Automation Configuration Parameters
On this page
- OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.
- The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.
Note
Groups and projects are synonymous terms. Your {PROJECT-ID}
is the
same as your project id. For existing groups, your group/project id
remains the same. This page uses the more familiar term group when
referring to descriptions. The endpoint remains as stated in the
document.
This page describes the parameters that comprise the automation configuration.
To review additional examples, see mms-api-examples.
Configuration Version
This lists the version of the automation configuration.
"version" : "<integer>"
Name | Type | Necessity | Description |
---|---|---|---|
version | integer | Required | Revision of this automation configuration file. |
Download Base
Cloud Manager downloads automatic versions and runs starting scripts in the directory set in options.downloadBase.
"options" : { "downloadBase" : "<string>", }
Name | Type | Necessity | Description |
---|---|---|---|
options | object | Required | Path for automatic downloads of new versions. |
options.downloadBase | string | Required | Directory on Linux and UNIX platforms for
automatic version downloads and startup scripts. |
MongoDB Versions Specifications
The mongoDbVersions[n]
array defines specification objects for
the MongoDB instances found in the processes
array. Each
MongoDB instance in the processes
array must have a
specification object in this array.
1 "mongoDbVersions[n]" : [ 2 { 3 "name" : "<string>", 4 "builds" : [ 5 { 6 "platform" : "<string>", 7 "url" : "<string>", 8 "gitVersion" : "<string>", 9 "modules" : [ "<string>", ... ], 10 "architecture" : "<string>", 11 "bits" : "<integer>", 12 "win2008plus" : "<Boolean>", 13 "winVCRedistUrl" : "<string>", 14 "winVCRedistOptions" : [ "<string>", ... ], 15 "winVCRedistDll" : "<string>", 16 "winVCRedistVersion" : "<string>" 17 }, 18 ... 19 ], 20 }, 21 ... 22 ]
Name | Type | Necessity | Description |
---|---|---|---|
mongoDbVersions[n] | array of objects | Required | Specification objects for the MongoDB instances found in the
processes array. Each MongoDB instance in processes must
have a specification object in mongoDbVersions[n]. |
mongoDbVersions[n].name | string | Required | Name of the specification object. The specification object is
attached to a MongoDB instance through the instance's
processes.version parameter in this configuration. |
mongoDbVersions[n].builds[k] | array of objects | Required | Builds available for this MongoDB instance. |
mongoDbVersions[n].builds[k].platform | string | Required | Platform for this MongoDB instance. |
mongoDbVersions[n].builds[k].url | string | Required | URL from which to download MongoDB for this instance. |
mongoDbVersions[n].builds[k].gitVersion | string | Required | Commit identifier that identifies the state of the code used
to build the MongoDB process. The MongoDB buildInfo command returns the gitVersion
identifier. |
mongoDbVersions[n].builds[k].modules | array | Required | List of modules for this version. Corresponds to the modules
parameter that the buildInfo command returns. |
mongoDbVersions[n].builds[k].architecture | string | Required | Processor's architecture. Cloud Manager accepts amd64 or
ppc64le. |
mongoDbVersions[n].builds[k].bits | integer | Deprecated | Processor's bus width. Don't remove or make modifications to
this parameter. |
mongoDbVersions[n].builds[k].win2008plus | Boolean | Optional | Set to true if this is a Windows build that requires either
Windows 7 later or Windows Server 2008 R2 or later. |
mongoDbVersions[n].builds[k].winVCRedistUrl | string | Optional | URL from which the required version of the Microsoft Visual
C++ redistributable can be downloaded. |
mongoDbVersions[n].builds[k].winVCRedistOptions | array of strings | Optional | String values that list the command-line options to be specified
when running the Microsoft Visual C++ redistributable installer.
Each command-line option is a separate string in the array. |
mongoDbVersions[n].builds[k].winVCRedistDll | string | Optional | Name of the Microsoft Visual C++ runtime DLL file that the agent
checks to determine if a new version of the Microsoft Visual C++
redistributable is needed. |
mongoDbVersions[n].builds[k].winVCRedistVersion | string | Optional | Minimum version of the Microsoft Visual C++ runtime DLL that
must be present to skip over the installation of the Microsoft
Visual C++ redistributable. |
Automation
agentVersion specifies the version of the MongoDB Agent.
Note
While you can update the MongoDB Agent version through this configuration property, you should use the Update Agent Versions endpoint to ensure your versions are up to date.
"agentVersion" : { "name" : "<string>", "directoryUrl" : "<string>" }
Name | Type | Necessity | Description |
---|---|---|---|
agentVersion | object | Optional | Version of the MongoDB Agent to run. If the running version
does not match this setting, the MongoDB Agent downloads the
specified version, shuts itself down, and starts the new
version. |
agentVersion.name | string | Optional | Desired version of the MongoDB Agent. |
agentVersion.directoryUrl | string | Optional | URL from which to download the MongoDB Agent. |
MongoDB Processes
The processes array determines the configuration of your MongoDB instances. Using this array, you can:
Restore an instance.
