Agent to request the Agent API Key from a shell command, set the mmsApiKeyExec option in the configuration file rather than setting the mmsApiKey option.

mmsApiKey=8zvbo2s2asigxvmpnkq5yexf
mmsBaseUrl

Type: string

Specifies the URL of the Cloud Manager.

Important

This value is set by default and should not be modified.

mmsBaseUrl=https://api-agents.mongodb.com
logFile

Type: string

Specifies the path to which Cloud Manager should write the MongoDB Agent's log.

The default path depends on your platform. The MongoDB Agent uses the default filename automation-agent.log whether or not the deployment uses Automation.

Important

Automatic rotation of your MongoDB Agent logs only occurs when an update to the log file is made. To manually rotate your MongoDB Agent logs, see Manually Rotate the MongoDB Agent Logs for more information.

Platform
Default Path
Linux
/var/log/mongodb-mms-automation/automation-agent.log
Windows
C:\MMSAutomation\log\mongodb-mms-automation\automation-agent.log
logFile=/path/to/mongodb-mms-automation/automation-agent.log
logLevel

Type: string

Specifies the level of logging granularity.

Choose from the following severity levels, from most to least amount of information:

  • DEBUG

  • INFO

  • WARN

  • ERROR

  • FATAL

By default, logLevel is INFO.

logLevel=ROUTINE

Each level includes the log items included in the succeeding levels.

Example

  • If you choose DEBUG, the MongoDB Agent logs all messages, including INFO, WARN, ERROR and FATAL.

  • If you choose FATAL, the MongoDB Agent only logs FATAL messages.

maxLogFiles

Type: integer

Specifies the maximum number of rotated log files to retain.

By default, the value of maxLogFiles is set to 10. You can change the value to retain a different number of rotated log files.

maxLogFiles=15
maxLogFileDurationHrs

Type: float

Specifies the number of hours after which the logs are rotated.

Note

Manually Rotate the MongoDB Agent Logs

On UNIX- and Linux-based systems you can manually rotate the MongoDB Agent logs. Issue a kill command with the SIGUSR1 signal for the Agent process:

kill -SIGUSR1 <AgentID>

On Windows-based systems, you can manually restart the MongoDB Agent with a Service restart:

  1. Click the Start menu.

  2. Search for services.

  3. Find the MongoDB Agent.

  4. Right-click on the Agent and click Restart.

This rotates the MongoDB Agent logs.

maxLogFileSize

Type: integer

Specifies the maximum size, in bytes, of a log file before the logs are rotated. If unspecified, the MongoDB Agent does not rotate logs based on file size.

By default, the value of maxLogFileSize is set to 268435456 bytes. You can change the value to assign a different maximum size for a log file.

maxLogFileSize=536870912
maxUncompressedLogFiles

Type: integer

Specifies the maximum number of rotated log files to keep uncompressed. MongoDB Agent automatically compresses any additional retained log files up to the maxLogFiles value.

By default, the value of maxUncompressedLogFiles is set to 2. You can change the value to compress a different number of rotated log files.

maxUncompressedLogFiles=10
dialTimeoutSeconds

Type: integer

Specifies the number of seconds to wait before a connection times out. By default, connections time out after 40 seconds. However, The MongoDB Agent may frequently time out of connections for one or more of the following reasons:

  • High network latency

  • High server load

  • Large TLS keys

  • Lack of TLS accelerator

  • Insufficient CPU speed

MongoDB recommends gradually increasing the value of the dialTimeoutSeconds MongoDB Agent configuration setting to prevent frequent premature connection timeouts.

dialTimeoutSeconds=40

Note

Increasing this value also increases the time required to deploy configuration changes to the MongoDB Agent. Experiment with small, incremental increases until you determine the optimum value for your deployment.

serverSelectionTimeoutSeconds

Type: integer

Specifies the number of seconds the MongoDB Agent waits before it stops trying to establish a connection to a MongoDB process. By default, the MongoDB Agent abandons attempts to establish a connection after 10 seconds.

serverSelectionTimeoutSeconds=10
httpProxy

Type: string

Specifies the URL of an HTTP proxy server the MongoDB Agent can use.

httpProxy=http://proxy.example.com:8080
mmsConfigBackup

Type: string

Specifies the path to the Cloud Manager configuration backup file. This file describes the desired state of the deployment.

