This page describes possible settings for the MongoDB Agent. These values are set after first launching Ops Manager and not through manual editing of these files.
To learn about the Ops Manager settings and their values, see Ops Manager Configuration Settings.
Warning
If you edit authentication or TLS settings through Settings or Deployments in the Ops Manager interface, those changes overwrite any manual changes in this configuration file.
Configuration File & Settings Locations
The location of the MongoDB Agent configuration file is
C:\MMSData\Automation\automation-agent.config.
Note
The MongoDB Agent configuration file is named
automation-agent.config as a way to enable easier upgrades
for those using legacy agents.
The location of the MongoDB Agent configuration file is
/etc/mongodb-mms/automation-agent.config.
Note
The MongoDB Agent configuration file is named
automation-agent.config as a way to enable easier upgrades
for those using legacy agents.
The location of the MongoDB Agent configuration file is
/etc/mongodb-mms/automation-agent.config.
Note
The MongoDB Agent configuration file is named
automation-agent.config as a way to enable easier upgrades
for those using legacy agents.
The location of the MongoDB Agent configuration file is
/path/to/install/local.config.
You can configure additional Monitoring settings and Backup settings through the Ops Manager Console.
MongoDB Agent Settings
mmsGroupIdType: string
Specifies the ID of your Ops Manager project. Find the project ID on the Project Settings page (Settings > Project Settings).
Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting to bind the server to a project.
mmsGroupId=8zvbo2s2asigxvmpnkq5yexf
mmsApiKeyType: string
Specifies the MongoDB Agent API key of your Ops Manager project.
You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys.
To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab.
Important
When you generate an Agent API Key, Ops Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Ops Manager never displays the full key again.
Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting.
mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem
mmsBaseUrlType: string
Specifies the URL of the Ops Manager Application.
mmsBaseUrl=http://example.com:8080
Logging Settings
logFileType: string
Specifies the path to which Ops Manager should write the MongoDB Agent's log.
The default path depends on your platform. The MongoDB Agent uses the default filename
automation-agent.logwhether or not the deployment uses Automation.Important
Automatic rotation of your MongoDB Agent logs only occurs when an update to the log file is made. To manually rotate your MongoDB Agent logs, see Manually Rotate the MongoDB Agent Logs for more information.
PlatformDefault PathLinux
/var/log/mongodb-mms-automation/automation-agent.logWindows
C:\MMSAutomation\log\mongodb-mms-automation\automation-agent.loglogFile=/path/to/mongodb-mms-automation/automation-agent.log
logLevelType: string
Specifies the level of logging granularity.
Warning
The Admin Project Settings for Monitoring Agent Log Level and Automation Agent Log Level override this parameter.
Choose from the following severity levels, from most to least amount of information:
DEBUGINFOWARNERRORFATAL
By default,
logLevelisINFO.logLevel=ROUTINE Each level includes the log items included in the succeeding levels.
Example
If you choose
DEBUG, the MongoDB Agent logs all messages, includingINFO,WARN,ERRORandFATAL.If you choose
FATAL, the MongoDB Agent only logsFATALmessages.
maxLogFilesType: integer
Specifies the maximum number of rotated log files to retain.
By default, the value of
maxLogFilesis set to10. You can change the value to retain a different number of rotated log files.maxLogFiles=15
maxLogFileDurationHrsType: float
Specifies the number of hours after which the logs are rotated.
Note
Manually Rotate the MongoDB Agent Logs
On UNIX- and Linux-based systems you can manually rotate the MongoDB Agent logs. Issue a
killcommand with theSIGUSR1signal for the Agent process:kill -SIGUSR1 <AgentID> On Windows-based systems, you can manually restart the MongoDB Agent with a Service restart:
Click the Start menu.
Search for
services.Find the MongoDB Agent.
Right-click on the Agent and click Restart.
This rotates the MongoDB Agent logs.
maxLogFileSizeType: integer
Specifies the maximum size, in bytes, of a log file before the logs are rotated. If unspecified, the MongoDB Agent does not rotate logs based on file size.