Start an initial sync process on one or more MongoDB instances.
1 "processes": [{ 2 "<args>": {}, 3 "alias": "<string>", 4 "authSchemaVersion": "<integer>", 5 "backupRestoreUrl": "<string>", 6 "cluster": "<string>", 7 "defaultRWConcern": { 8 "defaultReadConcern": { 9 "level": "<string>" 10 }, 11 "defaultWriteConcern": { 12 "j": "<boolean>", 13 "w": "<string>", 14 "wtimeout": "<integer>" 15 } 16 } 17 "disabled": "<Boolean>", 18 "featureCompatibilityVersion": "<string>", 19 "hostname": "<string>", 20 "lastCompact" : "<dateInIso8601Format>", 21 "lastRestart" : "<dateInIso8601Format>", 22 "lastResync" : "<dateInIso8601Format>", 23 "lastKmipMasterKeyRotation" : "<dateInIso8601Format>", 24 "logRotate": { 25 "sizeThresholdMB": "<number>", 26 "timeThresholdHrs": "<integer>", 27 "numUncompressed": "<integer>", 28 "percentOfDiskspace": "<number>", 29 "numTotal": "<integer>" 30 }, 31 "manualMode": "<Boolean>", 32 "name": "<string>", 33 "numCores": "<integer>", 34 "processType": "<string>", 35 "version": "<string>" 36 }]
Name | Type | Necessity | Description |
---|---|---|---|
processes | array | Required | |
processes[n].args2_6 | object | Required | MongoDB configuration object for MongoDB versions 2.6 and later. The |
processes[n].alias | string | Optional | Hostname alias (often a DNS CNAME) for the host on which the
process runs. If an alias is specified, the MongoDB Agent prefers
this alias over the hostname specified in processes.hostname
when connecting to the host. You can also specify this alias in
replicaSets.host and sharding.configServer. |
processes[n].authSchemaVersion | integer | Required | Schema version of the user credentials for MongoDB database users. This should match all other elements of the processes array that belong to the same cluster.
To learn more, see Upgrade to SCRAM-SHA-1 in the MongoDB 3.0 release notes. |
processes[n].backupRestoreUrl | string | Optional | Delivery URL for the restore. Cloud Manager sets this when creating a
restore. To cancel an in-progress restore operation, set this
option to To learn more, see Automate Backup Restoration through the API. |
processes[n].cluster | string | Conditional | |
defaultRWConcern.defaultReadConcern.level | string | Optional | Consistency and isolation properties set for the data read from replica sets and replica set shards. MongoDB Atlas accepts the following values:
|
defaultRWConcern.defaultWriteConcern.j | boolean | Optional | Flag that indicates whether the write acknowledgement must be
written to the
on-disk journal. |
defaultRWConcern.defaultWriteConcern.w | string | Optional | Desired number of mongod instances that must acknowledge a write operation in a replica sets and replica set shards. MongoDB Atlas accepts the following values:
|
defaultRWConcern.defaultWriteConcern.wtimeout | number | Optional | Desired time limit for the write concern
expressed in milliseconds. Set this value when you set
defaultRWConcern.defaultWriteConcern.w to a value greater
than 1. |
processes[n].disabled | Boolean | Optional | Flag that indicates if this process should be shut down. Set to
true to shut down the process. |
processes[n].featureCompatibilityVersion | string | Required | Version of MongoDB with which this process has feature compatibility. Changing this value can enable or disable certain features that persist data incompatible with MongoDB versions earlier or later than the featureCompatibilityVersion you choose.
To learn more, see setFeatureCompatibilityVersion. |
processes[n].hostname | string | Required | Name of the host that serves this process. This defaults to
localhost. |
processes[n].lastCompact | string | Optional | Timestamp in ISO 8601 date and time format in UTC when Cloud Manager last reclaimed free space on a cluster's disks. During certain operations, MongoDB might move or delete data but it doesn't free the currently unused space. Cloud Manager reclaims the disk space in a rolling fashion across members of the replica set or shards. To reclaim this space:
To remove any ambiguity as to when you intend to reclaim the
space on the cluster's disks, specify a time zone with your
ISO 8601 timestamp. For example, to set
processes.lastCompact
to 28 January 2021 at 2:43:52 PM US Central Standard Time, use
|
processes[n].lastRestart | string | Optional | Timestamp in ISO 8601 date and time format in UTC when Cloud Manager last restarted this process. If you
set this parameter to the current timestamp, Cloud Manager forces a
restart of this process after you upload this configuration.
