MongoDB Configuration

This section provides information related to installation and configuration of MongoDB with Itential Automation Platform (IAP) in your environment.

Note: The Itential Automation Platform (IAP) is compatible with several third-party software products for network operating environments. Beginning with the system requirements for 2018.3.11, all third-party software version compatibility is documented in Release Notes. To get the most up-to-date requirements for any third-party software, including open source, first identify which IAP release you’re using and then refer to the respective release note.

Upgrading MongoDB

Consult the official MongoDb installation documentation for Ubuntu and CentOS.

To upgrade from MongoDB 3.2, run the following command in the the mongo shell.

db.adminCommand(
     { setFeatureCompatibilityVersion: "3.4" }
)

Installing MongoDB

Use the following recommendations for installing MongoDB in your production environment. These recommendations are relevant where MongoDB is running in a virtual machine; however, many of these configurations can also apply to bare metal installs.

Packages to Install on RHEL

• numactl
• tuned
• tuned-utils
• xfsprogs (if the recommended XFS filesystem is being used)

Storage and File System Recommendations

• Use XFS filesystem.

• Sample storage layout to enable backup and recovery mechanisms:

  • Dedicate 10% of the volume to enable filesystem level snapshots
  • Dedicate 90% of the volume for the data directory
  • If using a 500 GB volume:
    • 50 GB for snapshots
    • 450 GB for data

• Disable access time writes by adding the noatime and nodiratime flags to the fstab.

  • For example: /dev/mapper/rhel-data /data xfs noatime,nodiratime 0 0

Important Kernel Parameters to Tune

TCP keepalive time should be reduced on both the Mongo Server and Mongo Clients.

net.ipv4.tcp_keepalive_time = 300

Zone Reclaim Mode should be disabled.

vm.zone_reclaim_mode = 0

Increase the throughput settings.

net.core.somaxconn = 65535

Soft User Limits

Configure soft user limits for the Mongo database user. There is a relationship between the number of processes allowed and the number of files allowed by the Mongo user.

Number of files should be 2x the number of processes.

User Limits

nproc = 32000
nofile = 64000

Disable Transparent Huge Pages

This is a multi-step process.

1. Refer to the THP MongoDB tutorial.

2. Install the disable-transparent-hugepages startup script into the init.d directory.

3. Create a custom tuned profile to ensure tuned does not re-enable transparent huge pages.

   etc/tuned/no-thp:
   [main]
   include=virtual-guest
   [vm]
   transparent_hugepages=never

4. Configure tuned to use the custom profile.

   tuned-adm profile no-thp

5. For best performance results, use the wiredTiger storage engine and enable journaling.

   #Where and how to store data.
   storage:
   dbPath: {{ mongo_data_dir }}
   
   #repairPath: {{ mongo_data_dir }}
   journal:
   enabled: true
   engine: "wiredTiger"

Configure Security and Replication

For additional information on security and replication configuration:

• Configure Mongo Database Security
• Configure Mongo Replication

Configuring IAP with MongoDB Replica Sets

Follow these steps to Configure a Mongo Replica Set.

When MongoDB is configured as a Replica Set, the properties file should be configured with the host details of each of the Mongod members. This is done by appending each host into the url property, including the name of the Replica Set, which in the example below is rs0.

• In the example below, the Replica Set consists of three members that are configured on servers 10.0.0.1, 10.0.0.2 and 10.0.0.3, all on port 27017.
• There is no need to specify the 'Primary' and 'Secondary' members. This is something each MongoDB member will decide via an 'election'.
• Refer to the MongoDB documentation for more information on Replica Sets and members elections.

Example properties.json Configuration with Replica Set

{
"mongoProps": {
    "credentials": {
      "dbAuth": true,
      "user": "itentialUser",
      "passwd": "itentialPassword"
    },
    "ssl": {
      "enabled": true,
      "sslValidate": true,
      "sslCA": "./keys/mongodb_ca.cert",
      "acceptInvalidCerts": false,
      "checkServerIdentity": true
    },
    "db": "iap",
    "url": "mongodb://10.0.0.1:27017,10.0.0.2:27017,10.0.0.3:27017?replicaSet=rs0"
    },
    "adapterProps": {
    "adapters": [
      {
        "id": "mongo",
        "properties": {
          "credentials": {
            "dbAuth": true,
            "passwd": "itentialPassword",
            "user": "itentialUser"
          },
          "ssl": {
            "enabled": true,
            "sslValidate": true,
            "sslCA": "./keys/mongodb_ca.cert",
            "acceptInvalidCerts": false,
            "checkServerIdentity": true
          },
          "db": "iap",
          "url": "mongodb://10.0.0.1:27017,10.0.0.2:27017,10.0.0.3:27017?replicaSet=rs0"
        },
        "type": "MongoDriver",
        "brokers": [
          "persistence"
        ],
        "groups": []
      }
    ]
  }