Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Advanced Ops Manager Topics

1,823 views

Published on

MongoDB Ops Manager allows administrators to manage all of their MongoDB infrastructure in one place. Go beyond the "quick start" guide and become an Ops Manager Power User. Learn to automate Ops Manager tasks through the API, how to effectively setup users, groups, and roles for a secure Ops Manager installation, and more. Some previous Ops Manager experience expected.

Published in: Technology
  • I've reconditioned 17 batteries with EZ Battery Reconditioning. I was curious about your program so I decided to try it out after hearing from a friend how well this worked for her. I'm so glad I did! I've reconditioned 17 batteries with EZ Battery Reconditioning, even an old car battery I thought was long gone. My son likes using your program too! This is a skill everybody should know! Thank you, Tom and Frank. ■■■ http://ishbv.com/ezbattery/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Advanced Ops Manager Topics

  1. 1. Ops Manager Advanced Administration Cory Mintz Michael Benoit
  2. 2. LDAP and User Roles
  3. 3. LDAP and User Roles Why Use LDAP Integration? ● Users/groups already centrally managed o Active Directory o OpenLDAP ● Complex password policies ● Prevent new users from signing up
  4. 4. LDAP and User Roles Mapping Ops Manager to LDAP ● Login Attribute ○ uid ○ username ○ email address ● Group(s) attribute
  5. 5. LDAP and User Roles Sample LDAP Configuration mms.ldap.url=ldap://127.0.0.1:389 mms.ldap.bindDn=CN=_search_ mms.ldap.bindPassword=password mms.ldap.user.baseDn=OU=Users,O=MongoDB mms.ldap.user.searchAttribute=emailAddress mms.ldap.user.group=groups
  6. 6. LDAP and User Roles Sample Global Roles Configuration mms.ldap.global.role.owner (required) mms.ldap.global.role.automationAdmin mms.ldap.global.role.backupAdmin mms.ldap.global.role.monitoringAdmin mms.ldap.global.role.userAdmin mms.ldap.global.role.readOnly
  7. 7. LDAP and User Roles Adding Users and Groups New users can not register
  8. 8. LDAP and User Roles Adding Users and Groups Users in baseDN, but not belonging to any groups cannot sign in
  9. 9. LDAP and User Roles Adding Users and Groups Global User Admins can create new groups
  10. 10. Alerts
  11. 11. Alerts Global and System Alerts ALERTS SYSTEM ALERTS Backing Database Backup Daemons GLOBAL ALERTS GROUP ALERTS Agents Users Hosts Backups Clusters
  12. 12. Alerts Global and System Alerts UI
  13. 13. Alerts Global and System Alerts UI
  14. 14. Alerts Webhook Notifications ● Integrate with your internal systems ● POST alert events and state changes ● Same JSON format as Public API’s Alert resource
  15. 15. Alerts Setup a Webhook
  16. 16. Alerts Notify a Webhook
  17. 17. Alerts Anatomy of a Webhook Request POST /path/to/your/handler HTTP/1.1 Content-Type: application/json X-MMS-Event: alert.open X-MMS-Signature: cbd76abcdf4627dfabcd… ... { "id": "589bdcfd71735c5d00c9471", "groupId": "3718c7387c8457287cbdfa83", "typeName": "AGENT", "eventTypeName": "MONITORING_AGENT_DOWN", "status": "OPEN", "created": "2015-06-01T12:34:56Z", ... }
  18. 18. Alerts Webhook Handling Example signature = hmac_digest(request.body, 'Bosco!') if signature != request.header('X-MMS-Signature'): exit('Could not validate webhook request') alert = request.entity event = request.header('X-MMS-Event') if event == 'alert.open': if alert.eventTypeName == 'MONITORING_AGENT_DOWN': restart_monitoring_agent() else if event == 'alert.close': if alert.eventTypeName == 'MONITORING_AGENT_DOWN': self.pat_on_back()
