Docs Home → MongoDB Ops Manager
Manage S3-Compatible Oplog Storage
On this page
Throughout the lifecycle of a backup, MongoDB Agent tails the oplog of each replica set and sends new oplog entries to Ops Manager. The Agent sends the oplog entries in compressed bundles of approximately 10 MB in size called oplog slices. These oplog slices are stored in one or more MongoDB databases called oplog stores. Every Ops Manager deployment needs at least one oplog store.
When you enable backups, Ops Manager prompts you to create your first oplog store. This can be a local oplog store or an S3-compatible oplog store. Once you create the first oplog store, you manage it separately from your snapshot stores. You can create additional oplog stores.
This tutorial covers creating additional S3-compatible oplog stores to store oplog entries. Like any MongoDB instance, an S3-compatible oplog store can exist on any host running MongoDB and S3-compatible storage bucket (without subfolders) that the Ops Manager application can access.
Considerations
Requires a Dedicated Bucket
Ops Manager must be the only manager on the S3-compatible storage bucket that you use for snapshots. You also need to configure the S3-compatible storage bucket to avoid using features that Ops Manager does not support.
When configuring the S3-compatible storage bucket:
Do not create subfolders in the S3-compatible storage buckets that you use with Ops Manager. Ops Manager only supports using entire S3-compatible storage buckets.
Disable S3-compatible storage bucket versioning. Versioning is not supported in Ops Manager for the S3-compatible storage buckets used for snapshots.
Do not create S3-compatible storage lifecycle rules. Lifecycle rules that expire or transition current versions of Ops Manager snapshot objects to archives results in incomplete snapshots that you can't use to restore the configuration.
Can't Move the S3-Compatible Oplog Store
After you create an S3-compatible oplog store, you can't move it. Instead, you can create a new S3-compatible oplog store in a separate S3-compatible storage bucket within the same AWS region. The S3-compatible storage snapshot bucket must be different than the oplog S3-compatible storage bucket.
Supports the Storage API
MongoDB supports endpoints that are compatible with AWS S3 APIs from any vendor. Ops Manager attempts to validate these endpoints when you save the S3-compatible oplog store setup. If validation passes, Ops Manager saves the configuration. If validation fails, Ops Manager displays an error and doesn't save the configuration.
Prerequisites
Metadata Storage Prerequisites
Deploy the dedicated MongoDB instance(s) to serve the S3-compatible oplog store metadata and Oplog Store. Serve these instances on the same hosts as the Ops Manager host, the backing databases, or snapshot stores. Attach one or more storage volumes with enough capacity to store the databases these instances manage.
Secure the instance that stores your S3-compatible oplog store metadata database using authentication and TLS. S3-compatible oplog store metadata databases support all authentication mechanisms.
AWS S3 Storage Prerequisites
Make sure you have an IAM user on AWS.
Create your own AWS access keys for your IAM user. This allows you to create S3-compatible storage buckets and store oplog files in them. MongoDB does not create or issue AWS access keys.
Create your own S3 bucket to store your S3-compatible oplog stores.
Note
The IAM user for which you created the AWS access keys must own the S3-compatible storage bucket.
IBM Cloud Object Storage Prerequisites
Create an Access Key and Secret Key using IBM credential tools.
Create your own S3-compatible storage bucket.
Dell EMC Elastic Cloud Storage Prerequisites
Create an Access Key and Secret Key from your ECS User ID.
Create your own S3-compatible storage bucket.
Other S3-Compatible Storage
Other S3-compatible storage endpoints can be used. Ops Manager attempts to validate these endpoints when you save the configuration. If validation passes, the configuration, Ops Manager saves it. If validation fails, Ops Manager displays an error and doesn't save the configuration.
Procedures
The format of the Username and Password depend upon the authentication mechanism. Select one of the following tabs:
Add One S3-Compatible Oplog Store
Navigate to the Oplog Storage page.
Click the Admin link.
Click the Backup tab.
(Optional) If you have not previously set the head directory, set it in the Head Directory box.
Click the Oplog Storage page.
Provide the S3 Oplog Store Details.
