Ops Manager Application Settings

Web Server

URL to Access Ops Manager

Type: string

FQDN and port number of the Ops Manager Application.

To use a port other than 8080, see Manage Ops Manager Hostname and Ports.

http://mms.example.com:8080

Corresponds to mms.centralUrl.

Important

If you plan on accessing your Ops Manager Application using its IPv6 address, you must enclose the IPv6 address in square brackets ([ ]) to separate it from its port number.

For example:

http://[2600:1f16:777:8700:93c2:b99c:a875:2b10]:8080

HTTPS PEM Key File

Type: string

Absolute path to the PEM file that contains the Ops Manager Application's valid certificate and private key. The PEM file is required if the Ops Manager Application uses HTTPS to encrypt connections between the Ops Manager Application, the agents, and the web interface.

The default port for HTTPS access to the Ops Manager Application is 8443, as set in <install_dir>/conf/mms.conf file. If you change this default, you must also change the port specified in the URL to Access Ops Manager setting.

Corresponds to mms.https.PEMKeyFile.

HTTPS PEM Key File Password

Type: string

Password for the HTTPS PEM key file. You must include this setting if the PEM key file contains an encrypted private key.

Corresponds to mms.https.PEMKeyFilePassword.

Client Certificate Mode

Type: string

Default: None

Specifies if Ops Manager requires clients to present valid TLS/SSL client certificates when connecting to it. Accepted values are:

• None

• Required for Agents Only

• Required for All Requests

Corresponds to mms.https.ClientCertificateMode.

CA File

Type: string

Required if:

• You are using a private certificate authority.

• You set Client Certificate Mode to Required for Agents Only or Required for All Requests.

• You run Ops Manager in hybrid mode with TLS enabled.

Specifies the filesystem location of a private certificate authority file containing the list of acceptable client certificates. The Ops Manager Application authenticates HTTPS requests from clients bearing a certificate described in this file.

/path/to/ca_file.pem

Corresponds to mms.https.CAFile.

Load Balancer Remote IP Header

Type: string

If you use a load balancer with the Ops Manager Application, set this to the HTTP header field the load balancer uses to identify the originating client's IP address to the Ops Manager host. When you specify Load Balancer Remote IP Header, do not allow clients to connect directly to any Ops Manager host. A load balancer placed in front of the Ops Manager hosts must not return cached content.

Once Load Balancer Remote IP Header is set, Ops Manager enables the following HTTP headers:

HTTP Header	Forwards to Ops Manager
X-Forwarded-Host	Original host that the client requested in the Host HTTP request header.
X-Forwarded-Proto	Protocol used to make the HTTP request.
X-Forwarded-Server	Hostname of the proxy server.
X-Proxied-Https	HTTPS status of a request.

To learn more, see Configure a Highly Available Ops Manager Application.

Corresponds to mms.remoteIp.header.

Email

The following email address settings are mandatory. You must define these settings before you can use the Ops Manager Application.

From Email Address

Type: string

Email address used for sending the general emails, such as Ops Manager alerts. You can include an alias with the email address.

Ops Manager Alerts <mms-alerts@example.com>

Corresponds to mms.fromEmailAddr.

Reply To Email Address

Type: string

Email address from which to send replies to general emails.

Corresponds to mms.replyToEmailAddr.

Admin Email Address

Type: string

Email address of the Ops Manager admin. This address receives emails related to problems with Ops Manager.

Corresponds to mms.adminEmailAddr.

Email Delivery Method Configuration

Type: string

Default: SMTP Email Server

Email interface to use.

This setting is labeled in different ways for the user interface and the configuration file.

Delivery Method	UI Setting
AWS SES	AWS Simple Email Service
SMTP	SMTP Email Server

If you set this to SMTP Email Server, you must set:

• Transport

• SMTP Server Hostname

• SMTP Server Port

• Username

• Password

• Use SSL

If you set this to AWS Simple Email Service, you must set:

• AWS Endpoint

• AWS Access Key

• AWS Secret Key

Corresponds to mms.emailDaoClass.

User Authentication

Username Validation

Type: string

Default: false

Determines if Ops Manager requires usernames to be email addresses.

Value	Description
false	(Default) Username is not required to be an email address.
loose	Username must contain an @ symbol followed by a period.
strict	Username must adhere to a strict email address validation regular expression.

If set to strict, Ops Manager uses the following regular expression to validate that an email address adheres to the requirements described in Section 3 of RFC-3696:

^[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$

Example

jane.smith@example.com is valid. jane.smith@ex@mple.com is not.