If you set this parameter for multiple processes in the same
cluster, the Cloud Manager restarts the selected processes in a rolling
fashion across members of the replica set or shards. |
processes[n].lastResync | string | Optional | Timestamp in ISO 8601 date and time format in UTC of the last initial sync process that Cloud Manager performed on the node. To trigger the init sync process on the node immediately, set this value to the current time as an ISO 8601 timestamp. WARNING: Use this parameter with caution. During
initial sync, Automation removes the entire
contents of the node's If you set this parameter:
To learn more, see Initial Sync. |
processes[n].lastKmipMasterKeyRotation | string | Optional | Timestamp in ISO 8601 date and time format in UTC when Cloud Manager last rotated the master KMIP key. If
you set this parameter to the current timestamp, Cloud Manager rotate the key after you upload this configuration. |
processes[n].logRotate | object | Optional | MongoDB configuration object for rotating the MongoDB logs of a
process. |
processes[n].logRotate.
numTotal | integer | Optional | Total number of log files that Cloud Manager retains. If you don't set
this value, the total number of log files defaults to 0.
Cloud Manager bases rotation on your other processes.logRotate
settings. |
processes[n].logRotate.
numUncompressed | integer | Optional | Maximum number of total log files to leave uncompressed,
including the current log file. The default is 5. |
processes[n].logRotate.
percentOfDiskspace | number | Optional | Maximum percentage of total disk space that Cloud Manager can use to store the log files expressed as decimal. If this limit is exceeded, Cloud Manager deletes compressed log files until it meets this limit. Cloud Manager deletes the oldest log files first. The default is 0.02. |
processes[n].logRotate.
sizeThresholdMB | number | Required | Maximum size in MB for an individual log file before Cloud Manager
rotates it. Cloud Manager rotates the log file immediately if it meets
the value given in either this sizeThresholdMB or the
processes.logRotate.timeThresholdHrs limit. |
processes[n].logRotate.
timeThresholdHrs | integer | Required | Maximum duration in hours for an individual log file before the next rotation. The time is since the last rotation. Cloud Manager rotates the log file once the file meets either this timeThresholdHrs or the processes.logRotate.sizeThresholdMB limit. |
processes[n].manualMode | Boolean | Optional | Flag that indicates if MongoDB Agent automates this process.
|
processes[n].name | string | Required | Unique name to identify the instance. |
processes[n].numCores | integer | Optional | Number of cores that Cloud Manager should bind to this process. The
MongoDB Agent distributes processes across the cores as evenly as
possible. |
processes[n].processType | string | Required | |
processes[n].version | string | Required | Name of the mongoDbVersions specification used with this
instance. |
Cluster Wide
clusterWideConfigurations specifies the parameters to set across a replica set or sharded cluster without requiring a rolling restart.
1 "clusterWideConfigurations" : { 2 "<replicaSetID/clusterName>": { 3 "changeStreamOptions": { 4 "preAndPostImages": { 5 "expireAfterSeconds": <integer> 6 } 7 } 8 } 9 }
Name | Type | Necessity | Description |
---|---|---|---|
replicaSetID/clusterName | object | Optional | The change stream options to apply to the replica set or sharded
cluster. MongoDB Agent only checks if this configuration is in a
valid JSON format but doesn't check the values for correctness. |
changeStreamOptions.preAndPostImages.expireAfterSeconds | number | Required | Retention policy of change stream pre- and post-images in seconds. If you omit the value, the cluster retains the pre- and post-images until it removes the corresponding change stream events from the oplog. If you remove this value, MongoDB Agent only removes this parameter from its automation configuration, but not from the server. To learn more, see changeStreamOptions. |
Replica Sets
The replicaSets array defines each replica set's configuration. This field is required for deployments with replica sets.
1 "replicaSets": 2 [ 3 { 4 "_id": "<string>", 5 "protocolVersion": "<string>", 6 "members": 7 [ 8 { 9 "_id": "<integer>", 10 "host": "<string>", 11 "arbiterOnly": "<boolean>", 12 "buildIndexes": "<boolean>", 13 "hidden": "<boolean>", 14 "priority": "<number>", 15 "tags": "<object>", 16 "secondaryDelaySecs": "<integer>", 17 "votes": "<number>" 18 },{ 19 "_id": "<integer>", 20 "host": "<string>", 21 "arbiterOnly": "<boolean>", 22 "buildIndexes": "<boolean>", 23 "hidden": "<boolean>", 24 "priority": "<number>", 25 "tags": "<object>", 26 "secondaryDelaySecs": "<integer>", 27 "votes": "<number>" 28 },{ 29 "_id": "<integer>", 30 "host": "<string>", 31 "arbiterOnly": "<boolean>", 32 "buildIndexes": "<boolean>", 33 "hidden": "<boolean>", 34 "priority": "<number>", 35 "tags": "<object>", 36 "secondaryDelaySecs": "<integer>", 37 "votes": "<number>" 38 } 39 ], 40 "force": 41 { 42 "currentVersion": "<integer>" 43 } 44 } 45 ]
Name | Type | Necessity | Description |
---|---|---|---|
replicaSets | array | Optional | Configuration of each replica set. The MongoDB Agent uses the values in this array to create valid replica set configuration documents. The agent regularly checks that replica sets are configured correctly. If a problem occurs, the agent reconfigures the replica set according to its configuration document. The array can contain the following top-level fields from a replica set configuration document: _id; version; and members. To learn more, see replSetGetConfig. |
replicaSets[n]._id | string | Required | The name of the replica set. |
replicaSets[n].protocolVersion | string | Optional | Protocol version
of the replica set. |
replicaSets[n].members | array | Optional | Objects that define each member of the replica set. The members.host field must specify the host To learn more, see replSetGetConfig and replSetGetConfig. |
replicaSets[n].members[m]._id | integer | Optional | Any positive integer that indicates the member of the replica
set. |
replicaSets[n].members[m].host | string | Optional | Hostname, and port number when applicable, that serves this
replica set member. |
replicaSets[n].members[m].arbiterOnly | boolean | Optional | Flag that indicates whether this replica set member acts as an
arbiter. |
replicaSets[n].members[m].buildIndexes | boolean | Optional | Flag that indicates whether the mongod process builds indexes
on this replica set member. |
replicaSets[n].members[m].hidden | boolean | Optional | Flag that indicates whether the replica set allows this member to
accept read operations. |
replicaSets[n].members[m].priority | number | Optional | Relative eligibility for Cloud Manager to select this replica set member
as a primary. Larger number increase eligibility. This value can
be between 0 and 1000, inclusive for data-bearing nodes.
