This page describes possible settings for the MongoDB Agent. These values are set after first launching Ops Manager and not through manual editing of these files.
To learn about the Ops Manager settings and their values, see Ops Manager Configuration Settings.
Warning
If you edit authentication or TLS settings through Settings or Deployments in the Ops Manager interface, those changes overwrite any manual changes in this configuration file.
Configuration File & Settings Locations
The location of the MongoDB Agent configuration file is
C:\MMSData\Automation\automation-agent.config.
Note
The MongoDB Agent configuration file is named
automation-agent.config as a way to enable easier upgrades
for those using legacy agents.
The location of the MongoDB Agent configuration file is
/etc/mongodb-mms/automation-agent.config.
Note
The MongoDB Agent configuration file is named
automation-agent.config as a way to enable easier upgrades
for those using legacy agents.
The location of the MongoDB Agent configuration file is
/etc/mongodb-mms/automation-agent.config.
Note
The MongoDB Agent configuration file is named
automation-agent.config as a way to enable easier upgrades
for those using legacy agents.
The location of the MongoDB Agent configuration file is
/path/to/install/local.config.
You can configure additional Monitoring settings and Backup settings through the Ops Manager Console.
MongoDB Agent Settings
- mmsGroupId
- Type: string - Specifies the ID of your Ops Manager project. Find the project ID on the Project Settings page (Settings > Project Settings). - Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting to bind the server to a project. - mmsGroupId=8zvbo2s2asigxvmpnkq5yexf 
- mmsApiKey
- Type: string - Specifies the MongoDB Agent API key of your Ops Manager project. - You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys. - To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab. - Important- When you generate an Agent API Key, Ops Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Ops Manager never displays the full key again. - Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting. - mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem 
- mmsBaseUrl
- Type: string - Specifies the URL of the Ops Manager Application. - mmsBaseUrl=http://example.com:8080 
Logging Settings
- logFile
- Type: string - Specifies the path to which Ops Manager should write the MongoDB Agent's log. - The default path depends on your platform. The MongoDB Agent uses the default filename - automation-agent.logwhether or not the deployment uses Automation.- Important- Automatic rotation of your MongoDB Agent logs only occurs when an update to the log file is made. To manually rotate your MongoDB Agent logs, see Manually Rotate the MongoDB Agent Logs for more information. PlatformDefault Path- Linux - /var/log/mongodb-mms-automation/automation-agent.log- Windows - C:\MMSAutomation\log\mongodb-mms-automation\automation-agent.log- logFile=/path/to/mongodb-mms-automation/automation-agent.log 
- logLevel
- Type: string - Specifies the level of logging granularity. - Warning- The Admin Project Settings for Monitoring Agent Log Level and Automation Agent Log Level override this parameter. - Choose from the following severity levels, from most to least amount of information: - DEBUG
- INFO
- WARN
- ERROR
- FATAL
 - By default, - logLevelis- INFO.- logLevel=ROUTINE - Each level includes the log items included in the succeeding levels. - Example- If you choose - DEBUG, the MongoDB Agent logs all messages, including- INFO,- WARN,- ERRORand- FATAL.
- If you choose - FATAL, the MongoDB Agent only logs- FATALmessages.
 
- maxLogFiles
- Type: integer - Specifies the maximum number of rotated log files to retain. - By default, the value of - maxLogFilesis set to- 10. You can change the value to retain a different number of rotated log files.- maxLogFiles=15 
- maxLogFileDurationHrs
- Type: float - Specifies the number of hours after which the logs are rotated. - Note- Manually Rotate the MongoDB Agent Logs- On UNIX- and Linux-based systems you can manually rotate the MongoDB Agent logs. Issue a - killcommand with the- SIGUSR1signal for the Agent process:- kill -SIGUSR1 <AgentID> - On Windows-based systems, you can manually restart the MongoDB Agent with a Service restart: - Click the Start menu. 
- Search for - services.
- Find the MongoDB Agent. 
- Right-click on the Agent and click Restart. 
