MongoDB Configuration

This guide provides information related to installation and configuration of MongoDB with Itential Automation Platform (IAP) in your environment. Itential currently supports the use of MongoDB 4.2.x on all released IAP versions. If you are using an earlier version it is recommended that you upgrade.

Note: The Itential Automation Platform (IAP) is compatible with several third-party software products for network operating environments. Beginning with the system requirements for 2019.1.2, all third-party software version compatibility is documented in Release Notes. To get the most up-to-date requirements for any third-party software, including open source, first identify which IAP release you’re using and then refer to the respective release note.

Upgrading MongoDB

See the official MongoDB install documentation for Ubuntu and CentOS.

To upgrade MongoDB, run the following command in the the mongo shell.

db.adminCommand(
     { setFeatureCompatibilityVersion: "4.2" }
)

Installing MongoDB

Use the following recommendations for installing MongoDB in your production environment. These recommendations are relevant where MongoDB is running in a virtual machine; however, many of these configurations can also apply to bare metal installs.

Packages to Install on RHEL

• numactl
• tuned
• tuned-utils
• xfsprogs (if the recommended XFS file system is being used)

Storage and File System Recommendations

• Use XFS file system.

• Sample storage layout to enable backup and recovery mechanisms.

  • Dedicate 10% of the volume to enable file system level snapshots.
  • Dedicate 90% of the volume for the data directory.
  • If using a 500 GB volume.
    • 50 GB for snapshots.
    • 450 GB for data.

• Disable access time writes by adding the noatime and nodiratime flags to the fstab.

  • For example: /dev/mapper/rhel-data /data xfs noatime,nodiratime 0 0

Note: You may need to verify the network settings in your mongod.conf file. This file is set to 127.0.0.1 but may need to be changed to 0.0.0.0. For more information on adapting the config settings for this file, refer to the MongoDB documentation.

Important Kernel Parameters to Tune

TCP keepalive time should be reduced on both the MongoDB server and MongoDB clients.

net.ipv4.tcp_keepalive_time = 300

Zone Reclaim Mode should be disabled.

vm.zone_reclaim_mode = 0

Increase the throughput settings.

net.core.somaxconn = 65535

Soft User Limits

Configure soft user limits for the MongoDB database user. There is a relationship between the number of processes allowed and the number of files allowed by the MongoDB user.

Number of files should be twice the number of processes.

User Limits

nproc = 32000
nofile = 64000

Disable Transparent Huge Pages

This is a multi-step process.

1. Refer to the THP MongoDB tutorial.

2. Install the disable-transparent-hugepages startup script into the init.d directory.

3. Create a custom tuned profile to ensure tuned does not re-enable transparent huge pages.

   etc/tuned/no-thp:
   [main]
   include=virtual-guest
   [vm]
   transparent_hugepages=never

4. Configure tuned to use the custom profile.

   tuned-adm profile no-thp

5. For best performance results, use the wiredTiger storage engine and enable journaling.

   #Where and how to store data.
   storage:
   dbPath: {{ mongo_data_dir }}
   
   #repairPath: {{ mongo_data_dir }}
   journal:
   enabled: true
   engine: "wiredTiger"

Configure Security and Replication

See the following for more information on security and replication configuration:

• Configure MongoDB Database Security
• Configure MongoDB Replication

Configuring IAP with MongoDB Replica Sets

Follow these steps to Configure a Mongo Replica Set.

When MongoDB is configured as a replica set, the properties file should be configured with the host details of each of the MongoDB members. This is done by appending each host into the url property, including the name of the replica set, which in the example below is rs0.

• In the example below, the replica set consists of three members that are configured on servers 10.0.0.1, 10.0.0.2 and 10.0.0.3, all on port 27017.
• There is no need to specify the 'Primary' and 'Secondary' members. This is something each MongoDB member will decide via an 'election'.
• Refer to the MongoDB documentation for more information on Replica Sets and members elections.

Example properties.json Configuration with Replica Set

{
"mongoProps": {
    "credentials": {
      "dbAuth": true,
      "user": "itentialUser",
      "passwd": "itentialPassword"
    },
    "ssl": {
      "enabled": true,
      "sslValidate": true,
      "sslCA": "./keys/mongodb_ca.cert",
      "acceptInvalidCerts": false,
      "checkServerIdentity": true
    },
    "db": "iap",
    "url": "mongodb://10.0.0.1:27017,10.0.0.2:27017,10.0.0.3:27017?replicaSet=rs0"
    },
    "adapterProps": {
    "adapters": [
      {
        "id": "mongo",
        "properties": {
          "credentials": {
            "dbAuth": true,
            "passwd": "itentialPassword",
            "user": "itentialUser"
          },
          "ssl": {
            "enabled": true,
            "sslValidate": true,
            "sslCA": "./keys/mongodb_ca.cert",
            "acceptInvalidCerts": false,
            "checkServerIdentity": true
          },
          "db": "iap",
          "url": "mongodb://10.0.0.1:27017,10.0.0.2:27017,10.0.0.3:27017?replicaSet=rs0"
        },
        "type": "MongoDriver",
        "brokers": [
          "persistence"
        ],
        "groups": []
      }
    ]
  }