Arbiters can have values of 0 or 1. |
replicaSets[n].members[m].tags | object | Optional | List of user-defined labels and their values applied to this
replica set member. |
replicaSets[n].members[m].secondaryDelaySecs | integer | Optional | Amount of time in seconds that this replica set memberr should
lag behind the primary. |
replicaSets[n].members[m].votes | number | Optional | Quantity of votes this replica set member can cast for a replica
set election. All data bearing nodes can have 0 or 1 votes.
Arbiters always have 1 vote. |
replicaSets[n].force | object | Optional | Instructions to the MongoDB Agent to force a replica set to use the Configuration Version specified in replicaSets.force.CurrentVersion. With this object, the MongoDB Agent can force a replica set to accept a new configuration to recover from a state in which a minority of its members are available. |
replicaSets[n].force.currentVersion | integer | Optional | Configuration Version that the MongoDB Agent forces the replica set to use. Set to -1 to force a replica set to accept a new configuration. WARNING: Forcing a replica set reconfiguration might lead to a rollback of majority-committed writes. Proceed with caution. Contact MongoDB Support if you have questions about the potential impacts of this operation. |
Sharded Clusters
The sharding array defines the configuration of each sharded cluster. This parameter is required for deployments with sharded clusters.
1 "sharding" : [ 2 { 3 "managedSharding" : <boolean>, 4 "name" : "<string>", 5 "configServerReplica" : "<string>", 6 "collections" : [ 7 { 8 "_id" : "<string>", 9 "key" : [ 10 [ "shard key" ], 11 [ "shard key" ], 12 ... 13 ], 14 "unique" : <boolean> 15 }, 16 ... 17 ], 18 "shards" : [ 19 { 20 "_id" : "<string>", 21 "rs" : "<string>", 22 "tags" : [ "<string>", ... ] 23 }, 24 ... 25 ], 26 "tags" : [ 27 { 28 "ns" : "<string>", 29 "min" : [ 30 { 31 "parameter" : "<string>", 32 "parameterType" : "<string>", 33 "value" : "<string>" 34 } 35 ], 36 "max" : [ 37 { 38 "parameter" : "<string>", 39 "parameterType" : "<string>", 40 "value" : "<string>" 41 } 42 ], 43 "tag" : "<string>" 44 }, 45 ... 46 ] 47 }, 48 ... 49 ]
Name | Type | Necessity | Description | |||||
---|---|---|---|---|---|---|---|---|
sharding | array of objects | Optional | Objects that define the configuration of each
sharded cluster. Each object in the array contains the
specifications for one cluster. The MongoDB Agent regularly
checks each cluster's state against the specifications. If the
specification and cluster don't match, the agent will change the
configuration of the cluster, which might cause the balancer to
migrate chunks. | |||||
sharding.managedSharding | boolean | Conditional | Flag that indicates whether Cloud Manager Automation manages all
sharded collections
and tags in the deployment | |||||
sharding.name | string | Conditional | Name of the cluster. This must correspond with the value in
processes.cluster for a mongos . | |||||
sharding.configServerReplica | string | Conditional | Name of the config server replica set. You can add this array parameter if your config server runs as a replica set. If you run legacy mirrored config servers that don't run as a replica set, use sharding.configServer. | |||||
sharding.configServer | array of strings | Conditional | Names of the config server hosts. The host names match the names used in each host's processes.name parameter. IMPORTANT: MongoDB 3.4 removes support for mirrored config servers. If your sharded cluster runs MongoDB 3.4 or later, use sharding.configServerReplica. | |||||
sharding.collections | array of objects | Conditional | Objects that define the sharded collections
and their shard keys. | |||||
sharding.collections._id | string | Conditional | namespace of the sharded collection. The namespace
is the combination of the database name and the name of the
collection. For example, testdb.testcoll. | |||||
sharding.collections.key | array of arrays | Conditional | Collection's shard keys. It contains:
| |||||
sharding.collections.unique | boolean | Conditional | Flag that indicates whether MongoDB
enforces uniqueness for the shard key. | |||||
sharding.shards | array of objects | Conditional | Cluster's shards. | |||||
sharding.shards._id | string | Conditional | Name of the shard. | |||||
sharding.shards.rs | string | Conditional | Name of the shard's replica set. This is specified in the
replicaSets._id parameter. | |||||
sharding.shards.tags | array of strings | Conditional | Zones assigned to this shard. You can add this array parameter if you use zoned sharding. | |||||
sharding.tags | array of objects | Conditional | Definition of zones for
zoned sharding. Each object in
this array defines a zone and configures the shard key range
for that zone. | |||||
sharding.tags.ns | string | Conditional | Namespace of the collection that uses zoned
sharding. The namespace combines the database name and the name
of the collection. For example: testdb.testcoll . | |||||
sharding.tags.min | array | Conditional | Minimum value of the shard key range. Specify the field name, field type, and value in a document of the following form.