By default, the value of
maxLogFileSizeis set to268435456bytes. You can change the value to assign a different maximum size for a log file.maxLogFileSize=536870912
maxUncompressedLogFilesType: integer
Specifies the maximum number of rotated log files to keep uncompressed. MongoDB Agent automatically compresses any additional retained log files up to the
maxLogFilesvalue.By default, the value of
maxUncompressedLogFilesis set to2. You can change the value to compress a different number of rotated log files.maxUncompressedLogFiles=10
Connection Settings
dialTimeoutSecondsType: integer
Specifies the number of seconds to wait before a connection times out. By default, connections time out after 40 seconds. However, The MongoDB Agent may frequently time out of connections for one or more of the following reasons:
High network latency
High server load
Large TLS keys
Lack of TLS accelerator
Insufficient CPU speed
MongoDB recommends gradually increasing the value of the
dialTimeoutSecondsMongoDB Agent configuration setting to prevent frequent premature connection timeouts.dialTimeoutSeconds=40 Note
Increasing this value also increases the time required to deploy configuration changes to the MongoDB Agent. Experiment with small, incremental increases until you determine the optimum value for your deployment.
HTTP Proxy Settings
Configuration Backup Settings
mmsConfigBackupType: string
Specifies the path to the Ops Manager configuration backup file. This file describes the desired state of the deployment.
If you don't specify the
mmsConfigBackupsetting, the MongoDB Agent writes themongodb-mms-automation-cluster-backup.jsonfile to a temporary folder on the operating system.If you set
enableLocalConfigurationServertotrue, the MongoDB Agent doesn't write themmsConfigBackupfile.mmsConfigBackup=/path/to/mms-cluster-config-backup.json Note
When Ops Manager is installed, it stores the configuration backup file is stored in one of the following places, depending on your platform:
PlatformConfiguration Backup File PathLinux
/var/lib/mongodb-mms-automation/Windows
%SystemDrive%\MMSAutomation
Ops Manager TLS Settings
Specify the settings that the MongoDB Agent uses when communicating with Ops Manager using TLS.
httpsCAFileType: string
Specifies the absolute path that contains the trusted Certificate Authority certificates in
PEMformat. This certificate verifies that the MongoDB Agent is talking to the designated Ops Manager instance.httpsCAFile=/path/to/ca.pem Note
Add the Certificate Authority for the
downloads.mongodb.comcertificate to this.pemfile if you:Need your MongoDB Agents to download their MongoDB installers from the Internet,
Use TLS to encrypt connections, and
Signed your certificates with a private Certificate Authority. (You set the
httpsCAFileoption.)
To learn how to download TLS certificates from another web site, see the OpenSSL Cookbook entry.
Important
When Ops Manager starts, it caches the Certificate Authority you provided. If you change your Certificate Authority certificate, restart Ops Manager.
sslRequireValidMMSServerCertificatesType: boolean
Important
Deprecated. Use
tlsRequireValidMMSServerCertificatesinstead.
tlsRequireValidMMSServerCertificatesType: boolean
Specifies if the MongoDB Agent should validate TLS certificates presented by Ops Manager.
Warning
Setting this option to
falsedisables certificate verification and makes connections between the MongoDB Agent and Ops Manager susceptible to man-in-the-middle attacks. Setting this option tofalseis only recommended for testing purposes.tlsRequireValidMMSServerCertificates=true
sslMMSServerClientCertificateType: string
Important
Deprecated. Use
tlsMMSServerClientCertificateinstead.
tlsMMSServerClientCertificateType: string
Specifies the path to the file containing the client's private key, certificate, and optional intermediate certificates in
PEMformat. The MongoDB Agent uses the client certificate when connecting to Ops Manager over TLS if Ops Manager requires client certificates, such as when Ops Manager runs withClient Certificate Modeset toRequired for Agents OnlyorRequired for All Requests.Tip
To learn how to set
Client Certificate Mode, see Ops Manager Configuration Settings.The encrypted private key for the
.pemcertificate file must be in PKCS #1 format. The MongoDB Agent doesn't support the PKCS #8 format.tlsMMSServerClientCertificate=/path/to/client.pem
sslMMSServerClientCertificatePasswordType: string
Important
Deprecated. Use
tlsMMSServerClientCertificatePasswordinstead.