 - This rotates the MongoDB Agent logs. 
- maxLogFileSize
- Type: integer - Specifies the maximum size, in bytes, of a log file before the logs are rotated. If unspecified, the MongoDB Agent does not rotate logs based on file size. - By default, the value of - maxLogFileSizeis set to- 268435456bytes. You can change the value to assign a different maximum size for a log file.- maxLogFileSize=536870912 
- maxUncompressedLogFiles
- Type: integer - Specifies the maximum number of rotated log files to keep uncompressed. MongoDB Agent automatically compresses any additional retained log files up to the - maxLogFilesvalue.- By default, the value of - maxUncompressedLogFilesis set to- 2. You can change the value to compress a different number of rotated log files.- maxUncompressedLogFiles=10 
Connection Settings
- dialTimeoutSeconds
- Type: integer - Specifies the number of seconds to wait before a connection times out. By default, connections time out after 40 seconds. However, The MongoDB Agent may frequently time out of connections for one or more of the following reasons: - High network latency 
- High server load 
- Large TLS keys 
- Lack of TLS accelerator 
- Insufficient CPU speed 
 - MongoDB recommends gradually increasing the value of the - dialTimeoutSecondsMongoDB Agent configuration setting to prevent frequent premature connection timeouts.- dialTimeoutSeconds=40 - Note- Increasing this value also increases the time required to deploy configuration changes to the MongoDB Agent. Experiment with small, incremental increases until you determine the optimum value for your deployment. 
HTTP Proxy Settings
Configuration Backup Settings
- mmsConfigBackup
- Type: string - Specifies the path to the Ops Manager configuration backup file. This file describes the desired state of the deployment. - If you don't specify the - mmsConfigBackupsetting, the MongoDB Agent writes the- mongodb-mms-automation-cluster-backup.jsonfile to a temporary folder on the operating system.- If you set - enableLocalConfigurationServerto- true, the MongoDB Agent doesn't write the- mmsConfigBackupfile.- mmsConfigBackup=/path/to/mms-cluster-config-backup.json - Note- When Ops Manager is installed, it stores the configuration backup file is stored in one of the following places, depending on your platform: PlatformConfiguration Backup File Path- Linux - /var/lib/mongodb-mms-automation/- Windows - %SystemDrive%\MMSAutomation
Ops Manager TLS Settings
Specify the settings that the MongoDB Agent uses when communicating with Ops Manager using TLS.
- httpsCAFile
- Type: string - Specifies the absolute path that contains the trusted Certificate Authority certificates in - PEMformat. This certificate verifies that the MongoDB Agent is talking to the designated Ops Manager instance.- httpsCAFile=/path/to/ca.pem - Note- Add the Certificate Authority for the - downloads.mongodb.comcertificate to this- .pemfile if you:- Need your MongoDB Agents to download their MongoDB installers from the Internet, 
- Use TLS to encrypt connections, and 
- Signed your certificates with a private Certificate Authority. (You set the - httpsCAFileoption.)
 - To learn how to download TLS certificates from another web site, see the OpenSSL Cookbook entry. - Important- When Ops Manager starts, it caches the Certificate Authority you provided. If you change your Certificate Authority certificate, restart Ops Manager. 
- sslRequireValidMMSServerCertificates
- Type: boolean - Important- Deprecated. Use - tlsRequireValidMMSServerCertificatesinstead.
- tlsRequireValidMMSServerCertificates
- Type: boolean - Specifies if the MongoDB Agent should validate TLS certificates presented by Ops Manager. - Warning- Setting this option to - falsedisables certificate verification and makes connections between the MongoDB Agent and Ops Manager susceptible to man-in-the-middle attacks. Setting this option to- falseis only recommended for testing purposes.- tlsRequireValidMMSServerCertificates=true 
- sslMMSServerClientCertificate
- Type: string - Important- Deprecated. Use - tlsMMSServerClientCertificateinstead.
