Skip to content
This repository was archived by the owner on Oct 23, 2024. It is now read-only.

Commit d416f35

Browse files
authored
update mongodb test to use auth account and update the docs (#2458)
Signed-off-by: Dani Louca <[email protected]>
1 parent a7c89aa commit d416f35

File tree

6 files changed

+40
-8
lines changed

6 files changed

+40
-8
lines changed

docs/monitors/collectd-mongodb.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,14 +36,19 @@ Documentation for MongoDB can be found [here](http://docs.mongodb.org/manual/).
3636

3737
If you're monitoring a secured MongoDB deployment, it is a good practice to create a MongoDB user with minimal read-only roles, as follows:
3838

39-
If the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats against system.roles
39+
If the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats and indexStats
40+
against system collections and any collection in the db you're monitoring.
41+
In the below role, we're adding the appropriate permissions for system collections under the admin db.
42+
For more details on how to add all your non-admin collections, check https://www.mongodb.com/docs/manual/reference/resource-document/
4043

4144
```
4245
use admin
4346
db.createRole(
4447
{
4548
role: "splunkMonitor",
46-
privileges: [ { resource: { db: "admin", collection: "system.roles" }, actions: [ "collStats" ] } ],
49+
privileges: [ { resource: { db: 'admin', collection: 'system.roles' }, actions: [ 'collStats', 'indexStats' ] },
50+
{ resource: { db: 'admin', collection: 'system.users' }, actions: [ 'collStats', 'indexStats' ] },
51+
{ resource: { db: 'admin', collection: 'system.version' }, actions: [ 'collStats', 'indexStats' ] } ],
4752
roles: [ { role: "read", db: "admin" } ]
4853
},
4954
{ w: "majority" , wtimeout: 5000 }

pkg/monitors/collectd/mongodb/metadata.yaml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,14 +29,19 @@ monitors:
2929
3030
If you're monitoring a secured MongoDB deployment, it is a good practice to create a MongoDB user with minimal read-only roles, as follows:
3131
32-
If the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats against system.roles
32+
If the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats and indexStats
33+
against system collections and any collection in the db you're monitoring.
34+
In the below role, we're adding the appropriate permissions for system collections under the admin db.
35+
For more details on how to add all your non-admin collections, check https://www.mongodb.com/docs/manual/reference/resource-document/
3336
3437
```
3538
use admin
3639
db.createRole(
3740
{
3841
role: "splunkMonitor",
39-
privileges: [ { resource: { db: "admin", collection: "system.roles" }, actions: [ "collStats" ] } ],
42+
privileges: [ { resource: { db: 'admin', collection: 'system.roles' }, actions: [ 'collStats', 'indexStats' ] },
43+
{ resource: { db: 'admin', collection: 'system.users' }, actions: [ 'collStats', 'indexStats' ] },
44+
{ resource: { db: 'admin', collection: 'system.version' }, actions: [ 'collStats', 'indexStats' ] } ],
4045
roles: [ { role: "read", db: "admin" } ]
4146
},
4247
{ w: "majority" , wtimeout: 5000 }

selfdescribe.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14927,7 +14927,7 @@
1492714927
"description": "Port number of the MongoDB instance"
1492814928
}
1492914929
},
14930-
"doc": "Monitors an instance of MongoDB using the [collectd MongoDB Python\nplugin](https://github.com/signalfx/collectd-mongodb). Requires MongoDB\n2.6 or later.\n\nThis monitor captures the following metrics about MongoDB generally:\n\n* memory\n* network input/output bytes count\n* heap usage\n* db connections\n* operations count\n* active client connections\n* queued operations\n\nThe plugin also captures the following DB-specific metrics:\n\n* db size\n* db counters\n\nDocumentation for MongoDB can be found [here](http://docs.mongodb.org/manual/).\n\n\u003c!--- SETUP ---\u003e\n### Creating a MongoDB user for collectd\n\nIf you're monitoring a secured MongoDB deployment, it is a good practice to create a MongoDB user with minimal read-only roles, as follows:\n\nIf the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats against system.roles \n\n```\nuse admin\ndb.createRole( \n {\n role: \"splunkMonitor\",\n privileges: [ { resource: { db: \"admin\", collection: \"system.roles\" }, actions: [ \"collStats\" ] } ],\n roles: [ { role: \"read\", db: \"admin\" } ]\n },\n { w: \"majority\" , wtimeout: 5000 }\n)\n```\n\n```\nuse admin\ndb.createUser( {\n user: \"collectd\",\n pwd: \"collectd\",\n roles: [ { role: \"readAnyDatabase\", db: \"admin\" }, { role: \"clusterMonitor\", db: \"admin\" }, {role: \"splunkMonitor\", db: \"admin\"} ]\n});\n```\n",
14930+
"doc": "Monitors an instance of MongoDB using the [collectd MongoDB Python\nplugin](https://github.com/signalfx/collectd-mongodb). Requires MongoDB\n2.6 or later.\n\nThis monitor captures the following metrics about MongoDB generally:\n\n* memory\n* network input/output bytes count\n* heap usage\n* db connections\n* operations count\n* active client connections\n* queued operations\n\nThe plugin also captures the following DB-specific metrics:\n\n* db size\n* db counters\n\nDocumentation for MongoDB can be found [here](http://docs.mongodb.org/manual/).\n\n\u003c!--- SETUP ---\u003e\n### Creating a MongoDB user for collectd\n\nIf you're monitoring a secured MongoDB deployment, it is a good practice to create a MongoDB user with minimal read-only roles, as follows:\n\nIf the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats and indexStats \nagainst system collections and any collection in the db you're monitoring.\nIn the below role, we're adding the appropriate permissions for system collections under the admin db.\nFor more details on how to add all your non-admin collections, check https://www.mongodb.com/docs/manual/reference/resource-document/\n\n```\nuse admin\ndb.createRole( \n {\n role: \"splunkMonitor\",\n privileges: [ { resource: { db: 'admin', collection: 'system.roles' }, actions: [ 'collStats', 'indexStats' ] },\n { resource: { db: 'admin', collection: 'system.users' }, actions: [ 'collStats', 'indexStats' ] },\n { resource: { db: 'admin', collection: 'system.version' }, actions: [ 'collStats', 'indexStats' ] } ],\n roles: [ { role: \"read\", db: \"admin\" } ]\n },\n { w: \"majority\" , wtimeout: 5000 }\n)\n```\n\n```\nuse admin\ndb.createUser( {\n user: \"collectd\",\n pwd: \"collectd\",\n roles: [ { role: \"readAnyDatabase\", db: \"admin\" }, { role: \"clusterMonitor\", db: \"admin\" }, {role: \"splunkMonitor\", db: \"admin\"} ]\n});\n```\n",
1493114931
"groups": {
1493214932
"": {
1493314933
"description": "",