  19. 19. Alerts Enabling Twilio for SMS twilio.account.sid=xxxxxxxxxxxxxxxxxxx twilio.auth.token=yyyyyyyyyyyyyyyyyyy twilio.from.num=1234567890
  20. 20. Alerts Verifying Twilio ● Send a test SMS message ● Now, you can see additional SMS notification options
  21. 21. Multi-Datacenter Backup
  22. 22. Multi-Datacenter Backup What does Multi-Datacenter mean? ● Geographically distributed corporate owned DCs ● Corporate owned DCs combined with cloud hosted (AWS, Rackspace, etc.) ● Single DC with several virtual networks
  23. 23. Multi-Datacenter Backup Setup 1: One Instance All Ops Manager components in a single DC Pros ● Fewest Ops Manager Components ● Easier to get started ● Easier to maintain Cons ● Bandwidth costs between DCs ● Restores need to go over network ● All groups on a single set of hardware
  24. 24. Multi-Datacenter Backup Setup 1: Diagram
  25. 25. Multi-Datacenter Backup Setup 2: Multiple Instances Pros ● Each instance still simple to setup ● Less bandwidth use ● Restores local Cons ● Multiple systems to manage ● Duplicated configuration ● More upgrades
  26. 26. Multi-Datacenter Backup Setup 2: Diagram
  27. 27. Multi-Datacenter Backup Setup 3: One Instance w/ Group Pinning ● The best of both world ● Single Ops Manager instance ● Backup “stack” in each DC ● Pin each Ops Manager group to a “stack”
  28. 28. Multi-Datacenter Backup Setup 3: Diagram
  29. 29. Multi-Datacenter Backup Setup 3: UI
  30. 30. Multi-Datacenter Backup Setup 3: UI
  31. 31. Public API
  32. 32. Public API Overview ● RESTful interface to Ops Manager features ● Must be enabled for each group ● Users have API keys ● HTTP Digest Authentication ● JSON throughout (pretty printing optional) ● Access to certain endpoints is restricted to an IP whitelist
  33. 33. Public API Step 1. Enable
  34. 34. Public API Step 2. Keys and Whitelist
  35. 35. Public API Step 3. Code! // Script to pull a backup of the last snapshot using the Ops Manager Public API groupId = 'cbdf73827d0c0a9d9c4d6623' // Get a list of clusters clusters = api_get('${groupId}/clusters') // Find the cluster entity for the replica set named myReplSet myReplSet = clusters.find_first( c -> c.replicaSetName == 'myReplSet' ) // Get all snapshots for the cluster snapshots = api_get('${groupId}/clusters/${myReplSet.id}/snapshots') // The last one is the most recent lastSnapshot = snapshots[snapshots.length - 1]
  36. 36. Public API Step 3. Code! // Create a restore job for the last snapshot // NOTE: a replica set only creates one restore job restoreJobs = api_post( '${groupId}/clusters/${myReplSet.id}/restoreJobs', { 'snapshotId': lastSnapshot.id } ) restoreJob = restoreJobs[0] // Poll every 30 seconds until the restore job status is FINISHED do { sleep(30) restoreJob = api_get( '${groupId}/clusters/${myReplSet.id}/restoreJobs/${restoreJob.id}' } while (restoreJob.statusName != 'FINISHED')
  37. 37. Public API Step 3. Code! // Restore ready, so download the .tar.gz file http_get(restoreJob.delivery.url, 'myReplSet.tar.gz') // Get the hash and verify the integrity of the downloaded file restoreJob = api_get( '${groupId}/clusters/${myReplSet.id}/restoreJobs/${restoreJob.id}') serverHash = restoreJob.hashes[0].hash myHash = sha1_hash('myReplSet.tar.gz') assert(serverHash == myHash) // Restore succeeded! // Now uncompress it, shutdown mongod, copy data files, and restart
  38. 38. Thank You!

×