tlsMMSServerClientCertificatePasswordType: string
Specifies the password needed to decrypt the private key in the
tlsMMSServerClientCertificatefile. This setting is required when the client certificatePEMfile is encrypted.The encrypted private key for the
.pemcertificate file must be in PKCS #1 format. The MongoDB Agent doesn't support the PKCS #8 format.Note
Use the
tlsMMSServerClientCertificatePasswordExecoption instead oftlsMMSServerClientCertificatePasswordto specify the password from a shell command.tlsMMSServerClientCertificatePassword=password
sslServerClientCertificateType: string
Specifies the path to the file containing the client's private key, certificate, and optional intermediate certificates in
PEMformat. The MongoDB Agent uses the client certificate when connecting to Ops Manager over TLS if Ops Manager requires client certificates, such as when Ops Manager runs withClient Certificate Modeset toRequired for Agents OnlyorRequired for All Requests.Tip
See
Client Certificate Modein Ops Manager Configuration Settings for how to specify this setting in the Ops Manager Application.See Configure MongoDB Agent to Use TLS to enable TLS connections for the MongoDB Agent.
sslServerClientCertificate=/path/to/client.pem
sslServerClientCertificatePasswordSpecifies the password needed to decrypt the private key in the
sslServerClientCertificatefile. This setting is required when the client certificatePEMfile is encrypted.sslServerClientCertificatePassword=password
sslRequireValidMMSBackupServerCertificateSpecifies if the MongoDB Agent should validate TLS certificates from Ops Manager.
Warning
Setting this option to
falsedisables certificate verification and makes connections between the MongoDB Agent and Ops Manager susceptible to man-in-the-middle attacks. Setting this option tofalseis only recommended for testing purposes.sslRequireValidMMSBackupServerCertificate=true
Push Live Migration Settings
agentFeatureCloudMigrationEnabledType: boolean
Optional.
Specifies whether the MongoDB Agent on the migration host is configured to run the Live Migration process from a source Ops Manager deployment to a target cluster in Atlas.
This option defaults to
false, which prevents using the MongoDB Agent on this host for Live Migration to Atlas.To enable the Live Migration process, provision a migration host and set
agentFeatureCloudMigrationEnabledtotrue.
Externally Sourced Configuration Settings
enableLocalConfigurationServerType: boolean
Specifies whether the MongoDB Agent stores MongoDB process configuration files on disk or cached in memory.
This option defaults to
false, which stores the configuration files on disk. Setting this option totruecaches the configuration in memory.If you set this option to
true, the MongoDB Agent doesn't write themmsConfigBackupfile.Don't set this option to
trueif your MongoDB databases are running FCV 4.2 or earlier.Warning
Setting this option to
trueimpacts the availability of your deployment.When this feature is enabled, the MongoDB Agent doesn't store the MongoDB process configuration on disk. If the Ops Manager app server is unavailable and the MongoDB Agent attempts to restart, then the MongoDB Agent stops running because it doesn't have the necessary configuration information. If a MongoDB process crashes while the MongoDB Agent isn't running, then the MongoDB Agent can't restart the process.
enableLocalConfigurationServer=false
keepUnusedMongodbVersionsType: boolean
Flag that indicates whether the MongoDB Agent retains unused MongoDB version binaries that it downloads. By default,
keepUnusedMongodbVersionsis false.keepUnusedMongodbVersions=false
localConfigurationServerPortType: integer
Specifies the port to serve the MongoDB process configuration to when using the local configuration server. To set this option,
enableLocalConfigurationServermust betrue.If unspecified, the MongoDB Agent chooses an available port automatically.
localConfigurationServerPort=20128
mmsApiKeyExecType: string
Specifies a shell command to call the Ops Manager agent API key of your Ops Manager project.
mmsApiKeyExec=echo $myKey
sslMMSServerClientCertificatePasswordExecType: string
Important
Deprecated. Use
tlsMMSServerClientCertificatePasswordExecinstead.
tlsMMSServerClientCertificatePasswordExecType: string
Specifies a shell command to call the password needed to decrypt the private key in the
MMSServerClientCertificatefile. Either this setting ortlsMMSServerClientCertificatePasswordis required when the client certificatePEMfile is encrypted.tlsMMSServerClientCertificatePasswordExec=python /path/to/PEMPassword.py
Transparent Huge Page (THP) Settings
MongoDB Agent allows you to disable Transparent Huge Pages (THP) on a per-process basis to avoid accidental performance degradation. To disable THP, perform the following steps:
Upgrade the MongoDB Agent version to 108.0.x.
Modify the automation config file to include
enableAgentManagingTHPSettings=true.Restart the MongoDB Agent and the managed
mongodandmongosprocesses. You can now enable THP on a system-wide level.Note
This may generate a false positive start-up warning.
