MongoDB tip: Apply authentication option to a replica set, issue encountered and fix

-

Assuming we have a replicate set started as such, please refer to article 1 or article 2 to see how to configure a replica set if you haven't already done so and still have issues.


Output of ps -ef | grep mongod

root     20706     1  0 15:09 ?        00:00:01 mongod --port 31111 --replSet biDemo --dbpath /data/mongodb/demo1 --logpath /data/mongodb/demolog/1.log --fork 

root     20943     1  0 15:10 ?        00:00:01 mongod --port 31112 --replSet biDemo --dbpath /data/mongodb/demo2 --logpath /data/mongodb/demolog/2.log --fork

root     21101     1  0 15:11 ?        00:00:01 mongod --port 31113 --replSet biDemo --dbpath /data/mongodb/demo3 --logpath /data/mongodb/demolog/3.log --fork 

Log into primary and add user, you will need at least one admin user to start and administer mongod with authentication enabled

MongoDB Enterprise biDemo:PRIMARY> db.createUser({user:"admin", pwd:"gasdhahfhagrsdfasdfaf", roles:[{role:"root", db:"admin"}]})

Successfully added user: {

        "user" : "admin",

        "roles" : [

                {

                        "role" : "root",

                        "db" : "admin"

                }

        ]

}

The user information should populate to secondaries with mill seconds, to quickly check if all nodes are synced up, note our optime date are in sync.

MongoDB Enterprise biDemo:PRIMARY> rs.status()

{

        "set" : "biDemo",

        "date" : ISODate("2017-08-21T19:41:00.359Z"),

        "myState" : 1,

        "term" : NumberLong(5),

        "heartbeatIntervalMillis" : NumberLong(2000),

        "optimes" : {

                "lastCommittedOpTime" : {

                        "ts" : Timestamp(1503344455, 1),

                        "t" : NumberLong(5)

                },

                "appliedOpTime" : {

                        "ts" : Timestamp(1503344455, 1),

                        "t" : NumberLong(5)

                },

                "durableOpTime" : {

                        "ts" : Timestamp(1503344455, 1),

                        "t" : NumberLong(5)

                }

        },

        "members" : [

                {

                        "_id" : 0,

                        "name" : "10.155.228.75:31111",

                        "health" : 1,

                        "state" : 2,

                        "stateStr" : "SECONDARY",

                        "uptime" : 826,

                        "optime" : {

                                "ts" : Timestamp(1503344455, 1),

                                "t" : NumberLong(5)

                        },

                        "optimeDurable" : {

                                "ts" : Timestamp(1503344455, 1),

                                "t" : NumberLong(5)

                        },

                        "optimeDate" : ISODate("2017-08-21T19:40:55Z"),

                        "optimeDurableDate" : ISODate("2017-08-21T19:40:55Z"),

                        "lastHeartbeat" : ISODate("2017-08-21T19:40:58.487Z"),

                        "lastHeartbeatRecv" : ISODate("2017-08-21T19:40:59.723Z"),

                        "pingMs" : NumberLong(0),

                        "syncingTo" : "10.155.228.75:31113",

                        "configVersion" : 6

                },

                {

                        "_id" : 1,

                        "name" : "10.155.228.75:31112",

                        "health" : 1,

                        "state" : 1,

                        "stateStr" : "PRIMARY",

                        "uptime" : 827,

                        "optime" : {

                                "ts" : Timestamp(1503344455, 1),

                                "t" : NumberLong(5)

                        },

                        "optimeDate" : ISODate("2017-08-21T19:40:55Z"),

                        "electionTime" : Timestamp(1503343644, 1),

                        "electionDate" : ISODate("2017-08-21T19:27:24Z"),

                        "configVersion" : 6,

                        "self" : true

                },

                {

                        "_id" : 2,

                        "name" : "10.155.228.75:31113",

                        "health" : 1,

                        "state" : 2,

                        "stateStr" : "SECONDARY",

                        "uptime" : 816,

                        "optime" : {

                                "ts" : Timestamp(1503344455, 1),

                                "t" : NumberLong(5)

                        },

                        "optimeDurable" : {

                                "ts" : Timestamp(1503344455, 1),

                                "t" : NumberLong(5)

                        },

                        "optimeDate" : ISODate("2017-08-21T19:40:55Z"),

                        "optimeDurableDate" : ISODate("2017-08-21T19:40:55Z"),

                        "lastHeartbeat" : ISODate("2017-08-21T19:40:58.487Z"),

                        "lastHeartbeatRecv" : ISODate("2017-08-21T19:40:59.839Z"),

                        "pingMs" : NumberLong(0),

                        "syncingTo" : "10.155.228.75:31112",

                        "configVersion" : 6

                }

        ],

        "ok" : 1

}

Now let's create keyFile using openssl

[root@msdlva-dsnopm02 apps]# openssl rand -base64 258 > demoKey
Kill and restart the mongod process with --keyFile option

First verify the pid's of mongod, then simply pkill -f mongod

[root@msdlvd-dsnavl02 ~]# pgrep -lfa mongod



22948 mongod --port 31111 --replSet biDemo --dbpath /data/mongodb/demo1 --logpath /data/mongodb/demolog/1.log --fork --keyFile /data/mongodb/demo1/demoKey