- tlsMMSServerClientCertificate
- Type: string - Specifies the path to the file containing the client's private key, certificate, and optional intermediate certificates in - PEMformat. The MongoDB Agent uses the client certificate when connecting to Ops Manager over TLS if Ops Manager requires client certificates, such as when Ops Manager runs with- Client Certificate Modeset to- Required for Agents Onlyor- Required for All Requests.- Tip- To learn how to set - Client Certificate Mode, see Ops Manager Configuration Settings.- The encrypted private key for the - .pemcertificate file must be in PKCS #1 format. The MongoDB Agent doesn't support the PKCS #8 format.- tlsMMSServerClientCertificate=/path/to/client.pem 
- sslMMSServerClientCertificatePassword
- Type: string - Important- Deprecated. Use - tlsMMSServerClientCertificatePasswordinstead.
- tlsMMSServerClientCertificatePassword
- Type: string - Specifies the password needed to decrypt the private key in the - tlsMMSServerClientCertificatefile. This setting is required when the client certificate- PEMfile is encrypted.- The encrypted private key for the - .pemcertificate file must be in PKCS #1 format. The MongoDB Agent doesn't support the PKCS #8 format.- Note- Use the - tlsMMSServerClientCertificatePasswordExecoption instead of- tlsMMSServerClientCertificatePasswordto specify the password from a shell command.- tlsMMSServerClientCertificatePassword=password 
- sslServerClientCertificate
- Type: string - Specifies the path to the file containing the client's private key, certificate, and optional intermediate certificates in - PEMformat. The MongoDB Agent uses the client certificate when connecting to Ops Manager over TLS if Ops Manager requires client certificates, such as when Ops Manager runs with- Client Certificate Modeset to- Required for Agents Onlyor- Required for All Requests.- Tip- See - Client Certificate Modein Ops Manager Configuration Settings for how to specify this setting in the Ops Manager Application.
- See Configure MongoDB Agent to Use TLS to enable TLS connections for the MongoDB Agent. 
 - sslServerClientCertificate=/path/to/client.pem 
- sslServerClientCertificatePassword
- Specifies the password needed to decrypt the private key in the - sslServerClientCertificatefile. This setting is required when the client certificate- PEMfile is encrypted.- sslServerClientCertificatePassword=password 
- sslRequireValidMMSBackupServerCertificate
- Specifies if the MongoDB Agent should validate TLS certificates from Ops Manager. - Warning- Setting this option to - falsedisables certificate verification and makes connections between the MongoDB Agent and Ops Manager susceptible to man-in-the-middle attacks. Setting this option to- falseis only recommended for testing purposes.- sslRequireValidMMSBackupServerCertificate=true 
Push Live Migration Settings
- agentFeatureCloudMigrationEnabled
- Type: boolean - Optional. - Specifies whether the MongoDB Agent on the migration host is configured to run the Live Migration process from a source Ops Manager deployment to a target cluster in Atlas. - This option defaults to - false, which prevents using the MongoDB Agent on this host for Live Migration to Atlas.- To enable the Live Migration process, provision a migration host and set - agentFeatureCloudMigrationEnabledto- true.
Externally Sourced Configuration Settings
- enableLocalConfigurationServer
- Type: boolean - Specifies whether the MongoDB Agent stores MongoDB process configuration files on disk or cached in memory. - This option defaults to - false, which stores the configuration files on disk. Setting this option to- truecaches the configuration in memory.- If you set this option to - true, the MongoDB Agent doesn't write the- mmsConfigBackupfile.- Don't set this option to - trueif your MongoDB databases are running FCV 4.2 or earlier.- Warning- Setting this option to - trueimpacts the availability of your deployment.- When this feature is enabled, the MongoDB Agent doesn't store the MongoDB process configuration on disk. If the Ops Manager app server is unavailable and the MongoDB Agent attempts to restart, then the MongoDB Agent stops running because it doesn't have the necessary configuration information. If a MongoDB process crashes while the MongoDB Agent isn't running, then the MongoDB Agent can't restart the process. - enableLocalConfigurationServer=false 
- keepUnusedMongodbVersions
- Type: boolean - Flag that indicates whether the MongoDB Agent retains unused MongoDB version binaries that it downloads. By default, - keepUnusedMongodbVersionsis false.- keepUnusedMongodbVersions=false 
- localConfigurationServerPort
- Type: integer - Specifies the port to serve the MongoDB process configuration to when using the local configuration server. To set this option, - enableLocalConfigurationServermust be- true.- If unspecified, the MongoDB Agent chooses an available port automatically. - localConfigurationServerPort=20128 
- mmsApiKeyExec
- Type: string - Specifies a shell command to call the Ops Manager agent API key of your Ops Manager project. - mmsApiKeyExec=echo $myKey 
- sslMMSServerClientCertificatePasswordExec
- Type: string - Important- Deprecated. Use - tlsMMSServerClientCertificatePasswordExecinstead.
