View
230
Download
0
Category
Preview:
Citation preview
Ops Manager Advanced Administration
Cory MintzMichael Benoit
LDAP and User Roles
LDAP and User Roles
Why Use LDAP Integration?
● Users/groups already centrally managedo Active Directoryo OpenLDAP
● Complex password policies● Prevent new users from signing up
LDAP and User Roles
Mapping Ops Manager to LDAP
● Login Attribute○ uid○ username○ email address
● Group(s) attribute
LDAP and User Roles
Sample LDAP Configurationmms.ldap.url=ldap://127.0.0.1:389
mms.ldap.bindDn=CN=_search_
mms.ldap.bindPassword=password
mms.ldap.user.baseDn=OU=Users,O=MongoDB
mms.ldap.user.searchAttribute=emailAddress
mms.ldap.user.group=groups
LDAP and User Roles
Sample Global Roles Configurationmms.ldap.global.role.owner (required)
mms.ldap.global.role.automationAdmin
mms.ldap.global.role.backupAdmin
mms.ldap.global.role.monitoringAdmin
mms.ldap.global.role.userAdmin
mms.ldap.global.role.readOnly
LDAP and User Roles
Adding Users and Groups
New users can not register
LDAP and User Roles
Adding Users and Groups
Users in baseDN, but not belonging to any groups cannot sign in
LDAP and User Roles
Adding Users and Groups
Global User Admins can create new groups
Alerts
Alerts
Global and System Alerts
ALERTS
SYSTEM ALERTS
Backing DatabaseBackup Daemons
GLOBAL ALERTS
GROUP ALERTS
Agents Users Hosts Backups Clusters
Alerts
Global and System Alerts UI
Alerts
Global and System Alerts UI
Alerts
Webhook Notifications● Integrate with your internal systems● POST alert events and state changes● Same JSON format as Public API’s Alert resource
Alerts
Setup a Webhook
Alerts
Notify a Webhook
Alerts
Anatomy of a Webhook RequestPOST /path/to/your/handler HTTP/1.1Content-Type: application/jsonX-MMS-Event: alert.openX-MMS-Signature: cbd76abcdf4627dfabcd…...
{ "id": "589bdcfd71735c5d00c9471", "groupId": "3718c7387c8457287cbdfa83", "typeName": "AGENT", "eventTypeName": "MONITORING_AGENT_DOWN", "status": "OPEN", "created": "2015-06-01T12:34:56Z", ...}
Alerts
Webhook Handling Examplesignature = hmac_digest(request.body, 'Bosco!')if signature != request.header('X-MMS-Signature'): exit('Could not validate webhook request')
alert = request.entityevent = request.header('X-MMS-Event')
if event == 'alert.open': if alert.eventTypeName == 'MONITORING_AGENT_DOWN': restart_monitoring_agent()
else if event == 'alert.close': if alert.eventTypeName == 'MONITORING_AGENT_DOWN': self.pat_on_back()
Alerts
Enabling Twilio for SMStwilio.account.sid=xxxxxxxxxxxxxxxxxxx
twilio.auth.token=yyyyyyyyyyyyyyyyyyy
twilio.from.num=1234567890
Alerts
Verifying Twilio
● Send a test SMS message
● Now, you can see additional SMS notification options
Multi-Datacenter Backup
Multi-Datacenter Backup
What does Multi-Datacenter mean?● Geographically distributed corporate owned DCs● Corporate owned DCs combined with cloud hosted (AWS,
Rackspace, etc.)● Single DC with several virtual networks
Multi-Datacenter Backup
Setup 1: One Instance
All Ops Manager components in a single DCPros● Fewest Ops Manager Components● Easier to get started● Easier to maintain
Cons● Bandwidth costs between DCs● Restores need to go over network● All groups on a single set of hardware
Multi-Datacenter Backup
Setup 1: Diagram
Multi-Datacenter Backup
Setup 2: Multiple InstancesPros● Each instance still simple to setup● Less bandwidth use● Restores local
Cons● Multiple systems to manage● Duplicated configuration● More upgrades
Multi-Datacenter Backup
Setup 2: Diagram
Multi-Datacenter Backup
Setup 3: One Instance w/ Group Pinning● The best of both world● Single Ops Manager instance● Backup “stack” in each DC● Pin each Ops Manager group to a “stack”
Multi-Datacenter Backup
Setup 3: Diagram
Multi-Datacenter Backup
Setup 3: UI
Multi-Datacenter Backup
Setup 3: UI
Public API
Public API
Overview
● RESTful interface to Ops Manager features● Must be enabled for each group● Users have API keys● HTTP Digest Authentication● JSON throughout (pretty printing optional)● Access to certain endpoints is restricted to an IP whitelist
Public API
Step 1. Enable
Public API
Step 2. Keys and Whitelist
Public API
Step 3. Code!// Script to pull a backup of the last snapshot using the Ops Manager Public APIgroupId = 'cbdf73827d0c0a9d9c4d6623'
// Get a list of clusters
clusters = api_get('${groupId}/clusters')
// Find the cluster entity for the replica set named myReplSet
myReplSet = clusters.find_first( c -> c.replicaSetName == 'myReplSet' )
// Get all snapshots for the cluster
snapshots = api_get('${groupId}/clusters/${myReplSet.id}/snapshots')
// The last one is the most recent
lastSnapshot = snapshots[snapshots.length - 1]
Public API
Step 3. Code!// Create a restore job for the last snapshot
// NOTE: a replica set only creates one restore job
restoreJobs = api_post(
'${groupId}/clusters/${myReplSet.id}/restoreJobs',
{ 'snapshotId': lastSnapshot.id } )
restoreJob = restoreJobs[0]
// Poll every 30 seconds until the restore job status is FINISHED
do {
sleep(30)
restoreJob = api_get(
'${groupId}/clusters/${myReplSet.id}/restoreJobs/${restoreJob.id}'
} while (restoreJob.statusName != 'FINISHED')
Public API
Step 3. Code!// Restore ready, so download the .tar.gz file
http_get(restoreJob.delivery.url, 'myReplSet.tar.gz')
// Get the hash and verify the integrity of the downloaded file
restoreJob = api_get(
'${groupId}/clusters/${myReplSet.id}/restoreJobs/${restoreJob.id}')
serverHash = restoreJob.hashes[0].hash
myHash = sha1_hash('myReplSet.tar.gz')
assert(serverHash == myHash)
// Restore succeeded!
// Now uncompress it, shutdown mongod, copy data files, and restart
Thank You!
Recommended