To use a compound shard key, specify each field in a separate document, as shown in the example after this table. For more information on shard keys, see Shard Keys in the MongoDB manual. | |||||
sharding.tags.max | array | Conditional | Maximum value of the shard key range. Specify the field name, field type, and value in a document of the following form.
To use a compound shard key, specify each field in a separate document, as shown in the example after this table. For more information on shard keys, see Shard Keys in the MongoDB manual. | |||||
sharding.tags.tag | string | Conditional | Name of the zone associated
with the shard key range specified by sharding.tags.min and
sharding.tags.max. |
Example
The sharding.tags Array with Compound Shard Key
The following example configuration defines a compound shard key range with a min value of { a : 1, b : ab } and a max value of { a : 100, b : fg }. The example defines the range on the testdb.test1 collection and assigns it to zone zone1.
1 "tags" : [ 2 { 3 "ns" : "testdb.test1", 4 "min" : [ 5 { 6 "parameter" : "a", 7 "parameterType" : "integer", 8 "value" : "1" 9 }, 10 { 11 "parameter" : "b", 12 "parameterType" : "string", 13 "value" : "ab" 14 } 15 ], 16 "max" : [ 17 { 18 "parameter" : "a", 19 "parameterType" : "integer", 20 "value" : "100" 21 }, 22 { 23 "parameter" : "b", 24 "parameterType" : "string", 25 "value" : "fg" 26 } 27 ], 28 "tag" : "zone1" 29 } 30 ]
Cluster Balancer
The balancer object is optional and defines balancer settings for each cluster.
1 "balancer": { 2 "<clusterName1>": {}, 3 "<clusterName2>": {}, 4 ... 5 }
Name | Type | Necessity | Description |
---|---|---|---|
balancer | object | Optional | Parameters named according to clusters, each parameter
containing an object with the desired balancer settings for the
cluster. The object uses the stopped and activeWindow
parameters, as described in the procedure to schedule the
balancing window in
this tutorial
in the MongoDB manual. |
Authentication
Cloud Manager doesn't require the auth
object. This object defines
authentication-related settings.
1 { 2 "auth": { 3 "authoritativeSet": "<boolean>", 4 "autoUser": "<string>", 5 "autoPwd": "<string>", 6 "disabled": "<boolean>", 7 "deploymentAuthMechanisms": ["<string>", "<string>"], 8 "autoAuthMechanisms": ["<string>"], 9 "key": "<string>", 10 "keyfile": "<string>", 11 "newAutoPwd": "<string>", 12 "newKey": "<string>", 13 "usersDeleted": [{ 14 "user": "<string>", 15 "dbs": ["<string>", "<string>"] 16 }], 17 "usersWanted": [{ 18 "authenticationRestrictions": [{ 19 "clientSource": ["(IP | CIDR range)", "(IP | CIDR range)"], 20 "serverAddress": ["(IP | CIDR range)", "(IP | CIDR range)"] 21 }], 22 "db": "<string>", 23 "initPwd": "<string>", 24 "otherDBRoles": { 25 "<string>": ["<string>", "<string>"] 26 }, 27 "roles": [{ 28 "db": "<string>", 29 "role": "<string>" 30 }], 31 "pwd": "<string>", 32 "user": "<string>" 33 }] 34 } 35 }
Name | Type | Necessity | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
auth | object | Optional | Defines authentication-related settings. If you omit this parameter, skip the rest of this section. | ||||||||||||
auth.authoritativeSet | boolean | Conditional | Sets whether or not Cloud Manager enforces a consistent set of managed MongoDB users and roles in all managed deployments in the project.