- tlsMMSServerClientCertificatePasswordExec
- Type: string - Specifies a shell command to call the password needed to decrypt the private key in the - MMSServerClientCertificatefile. Either this setting or- tlsMMSServerClientCertificatePasswordis required when the client certificate- PEMfile is encrypted.- tlsMMSServerClientCertificatePasswordExec=python /path/to/PEMPassword.py 
Transparent Huge Page (THP) Settings
MongoDB Agent allows you to disable Transparent Huge Pages (THP) on a per-process basis to avoid accidental performance degradation. To disable THP, perform the following steps:
- Upgrade the MongoDB Agent version to 108.0.x. 
- Modify the automation config file to include - enableAgentManagingTHPSettings=true.
- Restart the MongoDB Agent and the managed - mongodand- mongosprocesses. You can now enable THP on a system-wide level.- Note- This may generate a false positive start-up warning. 
- (Optional) Upgrade to 8.0. 
- enableAgentManagingTHPSettings
- Type: boolean - Specifies whether the MongoDB Agent manages disabling Transparent Huge Pages (THP) for MongoDB processes. See Disable Transparent Huge Pages (THP) to learn more. - This option defaults to - false.- When set to - true, the MongoDB Agent disables THP on a per-process basis, overriding any OS-level THP settings. This option will only affect deployed- mongodand- mongosprocesses on Linux systems using a MongoDB version earlier than 8.0.- enableAgentManagingTHPSettings=false 
Automation Settings
The following configuration settings are used for authentication in automated clusters.
MongoDB Kerberos Settings
Specify these settings if Automation authenticates to hosts using Kerberos. To configure Kerberos, see Configure the MongoDB Agent for Kerberos.
- krb5ConfigLocation
- Type: string - Specifies an absolute path to an non-system-standard location for the Kerberos configuration file. - krb5ConfigLocation=/path/to/krb_custom.conf - Note- Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent automatically when Kerberos is enabled. If you want to override the location of the Kerberos Credential Cache, you must set the - KRB5CCNAMEenvironment variable to the desired file name and path before running the agent.
Monitoring Settings
Use the Ops Manager interface to configure Monitoring settings.
Log Settings
- In the navigation, click Deployment. 
- Click the Agents tab. 
- Click Downloads & Settings. 
- In the Agent Log Settings section, click next to Monitoring Log Settings. 
- Edit the Monitoring log settings: SettingDefault ValueConsole Suggested Value- Linux Log File Path - /var/log/mongodb-mms-automation/monitoring-agent.log- Windows Log File Path - %SystemDrive%\MMSAutomation\log\mongodb-mms-automation\monitoring-agent.log- Rotate Logs - YES - Size Threshold (MB) - 1000 - Time Threshold (Hours) - 24 - Max Uncompressed Files - 5 - Max Percent of Disk - 2 - Total Number of Log Files - 0 
- Click Save. 
Custom Settings
- In the navigation, click Deployment. 
- Click the Agents tab. 
- Click Downloads & Settings. 
- In the Custom Configuration section, next to Edit Custom Configurations, click . 
