Details
-
Task
-
Resolution: Done
-
Critical - P2
-
None
-
None
-
0.25
Description
See https://jira.mongodb.org/browse/CS-32755 for reference.
It seems that when importing an existing cluster for automation if the replica set keyfile ends with an = sign, an error will occur.
This is because the base64 encoding spec needs to add padding characters if the length of the string to be encoded is not a multiple of 4. https://en.wikipedia.org/wiki/Base64
We should update our docs on how to generate a keyfile, like https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/#create-a-keyfile to say something like:
openssl rand -base64 756 > <path-to-keyfile>
|
instead of
openssl rand -base64 755 > <path-to-keyfile>
|
When an automation-agent is importing a replica it seems the currently coded logic will throw an error should the padding character = be detected. But, if you used the documented process for generating a keyfile for a manually deployed replica set the padding character will be appended and sadly the replSet's mongod's will happily accept these padding characters.