auth.authoritativeSet defaults to false. Required if "auth" : true. | ||||||||||||
auth.autoUser | string | Conditional | Username that the Automation uses when connecting to an instance. Required if "auth" : true. | ||||||||||||
auth.autoPwd | string | Conditional | Password that the Automation uses when connecting to an instance. Required if "auth" : true. | ||||||||||||
auth.disabled | boolean | Optional | Flag indicating if auth is disabled. If not specified,
disabled defaults to false. | ||||||||||||
auth.deploymentAuthMechanisms | array of strings | Conditional | Lists the supported authentication mechanisms for the processes in the deployment. Required if "auth" : true. Specify:
| ||||||||||||
auth.autoAuthMechanisms | array of strings | Conditional | Sets the authentication mechanism used by the Automation. If not specified, disabled defaults to false. Required if "auth" : true. This parameter contains more than one element only when it's configured for both SCRAM-SHA-1 and SCRAM-SHA-256. Specify:
| ||||||||||||
auth.key | string | Conditional | Contents of the key file that Cloud Manager uses to authenticate to the MongoDB processes. Required if "auth" : true and "auth.disabled" : false. If you change the auth.key value, you must change the auth.keyfile value. | ||||||||||||
auth.keyfile | string | Conditional | Path and name of the key file that Cloud Manager uses to authenticate to the MongoDB processes. Required if "auth" : true and "auth.disabled" : false. If you change the auth.keyfile value, you must change the auth.key value. | ||||||||||||
auth .newAutoPwd | string | Optional | New password that the Automation uses when connecting to an instance. To rotate passwords without losing the connection:
You can set this option only when you include SCRAM-SHA-1 or SCRAM-SHA-256 as one of the authentication mechanisms for the Automation in auth.autoAuthMechanisms. | ||||||||||||
auth.newKey | string | Optional | Contents of a new key file that you want Cloud Manager to use to authenticate to the MongoDB processes. When you set this option, Cloud Manager rotates the key that the application uses to authenticate to the MongoDB processes in your deployment. When all MongoDB Agents use the new key, Cloud Manager replaces the value of auth.key with the new key that you provided in auth.newKey and removes auth.newKey from the automation configuration. | ||||||||||||
auth.usersDeleted | array of objects | Optional | Objects that define the authenticated users to be deleted from
specified databases or from all databases. This array must
contain auth.usersDeleted.user and
auth.usersDeleted.dbs. | ||||||||||||
auth.usersDeleted[n].user | string | Optional | Username of user that Cloud Manager should delete. | ||||||||||||
auth.usersDeleted[n].dbs | array of strings | Optional | List the names of the databases from which Cloud Manager should delete
the authenticated user. | ||||||||||||
auth.usersWanted | array of objects | Optional | Contains objects that define authenticated users to
add to specified databases. Each object must have the
auth.usersWanted[n].db, auth.usersWanted[n].user, and
auth.usersWanted[n].roles parameters, and then have exactly one
of the following parameters: auth.usersWanted[n].pwd,
auth.usersWanted[n].initPwd, or
auth.usersWanted[n].userSource. | ||||||||||||
auth.usersWanted[n].db | string | Conditional | Database to which to add the user. | ||||||||||||
auth.usersWanted[n].user | string | Conditional | Name of the user that Cloud Manager should add. | ||||||||||||
auth.usersWanted[n].roles | array | Conditional | List of the roles to be assigned to the user
from the user's database, which is specified in
auth.usersWanted[n].db. | ||||||||||||
auth.usersWanted[n].pwd | string | Conditional | 32-character hex SCRAM-SHA-1 hash of the password currently assigned to the user. Cloud Manager doesn't use this parameter to set or change a password. Required if:
| ||||||||||||
auth.usersWanted[n].initPwd | string | Conditional | Cleartext password that you want to assign to the user. Required if:
| ||||||||||||
auth.usersWanted[n].userSource | string | Deprecated | No longer supported. | ||||||||||||
auth.usersWanted[n].otherDBRoles | object | Optional | If you assign the user's database "auth.usersWanted[n].db" :
"admin", then you can use this object to assign the user roles
from other databases as well. The object contains key-value
pairs where the key is the name of the database and the value is
an array of string values that list the roles be assigned from
that database. | ||||||||||||
auth.usersWanted[n].authenticationRestrictions | array of documents | Optional | Authentication restrictions that the host enforces on the user. WARNING: If a user inherits multiple roles with incompatible authentications restrictions, that user becomes unusable. For example, if a user inherits one role in which the | ||||||||||||
auth.usersWanted[n].authenticationRestrictions[k].clientSource | array of strings | Conditional | If present when authenticating a user, the host verifies that
the given list contains the client's IP address CIDR range. If
the client's IP address is not present, the host does not
authenticate the user. | ||||||||||||
auth.usersWanted[n].authenticationRestrictions[k].serverAddress | array of strings | Conditional | Comma-separated array of IP addresses to which the client can
connect. If present, the host verifies that Cloud Manager accepted the
client's connection from an IP address in the given array. If
the connection was accepted from an unrecognized IP address, the
host doesn't authenticate the user. |
LDAP
The ldap
object enables LDAP authorization. This
object is optional. To learn more, see Enable LDAP Authentication for your Cloud Manager Project.