If you don't specify the mmsConfigBackup setting, the MongoDB Agent writes the mongodb-mms-automation-cluster-backup.json file to a temporary folder on the operating system.

If you set enableLocalConfigurationServer to true, the MongoDB Agent doesn't write the mmsConfigBackup file.

mmsConfigBackup=/path/to/mms-cluster-config-backup.json

Specify the settings that the MongoDB Agent uses when communicating with Cloud Manager using TLS.

httpsCAFile

Type: string

Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. This certificate verifies that the MongoDB Agent is talking to the designated Cloud Manager instance.

httpsCAFile=/path/to/ca.pem

Note

Add the Certificate Authority for the downloads.mongodb.com certificate to this .pem file if you:

  1. Need your MongoDB Agents to download their MongoDB installers from the Internet,

  2. Use TLS to encrypt connections, and

  3. Signed your certificates with a private Certificate Authority. (You set the httpsCAFile option.)

To learn how to download TLS certificates from another web site, see the OpenSSL Cookbook entry.

Important

When Cloud Manager starts, it caches the Certificate Authority you provided. If you change your Certificate Authority certificate, restart Cloud Manager.

sslRequireValidMMSServerCertificates

Type: boolean

Important

Deprecated. Use tlsRequireValidMMSServerCertificates instead.

tlsRequireValidMMSServerCertificates

Type: boolean

Specifies if the MongoDB Agent should validate TLS certificates presented by Cloud Manager.

Warning

Setting this option to false disables certificate verification and makes connections between the MongoDB Agent and Cloud Manager susceptible to man-in-the-middle attacks. Setting this option to false is only recommended for testing purposes.

tlsRequireValidMMSServerCertificates=true
agentFeatureCloudMigrationEnabled

Type: boolean

Optional.

Specifies whether the MongoDB Agent on the migration host is configured to run the Live Migration process from a source Cloud Manager deployment to a target cluster in Atlas.

This option defaults to false, which prevents using the MongoDB Agent on this host for Live Migration to Atlas.

To enable the Live Migration process, provision a migration host and set agentFeatureCloudMigrationEnabled to true.

cloudMigrationOplogPath

Type: string

Optional.

Path to the oplog files. If specified, this setting buffers the initial sync oplog window to disk. Provision enough storage in the specified directory for the oplog buffering.

enableLocalConfigurationServer

Type: boolean

Specifies whether the MongoDB Agent stores MongoDB process configuration files on disk or cached in memory.

This option defaults to false, which stores the configuration files on disk. Setting this option to true caches the configuration in memory.

If you set this option to true, the MongoDB Agent doesn't write the mmsConfigBackup file.

Don't set this option to true if your MongoDB databases are running FCV 4.2 or earlier.

Warning

Setting this option to true impacts the availability of your deployment.

When this feature is enabled, the MongoDB Agent doesn't store the MongoDB process configuration on disk. If the Cloud Manager app server is unavailable and the MongoDB Agent attempts to restart, then the MongoDB Agent stops running because it doesn't have the necessary configuration information. If a MongoDB process crashes while the MongoDB Agent isn't running, then the MongoDB Agent can't restart the process.

enableLocalConfigurationServer=false

Tip

See also:

keepUnusedMongodbVersions

Type: boolean

Flag that indicates whether the MongoDB Agent retains unused MongoDB version binaries that it downloads. By default, keepUnusedMongodbVersions is false.

keepUnusedMongodbVersions=false
localConfigurationServerPort

Type: integer

Specifies the port to serve the MongoDB process configuration to when using the local configuration server. To set this option, enableLocalConfigurationServer must be true.

If unspecified, the MongoDB Agent chooses an available port automatically.

localConfigurationServerPort=20128
mmsApiKeyExec

Type: string

Specifies a shell command to call the Cloud Manager agent API key of your Cloud Manager project.

mmsApiKeyExec=echo $myKey

MongoDB Agent allows you to disable Transparent Huge Pages (THP) on a per-process basis to avoid accidental performance degradation. To disable THP, perform the following steps:

  1. Upgrade the MongoDB Agent version to 108.0.x.

  2. Modify the automation config file to include enableAgentManagingTHPSettings=true.

  3. Restart the MongoDB Agent and the managed mongod and mongos processes. You can now enable THP on a system-wide level.

    Note

    This may generate a false positive start-up warning.

