Navigation
This version of the documentation is archived and no longer supported.

mongooplog

On this page

New in version 2.2.

Synopsis

mongooplog is a simple tool that polls operations from the replication oplog of a remote server, and applies them to the local server. This capability supports certain classes of real-time migrations that require that the source server remain online and in operation throughout the migration process.

Typically this command will take the following form:

mongooplog  --from mongodb0.example.net --host mongodb1.example.net

This command copies oplog entries from the mongod instance running on the host mongodb0.example.net and duplicates operations to the host mongodb1.example.net. If you do not need to keep the --from host running during the migration, consider using mongodump and mongorestore or another backup operation, which may be better suited to your operation.

Note

If the mongod instance specified by the --from argument is running with authentication, then mongooplog will not be able to copy oplog entries.

Options

mongooplog
--help

Returns information on the options and use of mongooplog.

--verbose, -v

Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the -v form by including the option multiple times, (e.g. -vvvvv.)

--quiet

Runs the mongooplog in a quiet mode that attempts to limit the amount of output.

This option suppresses:

  • connection accepted events
  • connection closed events
--version

Returns the mongooplog release number.

--host <hostname><:port>, -h <hostname><:port>

Specifies a resolvable hostname for the mongod instance to which mongooplog will apply oplog operations retrieved from the server specified by the --from option.

By default mongooplog attempts to connect to a MongoDB instance running on the localhost on port number 27017.

To connect to a replica set, specify the replica set name and a seed list of set members. Use the following form:

<replSetName>/<hostname1><:port>,<hostname2><:port>,<...>

You can always connect directly to a single MongoDB instance by specifying the host and port number directly.

--port

Specifies the port number of the mongod instance where mongooplog will apply oplog entries. Specify this option only if the MongoDB instance to connect to is not running on the standard port of 27017. You may also specify a port number using the --host command.

--ipv6

Enables IPv6 support and allows the mongooplog to connect to the MongoDB instance using an IPv6 network. All MongoDB programs and processes disable IPv6 support by default.

--ssl

New in version 2.6.

Enables connection to a mongod or mongos that has TLS/SSL support enabled.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslCAFile <filename>

New in version 2.6.

Specifies the .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using relative or absolute paths.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

Warning

If the mongo shell or any other tool that connects to mongos or mongod is run without --sslCAFile, it will not attempt to validate server certificates. This results in vulnerability to expired mongod and mongos certificates as well as to foreign processes posing as valid mongod or mongos instances. Ensure that you always specify the CA file against which server certificates should be validated in cases where intrusion is a possibility.

--sslPEMKeyFile <filename>

New in version 2.6.

Specifies the .pem file that contains both the TLS/SSL certificate and key. Specify the file name of the .pem file using relative or absolute paths.

This option is required when using the --ssl option to connect to a mongod or mongos that has CAFile enabled without weakCertificateValidation.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslPEMKeyPassword <value>

New in version 2.6.

Specifies the password to de-crypt the certificate-key file (i.e. --sslPEMKeyFile). Use the --sslPEMKeyPassword option only if the certificate-key file is encrypted. In all cases, the mongooplog will redact the password from all logging and reporting output.

If the private key in the PEM file is encrypted and you do not specify the --sslPEMKeyPassword option, the mongooplog will prompt for a passphrase. See SSL Certificate Passphrase.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslCRLFile <filename>

New in version 2.6.

Specifies the .pem file that contains the Certificate Revocation List. Specify the file name of the .pem file using relative or absolute paths.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslAllowInvalidCertificates

New in version 2.6.

Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the allowInvalidCertificates setting, MongoDB logs as a warning the use of the invalid certificate.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslFIPSMode

New in version 2.6.

Directs the mongooplog to use the FIPS mode of the installed OpenSSL library. Your system must have a FIPS compliant OpenSSL library to use the --sslFIPSMode option.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--username <username>, -u <username>

Specifies a username with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --password and --authenticationDatabase options.

--password <password>, -p <password>

Specifies a password with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --username and --authenticationDatabase options.