- Enter the Monitoring configuration setting and value. 
- Click Save and Close. 
You can configure the following Monitoring settings:
Connection Settings
- mmsGroupId
- Type: string - Specifies the ID of your Ops Manager project. Find the project ID on the Project Settings page (Settings > Project Settings). - Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting to bind the server to a project. - mmsGroupId=8zvbo2s2asigxvmpnkq5yexf 
- mmsApiKey
- Type: string - Specifies the MongoDB Agent API key of your Ops Manager project. - You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys. - To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab. - Important- When you generate an Agent API Key, Ops Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Ops Manager never displays the full key again. - Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Monitoring separately, include this setting. - mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem 
HTTP Proxy Settings
MongoDB Kerberos Settings
Specify these settings if Monitoring authenticates to hosts using Kerberos.
To configure Kerberos, see Configure the MongoDB Agent for Kerberos. The same procedures and requirements apply, only use a different UPN for Monitoring.
Note
Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent
automatically when Kerberos is enabled. If you want to override the
location of the
Kerberos Credential Cache,
you must set the KRB5CCNAME environment variable to the desired
file name and path before running the agent.
- krb5Principal
- Type: string - Specifies the Kerberos principal that Monitoring uses. - krb5Principal=monitoring/myhost@EXAMPLE.COM 
- krb5Keytab
- Type: string - Specifies the absolute path to Kerberos principal's - keytabfile.- krb5Keytab=/path/to/mms-monitoring.keytab 
- krb5ConfigLocation
- Type: string - Specifies the absolute path to an non-system-standard location for the Kerberos configuration file. - krb5ConfigLocation=/path/to/krb_custom.conf 
- gssapiServiceName
- Type: string - Specifies the service name with the - gssapiServiceNamesetting.- By default, MongoDB uses - mongodbas its service name.
MongoDB TLS Settings
Specify these settings when Monitoring connects to MongoDB deployments using TLS.
To learn more, see Configure MongoDB Agent to Use TLS.
- useSslForAllConnections
- Type: boolean - Specifies whether or not to encrypt all connections to MongoDB deployments using TLS. - Important- Setting this to - trueoverrides any per-host TLS settings configured in the Ops Manager interface.
- sslClientCertificate
- Type: string - Specifies the absolute path to the private key, client certificate, and optional intermediate certificates in PEM format. Monitoring uses the client certificate to connect to any configured MongoDB deployment that uses TLS and requires client certificates. (The deployment runs with the --tlsCAFile setting.) - Example- If you want to connect to a MongoDB deployment that uses both TLS and certificate validation using - mongosh:- mongosh --tls --tlsCertificateKeyFile /path/to/client.pem --tlsCAFile /path/to/ca.pem example.net:27017 - You must set these settings in your Custom Settings: - sslTrustedServerCertificates=/path/to/ca.pem - sslClientCertificate=/path/to/client.pem 
- sslClientCertificatePassword
- Type: string - Specifies the password needed to decrypt the private key in the - sslClientCertificatefile. Include this setting if you encrypted the client certificate PEM file.- sslClientCertificatePassword=password 
- sslTrustedServerCertificates
- Type: string - Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with TLS. - sslTrustedServerCertificates=/path/to/ca.pem 
- sslRequireValidServerCertificates
- Type: boolean - Specifies whether Monitoring should validate the TLS certificates that the MongoDB databases present. - sslRequireValidServerCertificates=true - By default, Ops Manager sets - sslRequireValidServerCertificatesto- true. You need a valid trusted certificate to connect to MongoDB instances using TLS.- If MongoDB Agent manages Monitoring, you can't set this option to - false.
- If you configure Monitoring manually, you can set - sslRequireValidServerCertificatesto- false.
- If you set - sslRequireValidServerCertificatesto- false, don't set- sslTrustedServerCertificates. Ops Manager won't verify the certificates.
 - Warning- Changing this setting to - falsedisables certificate verification and makes connections between Monitoring and MongoDB deployments susceptible to man-in-the-middle attacks. Change this setting to- falseonly for testing purposes.