"ldap": { "servers": "<host>:<port>, <host>:<port>", "timeoutMS": "<time>", "bindMethod": "<sasl/simple>", "bindSaslMechanisms": "<sasl-mechanism>, <sasl-mechanism>", "bindQueryUser": <ldap-dn>", "bindQueryPassword": "<password>", "userCacheInvalidationPeriod": "<interval>", "authzQueryTemplate": "<rfc-4516-url>", "userToDNMapping": [ { "match": "<ECMAScript-regex>", "<substition/ldapQuery>": "<DN-string/RFC4516-encoded-LDAP-query>" } ] }
Name | Type | Necessity | Description |
---|---|---|---|
ldap | object | Optional | Object that contains the settings to enable and configure LDAP
authorization. |
ldap.servers | string | Conditional | Comma-separated string that contains one or more LDAP servers
in <host>:<port> format to execute queries against. You can
use setParameter to configure this setting on a running
system. For LDAP authorization, you must specify this setting. |
ldap.timeoutMS | long | Optional | Amount of time in milliseconds that MongoDB waits for an LDAP
server to respond to a request before timing out. You can use
setParameter to configure this setting on a running system.
By default, MongoDB times out after ten seconds. |
ldap.bindMethod | string | Optional | Human-readable string that indicates whether to use simple
authentication or an SASL protocol to authenticate itself. You
can specify simple or sasl . By default, MongoDB uses
simple authentication. |
ldap.bindSaslMechanisms | string | Optional | String that contains a comma-separated list of SASL mechanisms
for MongoDB to attempt authentication against the LDAP
server while binding. By default, MongoDB uses DIGEST-MD5 to
bind. |
ldap.bindQueryUser | string | Conditional | LDAP entity domain name that MongoDB binds as when it connects
to an LDAP server. You can use setParameter to configure
this setting on a running system. For MongoDB to bind with
authentication credentials, you must specify this setting. |
ldap.bindQueryPassword | string | Conditional | Password that MongoDB binds with when it connects to an LDAP
server. You can use setParameter to configure this setting
on a running system. For MongoDB to bind with a password, you
must specify this setting. |
ldap.userCacheInvalidationPeriod | integer | Optional | Interval that MongoDB waits between user cache flushes. When the
external user cache is flushed, the next operation that an
LDAP authorized user makes requires a reaquisition of roles.
If you specify a high value, you might decrease the load on
your LDAP servers and increase the amount of time needed to
synchronize MongoDB roles with LDAP group membership. By
default, MongoDB waits 30 seconds between cache flushes. |
ldap.authzQueryTemplate | string | Conditional | RFC 4516 formatted URL of the LDAP query to
execute to obtain LDAP groups relative to the ldap.server
setting. In this URL, the placeholder token string {USER}
is replaced with the acquired user domain name. You can use
setParameter to configure this setting on a running system.
For LDAP authorization, you must specify this setting. |
ldap.userToDNMapping | array | Optional | JSON-formatted array that contains the ordered transformations
that MongoDB applies to authenticate MongoDB user names to match
their domain names. You can specify this setting if you use an
alternate authentication method, or if the user name passed to
MongoDB for authentication doesn't match the LDAP domain name.
You can use setParameter to configure this setting on a
running system. By default, MongoDB uses user names as the
domain names for automatic LDAP authorization. |
TLS
The tls
object enables TLS for encrypting connections. This
object is optional.
"tls" : { "CAFilePath" : "<string>" }
Name | Type | Necessity | Description |
---|---|---|---|
tls | object | Optional | Enables TLS for encrypting connections. To use TLS, choose a package that supports TLS. All platforms that support MongoDB Enterprise also support TLS. |
tls.CAFilePath | string | Conditional | Absolute file path to the certificate used to authenticate
through TLS. Required if you set
tls.clientCertificateMode. |
tls.clientCertificateMode | string | Conditional | Declaration as to whether connections to Cloud Manager require a TLS
certificate. Cloud Manager accepts OPTIONAL and REQUIRE.
Required if you set tls.CAFilePath. |
MongoDB Roles
The roles
array is optional and describes user-defined roles.