If you do not specify an argument for --password, mongooplog will prompt interactively for a password on the console.

--authenticationDatabase <dbname>

New in version 2.4.

Specifies the database that holds the user’s credentials.

--authenticationMechanism <name>

Default: MONGODB-CR

New in version 2.4.

Changed in version 2.6: Added support for the PLAIN and MONGODB-X509 authentication mechanisms.

Specifies the authentication mechanism the mongooplog instance uses to authenticate to the mongod or mongos.

Value Description
MONGODB-CR MongoDB challenge/response authentication.
MONGODB-X509 MongoDB TLS/SSL certificate authentication.
PLAIN External authentication using LDAP. You can also use PLAIN for authenticating in-database users. PLAIN transmits passwords in plain text. This mechanism is available only in MongoDB Enterprise.
GSSAPI External authentication using Kerberos. This mechanism is available only in MongoDB Enterprise.
--gssapiServiceName

New in version 2.6.

Specify the name of the service using GSSAPI/Kerberos. Only required if the service does not use the default name of mongodb.

This option is available only in MongoDB Enterprise.

--gssapiHostName

New in version 2.6.

Specify the hostname of a service using GSSAPI/Kerberos. Only required if the hostname of a machine does not match the hostname resolved by DNS.

This option is available only in MongoDB Enterprise.

--dbpath <path>

Specifies a directory, containing MongoDB data files, to which mongooplog will apply operations from the oplog of the database specified with the --from option.

When used, the --dbpath option enables mongo to attach directly to local data files and write data without a running mongod instance.

To run with --dbpath, mongooplog needs to restrict access to the data directory: as a result, no mongod can be access the same path while the process runs.

--directoryperdb

When used in conjunction with the corresponding option in mongod, allows the mongooplog to access data from MongoDB instances that use an on-disk format where every database has a distinct directory. This option is only relevant when specifying the --dbpath option.

--journal

Enables the durability journal to ensure data files remain valid and recoverable. This option applies only when you specify the . The mongooplog enables journaling by default on 64-bit builds of versions after 2.0.

--db <database>, -d <database>

The --db option and its alias -d are inoperative.

--collection <collection>, -c <collection>

The --collection option and its alias -c are inoperative.

--seconds <number>, -s <number>

Specify a number of seconds of operations for mongooplog to pull from the remote host. Unless specified the default value is 86400 seconds, or 24 hours.

--from <host[:port]>

Specify the host for mongooplog to retrieve oplog operations from. mongooplog requires this option.

Unless you specify the --host option, mongooplog will apply the operations collected with this option to the oplog of the mongod instance running on the localhost interface connected to port 27017.

--oplogns <namespace>

Specify a namespace in the --from host where the oplog resides. The default value is local.oplog.rs, which is the where replica set members store their operation log. However, if you’ve copied oplog entries into another database or collection or are pulling oplog entries from a master-slave deployment, use --oplogns to apply oplog entries stored in another location. Namespaces take the form of [database].[collection].

Use

Consider the following prototype mongooplog command:

mongooplog  --from mongodb0.example.net --host mongodb1.example.net

Here, entries from the oplog of the mongod running on port 27017. This only pull entries from the last 24 hours.

Use the --seconds argument to capture a greater or smaller amount of time. Consider the following example:

mongooplog  --from mongodb0.example.net --seconds 172800

In this operation, mongooplog captures 2 full days of operations. To migrate 12 hours of oplog entries, use the following form:

mongooplog  --from mongodb0.example.net --seconds 43200

For the previous two examples, mongooplog migrates entries to the mongod process running on the localhost interface connected to the 27017 port. mongooplog can also operate directly on MongoDB’s data files if no mongod is running on the target host. Consider the following example:

mongooplog  --from mongodb0.example.net --dbpath /srv/mongodb --journal

Here, mongooplog imports oplog operations from the mongod host connected to port 27017. This migrates operations to the MongoDB data files stored in the /srv/mongodb directory. Additionally mongooplog will use the durability journal to ensure that the data files remain valid.

←   bsondump mongoimport  →