  4. (Optional) Upgrade to 8.0.

enableAgentManagingTHPSettings

Type: boolean

Default: false

Specifies whether the MongoDB Agent should disable Transparent Huge Pages (THP) for mongo process versions before 8.0. The MongoDB Agent disables THP on a per mongo process basis regardless of the OS-level THP settings.

The following configuration settings are used for authentication in automated clusters.

Specify these settings if Automation authenticates to hosts using Kerberos. To configure Kerberos, see Configure the MongoDB Agent for Kerberos.

krb5ConfigLocation

Type: string

Specifies an absolute path to an non-system-standard location for the Kerberos configuration file.

krb5ConfigLocation=/path/to/krb_custom.conf

Note

Cloud Manager creates a Kerberos Credential (Ticket) Cache for each agent automatically when Kerberos is enabled. If you want to override the location of the Kerberos Credential Cache, you must set the KRB5CCNAME environment variable to the desired file name and path before running the agent.

backupAgentKrb5CCName

Type string

Specifies the KRB5CC environment variable that the MongoDB Agent sets for the Backup process. Used only to authenticate the Backup to your MongoDB deployment when the MongoDB Agent starts the Backup function.

backupAgentKrb5CCName=/path/to/credentials_cache_file
monitoringAgentKrb5CCName

Type string

Specifies the KRB5CC environment variable that the MongoDB Agent sets for the Monitoring function. Used only to authenticate Monitoring to your MongoDB deployment when the MongoDB Agent starts the Monitoring function.

monitoringAgentKrb5CCName=/path/to/credentials_cache_file

Use the Cloud Manager interface to configure Monitoring settings.

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. If the Deployment page is not already displayed, click Deployment in the sidebar.

    The Deployment page displays.

2

Click the Agents tab for your deployment.

The Agents page displays.

3
  1. Click Downloads & Settings.

  2. In the Agent Log Settings section, click next to Monitoring Log Settings.

  3. Edit the Monitoring log settings:

    Setting
    Default Value
    Console Suggested Value
    Linux Log File Path
    /var/log/mongodb-mms-automation/monitoring-agent.log
    Windows Log File Path
    %SystemDrive%\MMSAutomation\log\mongodb-mms-automation\monitoring-agent.log
    Rotate Logs
    YES
    Size Threshold (MB)
    1000
    Time Threshold (Hours)
    24
    Max Uncompressed Files
    5
    Max Percent of Disk
    2
    Total Number of Log Files
    0
  4. Click Save.

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. If the Deployment page is not already displayed, click Deployment in the sidebar.

    The Deployment page displays.

2

Click the Agents tab for your deployment.

The Agents page displays.

3
  1. Click Downloads & Settings.

  2. In the Custom Configuration section, next to Edit Custom Configurations, click .

  3. Enter the Monitoring configuration setting and value.

  4. Click Save and Close.

You can configure the following Monitoring settings:

mmsGroupId

Type: string

Specifies the ID of your Cloud Manager project. To find the project ID:

1
  1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. Next to the Projects menu, expand the Options menu, then click Project Settings.

    The Project Settings page displays.

mmsGroupId=8zvbo2s2asigxvmpnkq5yexf
mmsApiKey

Type: string

Specifies the Cloud Manager agent API key of your Cloud Manager project.

You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys.

To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab:

  1. In MongoDB Cloud Manager, go to the Deployment page for your project.

    1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

    2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

    3. If the Deployment page is not already displayed, click Deployment in the sidebar.

      The Deployment page displays.

  2. Click the Agents tab for your deployment.

    The Agents page displays.

  3. Click the Agent API Keys tab.

Important

When you generate an Agent API Key, Cloud Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Cloud Manager never displays the full key again.

Cloud Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting.

mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem
mmsBaseUrl

Type: string

Specifies the URL of the Cloud Manager.

mmsBaseUrl=http://example.com:8080
httpProxy

Type: string

Specifies the URL of an HTTP proxy server that Monitoring can use.

httpProxy=http://proxy.example.com:8080

Specify these settings if Monitoring authenticates to hosts using Kerberos.

To configure Kerberos, see Configure the MongoDB Agent for Kerberos. The same procedures and requirements apply, only use a different UPN for Monitoring.