To validate usernames, you must add mms.email.validation as a custom property on the Custom tab of the Ops Manager Config page in the Admin interface.

Corresponds to mms.email.validation.

User Authentication Method

Type: string

Default: Application Database

Select whether to store authentication credentials in the Ops Manager Application Database, a SAML IdP, or in an LDAP directory.

Accepted values are:

• Application Database

• LDAP

• SAML

Corresponds to mms.userSvcClass.

The user interface displays different settings depending on whether you store credentials in the Ops Manager Application Database or in an external authentication source.

Multi-Factor Authentication (MFA)

Multi-factor Auth Level

Type: string

Default: OFF

Configures the two-factor authentication "level":

Setting	Description
OFF	Disables two-factor authentication. Ops Manager does not use two-factor authentication.
OPTIONAL	Users can choose to set up two-factor authentication for their Ops Manager account.
REQUIRED_FOR_GLOBAL_ROLES	Users who possess a global role must set up two-factor authentication. Two factor authentication is optional for all other users.
REQUIRED	All users must set up two-factor authentication for their Ops Manager account.

Two-factor authentication is recommended for the security of your Ops Manager deployment.

Warning

If enabling mms.multiFactorAuth.level through the configuration file, you must create a user account first before updating the configuration file. Otherwise, you cannot login to Ops Manager.

Note

If you enable Twilio integration (optional), ensure that Ops Manager servers can access the twilio.com domain.

Corresponds to mms.multiFactorAuth.level.

Multi-factor Auth Allow Reset

Type: boolean

Default: false

When true, Ops Manager allows users to reset their two-factor authentication settings via email in an analogous fashion to resetting their passwords.

To reset two-factor authentication, a user must:

• be able to receive email at the address associated with the user account.

• know the user account's password.

• know the agent API key for each Ops Manager project the user belongs to.

Corresponds to mms.multiFactorAuth.allowReset.

Multi-factor Auth Issuer

Type: string

If Google Authenticator provides two-factor authentication, this string is the issuer in the Google Authenticator app. If left blank, the issuer is the domain name of the Ops Manager installation.

Corresponds to mms.multiFactorAuth.issuer.

Other Authentication Options

ReCaptcha Enabled On Registration

Default: false

Indicator as to you want a new user to validate themselves using reCaptcha validation when they register to use Ops Manager.

Set to true to require reCaptcha validation when a new user registers.

This setting requires a reCaptcha account.

Corresponds to reCaptcha.enabled.registration.

ReCaptcha Enabled On Login

Type: boolean

Default: false

Requirement for users to validate themselves with reCaptcha validation when they log into Ops Manager.

Set to true to require reCaptcha validation when a user logs in.

This setting requires a reCaptcha account.

Corresponds to reCaptcha.enabled.

Session Max Hours

Type: number

Number of hours before a session on the Ops Manager website expires.

Note

Session Max Hours reflects the total Ops Manager session time, not just idle time. Both active and idle sessions expire when Session Max Hours elapses.

Set this value to 0 to use browser session cookies only.

Corresponds to mms.session.maxHours.

New Device Login Notification

Indicator as to the user should be notified that they have logged in from a new device.

Corresponds to mms.login.newDeviceNotification.enabled.

ReCaptcha Public Key

Type: string

ReCaptcha public key associated with your account.

Corresponds to reCaptcha.public.key.

ReCaptcha Private Key

Type: string

ReCaptcha private key associated with your account.

Corresponds to reCaptcha.private.key.

Idle Session Timeout Max Minutes

Type: int

Default: None

The maximum time, in minutes, a session remains open with no user activity. After this time elapses without user activity, Ops Manager logs the user out.

You must set Idle Session Timeout Mode in order to use this setting.

Corresponds to mms.session.idleTimeoutMinutes.

Idle Session Timeout Mode

Type: string

Default: None

Mode of the idle session timeout feature.

Set to "idle" to allow Ops Manager to log out users after a period of inactivity.

The duration of this period of inactivity is determined by the Idle Session Timeout Max Minutes.

Corresponds to mms.session.mode.

Backup Snapshots

File System Store Gzip Compression Level

Type: integer

Default: 6

Determines how much Ops Manager compresses file system-based snapshots. The level ranges from 0 to 9:

• 0 provides no compression.

• 1 to 9 increases the degree of compression at a cost of how fast the snapshot is compressed. Level 1 compresses snapshots the least but at the fastest speed. Level 9 compresses snapshots the most but at the slowest speed.

