MongoDB in the properties.json
  • Dark
    Light
  • PDF

MongoDB in the properties.json

  • Dark
    Light
  • PDF

The MongoDB properties must be configured to connect to a single MongoDB server or a MongoDB replica set. Be sure to align your authentication and encryption settings with the configurations of the MongoDB you are connecting to.

Note: Itential currently supports the use of MongoDB 4.2.x on all released IAP versions. If you are using an earlier version it is recommended that you upgrade.

Property Name Type Default Description
db String pronghorn The name of the database to connect to.
url String mongodb://localhost:27017 The MongoDB URL to use when connecting to the database.
credentials.dbAuth Boolean false A boolean flag indicating whether user authentication is enabled.
credentials.dbAuthSource String The user provided db property value. Specify the database name associated with the user’s credentials. Corresponds to authSource in MongoDB connection options.
credentials.user String The username to use for connections when authentication is enabled.
credentials.passwd String The password to use for connections when authentication is enabled.
ssl.enabled Boolean false A boolean flag indicating whether SSL is enabled.
ssl.sslValidate Boolean false A boolean flag indicating whether the MongoDB server's certificate will be validated.
ssl.sslCA String Path to the certificate authority PEM (privacy enhanced mail) file that signed the MongoDB certificates.
ssl.acceptInvalidCerts Boolean A boolean flag indicating whether to validate the MongoDB certificate against the certificate authority PEM file.
ssl.checkServerIdentity Boolean A boolean flag indicating whether to validate the name of the server configured in the URL against the common name of the certificate the server presents.
replSet.enabled Boolean false A boolean flag indicating whether we are connecting to a replica set. When connecting to a replica set, the names of the servers and the replica set name must be configured as part of the URL.


Minimal MongoDB Configuration

"mongoProps": {
  "db": "pronghorn",
  "url": "mongodb://localhost:27017"
}


Sample Production Configuration

"mongoProps": {
  "db": "pronghorn",
  "url": "mongodb://mongo01:27017,mongo02:27017,mongo03:27017?rs=rs1",
  "credentials": {
    "dbAuth": true,
    "user": "pronghorn",
    "passwd": "$ENC93f88824437dfe5784c7570f99d7251f878a2284aed6449259"
  },
  "ssl": {
    "enabled": true,
    "sslValidate": true,
    "sslCA": "/etc/ssl/keys/mongo_ca_chain.cert",
    "acceptInvalidCerts": false,
    "checkServerIdentity": true
  },
  "replSet": {
    "enabled": true
  }
}

Profiler in a Service Config

To help troubleshoot performance issues resulting in high CPU usage, Itential Automation Platform (IAP) has a built-in profiler based on:

Profiling can be enabled in IAP, along with select applications and adapters in IAP release version 2020.1 and later.

Note: This feature should not impose any security limitations; however, Itential strongly recommends this feature is not enabled for production deployment due to possible performance impacts.

Prerequisites

  • Must have write permission to the working directory to create profiling logs.

How to enable profiling in IAP

To set profiling in IAP:

  1. When running IAP in a Docker environment, use the following to set profiling in the /docker/startContainer.

    set `PHCORE_PROFILING=true`
    
  2. When running IAP directly in shell, use the --prof CLI option.

    sudo -u pronghorn node --prof server.js
    

How to enable profiling for adapters/applications

To enable profiling for adapters and applications running on a development server:

  1. Go to Admin Essentials.
  2. Expand the Applications or Adapters collections menu (left sidebar)and select the appropriate adapter/application.
  3. From the Configuration tab, switch the toggle (upper-right) to turn-on the Advanced View and display the Service Config editor.
  4. Profiling of select applications/adapters can be enabled (and disabled) by directly editing its configuration (see example below).
  5. Once the profiling feature is enabled/disabled, click save and restart the application/adapter for the change to take effect.

Example: Profiling Enabled for NSO Manager

Pictured below is an example of profiling enabled for the NSO Manager application.

01_profilingEnabled

How to process profiler logs

The profiler will gather (log) all data in a file that can be found in the working directory as isolate-*-v8.log.

Example: Profiling Logs

02_outputLogs

To process the profiler logs into a user-friendly pretty-format, simply use the Node.js --prof-process CLI option.

node --prof-process isolate-0x5589eb9afae0-v8.log > isolate-0x5589eb9afae0-v8-PRETTY.log

Profiling info can then be inspected by opening the log file in your preferred editor/viewer.

Remove Profiler Logs

Once you've analyzed all profile data, remember to remove the profiling log files to save disk space.