MongoDB Ops Manager allows administrators to manage all of their MongoDB infrastructure in one place. Go beyond the "quick start" guide and become an Ops Manager Power User. Learn to automate Ops Manager tasks through the API, how to effectively setup users, groups, and roles for a secure Ops Manager installation, and more. Some previous Ops Manager experience expected.

2. Ops Manager Advanced Administration
Cory Mintz
Michael Benoit

3. LDAP and User Roles

4. LDAP and User Roles
Why Use LDAP Integration?
● Users/groups already centrally managed
o Active Directory
o OpenLDAP
● Complex password policies
● Prevent new users from signing up

5. LDAP and User Roles
Mapping Ops Manager to LDAP
● Login Attribute
○ uid
○ username
○ email address
● Group(s) attribute

6. LDAP and User Roles
Sample LDAP Configuration
mms.ldap.url=ldap://127.0.0.1:389
mms.ldap.bindDn=CN=_search_
mms.ldap.bindPassword=password
mms.ldap.user.baseDn=OU=Users,O=MongoDB
mms.ldap.user.searchAttribute=emailAddress
mms.ldap.user.group=groups

7. LDAP and User Roles
Sample Global Roles Configuration
mms.ldap.global.role.owner (required)
mms.ldap.global.role.automationAdmin
mms.ldap.global.role.backupAdmin
mms.ldap.global.role.monitoringAdmin
mms.ldap.global.role.userAdmin
mms.ldap.global.role.readOnly

8. LDAP and User Roles
Adding Users and Groups
New users can
not register

9. LDAP and User Roles
Adding Users and Groups
Users in baseDN,
but not belonging
to any groups
cannot sign in

10. LDAP and User Roles
Adding Users and Groups
Global User
Admins can
create new
groups

11. Alerts

12. Alerts
Global and System Alerts
ALERTS
SYSTEM ALERTS
Backing Database
Backup Daemons
GLOBAL ALERTS
GROUP ALERTS
Agents Users
Hosts Backups
Clusters

13. Alerts
Global and System Alerts UI

14. Alerts
Global and System Alerts UI

15. Alerts
Webhook Notifications
● Integrate with your internal systems
● POST alert events and state changes
● Same JSON format as Public API’s Alert resource

16. Alerts
Setup a Webhook

17. Alerts
Notify a Webhook

18. Alerts
Anatomy of a Webhook Request
POST /path/to/your/handler HTTP/1.1
Content-Type: application/json
X-MMS-Event: alert.open
X-MMS-Signature: cbd76abcdf4627dfabcd…
...
{
"id": "589bdcfd71735c5d00c9471",
"groupId": "3718c7387c8457287cbdfa83",
"typeName": "AGENT",
"eventTypeName": "MONITORING_AGENT_DOWN",
"status": "OPEN",
"created": "2015-06-01T12:34:56Z",
...
}

19. Alerts
Webhook Handling Example
signature = hmac_digest(request.body, 'Bosco!')
if signature != request.header('X-MMS-Signature'):
exit('Could not validate webhook request')
alert = request.entity
event = request.header('X-MMS-Event')
if event == 'alert.open':
if alert.eventTypeName == 'MONITORING_AGENT_DOWN':
restart_monitoring_agent()
else if event == 'alert.close':
if alert.eventTypeName == 'MONITORING_AGENT_DOWN':
self.pat_on_back()

20. Alerts
Enabling Twilio for SMS
twilio.account.sid=xxxxxxxxxxxxxxxxxxx
twilio.auth.token=yyyyyyyyyyyyyyyyyyy
twilio.from.num=1234567890

21. Alerts
Verifying Twilio
● Send a test SMS message
● Now, you can see additional
SMS notification options

22. Multi-Datacenter Backup

23. Multi-Datacenter Backup
What does Multi-Datacenter mean?
● Geographically distributed corporate owned DCs
● Corporate owned DCs combined with cloud hosted (AWS,
Rackspace, etc.)
● Single DC with several virtual networks

24. Multi-Datacenter Backup
Setup 1: One Instance
All Ops Manager components in a single DC
Pros
● Fewest Ops Manager Components
● Easier to get started
● Easier to maintain
Cons
● Bandwidth costs between DCs
● Restores need to go over network
● All groups on a single set of hardware

25. Multi-Datacenter Backup
Setup 1: Diagram

26. Multi-Datacenter Backup
Setup 2: Multiple Instances
Pros
● Each instance still simple to setup
● Less bandwidth use
● Restores local
Cons
● Multiple systems to manage
● Duplicated configuration
● More upgrades

27. Multi-Datacenter Backup
Setup 2: Diagram

28. Multi-Datacenter Backup
Setup 3: One Instance w/ Group Pinning
● The best of both world
● Single Ops Manager instance
● Backup “stack” in each DC
● Pin each Ops Manager group to a “stack”

29. Multi-Datacenter Backup
Setup 3: Diagram

30. Multi-Datacenter Backup
Setup 3: UI

31. Multi-Datacenter Backup
Setup 3: UI

32. Public API

33. Public API
Overview
● RESTful interface to Ops Manager features
● Must be enabled for each group
● Users have API keys
● HTTP Digest Authentication
● JSON throughout (pretty printing optional)
● Access to certain endpoints is restricted to an IP whitelist

34. Public API
Step 1. Enable

35. Public API
Step 2. Keys and Whitelist

36. Public API
Step 3. Code!
// Script to pull a backup of the last snapshot using the Ops Manager Public API
groupId = 'cbdf73827d0c0a9d9c4d6623'
// Get a list of clusters
clusters = api_get('${groupId}/clusters')
// Find the cluster entity for the replica set named myReplSet
myReplSet = clusters.find_first( c -> c.replicaSetName == 'myReplSet' )
// Get all snapshots for the cluster
snapshots = api_get('${groupId}/clusters/${myReplSet.id}/snapshots')
// The last one is the most recent
lastSnapshot = snapshots[snapshots.length - 1]

37. Public API
Step 3. Code!
// Create a restore job for the last snapshot
// NOTE: a replica set only creates one restore job
restoreJobs = api_post(
'${groupId}/clusters/${myReplSet.id}/restoreJobs',
{ 'snapshotId': lastSnapshot.id } )
restoreJob = restoreJobs[0]
// Poll every 30 seconds until the restore job status is FINISHED
do {
sleep(30)
restoreJob = api_get(
'${groupId}/clusters/${myReplSet.id}/restoreJobs/${restoreJob.id}'
} while (restoreJob.statusName != 'FINISHED')

38. Public API
Step 3. Code!
// Restore ready, so download the .tar.gz file
http_get(restoreJob.delivery.url, 'myReplSet.tar.gz')
// Get the hash and verify the integrity of the downloaded file
restoreJob = api_get(
'${groupId}/clusters/${myReplSet.id}/restoreJobs/${restoreJob.id}')
serverHash = restoreJob.hashes[0].hash
myHash = sha1_hash('myReplSet.tar.gz')
assert(serverHash == myHash)
// Restore succeeded!
// Now uncompress it, shutdown mongod, copy data files, and restart

39. Thank You!