Note

Changing File System Store Gzip Compression Level affects new snapshots only. It does not affect the compression level of existing snapshots.

Corresponds to backup.fileSystemSnapshotStore.gzip.compressionLevel.

Backup Snapshots Schedule

Snapshot Interval (Hours)

Type: integer

Default: 24

Specifies the time, in hours, between two consecutive snapshots.

Accepted values are:

6, 8, 12, or 24

Corresponds to brs.snapshotSchedule.interval.

Base Retention of Snapshots (in Days)

Type: integer

Default: 2

Specifies how many days an interval snapshot is stored. The accepted values vary depending upon the value of Snapshot Interval (Hours):

Snapshot Interval (Hours)	Accepted Values
< 24	2, 3, 4, or 5.
= 24	2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30.

Corresponds to brs.snapshotSchedule.retention.base.

Daily Retention of Snapshots (in Days)

Type: integer

Default: 0

Specifies how many days a daily snapshot is stored.

Accepted values are:

• No daily retention

• One of the following integers: 3, 4, 5, 6, 7, 15, 30, 60, 90, 120, 180, or 360

Corresponds to brs.snapshotSchedule.retention.daily.

Weekly Retention of Snapshots (in Weeks)

Type: integer

Default: 2

Specifies how many weeks a weekly snapshot is stored.

Accepted values are:

• No weekly retention

• One of the following integers: 1, 2, 3, 4, 5, 6, 7, 8, 12, 16, 20, 24, and 52

Corresponds to brs.snapshotSchedule.retention.weekly.

Monthly Retention of Snapshots (in Months)

Type: integer

Default: 1

Specifies how many months a monthly snapshot is stored.

Accepted values are:

• No monthly retention

• One of the following integers: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 18, 24, 36, 48, 60, 72, or 84

Corresponds to brs.snapshotSchedule.retention.monthly.

Restore Digest Method

Type: string

Default: SHA1

Specifies whether or not to generate a SHA1 checksum for restore archive files.

Accepted values are SHA1 or NONE.

Corresponds to brs.restore.digest.method.

PIT Restore

PIT Window (In Hours)

Type: integer

Default: 24

Duration time in hours when you can restore from a specific point-in-time (PIT).

Corresponds to brs.pitWindowInHours.

KMIP Server Configuration

KMIP Server Host

Type: string

Default: None

Specifies the hostname of a KMIP server.

Starting in MongoDB 4.2.1 (and 4.0.14), you can specify more than one KMIP server in a comma-seperated list.

Important

In MongoDB versions earlier than 4.0.14 or 4.2.1, Ops Manager uses only the first KMIP hostname in a list of KMIP server hostnames.

Corresponds to backup.kmip.server.host.

KMIP Server Port

Type: integer

Default: 5696

Specifies the port of the KMIP server.

Corresponds to backup.kmip.server.port.

KMIP Server CA File

Type: string

Default: /opt/mongodb-mms/classes/kmip_server_test.pem

Specifies a .PEM-format file that contains one or more certificate authorities.

Corresponds to backup.kmip.server.ca.file.

Queryable Snapshot Configuration

Proxy Server Port

Type: integer

Default: 25999

Port for the queryable backup host.

Note

After updating Proxy Server Port, restart the Web Server for the change to take effect.

Corresponds to brs.queryable.proxyPort.

Proxy Server PEM File

Type: string

Default: /etc/mongodb-mms/queryable-backup.pem

Required if using Queryable Snapshot. PEM file that contains the full certificate chain for one or more trusted certificates and the associated private keys.

Proxy Server PEM File has the following restrictions:

• This PEM file must be different than the one used for HTTPS connections to Ops Manager (HTTPS PEM Key File).

• This PEM file should use a key length greater than 512-bit. Using a 2048-bit RSA key is recommended.

• This PEM file should use a message digest stronger than sha1, such as sha256.

Note

After updating Proxy Server PEM File, restart the Web Server for the change to take effect.

Corresponds to brs.queryable.pem.

Proxy Server PEM File Password

Type: string

Required if Proxy Server PEM File is encrypted.

Note

After updating Proxy Server PEM File Password, restart the Web Server for the change to take effect.

Corresponds to brs.queryable.pem.pwd.

Expiration (Hours)

Type: integer

Default: 24

Duration time in hours for a Queryable Snapshop once initiated.

Corresponds to brs.queryable.expiration.

