Navigation
This version of the documentation is archived and no longer supported.

mongorestore

Synopsis

The mongorestore program writes data from a binary database dump created by mongodump to a MongoDB instance. mongorestore can create a new database or add data to an existing database.

mongorestore can write data to either mongod or mongos instances, in addition to writing directly to MongoDB data files without an active mongod.

Behavior

If you restore to an existing database, mongorestore will only insert into the existing database, and does not perform updates of any kind. If existing documents have the same value _id field in the target database and collection, mongorestore will not overwrite those documents.

Remember the following properties of mongorestore behavior:

  • mongorestore recreates indexes recorded by mongodump.

  • all operations are inserts, not updates.

  • mongorestore does not wait for a response from a mongod to ensure that the MongoDB process has received or recorded the operation.

    The mongod will record any errors to its log that occur during a restore operation, but mongorestore will not receive errors.

The data format used by mongodump from version 2.2 or later is incompatible with earlier versions of mongod. Do not use recent versions of mongodump to back up older data stores.

Required Access

Restore Collection Data

On systems running with authorization, a user must have access that includes the readWrite role for each database being restored.

The readWriteAnyDatabase role and the restore role each provide access to restore any database. If running mongorestore with --oplogReplay, however, neither role is sufficient. Instead, create a user-defined role that has anyAction on anyResource and grant only to users who must run mongorestore with --oplogReplay.

Restore Users and User Data

Changed in version 2.6.

To restore users and user-defined roles on a given database, you must have access to the admin database. MongoDB stores the user data and role definitions for all databases in the admin database.

Specifically, to restore users to a given database, you must have the insert action on the admin database’s admin.system.users collection. The restore role provides this privilege.

To restore user-defined roles to a database, you must have the insert action on the admin database’s admin.system.roles collection. The restore role provides this privilege.

Options

mongorestore
--help

Returns information on the options and use of mongorestore.

--verbose, -v

Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the -v form by including the option multiple times, (e.g. -vvvvv.)

--quiet

Runs the mongorestore in a quiet mode that attempts to limit the amount of output.

This option suppresses:

  • output from database commands
  • replication activity
  • connection accepted events
  • connection closed events
--version

Returns the mongorestore release number.

--host <hostname><:port>, -h <hostname><:port>

Default: localhost:27017

Specifies a resolvable hostname for the mongod to which to connect. By default, the mongorestore attempts to connect to a MongoDB instance running on the localhost on port number 27017.

To connect to a replica set, specify the replica set name and a seed list of set members. Use the following form:

<replSetName>/<hostname1><:port>,<hostname2><:port>,<...>

You can always connect directly to a single MongoDB instance by specifying the host and port number directly.

--port <port>

Default: 27017

Specifies the TCP port on which the MongoDB instance listens for client connections.

--ipv6

Enables IPv6 support and allows the mongorestore to connect to the MongoDB instance using an IPv6 network. All MongoDB programs and processes disable IPv6 support by default.

--ssl

New in version 2.6.

Enables connection to a mongod or mongos that has TLS/SSL support enabled.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslCAFile <filename>

New in version 2.6.

Specifies the .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using relative or absolute paths.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

Warning

If the mongo shell or any other tool that connects to mongos or mongod is run without --sslCAFile, it will not attempt to validate server certificates. This results in vulnerability to expired mongod and mongos certificates as well as to foreign processes posing as valid mongod or mongos instances. Ensure that you always specify the CA file against which server certificates should be validated in cases where intrusion is a possibility.

--sslPEMKeyFile <filename>

New in version 2.6.

Specifies the .pem file that contains both the TLS/SSL certificate and key. Specify the file name of the .pem file using relative or absolute paths.

This option is required when using the --ssl option to connect to a mongod or mongos that has CAFile enabled without weakCertificateValidation.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslPEMKeyPassword <value>

New in version 2.6.

Specifies the password to de-crypt the certificate-key file (i.e. --sslPEMKeyFile). Use the --sslPEMKeyPassword option only if the certificate-key file is encrypted. In all cases, the mongorestore will redact the password from all logging and reporting output.