Note

Cloud Manager creates a Kerberos Credential (Ticket) Cache for each agent automatically when Kerberos is enabled. If you want to override the location of the Kerberos Credential Cache, you must set the KRB5CCNAME environment variable to the desired file name and path before running the agent.

krb5Principal

Type: string

Specifies the Kerberos principal that Monitoring uses.

krb5Principal=monitoring/myhost@EXAMPLE.COM
krb5Keytab

Type: string

Specifies the absolute path to Kerberos principal's keytab file.

krb5Keytab=/path/to/mms-monitoring.keytab
krb5ConfigLocation

Type: string

Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.

krb5ConfigLocation=/path/to/krb_custom.conf
gssapiServiceName

Type: string

Specifies the service name with the gssapiServiceName setting.

By default, MongoDB uses mongodb as its service name.

Specify these settings when Monitoring connects to MongoDB deployments using TLS.

To learn more, see Configure MongoDB Agent to Use TLS.

useSslForAllConnections

Type: boolean

Specifies whether or not to encrypt all connections to MongoDB deployments using TLS.

Important

Setting this to true overrides any per-host TLS settings configured in the Cloud Manager interface.

sslClientCertificate

Type: string

Specifies the absolute path to the private key, client certificate, and optional intermediate certificates in PEM format. Monitoring uses the client certificate to connect to any configured MongoDB deployment that uses TLS and requires client certificates. (The deployment runs with the --tlsCAFile setting.)

Example

If you want to connect to a MongoDB deployment that uses both TLS and certificate validation using mongosh:

mongosh --tls --tlsCertificateKeyFile /path/to/client.pem --tlsCAFile /path/to/ca.pem example.net:27017

You must set these settings in your Custom Settings:

sslTrustedServerCertificates=/path/to/ca.pem
sslClientCertificate=/path/to/client.pem
sslClientCertificatePassword

Type: string

Specifies the password needed to decrypt the private key in the sslClientCertificate file. Include this setting if you encrypted the client certificate PEM file.

sslClientCertificatePassword=password
sslTrustedServerCertificates

Type: string

Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with TLS.

sslTrustedServerCertificates=/path/to/ca.pem
sslRequireValidServerCertificates

Type: boolean

Specifies whether Monitoring should validate the TLS certificates presented by the MongoDB databases.

sslRequireValidServerCertificates=true

By default, Cloud Manager sets sslRequireValidServerCertificates to true. You need a valid trusted certificate to connect to MongoDB instances using TLS.

Warning

Changing this setting to false disables certificate verification and makes connections between Monitoring and MongoDB deployments susceptible to man-in-the-middle attacks. Change this setting to false only for testing purposes.

Specify the settings Monitoring uses when communicating with Cloud Manager using TLS.

httpsCAFile

Type: string

Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. Monitoring uses this certificate to verify that the agent can communicate with the designated Cloud Manager instance.

By default, Monitoring uses the trusted root Certificate Authoritys installed on the host.

If the agent cannot find the trusted root Certificate Authoritys, configure these settings manually.

httpsCAFile=/path/to/mms-certs.pem

Use the Cloud Manager interface to configure Backup settings.

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. If the Deployment page is not already displayed, click Deployment in the sidebar.

    The Deployment page displays.

2

Click the Agents tab for your deployment.

The Agents page displays.

3
  1. Click Downloads & Settings.

  2. In the Agent Log Settings section, click next to Backup Log Settings.

  3. Edit the Backup log settings:

    Setting
    Default Value
    Console Suggested Value
    Linux Log File Path
    /var/log/mongodb-mms-automation/backup-agent.log
    Windows Log File Path
    %SystemDrive%\MMSAutomation\log\mongodb-mms-automation\backup-agent.log
    Rotate Logs
    YES
    Size Threshold (MB)
    1000
    Time Threshold (Hours)
    24
    Max Uncompressed Files
    5
    Max Percent of Disk
    2
    Total Number of Log Files
    0
  4. Click Save.

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. If the Deployment page is not already displayed, click Deployment in the sidebar.

    The Deployment page displays.

2

Click the Agents tab for your deployment.

The Agents page displays.

3
  1. Click Downloads & Settings.

  2. In the Custom Configuration section, next to Edit Custom Configurations, click .

  3. Enter a Backup configuration setting and value.

  4. Click Save and Close.

You can configure the following Backup settings:

mmsGroupId

Type: string

Specifies the ID of your Cloud Manager project. To find the project ID:

1
  1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. Next to the Projects menu, expand the Options menu, then click Project Settings.

