Configure Queryable Backups for Ops Manager Resources
On this page
- Prerequisites
- Procedure
- Configure
kubectlto default to your namespace. - Create the PEM file for backups.
- Create a secret containing the PEM file.
- Configure Ops Manager custom resource to use the secret.
- Save your Ops Manager config file.
- Apply changes to your Ops Manager deployment.
- Track the status of the mounted volumes and Secrets.
- Disable Queryable Backups
- Update the Ops Manager custom resource.
- Save your Ops Manager custom resource.
- Apply the changes to your Ops Manager custom resource.
- Navigate to the Ops Manager backup settings.
- Delete the PEM file
- Restart the Web Server for the change to take effect.
You can configure queryable backups for Ops Manager resources that you deploy in the Kubernetes Operator.
Note
In the Ops Manager documentation, queryable backups are also referred to as queryable snapshots, or queryable restores.
Queryable backups allow you to run queries on specific backup snapsnots from your Ops Manager resources. Querying Ops Manager backups helps you compare data from different snapshots and identify the best snapshot to use for restoring data.
In the following procedure you:
Create the queryable.pem file that holds the certificates for accessing the backup snapshots that you intend to query.
Create the secret containing the queryable.pem file.
Configure an Ops Manager custom resource to use the secret for queryable backups.
Save the Ops Manager custom resource configuration and apply it.
Once the Kubernetes Operator deploys the updated configuration for its custom
resource, Ops Manager can read the secret from the spec.backup.queryableBackupSecretRef.name
parameter. You can now access the backup snapshots and run queries on them.
Prerequisites
Before you configure queryable backups, complete the following tasks:
Configure Backup Settings for the Ops Manager Resource. In the linked procedures, see the steps for configuring backups.
Procedure
Configure kubectl to default to your namespace.
If you have not already, run the following command to execute all
kubectl commands in the namespace you created.
Note
If you are deploying an Ops Manager resource in a multi-Kubernetes cluster MongoDB deployment:
Set the
contextto the name of the central cluster, such as:kubectl config set context "$MDB_CENTRAL_CLUSTER_FULL_NAME".Set the
--namespaceto the same scope that you used for your multi-Kubernetes cluster MongoDB deployment, such as:kubectl config --namespace "mongodb".
kubectl config set-context $(kubectl config current-context) --namespace=<metadata.namespace>
Create the PEM file for backups.
Create the Ops Manager queryable.pem file that you will use for accessing and querying backups based on your deployment's TLS requirements. The PEM file contains a public key certificate and its associated private key that are needed to access and run queries on backup snapshots in Ops Manager.
To learn more about the PEM file's requirements, see Authorization and Authentication Requirements in Ops Manager.
Create a secret containing the PEM file.
Run the following command to create a secret with the queryable.pem file that you created in the previous step:
kubectl create secret generic queryable-pem --from-file=./queryable.pem
If you're using HashiCorp Vault as your secret storage tool, you can Create a Vault Secret instead.
To learn about your options for secret storage, see Configure Secret Storage.
Configure Ops Manager custom resource to use the secret.
Configure spec.backup.queryableBackupSecretRef.name to
reference the queryable.pem
secret.
1 apiVersion: mongodb.com/v1 2 kind: MongoDBOpsManager 3 metadata: 4 name: ops-manager 5 spec: 6 replicas: 1 7 version: 6.0.0 8 adminCredentials: ops-manager-admin-secret 9 backup: 10 enabled: true 11 queryableBackupSecretRef: 12 name: om-queryable-pem
Apply changes to your Ops Manager deployment.
Invoke the following kubectl command on the filename of the
Ops Manager resource definition:
kubectl apply -f <opsmgr-resource>.yaml
When you apply the changes to your Ops Manager resource definition, Kubernetes updates the Ops Manager StatefulSet, creates the volumes, and mounts the Secrets.
Track the status of the mounted volumes and Secrets.
Obtain the list of persistent volume claims:
kubectl get pvc Obtain the Secrets:
kubectl get secrets Check the status of your Ops Manager resources:
kubectl get om <resource-name> -o yaml -w The
-wflag means "watch". With the "watch" flag set, the output refreshes immediately when the configuration changes until the status phase achieves theRunningstate.To learn more about the resource deployment statuses, see Troubleshoot the Kubernetes Operator.
After you configure queryable backups, you can query them to select the best backup snapshot to use for restoring data.
Disable Queryable Backups
If you require all containers in your MongoDB deployment to be fully static, disable queryable backups as a best practice. This is so the Backup Daemon Service doesn't attempt to download the MongoDB binaries from Ops Manager. Downloading binaries undermines the immutable nature of static containers and is only possible with non-static containers. To learn more, see Static Containers (Public Preview).
To disable queryable backups:
Update the Ops Manager custom resource.
In the MongoDBOpsManager custom resource,
set spec.configuration.mms.featureFlag.backup.queryable
and spec.configuration.mms.featureFlag.backup.wt.queryable
to disabled.
1 apiVersion: mongodb.com/v1 2 kind: MongoDBOpsManager 3 metadata: 4 name: opsmgr-resource 5 spec: 6 configuration: 7 mms.featureFlag.backup.wt.queryable: "disabled" 8 mms.featureFlag.backup.queryable: "disabled"
Delete the PEM file
Navigate to the Queryable Snapshot Configuration section and
delete the Proxy Server PEM File.