Field | Necessity | Contents | ||||||
---|---|---|---|---|---|---|---|---|
Name | Required | Enter the label for the S3-compatible oplog store. | ||||||
S3 Bucket Name | Required | Enter the name of the S3-compatible storage bucket where you want to host the
the S3-compatible oplog store. | ||||||
Region Override | Conditional | Type the region where your S3-compatible storage bucket resides. Use this field only if your S3-compatible storage store's S3 Endpoint doesn't support region scoping. Don't provide a value for this field with S3-compatible storage buckets. | ||||||
S3 Endpoint | Required | Enter the URL for this S3-compatible storage bucket. | ||||||
S3 Max Connections | Required | Enter a positive integer indicating the maximum number of
connections to this S3-compatible storage bucket. | ||||||
Path Style Access | Optional | Select if you want your S3-compatible storage bucket
to use a path-style URL endpoint
( To review the S3-compatible storage bucket URL conventions, see the AWS S3 documentation | ||||||
Server Side Encryption | Optional | Select to enable server-side encryption.
Clear to disable server-side encryption. | ||||||
S3 Authorization Mode | Required | Select the method used to authorize access to the S3-compatible storage bucket specified in S3 Bucket Name.
| ||||||
Keys with Custom CA Bundle | Conditional | Click Choose file to add a custom Certificate Authority chain. This chain can validate against a self-signed certificate on the S3-compatible storage bucket. Ops Manager displays this field when you set S3 Authorization Mode to Keys. | ||||||
AWS Access Key | Conditional | Enter your AWS Access Key ID. Ops Manager displays this field when you set S3 Authorization Mode to Keys. | ||||||
AWS Secret Key | Conditional | Enter your AWS Secret Access Key. Ops Manager displays this field when you set S3 Authorization Mode to Keys. | ||||||
Datastore Type | Required | Select Standalone, Replica Set or
Sharded Cluster. This MongoDB database stores
the metadata for the blockstore. | ||||||
MongoDB Host List | Conditional | Enter a comma-separated list of mongod instances (for a
Replica Set) or mongos instances (for a Sharded Cluster) in
the Example
Ops Manager displays this field when you set Datastore Type to Replica Set or Sharded Cluster. ImportantOps Manager uses this metadata store as a sync store. Make sure to provision this store with sufficient storage space. | ||||||
MongoDB Hostname | Conditional | Enter the hostname of the S3-compatible oplog store metadata database. Ops Manager displays this field when you set Datastore Type to Standalone. ImportantOps Manager uses this metadata store as a sync store. Make sure to provision this store with sufficient storage space. | ||||||
MongoDB Port | Conditional | Enter the port number of the S3-compatible oplog store metadata database. Ops Manager displays this field when you set Datastore Type to Standalone. | ||||||
Username | Optional | If you set this value: | ||||||
Password | Optional | If you set this value: WarningIf you did not use the credentialstool to encrypt this password, it is stored as plaintext in the database. | ||||||
Connection Options | Optional | Enter additional configuration file options for the MongoDB instance. This field supports unescaped values only. TLS options do not work here.
Configure TLS in the For proper syntax, see Connection String URI Format in the MongoDB manual. | ||||||
Encrypted Credentials | Optional | Select if the credentials for the database were encrypted
using the
credentialstool.
The credentials include the Username, Password, AWS Access
Key ID and AWS Secret Key. | ||||||
Use TLS/SSL | Optional | Select if the S3-compatible oplog store metadata database only accepts connection encrypted using TLS. Beyond this checkbox, to connect this S3-compatible oplog store using TLS, you must enable TLS on the S3 oplog store database. | ||||||
New Assignment Enabled | Optional | Select if you want to enable this S3-compatible oplog store after creating it.
This is selected by default so the S3-compatible oplog store can be
assigned backup jobs. If you clear this checkbox, the S3-compatible oplog store
is created but you cannot assign backups to this S3-compatible oplog store. |
Edit One Existing S3-Compatible Oplog Store
Ops Manager lists oplog stores in a table on the Oplog Storage page. Each row contains the settings for each local and S3-compatible oplog store.
Navigate to the Oplog Storage page.
Click the Admin link.
Click the Backup tab.
(Optional) If you have not previously set the head directory, set it in the Head Directory box.
Click the Oplog Storage page.
Update any editable values that need to be changed.
