MongoDB

This guide provides information for the installation and configuration of MongoDB with Itential Automation Platform (IAP). The latest compatibility version for MongoDB is documented on the Itential Dependencies page.

Upgrading MongoDB

See the official MongoDB install documentation for Red Hat.

To upgrade MongoDB, run the following command in the the mongo shell.

db.adminCommand(
     { setFeatureCompatibilityVersion: "5.0" }
)

Installing MongoDB

Use the following recommendations for installing MongoDB in your production environment. These recommendations are relevant where MongoDB is running in a virtual machine; however, many of these configurations can also apply to bare metal installs.

Packages to Install on RHEL

• numactl
• tuned
• tuned-utils
• xfsprogs (if the recommended XFS file system is being used)

Storage and File System Recommendations

• Use XFS file system.

• Sample storage layout to enable backup and recovery mechanisms.

  • Dedicate 10% of the volume to enable file system level snapshots.
  • Dedicate 90% of the volume for the data directory.
  • If using a 500 GB volume.
    • 50 GB for snapshots.
    • 450 GB for data.

• Disable access time writes by adding the noatime and nodiratime flags to the fstab.

  • For example: /dev/mapper/rhel-data /data xfs noatime,nodiratime 0 0

Note: You may need to verify the network settings in your mongod.conf file. This file is set to 127.0.0.1 but may need to be changed to 0.0.0.0. For more information on adapting the config settings for this file, refer to the MongoDB documentation.

Read Concerns/Write Conncerns

To configure the default values for readConcern and writeConcern operations in MongoDB, refer to MongoDB Read Concern/Write Concern in IAP.

Important Kernel Parameters to Tune

TCP keepalive time should be reduced on both the MongoDB server and MongoDB clients.

net.ipv4.tcp_keepalive_time = 300

Zone Reclaim Mode should be disabled.

vm.zone_reclaim_mode = 0

Increase the throughput settings.

net.core.somaxconn = 65535

Soft User Limits

Configure soft user limits for the MongoDB database user. There is a relationship between the number of processes allowed and the number of files allowed by the MongoDB user.

Number of files should be twice the number of processes.

User Limits

nproc = 32000
nofile = 64000

Disable Transparent Huge Pages

This is a multi-step process:

1. Refer to the THP MongoDB tutorial.

2. Install the disable-transparent-hugepages startup script into the init.d directory.

3. Create a custom tuned profile to ensure tuned does not re-enable transparent huge pages.

   etc/tuned/no-thp:
   [main]
   include=virtual-guest
   [vm]
   transparent_hugepages=never
   

4. Configure tuned to use the custom profile.

   tuned-adm profile no-thp
   

5. For best performance results, use the wiredTiger storage engine and enable journaling.

   #Where and how to store data.
   storage:
   dbPath: {{ mongo_data_dir }}
   
   #repairPath: {{ mongo_data_dir }}
   journal:
   enabled: true
   engine: "wiredTiger"
   

Configure Security and Replication

See the following for more information on security and replication configuration:

• Configure MongoDB Database Security
• Configure MongoDB Replication

Connection Pool Size

Connection pooling allows you to reuse connections rather than creating a new one every time IAP needs to establish a connection to the Mongo database. To configure the connection pool when connecting to MongoDB, use the maxPoolSize setting under mongoProps within the properties.json file.

This setting can affect performance. When the maximum number of connections is reached, no additional connections can be created (opened) in the connection pool. An incorrectly set value can also result in a performance bottleneck.

Sample Connection Pool Configuration

"mongoProps": {
  "db": "pronghorn",
  "url": "mongodb://localhost:27017",
  "maxPoolSize": 100
}

For more information on connection pooling, refer to:

• MongoDB Connection Pool
• Connection Pool Performance Tuning

Configuring IAP with MongoDB Replica Sets

Follow these steps to Configure a MongoDB Replica Set.

When MongoDB is configured as a replica set, the properties file should be configured with the host details of each of the MongoDB members. This is done by appending each host into the url property, including the name of the replica set, which in the example below is rs0.

• In the example below, the replica set consists of three members that are configured on servers 10.0.0.1, 10.0.0.2 and 10.0.0.3, all on port 27017.
• There is no need to specify the 'Primary' and 'Secondary' members. This is something each MongoDB member will decide via an 'election'.
• Refer to the MongoDB documentation for more information on Replica Sets and members elections.

Sample Configuration

Below is an example properties.json configuration with a MongoDB replica set.

{
"mongoProps": {
    "credentials": {
      "dbAuth": true,
      "user": "itentialUser",
      "passwd": "itentialPassword"
    },
    "ssl": {
      "enabled": true,
      "sslValidate": true,
      "sslCA": "./keys/mongodb_ca.cert",
      "acceptInvalidCerts": false,
      "checkServerIdentity": true
    },
    "db": "iap",
    "url": "mongodb://10.0.0.1:27017,10.0.0.2:27017,10.0.0.3:27017?replicaSet=rs0"
    }
  }