If the private key in the PEM file is encrypted and you do not specify the --sslPEMKeyPassword option, the mongorestore will prompt for a passphrase. See SSL Certificate Passphrase.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslCRLFile <filename>

New in version 2.6.

Specifies the .pem file that contains the Certificate Revocation List. Specify the file name of the .pem file using relative or absolute paths.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslAllowInvalidCertificates

New in version 2.6.

Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the allowInvalidCertificates setting, MongoDB logs as a warning the use of the invalid certificate.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--sslFIPSMode

New in version 2.6.

Directs the mongorestore to use the FIPS mode of the installed OpenSSL library. Your system must have a FIPS compliant OpenSSL library to use the --sslFIPSMode option.

The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.

--username <username>, -u <username>

Specifies a username with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --password and --authenticationDatabase options.

--password <password>, -p <password>

Specifies a password with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --username and --authenticationDatabase options.

If you do not specify an argument for --password, mongorestore will prompt interactively for a password on the console.

--authenticationDatabase <dbname>

New in version 2.4.

Specifies the database that holds the user’s credentials.

--authenticationMechanism <name>

Default: MONGODB-CR

New in version 2.4.

Changed in version 2.6: Added support for the PLAIN and MONGODB-X509 authentication mechanisms.

Specifies the authentication mechanism the mongorestore instance uses to authenticate to the mongod or mongos.

Value Description
MONGODB-CR MongoDB challenge/response authentication.
MONGODB-X509 MongoDB TLS/SSL certificate authentication.
PLAIN External authentication using LDAP. You can also use PLAIN for authenticating in-database users. PLAIN transmits passwords in plain text. This mechanism is available only in MongoDB Enterprise.
GSSAPI External authentication using Kerberos. This mechanism is available only in MongoDB Enterprise.
--gssapiServiceName

New in version 2.6.

Specify the name of the service using GSSAPI/Kerberos. Only required if the service does not use the default name of mongodb.

This option is available only in MongoDB Enterprise.

--gssapiHostName

New in version 2.6.

Specify the hostname of a service using GSSAPI/Kerberos. Only required if the hostname of a machine does not match the hostname resolved by DNS.

This option is available only in MongoDB Enterprise.

--dbpath <path>

Specifies the directory of the MongoDB data files. The --dbpath option lets the mongorestore attach directly to the local data files without going through a running mongod. When run with --dbpath, the mongorestore locks access to the data files. No mongod can access the files while the mongorestore process runs.

--directoryperdb

When used in conjunction with the corresponding option in mongod, allows the mongorestore to access data from MongoDB instances that use an on-disk format where every database has a distinct directory. This option is only relevant when specifying the --dbpath option.

--journal

Enables the durability journal to ensure data files remain valid and recoverable. This option applies only when you specify the . The mongorestore enables journaling by default on 64-bit builds of versions after 2.0.

--db <database>, -d <database>

Specifies a database for mongorestore to restore data into. If the database does not exist, mongorestore creates the database. If you do not specify a <db>, mongorestore creates new databases that correspond to the databases where data originated and data may be overwritten. Use this option to restore data into a MongoDB instance that already has data.

--db does not control which BSON files mongorestore restores. You must use the mongorestore path option to limit that restored data.

--collection <collection>, -c <collection>

Specifies a single collection for mongorestore to restore. If you do not specify --collection, mongorestore takes the collection name from the input filename. If the input file has an extension, MongoDB omits the extension of the file from the collection name.

--objcheck

Forces mongorestore to validate all requests from clients upon receipt to ensure that clients never insert invalid documents into the database. For objects with a high degree of sub-document nesting, --objcheck can have a small impact on performance. You can set --noobjcheck to disable object checking at run-time.

Changed in version 2.4: MongoDB enables --objcheck by default, to prevent any client from inserting malformed or invalid BSON into a MongoDB database.