Ops Manager Server TLS Settings
Specify the settings Monitoring use when communicating with Ops Manager using TLS.
- httpsCAFile
- Type: string - Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. Monitoring uses this certificate to verify that the agent can communicate with the designated Ops Manager instance. - By default, Monitoring uses the trusted root Certificate Authorities installed on the host. - If the agent cannot find the trusted root Certificate Authorities, configure these settings manually. - If the Ops Manager instance uses a self-signed TLS certificate, you must specify a - httpsCAFilevalue.- httpsCAFile=/path/to/mms-certs.pem 
- sslRequireValidMMSServerCertificates
- Type: boolean - Specifies if Monitoring should validate TLS certificates from Ops Manager. - Warning- Changing this setting to - falsedisables certificate verification and makes connections between Monitoring and Ops Manager susceptible to man-in-the-middle attacks. Change this setting to- falseonly for testing purposes.
- sslServerClientCertificate
- Type: string - Specifies the path to the file containing the client's private key, certificate, and optional intermediate certificates in PEM format. Monitoring uses the client certificate when connecting to Ops Manager over TLS if Ops Manager requires client certificates, such as when Ops Manager runs with - Client Certificate Modeset to- Required for Agents Onlyor- Required for All Requests.- Tip- To learn how to specify this setting in the Ops Manager Application, see - Client Certificate Modein Ops Manager Configuration Settings.- sslServerClientCertificate=/path/to/client.pem 
- sslServerClientCertificatePassword
- Specifies the password needed to decrypt the private key in the - sslServerClientCertificatefile. Include this setting if you encrypted the client certificate PEM file.- sslServerClientCertificatePassword=password 
Backup Settings
Use the Ops Manager interface to configure Backup settings.
Log Settings
- In the navigation, click Deployment. 
- Click the Agents tab. 
- Click Downloads & Settings. 
- In the Agent Log Settings section, click next to Backup Log Settings. 
- Edit the Backup log settings: SettingDefault ValueConsole Suggested Value- Linux Log File Path - /var/log/mongodb-mms-automation/backup-agent.log- Windows Log File Path - %SystemDrive%\MMSAutomation\log\mongodb-mms-automation\backup-agent.log- Rotate Logs - YES - Size Threshold (MB) - 1000 - Time Threshold (Hours) - 24 - Max Uncompressed Files - 5 - Max Percent of Disk - 2 - Total Number of Log Files - 0 
- Click Save. 
Custom Settings
- In the navigation, click Deployment. 
- Click the Agents tab. 
- Click Downloads & Settings. 
- In the Custom Configuration section, next to Edit Custom Configurations, click . 
- Enter a Backup configuration setting and value. 
- Click Save and Close. 
You can configure the following Backup settings:
Connection Settings
- mmsGroupId
- Type: string - Specifies the ID of your Ops Manager project. Find the project ID on the Project Settings page (Settings > Project Settings). - mmsGroupId=8zvbo2s2asigxvmpnkq5yexf 
- mmsApiKey
- Type: string - Specifies the MongoDB Agent API key of your Ops Manager project. - You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project's agents can use any of the keys. For more information, see Manage Agent API Keys. - To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab. - Important- When you generate an Agent API Key, Ops Manager displays it one time only. You must copy this key. Treat it like a password; store it in a secure place. Ops Manager never displays the full key again. - Ops Manager configures this setting when you install the MongoDB Agent. If you need to configure Backup separately, include this setting. - mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem 
- mothership
- Type: string - Specifies the hostname and port of the Ops Manager Application used by the Backup agent. - Note- Don't include the protocol ( - http://or- https://) in the- mothershipsetting.- mothership=example.com:8080 
- mothershipResponseHeaderTimeout
- Type: integer - Specifies the length of time in seconds Backup waits for the Ops Manager Application to respond. If the MongoDB Agent doesn't get a response, it resets and retries the connection to the Ops Manager Application. This value defaults to - 90seconds.