(Optional) Upgrade to 8.0.
enableAgentManagingTHPSettingsType: boolean
Specifies whether the MongoDB Agent manages disabling Transparent Huge Pages (THP) for MongoDB processes. See Disable Transparent Huge Pages (THP) to learn more.
This option defaults to
false.When set to
true, the MongoDB Agent disables THP on a per-process basis, overriding any OS-level THP settings. This option will only affect deployedmongodandmongosprocesses on Linux systems using a MongoDB version earlier than 8.0.enableAgentManagingTHPSettings=false
Automation Settings
The following configuration settings are used for authentication in automated clusters.
MongoDB Kerberos Settings
Specify these settings if Automation authenticates to hosts using Kerberos. To configure Kerberos, see Configure the MongoDB Agent for Kerberos.
krb5ConfigLocationType: string
Specifies an absolute path to an non-system-standard location for the Kerberos configuration file.
krb5ConfigLocation=/path/to/krb_custom.conf Note
Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent automatically when Kerberos is enabled. If you want to override the location of the Kerberos Credential Cache, you must set the
KRB5CCNAMEenvironment variable to the desired file name and path before running the agent.
Monitoring Settings
Use the Ops Manager interface to configure Monitoring settings.
Log Settings
In the navigation, click Deployment.
Click the Agents tab.
Click Downloads & Settings.
In the Agent Log Settings section, click next to Monitoring Log Settings.
Edit the Monitoring log settings:
SettingDefault ValueConsole Suggested ValueLinux Log File Path
/var/log/mongodb-mms-automation/monitoring-agent.logWindows Log File Path
%SystemDrive%\MMSAutomation\log\mongodb-mms-automation\monitoring-agent.logRotate Logs
YES
Size Threshold (MB)
1000
Time Threshold (Hours)
24
Max Uncompressed Files
5
Max Percent of Disk
2
Total Number of Log Files
0
Click Save.
Custom Settings
In the navigation, click Deployment.
Click the Agents tab.
Click Downloads & Settings.
In the Custom Configuration section, next to Edit Custom Configurations, click .
Enter the Monitoring configuration setting and value.
Click Save and Close.
You can configure the following Monitoring settings:
Connection Settings
mmsGroupIdType: string
Specifies the ID of your Ops Manager project. Find the project ID on the Project Settings page (Settings > Project Settings).
Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting to bind the server to a project.
mmsGroupId=8zvbo2s2asigxvmpnkq5yexf
mmsApiKeyType: string
Specifies the MongoDB Agent API key of your Ops Manager project.
You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys.
To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab.
Important
When you generate an Agent API Key, Ops Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Ops Manager never displays the full key again.
Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting.
mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem
HTTP Proxy Settings
MongoDB Kerberos Settings
Specify these settings if Monitoring authenticates to hosts using Kerberos.
To configure Kerberos, see Configure the MongoDB Agent for Kerberos. The same procedures and requirements apply, only use a different UPN for Monitoring.
Note
Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent
automatically when Kerberos is enabled. If you want to override the
location of the
Kerberos Credential Cache,
you must set the KRB5CCNAME environment variable to the desired
file name and path before running the agent.
krb5PrincipalType: string
Specifies the Kerberos principal that Monitoring uses.
krb5Principal=monitoring/myhost@EXAMPLE.COM
krb5KeytabType: string
Specifies the absolute path to Kerberos principal's
keytabfile.krb5Keytab=/path/to/mms-monitoring.keytab
krb5ConfigLocationType: string
Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.
krb5ConfigLocation=/path/to/krb_custom.conf
gssapiServiceNameType: string
Specifies the service name with the
gssapiServiceNamesetting.By default, MongoDB uses
mongodbas its service name.
MongoDB TLS Settings
Specify these settings when Monitoring connects to MongoDB deployments using TLS.
To learn more, see Configure MongoDB Agent to Use TLS.
useSslForAllConnectionsType: boolean
Specifies whether or not to encrypt all connections to MongoDB deployments using TLS.
Important
Setting this to
trueoverrides any per-host TLS settings configured in the Ops Manager interface.
sslClientCertificateType: string
Specifies the absolute path to the private key, client certificate, and optional intermediate certificates in PEM format. Monitoring uses the client certificate to connect to any configured MongoDB deployment that uses TLS and requires client certificates. (The deployment runs with the --tlsCAFile setting.)
