Details
-
Task
-
Resolution: Won't Do
-
Major - P3
-
None
-
None
Description
The following actions/privileges are not permitted by the 2.6 clusterMonitor role in order to maintain compatibility with MMS:
1.) Permission to read the current profiling level via the {profile: -1} command.
2.) Permission to read the local.oplog.rs namespace for oplog stats.
3.) Permission to read the local.oplog.$main namespace for config svr oplog stats
4.) Permission to read the local.system.replset namespace for replica set conf
Also, not sure if related or should be separate ticket, but I'm also occasionally seeing this error from the monitoring agent log (via pymongo) when trying to run dbstats command against both of my clusterMonitor-authed shard secondaries: "expected to be write locked for config.$freelist"
Corresponding trace from MongoDB server log:
...
|
2013-12-10T17:47:12.279-0500 [conn5] Unauthorized not authorized on admin to execute command { profile: -1 }
|
2013-12-10T17:47:12.280-0500 [conn5] creating profile collection: cloud-docs.system.profile
|
2013-12-10T17:47:12.282-0500 [conn5] Unauthorized not authorized on cloud-docs to execute command { profile: -1 }
|
2013-12-10T17:47:12.289-0500 [conn5] lock status: r recursive:1 otherCount:-1 otherdb:config
|
2013-12-10T17:47:12.290-0500 [conn5] Assertion: 16105:expected to be write locked for config.$freelist
|
2013-12-10T17:47:12.343-0500 [conn5] config 0x10063800b 0x1005f7d02 0x1005e864f 0x1005e872d 0x1001b151d 0x10011790f 0x100117a48 0x100117aa4 0x1001b6bc3 0x1001cbe3c 0x1001bebb5 0x1001bfa9d 0x1001c059c 0x100323b6e 0x10032462c 0x1002a84a6 0x100006e34 0x100604e41 0x100669fd5 0x7fff8ea867a2
|
0 mongod 0x000000010063800b _ZN5mongo15printStackTraceERSo + 43
|
1 mongod 0x00000001005f7d02 _ZN5mongo10logContextEPKc + 114
|
2 mongod 0x00000001005e864f _ZN5mongo11msgassertedEiPKc + 255
|
3 mongod 0x00000001005e872d _ZN5mongo11msgassertedEiRKSs + 29
|
4 mongod 0x00000001001b151d _ZN5mongo4Lock17assertWriteLockedERKNS_10StringDataE + 393
|
5 mongod 0x000000010011790f _ZN5mongo14NamespaceIndex6add_nsERKNS_9NamespaceEPKNS_16NamespaceDetailsE + 95
|
6 mongod 0x0000000100117a48 _ZN5mongo14NamespaceIndex6add_nsERKNS_10StringDataEPKNS_16NamespaceDetailsE + 192
|
7 mongod 0x0000000100117aa4 _ZN5mongo14NamespaceIndex6add_nsERKNS_10StringDataERKNS_7DiskLocEb + 56
|
8 mongod 0x00000001001b6bc3 _ZN5mongo8Database19_initExtentFreeListEv + 137
|
9 mongod 0x00000001001cbe3c _ZN5mongo7DBStats3runERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 2696
|
10 mongod 0x00000001001bebb5 _ZN5mongo12_execCommandEPNS_7CommandERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 37
|
11 mongod 0x00000001001bfa9d _ZN5mongo7Command11execCommandEPS0_RNS_6ClientEiPKcRNS_7BSONObjERNS_14BSONObjBuilderEb + 2223
|
12 mongod 0x00000001001c059c _ZN5mongo12_runCommandsEPKcRNS_7BSONObjERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 1388
|
13 mongod 0x0000000100323b6e _ZN5mongo11runCommandsEPKcRNS_7BSONObjERNS_5CurOpERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 46
|
14 mongod 0x000000010032462c _ZN5mongo8runQueryERNS_7MessageERNS_12QueryMessageERNS_5CurOpES1_ + 2204
|
15 mongod 0x00000001002a84a6 _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 1958
|
16 mongod 0x0000000100006e34 _ZN5mongo16MyMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE + 308
|
17 mongod 0x0000000100604e41 _ZN5mongo17PortMessageServer17handleIncomingMsgEPv + 1681
|
18 mongod 0x0000000100669fd5 thread_proxy + 229
|
19 libsystem_c.dylib 0x00007fff8ea867a2 _pthread_start + 327
|
2013-12-10T17:47:12.357-0500 [conn5] Unauthorized not authorized on local to execute command { profile: -1 }
|
...
|
Attachments
Issue Links
- documents
-
SERVER-12035 clusterMonitor role missing privileges for MMS compatibility
-
- Closed
-