HTTP Proxy Settings
MongoDB Kerberos Settings
To configure Kerberos, see Configure the MongoDB Agent for Kerberos. The same procedures and requirements apply, only use a different UPN for Backup
Note
Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent
automatically when Kerberos is enabled. If you want to override the
location of the
Kerberos Credential Cache,
you must set the KRB5CCNAME environment variable to the desired
file name and path before running the agent.
- krb5Principal
- Type: string - Specifies the Kerberos principal that Backup uses. - krb5Principal=backup/myhost@EXAMPLE.COM 
- krb5Keytab
- Type: string - Specifies the absolute path to Kerberos principal's keytab file. - krb5Keytab=/path/to/mms-backup.keytab 
- krb5ConfigLocation
- Type: string - Specifies the absolute path to an non-system-standard location for the Kerberos configuration file. - krb5ConfigLocation=/path/to/krb_custom.conf 
- gsapiServiceName
- Type: string - Specifies the service name with the - gsapiServiceNamesetting.- By default, MongoDB uses - mongodbas its service name.
MongoDB TLS Settings
Specify these settings when Backup connects to MongoDB deployments using TLS.
To learn more, see Configure MongoDB Agent to Use TLS.
- sslClientCertificate
- Type: string - Specifies the path to the private key, client certificate, and optional intermediate certificates in PEM format. Backup uses the client certificate when connecting to a MongoDB deployment that uses TLS and requires client certificates. (The deployment runs with the --tlsCAFile setting.) 
- sslClientCertificatePassword
- Type: string - Specifies the password needed to decrypt the private key in the - sslClientCertificatefile. Include this setting if you encrypted the client certificate PEM file.
- sslTrustedServerCertificates
- Type: string - Specifies the path that contains the trusted CA certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with TLS. - sslTrustedServerCertificates=/path/to/mongodb-certs.pem 
- sslRequireValidServerCertificates
- Type: boolean - Specifies if Backup should validate TLS certificates presented by the MongoDB deployments. - Warning- Changing this setting to - falsedisables certificate verification and makes connections between Backup and MongoDB deployments susceptible to man-in-the-middle attacks. Set this setting to- falseonly for testing purposes.
Ops Manager Server TLS Settings
Specify the settings Backup use when communicating with Ops Manager using TLS.
- sslTrustedMMSBackupServerCertificate
- Specifies the absolute path that contains the trusted Certificate Authority certificates in PEM format. Backup uses this certificate to verify that the MongoDB Agent can communicate with the designated Ops Manager instance. - By default, Backup uses the trusted root Certificate Authorities installed on the system. - If Backup cannot find the trusted root Certificate Authorities, configure these settings manually. - If Ops Manager use a self-signed TLS certificate, provide a value for this setting. - sslTrustedMMSBackupServerCertificate=/path/to/mms-certs.pem 
- sslRequireValidMMSBackupServerCertificate
- Specifies if Backup should validate TLS certificates from Ops Manager. - Warning- Changing this setting to - falsedisables certificate verification and makes connections between Backup Agent and Ops Manager susceptible to man-in-the-middle attacks. Change this setting to- falseonly for testing purposes.- sslRequireValidMMSBackupServerCertificate=true 
- sslServerClientCertificate
- Type: string - Specifies the path to the file containing the client's private key, certificate, and optional intermediate certificates in PEM format. Backup uses the client certificate when connecting to Ops Manager over TLS if Ops Manager requires client certificates, such as when Ops Manager runs with - Client Certificate Modeset to- Required for Agents Onlyor- Required for All Requests.- Tip- To learn how to specify this setting in the Ops Manager Application, see - Client Certificate Modein Ops Manager Configuration Settings.- sslServerClientCertificate=/path/to/client.pem 
- sslServerClientCertificatePassword
- Type: string - Specifies the password needed to decrypt the private key in the - sslServerClientCertificatefile. Include this setting if you encrypted the client certificate PEM file.- sslServerClientCertificatePassword=password