test-services/mongodb/Dockerfile

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
FROM mongo:3.6
2+
ENV MONGO_INITDB_ROOT_USERNAME=root
3+
ENV MONGO_INITDB_ROOT_PASSWORD=passwd
4+
COPY userAuth.sh /docker-entrypoint-initdb.d/userAuth.sh

test-services/mongodb/userAuth.sh

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
#!/usr/bin/env bash
2+
echo "Creating mongo role ..."
3+
mongo admin --host localhost -u root -p passwd --eval "db.createRole( { role: 'splunkMonitor', \
4+
privileges: [ { resource: { db: 'admin', collection: 'system.roles' }, actions: [ 'collStats', 'indexStats' ] }, \
5+
{ resource: { db: 'admin', collection: 'system.users' }, actions: [ 'collStats', 'indexStats' ] }, \
6+
{ resource: { db: 'admin', collection: 'system.version' }, actions: [ 'collStats', 'indexStats' ] } ], \
7+
roles: [ { role: 'read', db: 'admin' } ] }, { w: 'majority' , wtimeout: 5000 });"
8+
echo "Creating mongo monitor user ..."
9+
mongo admin --host localhost -u root -p passwd --eval "db.createUser( { user: 'test123', pwd: 'test123', \
10+
roles: [ { role: 'readAnyDatabase', db: 'admin' }, \
11+
{ role: 'clusterMonitor', db: 'admin' }, \
12+
{role: 'splunkMonitor', db: 'admin'} ]});"
13+
echo "Mongo users created."
14+

tests/monitors/mongodb/mongodb_test.py

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
from tests.helpers.agent import Agent
77
from tests.helpers.assertions import tcp_socket_open
88
from tests.helpers.metadata import Metadata
9-
from tests.helpers.util import container_ip, run_container, wait_for
9+
from tests.helpers.util import container_ip, run_service, wait_for
1010
from tests.helpers.verify import verify
1111

1212
pytestmark = [pytest.mark.collectd, pytest.mark.mongodb, pytest.mark.monitor_with_endpoints]
@@ -30,14 +30,16 @@
3030

3131

3232
def test_mongo_basic():
33-
with run_container("mongo:3.6") as mongo_cont:
33+
with run_service("mongodb") as mongo_cont:
3434
host = container_ip(mongo_cont)
3535
config = dedent(
3636
f"""
3737
monitors:
3838
- type: collectd/mongodb
3939
host: {host}
4040
port: 27017
41+
username: test123
42+
password: test123
4143
databases: [admin]
4244
"""
4345
)
@@ -48,14 +50,16 @@ def test_mongo_basic():
4850

4951

5052
def test_mongo_enhanced_metrics():
51-
with run_container("mongo:3.6") as mongo_cont:
53+
with run_service("mongodb") as mongo_cont:
5254
host = container_ip(mongo_cont)
5355
config = dedent(
5456
f"""
5557
monitors:
5658
- type: collectd/mongodb
5759
host: {host}
5860
port: 27017
61+
username: test123
62+
password: test123
5963
databases: [admin]
6064
sendCollectionMetrics: true
6165
sendCollectionTopMetrics: true

0 commit comments

Comments
 (0)