1 "roles" : [ 2 { 3 "role" : "<string>", 4 "db" : "<string>", 5 "privileges" : [ 6 { 7 "resource" : { ... }, 8 "actions" : [ "<string>", ... ] 9 }, 10 ... 11 ], 12 "roles" : [ 13 { 14 "role" : "<string>", 15 "db" : "<string>" 16 } 17 ] 18 "authenticationRestrictions" : [ 19 { 20 "clientSource": [("<IP>" | "<CIDR range>"), ...], 21 "serverAddress": [("<IP>" | "<CIDR range>"), ...] 22 }, ... 23 ] 24 }, 25 ... 26 ]
Name | Type | Necessity | Description |
---|---|---|---|
roles | array of objects | Optional | Roles and privileges that MongoDB has assigned to a cluster's
user-defined roles. Each object describes a different
user-defined role. Objects in this array contain the same fields
as documents in the system roles collection, except for the _id
field. |
roles[n].role | string | Conditional | Name of the user-defined role. |
roles[n].db | string | Conditional | Database to which the user-defined role belongs. |
roles[n].privileges | array of documents | Conditional | Privileges this role can perform. |
roles[n].privileges[k].resource | string | Conditional | Specifies the resources upon which the privilege actions
apply. |
roles[n].privileges[k].actions | string | Conditional | Actions permitted on the resource. To learn more, see Privilege Actions. |
roles[n].roles | array of documents | Conditional | Roles from which this role inherits
privileges. |
roles[n].authenticationRestrictions | array of documents | Optional | Authentication restrictions that the MongoDB server enforces on this role. WARNING: If a user inherits multiple roles with incompatible authentications restrictions, that user becomes unusable. For example, if a user inherits one role in which the |
roles[n].authenticationRestrictions[k].clientSource | array of strings | Conditional | If present, when authenticating a user, the MongoDB server
verifies that the client's IP address is either in the given
list or belongs to a CIDR range in the list. If the client's
IP address is not present, the MongoDB server does not
authenticate the user. |
roles[n].authenticationRestrictions[k].serverAddress | array of strings | Conditional | Comma-separated array of IP addresses to which the client can
connect. If present, the MongoDB server verifies that it
accepted the client's connection from an IP address in the given
array. If the MongoDB server accepts a connection from an
unrecognized IP address, the MongoDB server does not
authenticate the user. |
Kerberos
The kerberos object is optional and defines a kerberos service name used in authentication.
"kerberos": { "serviceName": "<string>" }
Name | Type | Necessity | Description |
---|---|---|---|
kerberos | object | Optional | Key-value pair that defines the kerberos service name
agents use to authenticate via kerberos. |
kerberos.serviceName | string | Required | Label that sets:
|
Indexes
The indexConfigs array is optional and defines indexes to be built for specific replica sets.
1 "indexConfigs": [{ 2 "key": [ 3 ["<string>", "<value>"] 4 ], 5 "rsName": "<string>", 6 "dbName": "<string>", 7 "collectionName": "<string>", 8 "collation": { 9 "locale": "<string>", 10 "caseLevel": <boolean>, 11 "caseFirst": "<string>", 12 "strength": <number>, 13 "numericOrdering": <boolean>, 14 "alternate": "<string>", 15 "maxVariable": "<string>", 16 "normalization": <boolean>, 17 "backwards": <boolean> 18 }, 19 "options": { 20 "<key>": "<value>" 21 } 22 }]
Name | Type | Necessity | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
indexConfigs | array of objects | Optional | Specific indexes to be built for specific replica sets. | |||||||||
indexConfigs.key | array of arrays | Required | Keys in the index. This "array of arrays" contains a single
array if the index has just one key. | |||||||||
indexConfigs.rsName | string | Required | Replica set on which MongoDB builds the index. | |||||||||
indexConfigs.dbName | string | Required | Database that MongoDB indexes. | |||||||||
indexConfigs.collectionName | string | Required | Collection that MongoDB indexes. | |||||||||
indexConfigs.collation | object | Optional | Language-specific rules to use when sorting and matching strings if the index uses collation. If you include the indexConfigs.collation object, you must include the indexConfigs.collation.locale parameter. All other parameters are optional. If you don't include the indexConfigs.collation object, the index can't include collation. | |||||||||
indexConfigs.collation.locale | string | Required | Locale that the ICU defines. The MongoDB Server Manual lists the supported locales in its Collation Locales and Default Parameters section. To specify simple binary comparison, set this value to simple. | |||||||||
indexConfigs.collation.caseLevel | boolean | Optional | Flag that indicates how the index uses case comparison. If you set this parameter to true, the index uses case comparison. This parameter applies only if you set indexConfigs.collation.strength to 1 or 2. To learn more, see Collation. | |||||||||
indexConfigs.collation.caseFirst | string | Optional | Sort order of case differences during tertiary level comparisons. The MongoDB Server Manual lists the possible values in its Collation section. | |||||||||
indexConfigs.collation.strength | number | Optional | Level of comparison to perform. Corresponds to ICU Comparison Levels. The MongoDB Server Manual lists the possible values in its Collation section. | |||||||||
indexConfigs.collation.numericOrdering | boolean | Optional | Flag that indicates how to compare numeric strings.
The default is false. To learn more, see Collation. | |||||||||
indexConfigs.collation.alternate | string | Optional | Setting that determines how collation should consider whitespace and punctuation as base characters during comparisons. The MongoDB Server Manual lists the possible values in its Collation section. | |||||||||
indexConfigs.collation.maxVariable | string | Optional | Characters the index can ignore. This parameter applies only if indexConfigs.collation.alternate is set to shifted. The MongoDB Server Manual lists the possible values in its Collation section. | |||||||||
indexConfigs.collation.normalization | boolean | Optional | Flag that indicates if the text should be normalized. If you set this parameter to true, collation:
To learn more, see Collation. | |||||||||
indexConfigs.collation.backwards | boolean | Optional | Flag that indicates how the index should handle diacritic strings. To learn more, see Collation. | |||||||||
indexConfigs.options | document | Required | Index options that the MongoDB Go Driver
supports. |