    The Project Settings page displays.

mmsGroupId=8zvbo2s2asigxvmpnkq5yexf
mmsApiKey

Type: string

Specifies the MongoDB Agent API key of your Cloud Manager project.

You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys.

To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab:

  1. In MongoDB Cloud Manager, go to the Deployment page for your project.

    1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

    2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

    3. If the Deployment page is not already displayed, click Deployment in the sidebar.

      The Deployment page displays.

  2. Click the Agents tab for your deployment.

    The Agents page displays.

  3. Click the Agent API Keys tab.

Important

When you generate an Agent API Key, Cloud Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Cloud Manager never displays the full key again.

Cloud Manager configures this setting when you install the MongoDB Agent. If you need to configure Backup separately, include this setting.

mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem
mothership

Type: string

Specifies the hostname and port of the Cloud Manager used by the Backup agent.

Note

Don't include the protocol (http:// or https://) in the mothership setting.

mothership=example.com:8080
mothershipResponseHeaderTimeout

Type: integer

Specifies the length of time in seconds Backup waits for the Cloud Manager to respond. If the MongoDB Agent doesn't get a response, it resets and retries the connection to the Cloud Manager. This value defaults to 90 seconds.

backupSocketTimeoutMs

Type: integer

Specifies the length of time, in milliseconds, that a socket between Backup and Cloud Manager can remain idle before Cloud Manager breaks the connection. If omitted, defaults to 180000 milliseconds (3 minutes).

https

Type: boolean

Specifies whether or not communication with the Cloud Manager web server uses Secure HTTP.

httpProxy

Type: string

Specifies the URL of an HTTP proxy that Backup can use.

httpProxy=http://proxy.example.com:8080

To configure Kerberos, see Configure the MongoDB Agent for Kerberos. The same procedures and requirements apply, only use a different UPN for Backup.

Note

Cloud Manager creates a Kerberos Credential (Ticket) Cache for each agent automatically when Kerberos is enabled. If you want to override the location of the Kerberos Credential Cache, you must set the KRB5CCNAME environment variable to the desired file name and path before running the agent.

krb5Principal

Type: string

Specifies the Kerberos principal that Backup uses.

krb5Principal=backup/myhost@EXAMPLE.COM
krb5Keytab

Type: string

Specifies the absolute path to Kerberos principal's keytab file.

krb5Keytab=/path/to/mms-backup.keytab
krb5ConfigLocation

Type: string

Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.

krb5ConfigLocation=/path/to/krb_custom.conf
gsapiServiceName

Type: string

Specifies the service name with the gsapiServiceName setting.

By default, MongoDB uses mongodb as its service name.

Specify these settings when Backup connects to MongoDB deployments using TLS.

To learn more, see Configure MongoDB Agent to Use TLS.

sslClientCertificate

Type: string

Specifies the path to the private key, client certificate, and optional intermediate certificates in PEM format. Backup uses the client certificate when connecting to a MongoDB deployment that uses TLS and requires client certificates. (The deployment runs with the --tlsCAFile setting.)

sslClientCertificatePassword

Type: string

Specifies the password needed to decrypt the private key in the sslClientCertificate file. Include this setting if you encrypted the client certificate PEM file.

sslTrustedServerCertificates

Type: string

Specifies the path that contains the trusted CA certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with TLS.

sslTrustedServerCertificates=/path/to/mongodb-certs.pem
sslRequireValidServerCertificates

Type: boolean

Specifies if Backup should validate TLS certificates presented by the MongoDB deployments.

Warning

Changing this setting to false disables certificate verification and makes connections between Backup and MongoDB deployments susceptible to man-in-the-middle attacks. Change this setting to false only for testing purposes.

Specify the settings Backup use when communicating with Cloud Manager using TLS.

sslTrustedMMSBackupServerCertificate

Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. Backup uses this certificate to verify that the MongoDB Agent can communicate with the designated Cloud Manager instance.

By default, Backup uses the trusted root Certificate Authoritys installed on the system.

If Backup cannot find the trusted root Certificate Authoritys, configure these settings manually.

If Cloud Manager use a self-signed TLS certificate, provide a value for this setting.

sslTrustedMMSBackupServerCertificate=/path/to/mms-certs.pem

Back

Manage the MongoDB Agent Functions