Example
If you want to connect to a MongoDB deployment that uses both TLS and certificate validation using
mongosh:mongosh --tls --tlsCertificateKeyFile /path/to/client.pem --tlsCAFile /path/to/ca.pem example.net:27017 You must set these settings in your Custom Settings:
sslTrustedServerCertificates=/path/to/ca.pem sslClientCertificate=/path/to/client.pem
sslClientCertificatePasswordType: string
Specifies the password needed to decrypt the private key in the
sslClientCertificatefile. Include this setting if you encrypted the client certificate PEM file.sslClientCertificatePassword=password
sslTrustedServerCertificatesType: string
Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with TLS.
sslTrustedServerCertificates=/path/to/ca.pem
sslRequireValidServerCertificatesType: boolean
Specifies whether Monitoring should validate the TLS certificates that the MongoDB databases present.
sslRequireValidServerCertificates=true By default, Ops Manager sets
sslRequireValidServerCertificatestotrue. You need a valid trusted certificate to connect to MongoDB instances using TLS.If MongoDB Agent manages Monitoring, you can't set this option to
false.If you configure Monitoring manually, you can set
sslRequireValidServerCertificatestofalse.If you set
sslRequireValidServerCertificatestofalse, don't setsslTrustedServerCertificates. Ops Manager won't verify the certificates.
Warning
Changing this setting to
falsedisables certificate verification and makes connections between Monitoring and MongoDB deployments susceptible to man-in-the-middle attacks. Change this setting tofalseonly for testing purposes.
Ops Manager Server TLS Settings
Specify the settings Monitoring use when communicating with Ops Manager using TLS.
httpsCAFileType: string
Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. Monitoring uses this certificate to verify that the agent can communicate with the designated Ops Manager instance.
By default, Monitoring uses the trusted root Certificate Authorities installed on the host.
If the agent cannot find the trusted root Certificate Authorities, configure these settings manually.
If the Ops Manager instance uses a self-signed TLS certificate, you must specify a
httpsCAFilevalue.httpsCAFile=/path/to/mms-certs.pem
sslRequireValidMMSServerCertificatesType: boolean
Specifies if Monitoring should validate TLS certificates from Ops Manager.
Warning
Changing this setting to
falsedisables certificate verification and makes connections between Monitoring and Ops Manager susceptible to man-in-the-middle attacks. Change this setting tofalseonly for testing purposes.
sslServerClientCertificateType: string
Specifies the path to the file containing the client's private key, certificate, and optional intermediate certificates in PEM format. Monitoring uses the client certificate when connecting to Ops Manager over TLS if Ops Manager requires client certificates, such as when Ops Manager runs with
Client Certificate Modeset toRequired for Agents OnlyorRequired for All Requests.Tip
To learn how to specify this setting in the Ops Manager Application, see
Client Certificate Modein Ops Manager Configuration Settings.sslServerClientCertificate=/path/to/client.pem
sslServerClientCertificatePasswordSpecifies the password needed to decrypt the private key in the
sslServerClientCertificatefile. Include this setting if you encrypted the client certificate PEM file.sslServerClientCertificatePassword=password
Backup Settings
Use the Ops Manager interface to configure Backup settings.
Log Settings
In the navigation, click Deployment.
Click the Agents tab.
Click Downloads & Settings.
In the Agent Log Settings section, click next to Backup Log Settings.
Edit the Backup log settings:
SettingDefault ValueConsole Suggested ValueLinux Log File Path
/var/log/mongodb-mms-automation/backup-agent.logWindows Log File Path
%SystemDrive%\MMSAutomation\log\mongodb-mms-automation\backup-agent.logRotate Logs
YES
Size Threshold (MB)
1000
Time Threshold (Hours)
24
Max Uncompressed Files
5
Max Percent of Disk
2
Total Number of Log Files
0
Click Save.
Custom Settings
In the navigation, click Deployment.
Click the Agents tab.
Click Downloads & Settings.
In the Custom Configuration section, next to Edit Custom Configurations, click .
Enter a Backup configuration setting and value.
Click Save and Close.
You can configure the following Backup settings:
Connection Settings
mmsGroupIdType: string
Specifies the ID of your Ops Manager project. Find the project ID on the Project Settings page (Settings > Project Settings).
mmsGroupId=8zvbo2s2asigxvmpnkq5yexf
mmsApiKeyType: string
Specifies the MongoDB Agent API key of your Ops Manager project.
