Navigation

Configure Queryable Backups for Ops Manager Resources

On this page

You can configure queryable backups for Ops Manager resources that you deploy in the Kubernetes Operator.

Note

In the Ops Manager documentation, queryable backups are also referred to as queryable snapshots, or queryable restores.

Queryable backups allow you to run queries on specific backup snapsnots from your Ops Manager resources. Querying Ops Manager backups helps you compare data from different snapshots and identify the best snapshot to use for restoring data.

In the following procedure you:

  • Create the queryable.pem file that holds the certificatesfor accessing the backup snapshots that you intend to query.
  • Create the Secret containing the queryable.pem file.
  • Configure a persistent volume that is attached to the Ops Manager Kubernetes Pod in the Kubernetes Operator.
  • Specify the mount point for the Secret in the persistent volume’s configuration.
  • Save the Ops Manager custom resource configuration and apply it.

Once the Kubernetes Operator deploys the updated configuration for the Ops Manager custom resource, Ops Manager can read the Secret from the specified location in the queryable.pem parameter in Ops Manager. You can now access the backup snapshots and run queries on them.

Prerequisites

Before you configure queryable backups, complete the following:

Procedure

1

Configure kubectl to default to your namespace.

If you have not already, run the following command to execute all kubectl commands in the namespace you created:

kubectl config set-context $(kubectl config current-context) --namespace=<namespace>
2

Create the PEM file for backups.

Create the queryable.pem file that you will use for accessing and querying backups based on your deployment’s TLS requirements. The PEM file contains a public key certificate and its associated private key that are needed to access and run queries on Ops Manager backup snapshots.

To learn more about the PEM file’s requirements, see Authorization and Authentication Requirements.

3

Create a Secret containing the PEM file.

Run the following command to create a Secret with the queryable.pem file that you created in the previous step:

kubectl create secret generic queryable-pem --from-file=./queryable.pem
4

Mount the Secret as a volume that Ops Manager custom objects will use.

The Kubernetes Operator must be able to access the queryable.pem file in the mount point for the persistent volume in the Pod’s container for Ops Manager.

To mount the Secret, use one of these methods:

  • Configure volumes using volumeClaimTemplates and specify the location for the queryable.pem file:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    apiVersion: mongodb.com/v1
    kind: MongoDBOpsManager
    metadata:
      name: ops-manager
    spec:
      replicas: 1
      version: 5.0.0
      adminCredentials: ops-manager-admin-secret
      configuration:
        mms.fromEmailAddr: "admin@thecompany.com"
        brs.queryable.pem: "/certs/queryable.pem"
    
      statefulSet:
        spec:
         # the Persistent Volume Claim is created for each Ops Manager Pod
         volumeClaimTemplates:
           - metadata:
               name: queryable-volume
             spec:
               accessModes: [ "ReadWriteOnce" ]
               storageClassName: <your_storage_class_name>
               resources:
                 requests:
                    storage: 1G
         template:
           spec:
             containers:
               - name: mongodb-ops-manager
               volumeMounts:
                    - name: queryable-volume
                    - mountPath: /certs
             volumes:
               - name: queryable-pem
               secret:
                secretName: queryable-pem
    
      applicationDatabase:
         members: 3
         version: 4.2.6-ent
    
  • Configure volumes without using volumeClaimTemplates and specify the location for the queryable.pem file:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    apiVersion: mongodb.com/v1
     kind: MongoDBOpsManager
     metadata:
       name: ops-manager
    spec:
       replicas: 1
       version: 5.0.0
       adminCredentials: ops-manager-admin-secret
       configuration:
         brs.queryable.pem: "/certs/queryable.pem"
         mms.fromEmailAddr: "admin@thecompany.com"
       statefulSet:
         template:
           spec:
             containers:
               - name: mongodb-ops-manager
               volumeMounts:
                - name: queryable-volume
                - mountPath: /certs/
    
             volumes:
               - name: queryable-pem
               secret:
                 secretName: queryable-pem
    
    applicationDatabase:
      members: 3
      version: 4.2.6-ent
    
5

Save your Ops Manager config file.

6

Apply changes to your Ops Manager deployment.

Invoke the following kubectl command on the filename of the Ops Manager resource definition:

kubectl apply -f <opsmgr-resource>.yaml

When you apply the changes to your Ops Manager resource definition, Kubernetes updates the Ops Manager StatefulSet, creates the volumes, and mounts the Secrets.

7

Track the status of the mounted volumes and Secrets.

  1. Obtain the list of persistent volume claims:

    kubectl get pvc
    
  2. Obtain the Secrets:

    kubectl get secrets
    
  3. Check the status of your Ops Manager resources:

    kubectl get om <resource-name> -o yaml -w
    

    The -w flag means “watch”. With the “watch” flag set, the output refreshes immediately when the configuration changes until the status phase achieves the Running state.

    To learn more about the resource deployment statuses, see Troubleshoot the Kubernetes Operator.

After you configure queryable backups, you can query them to select the best backup snapshot to use for restoring data.