23582 mongod --port 31112 --replSet biDemo --dbpath /data/mongodb/demo2 --logpath /data/mongodb/demolog/2.log --fork --keyFile /data/mongodb/demo2/demoKey

23660 mongod --port 31113 --replSet biDemo --dbpath /data/mongodb/demo3 --logpath /data/mongodb/demolog/3.log --fork --keyFile /data/mongodb/demo3/demoKey





[root@msdlvd-dsnavl02 ~]# pkill -f mongod

Let's start the mongod's

[root@msdlvd-dsnavl02 ~]# mongod --port 31111 --replSet biDemo --dbpath /data/mongodb/demo1 --logpath /data/mongodb/demolog/1.log --fork --keyFile /data/mongodb/demo1/demoKey

about to fork child process, waiting until server is ready for connections.

forked process: 22720

ERROR: child process failed, exited with error number 1

[root@msdlvd-dsnavl02 ~]# tail -f /data/mongodb/demolog/1.log

2017-08-21T15:21:50.752-0400 I ACCESS   [main] permissions on /data/mongodb/demo1/demoKey are too open

We have to limit the access right to the key file, and retry

[root@msdlvd-dsnavl02 ~]# chown -R mongod.mongod /data/mongodb/

[root@msdlvd-dsnavl02 ~]# chmod -R 700 /data/mongodb/

[root@msdlvd-dsnavl02 ~]# mongod --port 31111 --replSet biDemo --dbpath /data/mongodb/demo1 --logpath /data/mongodb/demolog/1.log --fork --keyFile /data/mongodb/demo1/demoKey

about to fork child process, waiting until server is ready for connections.

forked process: 22948

child process started successfully, parent exiting

We will start the other two nodes the same way

[root@msdlvd-dsnavl02 ~]# mongod --port 31112 --replSet biDemo --dbpath /data/mongodb/demo2 --logpath /data/mongodb/demolog/2.log --fork --keyFile /data/mongodb/demo2/demoKey

about to fork child process, waiting until server is ready for connections.

forked process: 23582

child process started successfully, parent exiting

[root@msdlvd-dsnavl02 ~]# mongod --port 31113 --replSet biDemo --dbpath /data/mongodb/demo3 --logpath /data/mongodb/demolog/3.log --fork --keyFile /data/mongodb/demo3/demoKey

about to fork child process, waiting until server is ready for connections.

forked process: 23660

child process started successfully, parent exiting

Now let's check it out our authenticated replica set, first we log in and run rs.status() without first authenticate ourselves, we get not authorized error.

Once that failed, we authenticate ourselves and we can now see the output of rs.status()

[root@msdlvd-dsnavl02 ~]# mongo --host biDemo/10.155.228.75:31111

MongoDB shell version v3.4.5

connecting to: mongodb://10.155.228.75:31111/?replicaSet=biDemo

2017-08-21T15:27:49.927-0400 I NETWORK  [thread1] Starting new replica set monitor for biDemo/10.155.228.75:31111

2017-08-21T15:27:49.928-0400 I NETWORK  [thread1] Successfully connected to 10.155.228.75:31111 (1 connections now open to 10.155.228.75:31111 with a 5 second timeout)

2017-08-21T15:27:49.928-0400 I NETWORK  [thread1] Successfully connected to 10.155.228.75:31112 (1 connections now open to 10.155.228.75:31112 with a 5 second timeout)

2017-08-21T15:27:49.929-0400 I NETWORK  [thread1] changing hosts to biDemo/10.155.228.75:31111,10.155.228.75:31112,10.155.228.75:31113 from biDemo/10.155.228.75:31111

2017-08-21T15:27:49.929-0400 I NETWORK  [ReplicaSetMonitor-TaskExecutor-0] Successfully connected to 10.155.228.75:31113 (1 connections now open to 10.155.228.75:31113 with a 5 second timeout)

MongoDB server version: 3.4.5

MongoDB Enterprise biDemo:PRIMARY> rs.status()

{

        "ok" : 0,

        "errmsg" : "not authorized on admin to execute command { replSetGetStatus: 1.0 }",

        "code" : 13,

        "codeName" : "Unauthorized"

}





MongoDB Enterprise biDemo:PRIMARY> use admin



switched to db admin



MongoDB Enterprise biDemo:PRIMARY> db.auth("admin","gasdhahfhagrsdfasdfaf")



1



MongoDB Enterprise biDemo:PRIMARY> rs.status()



{



        "set" : "biDemo",



        "date" : ISODate("2017-08-21T19:41:00.359Z"),



        "myState" : 1,



        "term" : NumberLong(5),



        "heartbeatIntervalMillis" : NumberLong(2000),



        "optimes" : {



                "lastCommittedOpTime" : {



                        "ts" : Timestamp(1503344455, 1),



                        "t" : NumberLong(5)



                },



                "appliedOpTime" : {



                        "ts" : Timestamp(1503344455, 1),



                        "t" : NumberLong(5)