Read Cache Size (MB)

Default: 512

Size (in megabytes) that you allocate from the JVM heap for the global snapshot cache. The global snapshot cache optimizes repeated queries for the same snapshot data to the Queryable Snapshots.

Important

MongoDB does not advise changing this value unless MongoDB support directs you to change it.

Corresponds to brs.queryable.lruCacheCapacityMB.

Queryable Startup Timeout (Seconds)

Default: 60

Number of seconds to wait for the Queryable Snapshot to prepare before timing out.

Corresponds to brs.queryable.mounttimeout.

Mongo Connection Timeout (Seconds)

Default: 30

Number of seconds to wait for a connection to the Queryable Snapshot mongod instance before timing out.

Corresponds to brs.queryable.connecttimeout.

Usage Information Collection

Toggle to On to allow MongoDB, Inc. to collect generic usage information.

HTTP/HTTPS Proxy

Proxy Host

Type: string

Specify the hostname of the HTTP or HTTPS proxy to which you wish to connect.

proxy.example.com

Corresponds to http.proxy.host.

Proxy Port

Type: integer

Specify the port on which you wish to connect to the host. You must specify both the Proxy Port and Proxy Host to use a proxy.

Corresponds to http.proxy.port.

Non Proxy Hosts

Type: string

Specify a pipe-separated (|) list of internal hosts to bypass the outgoing proxy that you configured.

*.foo.com|localhost

Corresponds to http.proxy.nonProxyHosts.

Proxy Username

Type: string

If the proxy requires authentication, use this setting to specify the username with which to connect to the proxy.

Corresponds to http.proxy.username.

Proxy Password

Type: string

If the proxy requires authentication, use this setting to specify the password with which to connect to the proxy.

Corresponds to http.proxy.password.

Twilio Integration

To receive alert notifications via SMS or 2FA code, you must have a Twilio account.

Account SID

Type: string

Twilio account ID.

Corresponds to twilio.account.sid.

Twilio Auth Token

Type: string

Twilio API token.

Corresponds to twilio.auth.token.

Twilio From Number

Type: string

Twilio phone number.

Corresponds to twilio.from.num.

MongoDB Version Management

The following settings determine how Ops Manager knows what MongoDB releases exist and how the MongoDB binaries are supplied to the Ops Manager server. The Automations and Backup Daemons use these binaries when deploying MongoDB.

Installer Download Source

Type: string

Default: remote

You need to select the Source for agents to download MongoDB binaries:

remote	All Agents and Ops Manager hosts download MongoDB binaries from a remote source in the background. An internet connection is required on all hosts. You can specify the remote source for downloading MongoDB binaries with the Base URL field. If you don't, Base URL defaults to mongodb.com and fastdl.mongodb.org.
hybrid	Agents get MongoDB binaries from Ops Manager, which fetches binaries from a remote source. You can specify the remote source for downloading MongoDB binaries with the Base URL field. If you don't, Base URL defaults to mongodb.com and fastdl.mongodb.org.
local	Agents get MongoDB binaries from Ops Manager, which has them on disk. An Ops Manager administrator must provide installers from the MongoDB Download Center and upload them into the Versions Directory. Ops Manager serves the installers to Agent hosts. The Version Manifest must be updated manually. No hosts in the deployment require an internet connection.

Corresponds to automation.versions.source.

Base URL

Type: string

Default: mongodb.com, fastdl.mongodb.org

HTTP(S) endpoint to fetch MongoDB binaries from. If the endpoint is an HTTPS endpoint, the Certificate Authority file specified by httpsCAFile will be used to validate the certificate. If Base URL is unset, the remote URLs for mongodb binaries are mongodb.com and fastdl.mongodb.org.

Corresponds to automation.versions.download.baseUrl.

Versions Directory

Type: string

Default: /opt/mongodb/mms/mongodb-releases/

Specify the directory on the Ops Manager Application server where Ops Manager stores the MongoDB binaries. The Automation accesses the binaries when installing or changing versions of MongoDB on your deployments. If you set Version Manifest Source to run in Local mode, the Backup Daemons also access the MongoDB binaries from this directory. See Configure Deployment to Have Limited Internet Access for more information.

Corresponds to automation.versions.directory.

Backup Versions Auto Download

Type: boolean

Default: True

Flag indicating whether the Backup Daemons automatically install the versions of MongoDB that the Backup Daemons need.

true	The daemons retrieve the binaries from MongoDB Inc. over the internet.
false	Backup Daemons do not have internet access and require that an Ops Manager administrator manually download and extract every archived version of a MongoDB release that the backup daemons need. The administrator must place the extracted binaries into the Versions Directory on the Ops Manager hosts.

