Mongo Locks Test

MongoDB allows multiple clients to read and write the same data. In order to ensure consist ency, it uses locking to prevent multiple clients from modifying the same piece of data simultaneously.

MongoDB uses reader-writer locks that allow concurrent readers shared access to a resource, such as a database or collection, but in MMAPv1, give exclusive access to a single write operation.

In addition to a shared (S) locking mode for reads and an exclusive (X) locking mode for write operations, intent shared (IS) and intent exclusive (IX) modes indicate an intent to read or write a resource using a finer granularity lock. When locking at a certain granularity, all higher levels are locked using an intent lock.

For example, when locking a collection for writing (using mode X), both the corresponding database lock and the global lock must be locked in intent exclusive (IX) mode. A single database can simultaneously be locked in IS and IX mode, but an exclusive (X) lock cannot coexist with any other modes, and a shared (S) lock can only coexist with intent shared (IS) locks.

Locks are fair, with reads and writes being queued in order. However, to optimize throughput, when one request is granted, all other compatible requests will be granted at the same time, potentially releasing them before a conflicting request. For example, consider a case in which an X lock was just released, and in which the conflict queue contains the following items:

IS → IS → X → X → S → IS

In strict first-in, first-out (FIFO) ordering, only the first two IS modes would be granted. Instead MongoDB will actually grant all IS and S modes, and once they all drain, it will grant X, even if new IS or S requests have been queued in the meantime.

Sometimes, in an attempt to release locks for compatible requests, MongoDB may end up increasing the lock wait times for certain incompatible requests. Some other times, certain long-running operations can cause the length of the queue to increase along with the waiting time for locks. Long lock wait times can adversely impact application performance. This is why, administrators will have to keep an eye on the locking activity on a MongoDB server, determine whether/not requests are waiting too long for locks, and also identify the types of locks (S, X, IS, IX, etc.) these requests are waiting for. This will enable administrators to quickly diagnose why certain lock types are taking longer to be released, and resolve the bottleneck. The Mongo Locks test helps administrators achieve this.

This test auto-discovers the different lock types/lock modes that exist currently on the target server. For each lock type/mode, the test reports the rate at which locks of that type were acquired, the rate at which requests waited for locks of that type, and the average wait time for the locks. In the process, the test promptly alerts administrators to prolonged waiting time for locks and also pinpoints the exact lock types for which requests are waiting too long. With this information, administrators can easily troubleshoot long wait times.

Target of the test : A MongoDB server

Agent deploying the test : An internal/remote agent

Outputs of the test : One set of results for each lock type / lock mode.

Configurable parameters for the test
Parameter Description

Test period

How often should the test be executed.

Host

The host for which the test is to be configured.

Port

The port number at which the specified host listens.

Database Name

The test connects to a specific Mongo database to run API commands and pull metrics of interest. Specify the name of this database here. The default value of this parameter is admin.

Username and Password

The eG agent has to be configured with the credentials of a user who has the required privileges to monitor the target MongoDB instance, if the MongoDB instance is access control enabled. To know how to create such a user, refer to How to monitor access control enabled MongoDB database? . If the target MongoDB instance is not access control enabled, then, specify none against the Username and Password parameters.

Confirm Password

Confirm the password by retyping it here.

Authentication Mechanism

Typically, the MongoDB supports multiple authentication mechanisms that users can use to verify their identity. In environments where multiple authentication mechanisms are used, this test enables the users to select the authentication mechanism of their interest using this list box. By default, this is set to None. However, you can modify this settings as per the requirement.

SSL

By default, the SSL flag is set to No, indicating that the target MongoDB server is not SSL-enabled by default. To enable the test to connect to an SSL-enabled MongoDB server, set the SSL flag to Yes.

CA File

A certificate authority (CA) file contains root and intermediate certificates that are electronically signed to affirm that a public key belongs to the owner named in the certificate. If you are looking to monitor the certificates contained within a CA file, then provide the full path to this file in the CA File text box. For example, the location of this file may be: C:\cert\rootCA.pem. If you do not want to monitor the certificates in a CA file, set this parameter to none.

