The MongoDB agent requires database user credentials with certain minimum privileges in order to be able to fully monitor the server and cluster. All user authorizations must be for the ‘admin’ database. The roles needed for the user will vary depending on the MongoDB version. Note that when monitoring a sharded cluster, a database user will need to be created separately on each component replica set, i.e. on the config server replica set as well as on each shard. The code examples for creating a database user assume the default authentication method. For non-default authentication methods (such as x.509 and LDAP, for which the user is created on the ‘$external’ database) these examples may need to be modified.
For MongoDB 3.0 and later the following roles on the admin database are required:
'clusterMonitor', 'readAnyDatabase'
User creation example for MongoDB 3.0 and later:
db.getSiblingDB('admin').createUser({
user: 'foglightAgent',
pwd: '',
roles: ['clusterMonitor', 'readAnyDatabase']
})
For versions prior to MongoDB 3.0 the following roles are required:
'clusterAdmin', 'dbAdminAnyDatabase', 'readAnyDatabase'
User creation example prior to MongoDB 3.0:
db.getSiblingDB('admin').addUser({
user: 'foglightAgent',
pwd: '',
roles: ['clusterAdmin', 'dbAdminAnyDatabase', 'readAnyDatabase']
})
db.getSiblingDB('admin').createRole({
role: 'viewAllUsersAndRoles',
privileges: [{ resource: { db: '', collection: '' },
actions: ['viewUser', 'viewRole'] }],
roles: []
})
db.getSiblingDB('admin').grantRolesToUser('foglightAgent',['viewAllUsersAndRoles'])
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center