You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys.
To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab.
Important
When you generate an Agent API Key, Ops Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Ops Manager never displays the full key again.
Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Backup separately, include this setting.
mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem
mothershipType: string
Specifies the hostname and port of the Ops Manager Application used by the Backup agent.
Note
Don't include the protocol (
http://orhttps://) in themothershipsetting.mothership=example.com:8080
mothershipResponseHeaderTimeoutType: integer
Specifies the length of time in seconds Backup waits for the Ops Manager Application to respond. If the MongoDB Agent doesn't get a response, it resets and retries the connection to the Ops Manager Application. This value defaults to
90seconds.
HTTP Proxy Settings
MongoDB Kerberos Settings
To configure Kerberos, see Configure the MongoDB Agent for Kerberos. The same procedures and requirements apply, only use a different UPN for Backup
Note
Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent
automatically when Kerberos is enabled. If you want to override the
location of the
Kerberos Credential Cache,
you must set the KRB5CCNAME environment variable to the desired
file name and path before running the agent.
krb5PrincipalType: string
Specifies the Kerberos principal that Backup uses.
krb5Principal=backup/myhost@EXAMPLE.COM
krb5KeytabType: string
Specifies the absolute path to Kerberos principal's keytab file.
krb5Keytab=/path/to/mms-backup.keytab
krb5ConfigLocationType: string
Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.
krb5ConfigLocation=/path/to/krb_custom.conf
gsapiServiceNameType: string
Specifies the service name with the
gsapiServiceNamesetting.By default, MongoDB uses
mongodbas its service name.
MongoDB TLS Settings
Specify these settings when Backup connects to MongoDB deployments using TLS.
To learn more, see Configure MongoDB Agent to Use TLS.
sslClientCertificateType: string
Specifies the path to the private key, client certificate, and optional intermediate certificates in PEM format. Backup uses the client certificate when connecting to a MongoDB deployment that uses TLS and requires client certificates. (The deployment runs with the --tlsCAFile setting.)
sslClientCertificatePasswordType: string
Specifies the password needed to decrypt the private key in the
sslClientCertificatefile. Include this setting if you encrypted the client certificate PEM file.
sslTrustedServerCertificatesType: string
Specifies the path that contains the trusted CA certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with TLS.
sslTrustedServerCertificates=/path/to/mongodb-certs.pem
sslRequireValidServerCertificatesType: boolean
Specifies if Backup should validate TLS certificates presented by the MongoDB deployments.
Warning
Changing this setting to
falsedisables certificate verification and makes connections between Backup and MongoDB deployments susceptible to man-in-the-middle attacks. Set this setting tofalseonly for testing purposes.
Ops Manager Server TLS Settings
Specify the settings Backup use when communicating with Ops Manager using TLS.
sslTrustedMMSBackupServerCertificateSpecifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. Backup uses this certificate to verify that the MongoDB Agent can communicate with the designated Ops Manager instance.
By default, Backup uses the trusted root Certificate Authorities installed on the system.
If Backup cannot find the trusted root Certificate Authorities, configure these settings manually.
If Ops Manager use a self-signed TLS certificate, provide a value for this setting.
sslTrustedMMSBackupServerCertificate=/path/to/mms-certs.pem
sslRequireValidMMSBackupServerCertificateSpecifies if Backup should validate TLS certificates from Ops Manager.
Warning
Changing this setting to
falsedisables certificate verification and makes connections between Backup Agent and Ops Manager susceptible to man-in-the-middle attacks. Change this setting tofalseonly for testing purposes.sslRequireValidMMSBackupServerCertificate=true
sslServerClientCertificateType: string
Specifies the path to the file containing the client's private key, certificate, and optional intermediate certificates in PEM format. Backup uses the client certificate when connecting to Ops Manager over TLS if Ops Manager requires client certificates, such as when Ops Manager runs with
Client Certificate Modeset toRequired for Agents OnlyorRequired for All Requests.Tip
To learn how to specify this setting in the Ops Manager Application, see
Client Certificate Modein Ops Manager Configuration Settings.sslServerClientCertificate=/path/to/client.pem
sslServerClientCertificatePasswordType: string
Specifies the password needed to decrypt the private key in the
sslServerClientCertificatefile. Include this setting if you encrypted the client certificate PEM file.sslServerClientCertificatePassword=password