Certificate Key File

A Certificate Key File specifies the path on the server where your private key is stored. If you are looking to monitor the Certificate Key File, then provide the full path to this file in the Certificate Key File text box. For example, the location of this file may be: C:\cert\mongodb.pem. If you do not want to monitor the certificates in a CA file, set this parameter to none.

CA PEM File

A .pem file is a container that may just include the public certificate or the entire certificate chain (private key, public key and root certificates). If the connection requires server authentication and the server certificate is in the .pem format, then, the target instance presents the CA PEM File that contains the server certificate to its clients to establish the instance's identity. Therefore, you should specify the full path to the CA PEM file available in the target MongoDB server in the CA PEM File text box. For example, the location of this file may be: C:\app\openSSL\SSLcert\test-ca.pem.

Client PEM File

If the target instance requires a certificate key file that is in .pem format from the client to verify the client's identity, then, to establish a connection with the target server, the eG agent should access the client certificate. For this, specify the full path to the Client PEM file in the Client PEM File text box. For example, the location of this file may be: C:\app\openSSL\SSLcert\test-client.pem.

CA Cert File

This parameter is applicable only if the target MongoDB server is SSL-enabled and CA PEM File parameter is set to none.The certificate file is a public-key certificate following the x.509 standard. It contains information about the identity of the server, such as its name, geolocation, and public key. Essentially, it’s a certificate that the server serves to the connecting users to prove that they are what they claim to be. Therefore, specify the full path to the server root certificate or certificate file that is signed by the CA in .crt file format for the server in the CA Cert File text box. For example, the location of this file may be: C:\app\eGurkha\JRE\lib\security\mongodb-test-ca.crt. By default, this parameter is set to none.

Client Cert File

This parameter is applicable only if the target MongoDB server is SSL-enabled and Client PEM File parameter is set to none.In order to collect metrics from the target MongoDB, the eG agent requires client certificate in .p12 format. Hence, specify the full path to the Client certificate file in .p12 format in the Client Cert File text box. For example, the location of this file may be: C:\app\eGurkha\JRE\lib\security\test-client.p12 . To know how to generate .p12 file from Client PEM file, refer to How to import a Certificate that is in the PEM Format? By default, this parameter is set to none.

Client Cert Password

Provide the password for .p12 Client certificate file in the Client Cert Password text box.

AWS Key ID, AWS Secret Key,Confirm Password

If you are monitoring MongoDB server hosted on the AWS cloud, the eG agent has to be configured with the AWS AccessKey ID and Secret Key to connect with the AWS cloud and collect the required metrics. Therefore, Specify the AWS Key ID and AWS Secret Key and confirm the password by re-typing it in the Confirm Password text box. To obtain the AWS Access key and secret key, refer toObtaining AWS Access Key and Obtaining AWS Secret Key.

Atlas URI

MongoDB Atlas is a NoSQL Database-as-a-Service offering in the public cloud. If the target MongoDB server is deployed and managed in MongoDB Atlas, then the eG agent has to be configured with the MongoDB Atlas connection URI,a unique identifier for connecting to a MongoDB server, in the Atlas URI text box to access the target MongoDB server hosted on Atlas and collect the required metrics.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Locks

Indicates the rate at which a lock of this type was acquired.

Locks/Sec

Lock waits

Indicates the rate at which requests were waiting to acquire a lock of this type.

Waits/Sec

A consistent increase in the value for this measure could indicate that locks are not being released in a timely manner.

Lock wait time

Indicates the time period for which requests were waiting to acquire a lock of this type, during the last measurement period.

Seconds

Avg lock wait time

Indicates the average time for which requests were waiting to acquire a lock of this type.

Seconds

A high average lock wait time may mean sessions are having to wait for a long time to acquire locks on objects.

A high value may indicate one of the following:

  • Too many transactions happening
  • Locked resources not being released properly
  • Locks are being held by long-running operations