--noobjcheck

New in version 2.4.

Disables the default document validation that MongoDB performs on all incoming BSON documents.

--filter <JSON>

Limits the documents that mongorestore imports to only those documents that match the JSON document specified as '<JSON>'. Be sure to include the document in single quotes to avoid interaction with your system’s shell environment. For an example of --filter, see Restore a Subset of data from a Binary Database Dump.

--drop

Before restoring the collections from the dumped backup, drops the collections from the target database. --drop does not drop collections that are not in the backup.

When the restore includes the admin database, mongorestore with --drop removes all user credentials and replaces them with the users defined in the dump file. Therefore, in systems with authorization enabled, mongorestore must be able to authenticate to an existing user and to a user defined in the dump file. If mongorestore can’t authenticate to a user defined in the dump file, the restoration process will fail, leaving an empty database.

--oplogReplay

After restoring the database dump, replays the oplog entries from the oplog.bson file located in the top level of the dump directory. When used in conjunction with mongodump --oplog, ~bin.mongorestore --oplogReplay restores the database to the point-in-time backup captured with the mongodump --oplog command. For an example of --oplogReplay, see Restore Point in Time Oplog Backup.

~bin.mongorestore --oplogReplay replays any valid oplog.bson file found in the top level of the dump directory. That is, if you have a bson file that contains valid oplog entries, you can name the file oplog.bson and move it to the top level of the dump directory for ~bin.mongorestore --oplogReplay to replay.

When restoring with mongorestore --oplogReplay, you must restore the full output of the mongodump --oplog process. You cannot restore from a subfolder of a dump.

--oplogLimit <timestamp>

New in version 2.2.

Prevents mongorestore from applying oplog entries with timestamp newer than or equal to <timestamp>. Specify <timestamp> values in the form of <time_t>:<ordinal>, where <time_t> is the seconds since the UNIX epoch, and <ordinal> represents a counter of operations in the oplog that occurred in the specified second.

You must use --oplogLimit in conjunction with the --oplogReplay option.

--keepIndexVersion

Prevents mongorestore from upgrading the index to the latest version during the restoration process.

--noIndexRestore

New in version 2.2.

Prevents mongorestore from restoring and building indexes as specified in the corresponding mongodump output.

--noOptionsRestore

New in version 2.2.

Prevents mongorestore from setting the collection options, such as those specified by the collMod database command, on restored collections.

--restoreDbUsersAndRoles

Restore user and role definitions for the given database. See system.roles Collection and system.users Collection for more information.

--w <number of replicas per write>

New in version 2.2.

Specifies the write concern for each write operation that mongorestore writes to the target database. By default, mongorestore does not wait for a response for write acknowledgment.

<path>

The final argument of the mongorestore command is a directory path. This argument specifies the location of the database dump from which to restore.

If you are running mongorestore with --oplogReplay, you must restore the whole database dump: you cannot specify a subdirectory from which to restore.

Use

See Back Up and Restore with MongoDB Tools for a larger overview of mongorestore usage. Also see the mongodump document for an overview of the mongodump, which provides the related inverse functionality.

Consider the following example:

mongorestore --collection people --db accounts dump/accounts/people.bson

Here, mongorestore reads the database dump in the dump/ sub-directory of the current directory, and restores only the documents in the collection named people from the database named accounts. mongorestore restores data to the instance running on the localhost interface on port 27017.

In the next example, mongorestore restores a backup of the database instance located in dump to a database instance stored in the /srv/mongodb on the local machine. This requires that there are no active mongod instances attached to /srv/mongodb data directory.

mongorestore --dbpath /srv/mongodb

In the final example, mongorestore restores a database dump located at /opt/backup/mongodump-2011-10-24, to a database running on port 37017 on the host mongodb1.example.net. The mongorestore command authenticates to the MongoDB instance using the username user and the password pass, as follows:

mongorestore --host mongodb1.example.net --port 37017 --username user --password pass /opt/backup/mongodump-2011-10-24
←   mongodump bsondump  →