OPTIONS

mongodump

Synopsis

mongodump is a utility for creating a binary export of the contents of a database. Consider using this utility as part an effective backup strategy. Use mongodump in conjunction with mongorestore to restore databases.

mongodump can read data from either mongod or mongos instances, in addition to reading directly from MongoDB data files without an active mongod.

Behavior

mongodump does not dump the content of the local database.

The data format used by mongodump from version 2.2 or later is incompatible with earlier versions of mongod. Do not use recent versions of mongodump to back up older data stores.

When running mongodump against a mongos instance where the sharded cluster consists of replica sets, the read preference of the operation will prefer reads from secondary members of the set.

Changed in version 2.2: When used in combination with fsync or db.fsyncLock(), mongod may block some reads, including those from mongodump, when queued write operation waits behind the fsync lock.

Required Access

Backup Collections

To backup all the databases in a cluster via mongodump, you should have the backup role. The backup role provides all the needed privileges for backing up all database. The role confers no additional access, in keeping with the policy of least privilege.

To backup a given database, you must have read access on the database. Several roles provide this access, including the backup role.

To backup the system.profile collection in a database, you must have read access on certain system collections in the database. Several roles provide this access, including the clusterAdmin and dbAdmin roles.

Backup Users

Changed in version 2.6.

To backup users and user-defined roles for a given database, you must have access to the admin database. MongoDB stores the user data and role definitions for all databases in the admin database.

Specifically, to backup a given database’s users, you must have the find action on the admin database’s admin.system.users collection. The backup and userAdminAnyDatabase roles both provide this privilege.

To backup the user-defined roles on a database, you must have the find action on the admin database’s admin.system.roles collection. Both the backup and userAdminAnyDatabase roles provide this privilege.

Options

mongodump
mongodump
--help, -h

Returns information on the options and use of mongodump.

--verbose, -v

Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the -v form by including the option multiple times, (e.g. -vvvvv.)

--quiet

Runs the mongodump in a quiet mode that attempts to limit the amount of output. This option suppresses:

  • output from database commands
  • replication activity
  • connection accepted events
  • connection closed events
--version

Returns the mongodump release number.

--host <hostname><:port>, -h

Default: localhost:27017

Specifies a resolvable hostname for the mongod to which to connect. By default, the mongodump attempts to connect to a MongoDB instance running on the localhost on port number 27017.

To connect to a replica set, specify the replica set seed name and the seed list of set members. Use the following format:

<replica_set_name>/<hostname1><:port>,<hostname2:<port>,...

You can always connect directly to a single MongoDB instance by specifying the host and port number directly.

--port <port>

Default: 27017

Specifies the TCP port on which the MongoDB instance listens for client connections.

--ipv6

Enables IPv6 support and allows the mongodump to connect to the MongoDB instance using an IPv6 network. All MongoDB programs and processes disable IPv6 support by default.

--ssl

New in version 2.6.

Enables connection to a mongod or mongos that has SSL support enabled.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Connect to MongoDB with SSL.

--sslCAFile <filename>

New in version 2.6.

Specifies the .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using relative or absolute paths.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Connect to MongoDB with SSL.

--sslPEMKeyFile <filename>

New in version 2.6.

Specifies the .pem file that contains both the SSL certificate and key. Specify the file name of the .pem file using relative or absolute paths.

This option is required when using the --ssl option to connect to a mongod or mongos that has CAFile enabled without weakCertificateValidation.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Connect to MongoDB with SSL.

--sslPEMKeyPassword <value>

New in version 2.6.

Specifies the password to de-crypt the certificate-key file (i.e. --sslPEMKeyFile). Use the --sslPEMKeyPassword option only if the certificate-key file is encrypted. In all cases, the mongodump will redact the password from all logging and reporting output.

If the private key in the PEM file is encrypted and you do not specify the --sslPEMKeyPassword option, the mongodump will prompt for a passphrase. See SSL Certificate Passphrase.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Connect to MongoDB with SSL.

--sslCRLFile <filename>

New in version 2.6.

Specifies the .pem file that contains the Certificate Revocation List. Specify the file name of the .pem file using relative or absolute paths.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Connect to MongoDB with SSL.

--sslAllowInvalidCertificates

New in version 2.6.

Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the allowInvalidCertificates setting, MongoDB logs as a warning the use of the invalid certificate.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Connect to MongoDB with SSL.

--sslFIPSMode

New in version 2.6.

Directs the mongodump to use the FIPS mode of the installed OpenSSL library. Your system must have a FIPS compliant OpenSSL library to use the --sslFIPSMode option.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Connect to MongoDB with SSL.

--username <username>, -u

Specifies a username with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --password and --authenticationDatabase options.

--password <password>, -p

Specifies a password with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --username and --authenticationDatabase options.

--authenticationDatabase <dbname>

New in version 2.4.