Warning

Set to false when Ops Manager is running in Local Mode.

Corresponds to mongodb.release.autoDownload.

Backup Versions Auto Download Enterprise Builds

Type: boolean

Flag indicating whether the Backup Daemons automatically install the Enterprise editions of the versions of MongoDB that the Backup Daemons need. Requires Backup Versions Auto Download be set to true.

Warning

If you plan on running MongoDB Enterprise on Linux hosts, then you must manually install a set of dependencies to each host before installing MongoDB. The MongoDB manual provides the appropriate command to install the dependencies.

See Configure Deployment to Have Limited Internet Access.

Corresponds to mongodb.release.autoDownload.enterprise.

Required Module For Backup

Type: string

Default: Enterprise Preferred

Specifies whether to use MongoDB Community or Enterprise binaries for backup.

Accepted values are:

• Enterprise Preferred

• Enterprise Required

• Community Required

When Enterprise Required or Community Required is selected, Ops Manager only uses those binaries for backup. When Enterprise Preferred is selected, Ops Manager uses Enterprise binaries if available and Community binaries if they are not.

Note

When Enterprise Required is selected, you must either set Backup Versions Auto Download Enterprise Builds to true or manually place Enterprise binaries in the Versions Directory in Local Mode.

Warning

Backup fails when either Enterprise Required or Community Required is selected, but the Versions Directory does not contain the required binary.

Corresponds to mongodb.release.modulePreference.

Default Monitoring Data Retention

Ops Manager gathers metric data at a 10-second granularity. The Default Monitoring Data Retention table determines how long Ops Manager stores metric data. For each increasing granularity level, Ops Manager computes the data based on the averages from the previous granularity level.

The table determines the default settings for new groups. If you change the settings, Ops Manager prompts you whether to also apply the settings to existing groups. To change the settings for a specific group without changing the Ops Manager default settings, see Projects Page.

Increasing the retention period for a granularity requires more storage on the Ops Manager Application Database.

Default Monitoring Data Retention 1 Minute

Type: string

Default: 2 days

Length of time that Ops Manager stores metric data at the minute granularity level. Ops Manager computes the data based on the averages from the hourly granularity level.

The default setting applies to new projects. If you change this settings, Ops Manager prompts you whether to also apply that change to existing projects. To change the settings for a specific project without changing the Ops Manager default settings, see Projects Page.

Accepted values are:

• 2 days

• 14 days

Increasing the retention period for a granularity requires more storage on the Ops Manager Application Database.

Default Monitoring Data Retention 1 Hour

Type: string

Default: 2 months

Length of time that Ops Manager stores metric data at the hourly granularity level. Ops Manager computes the data based on the averages from the daily granularity level.

The default setting applies to new projects. If you change this settings, Ops Manager prompts you whether to also apply that change to existing projects. To change the settings for a specific project without changing the Ops Manager default settings, see Projects Page.

Accepted values are:

• 2 months

• 12 months

Increasing the retention period for a granularity requires more storage on the Ops Manager Application Database.

Default Monitoring Data Retention 1 Day

Type: string

Default: Forever

Length of time that Ops Manager stores metric data at the daily granularity level.

The default setting applies to new projects. If you change this settings, Ops Manager prompts you whether to also apply that change to existing projects. To change the settings for a specific project without changing the Ops Manager default settings, see Projects Page.

Increasing the retention period for a granularity requires more storage on the Ops Manager Application Database.

Alerts

Webhook URL

Corresponds to mms.alerts.webhook.adminEndpoint.

Webhook Secret

Corresponds to mms.alerts.webhook.adminSecret.

Kubernetes Setup

Kubernetes Secret Setup

Type: string

Path to the YAML file that contains your Programmatic API Key as a Kubernetes secret to create or update Kubernetes objects in your Ops Manager project.

This file must be in YAML format and must be stored under /mongodb-ops-manager/ directory.

Corresponds to kubernetes.templates.credentialsFilePath.

Kubernetes ConfigMap Setup

Type: string

Path to the YAML file that contains the ConfigMap to use to link to your Ops Manager project.

This file must be in YAML format and must be stored under /mongodb-ops-manager/ directory.

Corresponds to kubernetes.templates.projectFilePath.

Modifying a Custom Setting

To add a custom setting:

1. Type the setting into the Key box.

2. Type the desired setting value into the Value box.

3. Click Save.