[DOCS-9830] Add an Auditing section in Cloud Manager documentation Created: 27/Jan/17  Updated: 13/Feb/18  Resolved: 12/Feb/18

Status: Closed
Project: Documentation
Component/s: Cloud Manager, Ops Manager
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Steeve Pastorelli Assignee: Robert Justice (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Screen Shot 2018-02-01 at 5.05.03 PM.png     PNG File Screen Shot 2018-02-06 at 2.47.12 PM.png     PNG File Screen Shot 2018-02-06 at 4.29.59 PM.png     PNG File Screenshot_2018-02-01_18-17-14.png    
Issue Links:
Related
Participants:
Days since reply: 6 years, 1 day ago
Epic Link: DOCSP-1743
Story Points: 0.3

 Comments   
Comment by Robert Justice (Inactive) [ 13/Feb/18 ]

Kay merged!

Comment by Githook User [ 13/Feb/18 ]

Author:

{'email': 'robertjustice@Roberts-MacBook-Air-3.local', 'name': 'Robert Justice'}

Message: Added Configure and Deploy Auditing. (DOCS-9830)

Tweaks. (DOCS-9830)

Review by James Broadhead (DOCS-9830)
Branch: v3.6
https://github.com/10gen/mms-docs/commit/0f74ecd5e55cd491c3bb627ac02225e6f72df628

Comment by Githook User [ 13/Feb/18 ]

Author:

{'email': 'robertjustice@Roberts-MacBook-Air-3.local', 'name': 'Robert Justice'}

Message: Added Configure and Deploy Auditing. (DOCS-9830)

Tweaks. (DOCS-9830)

Review by James Broadhead (DOCS-9830)
Branch: v3.6
https://github.com/10gen/mms-docs/commit/0f74ecd5e55cd491c3bb627ac02225e6f72df628

Comment by Githook User [ 13/Feb/18 ]

Author:

{'email': 'robertjustice@Roberts-MacBook-Air-3.local', 'name': 'Robert Justice'}

Message: Added Configure and Deploy Auditing. (DOCS-9830)

Tweaks. (DOCS-9830)

Review by James Broadhead (DOCS-9830)
Branch: v3.6
https://github.com/10gen/mms-docs/commit/0f74ecd5e55cd491c3bb627ac02225e6f72df628

Comment by Githook User [ 13/Feb/18 ]

Author:

{'email': 'robertjustice@Roberts-MacBook-Air-3.local', 'name': 'Robert Justice'}

Message: Added Configure and Deploy Auditing. (DOCS-9830)

Tweaks. (DOCS-9830)

Review by James Broadhead (DOCS-9830)
Branch: master
https://github.com/10gen/mms-docs/commit/6ab3d87a8929e39336dbcc143cda7ee498e6b749

Comment by Githook User [ 13/Feb/18 ]

Author:

{'email': 'robertjustice@Roberts-MacBook-Air-3.local', 'name': 'Robert Justice'}

Message: Added Configure and Deploy Auditing. (DOCS-9830)

Tweaks. (DOCS-9830)

Review by James Broadhead (DOCS-9830)
Branch: master
https://github.com/10gen/mms-docs/commit/6ab3d87a8929e39336dbcc143cda7ee498e6b749

Comment by Githook User [ 13/Feb/18 ]

Author:

{'email': 'robertjustice@Roberts-MacBook-Air-3.local', 'name': 'Robert Justice'}

Message: Added Configure and Deploy Auditing. (DOCS-9830)

Tweaks. (DOCS-9830)

Review by James Broadhead (DOCS-9830)
Branch: master
https://github.com/10gen/mms-docs/commit/6ab3d87a8929e39336dbcc143cda7ee498e6b749

Comment by James Broadhead (Inactive) [ 07/Feb/18 ]

rob.justice you're correct - the audit settings are available for Community edition deployments, and when enabled and deployed, they result in that error.

If you follow "View Agent Logs" to "Show Trace", you'll get a window which contains these lines:

systemLog:
  destination: file
  path: /data/sadfads_3/mongodb.log
	- Output (stdout/stderr): 
Unrecognized option: auditLog.destination
try '/var/lib/mongodb-mms-automation/mongodb-linux-x86_64-3.6.2/bin/mongod --help' for more information

Comment by Robert Justice (Inactive) [ 06/Feb/18 ]

james.broadhead, I've attached a screenshot of what I think is the actual error shown when trying to configure auditing on a community build with OM. OM tries to deploy and fails, but the error makes no mention of the underlying cause.

Comment by Robert Justice (Inactive) [ 06/Feb/18 ]

james.broadhead, I'm really confused now. I don't see any relevant error, then, in your first screenshot; rather, the auditing properties are available by default on a Community build. How is this not support for auditing by default? Especially if the way to enable is merely to select audit properties.

Perhaps we are parsing the meaning of "enabled" vs. "currently running"? It appears that the feature is available without the admin doing anything.

Comment by James Broadhead (Inactive) [ 06/Feb/18 ]
  • is there a way to force OM to install a Community build when you first deploy?

By default, OM deploys a Community build on the first deploy.
The default Version Manager enables Community only, and the flow deploys the latest version available from the Version Manager.

  • I tried importing an existing deployment - community build - on an AWS EC2 instance, but OM always complains about the hostname. I tried adding an inbound security rule for http://ec2-52-201-253-70.compute-1.amazonaws.com/ on port 27017, but no luck. (See attached screenshot). Thought maybe I can work around the network problem if there is a way to force OM to deploy a community build to start with, but I don't see anything obvious.

This should work, if the networking rules are correct.

  • I see there is a yellow issue icon in your screenshot. I assume that the issue is the auditLog property that you tried to add to the mongod.

This is the startup warning which normally appears on MCI-spawned hosts

  • Separately, how does an admin enable auditing in OM? For a self-managed mongod, the docs say just add --auditDestination to the startup command. Is the OM equivalent adding the audit destination property? I see you tried to add auditLogPath in your screenshot.

The same mechanism - outside the initial deployment flow, using 'Advanced', or 'Edit'ing an existing deployment.
(See attached screenshot)

Comment by James Broadhead (Inactive) [ 01/Feb/18 ]

rob.justice MongoDB auditing is not enabled by default.
See attached screenshot, where I attempt to enable it on a community build.

Generated at Thu Feb 08 07:59:15 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.