                },



                "durableOpTime" : {



                        "ts" : Timestamp(1503344455, 1),



                        "t" : NumberLong(5)



                }



        },



        "members" : [



                {



                        "_id" : 0,



                        "name" : "10.155.228.75:31111",



                        "health" : 1,



                        "state" : 2,



                        "stateStr" : "SECONDARY",



                        "uptime" : 826,



                        "optime" : {



                                "ts" : Timestamp(1503344455, 1),



                                "t" : NumberLong(5)



                        },



                        "optimeDurable" : {



                                "ts" : Timestamp(1503344455, 1),



                                "t" : NumberLong(5)



                        },



                        "optimeDate" : ISODate("2017-08-21T19:40:55Z"),



                        "optimeDurableDate" : ISODate("2017-08-21T19:40:55Z"),



                        "lastHeartbeat" : ISODate("2017-08-21T19:40:58.487Z"),



                        "lastHeartbeatRecv" : ISODate("2017-08-21T19:40:59.723Z"),



                        "pingMs" : NumberLong(0),



                        "syncingTo" : "10.155.228.75:31113",



                        "configVersion" : 6



                },



                {



                        "_id" : 1,



                        "name" : "10.155.228.75:31112",



                        "health" : 1,



                        "state" : 1,



                        "stateStr" : "PRIMARY",



                        "uptime" : 827,



                        "optime" : {



                                "ts" : Timestamp(1503344455, 1),



                                "t" : NumberLong(5)



                        },



                        "optimeDate" : ISODate("2017-08-21T19:40:55Z"),



                        "electionTime" : Timestamp(1503343644, 1),



                        "electionDate" : ISODate("2017-08-21T19:27:24Z"),



                        "configVersion" : 6,



                        "self" : true



                },



                {



                        "_id" : 2,



                        "name" : "10.155.228.75:31113",



                        "health" : 1,



                        "state" : 2,



                        "stateStr" : "SECONDARY",



                        "uptime" : 816,



                        "optime" : {



                                "ts" : Timestamp(1503344455, 1),



                                "t" : NumberLong(5)



                        },



                        "optimeDurable" : {



                                "ts" : Timestamp(1503344455, 1),



                                "t" : NumberLong(5)



                        },



                        "optimeDate" : ISODate("2017-08-21T19:40:55Z"),



                        "optimeDurableDate" : ISODate("2017-08-21T19:40:55Z"),



                        "lastHeartbeat" : ISODate("2017-08-21T19:40:58.487Z"),



                        "lastHeartbeatRecv" : ISODate("2017-08-21T19:40:59.839Z"),



                        "pingMs" : NumberLong(0),



                        "syncingTo" : "10.155.228.75:31112",



                        "configVersion" : 6



                }



        ],



        "ok" : 1



}











































Comments

Post a Comment

Popular posts from this blog

MongoDB tip: 4 ways to modify replica set configuration

-
This is just a quick guide on how to modify your replica set settings in 4 different ways. This guide is assuming you have a functional replica set ready, it doesn't matter if it's a single node or multi-node replica set. In each of the four method, I am looking to modify the priority of the _id=0 node Method 1: Via Mongo Shell Login to your Mongo shell,  simply type in mongo , assuming default port is being used and authentication is not enabled [in Mongo shell] cfg = rs.conf() cfg.members[0].priority=99 rs.reconfig(cfg) # "ok":1 indicates the new configuration has been set  MongoDB Enterprise minvera:PRIMARY> rs.reconfig(cfg) {         "ok" : 1,         "operationTime" : Timestamp(1528464949, 1),         "$clusterTime" : {                 "clusterTime" : Timestamp(1528464949, 1),                 "signature" : {                         "hash" : BinData(0
Read more

MongoDB Quick Note: BI Connector Issue

-
This is just a quick note of what can stop mongosqld from working properly that I wasn't aware of. Background: My work runs everything mongodb inside of docker containers, so sometimes it's not as straight forward to see immediately of what's preventing your container from working properly What happened: I ran into issue that my container does not stay up after I updated my drdl to reflect new fields introduced to the underlying collection. How to debug: Go to the host server, copy out entrypoint.sh and add sleep 100000000 to before mongosqld is executed. This force the container to stay up for us to look into issue. Cause of the issue: When I updated the drdl, I used tab instead of space, which is causing the mongsqld to error out Fix: Just replace tab with space and everything is back to normal
Read more

MongoDB Tips: Kill long running processes

-
This is just a quick and simple script to find all active opid that has been running over 10 seconds and they are running against the databases and collections you can specify in the "ns" filter. It's best to first run db.currentOp(    {      "active" : true,      "secs_running" : { "$gt" : 10 },      "ns" : {$in:["equipment.detachment","personnel.detail","personnel.unavailability","personnel.detachment"]}    } ).inprog.forEach(function (doc) { print(doc.opid); }) and verify your output before you execute the kill command in my experience to make sure you are killing the processes that are meant to be killed. Once verifed, simply run: db.currentOp(    {      "active" : true,      "secs_running" : { "$gt" : 10 },      "ns" : {$in:["<db1>.<col1>","<db2>.<col2>","<dbn>.<coln>
Read more