In the MongoDB Connection column, update any editable values that need to be changed in the following fields:
Field | Necessity | Editable | Contents | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
S3 Bucket Name | Required | no | Enter the name of the S3-compatible storage bucket where you want to host the
the S3-compatible oplog store. | ||||||||||||||||||
Region Override | Conditional | yes | Type the region where your S3-compatible storage bucket resides. Use this field only if your S3-compatible storage store's S3 Endpoint doesn't support region scoping. Don't provide a value for this field with AWS S3 buckets. | ||||||||||||||||||
S3 Endpoint | Required | yes | Enter the URL for this S3-compatible storage bucket. | ||||||||||||||||||
S3 Max Connections | Required | yes | Enter a positive integer indicating the maximum number of
connections to this S3-compatible storage bucket. | ||||||||||||||||||
Path Style Access | Optional | yes | Click if you want your S3-compatible storage bucket
to use a path-style URL endpoint
( To review the S3-compatible storage bucket URL conventions, see the AWS S3 documentation | ||||||||||||||||||
Server Side Encryption | Optional | yes | Click to enable server-side encryption.
Clear to disable server-side encryption. | ||||||||||||||||||
S3 Authorization Mode | Required | yes | Select the method used to authorize access to the S3-compatible storage bucket specified in S3 Bucket Name.
| ||||||||||||||||||
Keys with Custom CA Bundle | Conditional | yes | Click Choose file to add a custom Certificate Authority chain. This chain can validate against a self-signed certificate on the S3-compatible storage bucket. Ops Manager displays this field when you set S3 Authorization Mode to Keys. | ||||||||||||||||||
AWS Access Key | Conditional | yes | Enter your AWS Access Key ID. Ops Manager displays this field when you set S3 Authorization Mode to Keys. | ||||||||||||||||||
AWS Secret Key | Conditional | yes | Enter your AWS Secret Access Key. Ops Manager displays this field when you set S3 Authorization Mode to Keys. NoteOps Manager doesn't display the existing Secret Access Key. | ||||||||||||||||||
<hostname>:<port> | Required | yes | Enter in one or more hosts that comprise the S3-compatible storage Snapshot
Store metadata database in the ImportantS3 Oplog Hosting Concerns
| ||||||||||||||||||
MongoDB Auth Username | Optional | yes | If you set this value: | ||||||||||||||||||
MongoDB Auth Password | Optional | yes | If you set this value: WarningIf you did not use the credentialstool to encrypt this password, it is stored as plaintext in the database. NoteOps Manager doesn't display the existing MongoDB Auth Password. | ||||||||||||||||||
Encrypted Credentials | Optional | yes | Select if the credentials for the database were encrypted
using the
credentialstool.
The credentials include the Username, Password, AWS Access
Key ID and AWS Secret Key. | ||||||||||||||||||
Use TLS/SSL | Optional | yes | Select if the S3-compatible oplog store database only accepts connection encrypted using TLS. Beyond this checkbox, to connect this S3-compatible oplog store using TLS, you must enable TLS on the S3 oplog store database. | ||||||||||||||||||
Connection Options | Optional | yes | Enter any additional configuration file options for the MongoDB instance. This field supports unescaped values only. To review the proper syntax, see Connection String URI Format in the MongoDB manual. | ||||||||||||||||||
Assignment Labels | Optional | yes | Enter a comma-separated list of labels to assign the
S3-compatible oplog stores to specific projects. | ||||||||||||||||||
Write Concern | Required | yes | Select your preferred Write Concern:
|
Optional: Set the S3 Oplog Store to Accept Backup Jobs.
To enable this S3-compatible oplog store, select Assignment Enabled.
This is selected by default so the S3-compatible oplog store can be assigned backup jobs. If you clear this checkbox, Ops Manager creates the S3-compatible oplog store but you cannot assign backups to it.
Optional: Restart Ops Manager Instances If Needed.
If you change any connection string values or the Write Concern, restart all the Ops Manager instances including those running Backup Daemons.
Warning
Modifying the connection string values or the Write Concern for an existing S3-compatible oplog store requires you to restart all Ops Manager components, including those only running the Backup Daemon to apply those changes. Connection parameters include:
<hostname>:<port>
MongoDB Auth Username
MongoDB Auth Password
Encrypted Credentials
Use TLS/SSL
Connection Options
Write Concern
If you change to another S3-compatible oplog store host, Ops Manager doesn't copy the data on the existing S3-compatible oplog store to the other S3-compatible oplog store.
Tip
See also:
To learn more about the MongoDB connection string URI, see Connection String URI Format in the MongoDB Manual.
Delete One S3-Compatible Oplog Store
Navigate to the Oplog Storage page.
Click the Admin link.
Click the Backup tab.
(Optional) If you have not previously set the head directory, set it in the Head Directory box.
Click the Oplog Storage page.