Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Monitoring Agent Configuration

Warning

Do not edit these settings for a Monitoring Agent that is managed by an Automation Agent. If you do, the Automation Agent will overwrite any changes you make.

Configuration File

The location of the Monitoring Agent configuration file depends on your operating system:

  • RHEL, CentOS, Amazon Linux, and Ubuntu all use a package manager to install the agent. The package manager creates the following agent configuration file:

    /etc/mongodb-mms/monitoring-agent.config

  • OS X, Windows, and other Linux systems use either a tar or msi file for the installation. The Monitoring Agent stores its configuration in the following file:

    <installation directory>/monitoring-agent.config

Settings

Connection Settings

For the Monitoring Agent communication with the Ops Manager servers, the following connection settings are required:

mmsApiKey

Type: string

The Ops Manager agent API key for a Ops Manager group. To retrieve the key from the Ops Manager interface, click the Administration tab, then the Agents page, and then the link for your operating system. Ops Manager will display the Ops Manager API key used by your Ops Manager group.

For example:

mmsApiKey=abc123
mmsBaseUrl

Type: string

The URL of the Ops Manager Web Server.

Set this to the URL of your Ops Manager HTTP Service. For example:

mmsBaseUrl=http://example.com:8080

HTTP Proxy Settings

httpProxy

New in version 2.3.1.

Type: string

To connect to the Ops Manager HTTP Service via a proxy, specify the URL of the proxy. For example:

httpProxy=http://example-proxy.com:8080

MongoDB SSL Settings

Specify these settings when the Monitoring Agent is connecting to MongoDB instances with SSL.

useSslForAllConnections

Type: boolean

Set to true to enable SSL support globally and to use SSL for all MongoDB connections. Setting this to true overrides any per-host SSL settings configured in the Ops Manager interface.

When true, use useSslForAllConnections with the sslTrustedServerCertificates setting to specify the certificates that Ops Manager should accept.

Note

If useSslForAllConnections is true and you set sslRequireValidServerCertificates to false, Ops Manager will accept any connection regardless of the certificate provided. This is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.

sslClientCertificate

Type: string

The path to the private key, client certificate, and optional intermediate certificates in PEM format. The agent will use the client certificate when connecting to any configured MongoDB that uses SSL and requires a client certificate, i.e., that is running using the --sslCAFile option.

For example, if you would use the following command to connect through the mongo shell to a MongoDB process that uses both SSL and certificate validation:

mongo --ssl --sslPEMKeyFile /etc/ssl/client.pem --sslCAFile /etc/ssl/ca.pem example.net:27017

Then set the following in your Monitoring Agent configuration file:

sslTrustedServerCertificates=/etc/ssl/ca.pem
sslClientCertificate=/etc/ssl/client.pem
sslClientCertificatePassword

Type: string

The password needed to decrypt the private key in the file specified in sslClientCertificate. This setting is necessary only if the client certificate PEM file is encrypted.

sslTrustedServerCertificates

Type: string

The path on disk that contains the trusted certificate authority certificates in PEM format. These certificates will verify the server certificate returned from any MongoDB instances running with SSL. For example:

sslTrustedServerCertificates=/etc/ssl/ca.pem
sslRequireValidServerCertificates

Type: boolean

Use this option to disable certificate verification by setting this value to false. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.

MongoDB Kerberos Settings

See Configure the Monitoring Agent for Kerberos

krb5Principal

Type: string

The Kerberos principal used by the agent. For example:

krb5Principal=mmsagent/myhost@EXAMPLE.COM
krb5Keytab

Type: string

The absolute path to Kerberos principal’s keytab file. For example:

krb5Keytab=/etc/mongodb-mms/mms-monitoring-agent.keytab
gsappiServiceName

Type: string

The default service name used by MongoDB is mongodb can specify a custom service name with the gssapiServiceName option.

Ops Manager Server SSL Settings

Advanced SSL settings used by the Monitoring Agent when communicating to the Ops Manager HTTP Service.

sslTrustedMMSServerCertificate

By default the Monitoring Agent will use the trusted root CAs installed on the system. If the agent cannot find the trusted root CAs, configure these settings manually.

If the Ops Manager HTTP Service uses a self-signed SSL certificate, you must specify sslTrustedMMSServerCertificate.

The path on disk that contains the trusted certificate authority certificates in PEM format. The agent will use this certificate to verify that the agent is communicating with the designated Ops Manager HTTP Service. For example:

sslTrustedMMSServerCertificate=/etc/mongodb-mms/mms-certs.pem
sslRequireValidMMSServerCertificates

Type: boolean

You can disable certificate verification by setting this value to false. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.

Munin Settings

See Configure Hardware Monitoring with munin-node for information on configuring Munin-node.

enableMunin

Type: boolean

Set to false if you do not with the Monitoring Agent to collect hardware statistics via Munin-node. The default is true. If the agent detects munin-node, Ops Manager will collect hardware statistics.

Deprecated Settings

MongoDB Authentication Settings

If all monitored MongoDB instances use the same MONGODB-CR credentials, you may use these settings. Setting the username and password here will override any configuration in the Ops Manager UI.

See Required Access for Monitoring Agent for information on the privileges needed for this user.

globalAuthUsername

Type: string

The MongoDB username that the Monitoring Agent will use to connect. This value overrides all other usernames configured for the Monitoring Agent.

Example:

globalAuthUsername=mms-monitoring-agent
globalAuthPassword

Type: string

The password for the globalAuthUsername user. This value overrides all other passwords configured for the Monitoring Agent.

Example:

globalAuthPassword=somePassword