Specifies the database that holds the user’s credentials. If you do not specify an authentication database, the mongodump assumes that the database specified as the argument to the --db option holds the user’s credentials.

--authenticationMechanism <name>

Default: MONGODB-CR

New in version 2.4.

Changed in version 2.6: Added support for the PLAIN and MONGODB-X509 authentication mechanisms.

Specifies the authentication mechanism the mongodump instance uses to authenticate to the mongod or mongos.

Value Description
MONGODB-CR MongoDB challenge/response authentication.
MONGODB-X509 MongoDB SSL certificate authentication.
PLAIN External authentication using LDAP. You can also use PLAIN for authenticating in-database users. PLAIN transmits passwords in plain text. This mechanism is available only in MongoDB Enterprise.
GSSAPI External authentication using Kerberos. This mechanism is available only in MongoDB Enterprise.
--dbpath <path>

Specifies the directory of the MongoDB data files. The --dbpath option lets the mongodump attach directly to the local data files without going through a running mongod. When run with --dbpath, the mongodump locks access to the data files. No mongod can access the files while the mongodump process runs.

--directoryperdb

When used in conjunction with the corresponding option in mongod, allows the mongodump to access data from MongoDB instances that use an on-disk format where every database has a distinct directory. This option is only relevant when specifying the --dbpath option.

--journal

Enables the durability journal to ensure data files remain valid and recoverable. This option applies only when you specify the --dbpath option. The mongodump enables journaling by default on 64-bit builds of versions after 2.0.

--db <database>, -d

Specifies a database to backup. If you do not specify a database, mongodump copies all databases in this instance into the dump files.

--collection <collection>, -c

Specifies a collection to backup. If you do not specify a collection, this option copies all collections in the specified database or instance to the dump files.

--out <path>, -o

Specifies the directory where mongodump saves the output of the database dump. By default, mongodump saves output files in a directory named dump in the current working directory.

To send the database dump to standard output, specify “-” instead of a path. Write to standard output if you want process the output before saving it, such as to use gzip to compress the dump. When writing standard output, mongodump does not write the metadata that writes in a <dbname>.metadata.json file when writing to files directly.

--query <json>, -q

Provides a JSON document as a query that optionally limits the documents included in the output of mongodump.

--oplog

Ensures that mongodump creates a dump of the database that includes a partial oplog containing operations from the duration of the mongodump operation. This oplog produces an effective point-in-time snapshot of the state of a mongod instance. To restore to a specific point-in-time backup, use the output created with this option in conjunction with mongorestore --oplogReplay.

Without --oplog, if there are write operations during the dump operation, the dump will not reflect a single moment in time. Changes made to the database during the update process can affect the output of the backup.

--oplog has no effect when running mongodump against a mongos instance to dump the entire contents of a sharded cluster. However, you can use --oplog to dump individual shards.

--oplog only works against nodes that maintain an oplog. This includes all members of a replica set, as well as master nodes in master/slave replication deployments.

--oplog does not dump the oplog collection.

--repair

Runs a repair option in addition to dumping the database. The repair option attempts to repair a database that may be in an invalid state as a result of an improper shutdown or mongod crash.

The --repair option uses aggressive data-recovery algorithms that may produce a large amount of duplication.

--forceTableScan

Forces mongodump to scan the data store directly: typically, mongodump saves entries as they appear in the index of the _id field. Use --forceTableScan to skip the index and scan the data directly. Typically there are two cases where this behavior is preferable to the default:

  1. If you have key sizes over 800 bytes that would not be present in the _id index.
  2. Your database uses a custom _id field.

When you run with --forceTableScan, mongodump does not use $snapshot. As a result, the dump produced by mongodump can reflect the state of the database at many different points in time.

Important

Use --forceTableScan with extreme caution and consideration.

--dumpDbUsersAndRoles

Includes user and role definitions when performing mongodump on a specific database. This option applies only when you specify a database in the --db option. MongoDB always includes user and role definitions when mongodump applies to an entire instance and not just a specific database.

Use

See the Back Up and Restore with MongoDB Tools for a larger overview of mongodump usage. Also see the mongorestore document for an overview of the mongorestore, which provides the related inverse functionality.

The following command creates a dump file that contains only the collection named collection in the database named test. In this case the database is running on the local interface on port 27017:

mongodump --collection collection --db test

In the next example, mongodump creates a backup of the database instance stored in the /srv/mongodb directory on the local machine. This requires that no mongod instance is using the /srv/mongodb directory.

mongodump --dbpath /srv/mongodb

In the final example, mongodump creates a database dump located at /opt/backup/mongodump-2011-10-24, from a database running on port 37017 on the host mongodb1.example.net and authenticating using the username user and the password pass, as follows:

mongodump --host mongodb1.example.net --port 37017 --username user --password pass --out /opt/backup/mongodump-2011-10-24
←   mongos.exe mongorestore  →