Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-18614

mongodb keyFile between replicas throws Permission denied

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.0.3
    • Component/s: Admin, Replication, Security
    • Labels:
      None
    • ALL
    • Hide
      1. Setup single node replica set with auth enabled, a root user and a keyFile
      2. rs.initiate() in this first node
      3. In the same server, setup a second mongod process in a different port with the same keyFile and replica set name
      4. Populate some data into the first proccess that should be PRIMARY and the only node of the replica
      5. From the shell of the first process, after db.auth(), try to rs.add() the second node
      6. It will fail, reason: Permission denied to connect to the second process from the first one
      Show
      Setup single node replica set with auth enabled, a root user and a keyFile rs.initiate() in this first node In the same server, setup a second mongod process in a different port with the same keyFile and replica set name Populate some data into the first proccess that should be PRIMARY and the only node of the replica From the shell of the first process, after db.auth(), try to rs.add() the second node It will fail, reason: Permission denied to connect to the second process from the first one

      I have a single node ReplicaSet with auth activated, a root user and a keyFile I've created with this tutorial, I also have two more mongod processes in the same server in different ports (37017 and 47017) and the same replSet name, but when I try to add the secondaries in the mongo shell connected to PRIMARY with rs.add("172.31.48.41:37017") I get:

      {
    "ok" : 0,
    "errmsg" : "Quorum check failed because not enough voting nodes responded; required 2 but only the following 1 voting nodes responded: 172.31.48.41:27017; the following nodes did not respond affirmatively: 172.31.48.41:37017 failed with Failed attempt to connect to 172.31.48.41:37017; couldn't connect to server 172.31.48.41:37017 (172.31.48.41), connection attempt failed",
    "code" : 74
}

      Then I went to the mongod process log of the PRIMARY and found out this:

      2015-05-19T20:53:59.848-0400 I REPL     [conn51] replSetReconfig admin command received from client
2015-05-19T20:53:59.848-0400 W NETWORK  [conn51] Failed to connect to 172.31.48.41:37017, reason: errno:13 Permission denied
2015-05-19T20:53:59.848-0400 I REPL     [conn51] replSetReconfig config object with 2 members parses ok
2015-05-19T20:53:59.849-0400 W NETWORK  [ReplExecNetThread-0] Failed to connect to 172.31.48.41:37017, reason: errno:13 Permission denied
2015-05-19T20:53:59.849-0400 W REPL     [ReplicationExecutor] Failed to complete heartbeat request to 172.31.48.41:37017; Location18915 Failed attempt to connect to 172.31.48.41:37017; couldn't connect to server 172.31.48.41:37017 (172.31.48.41), connection attempt failed
2015-05-19T20:53:59.849-0400 E REPL     [conn51] replSetReconfig failed; NodeNotFound Quorum check failed because not enough voting nodes responded; required 2 but only the following 1 voting nodes responded: 172.31.48.41:27017; the following nodes did not respond affirmatively: 172.31.48.41:37017 failed with Failed attempt to connect to 172.31.48.41:37017; couldn't connect to server 172.31.48.41:37017 (172.31.48.41), connection attempt failed

      And the log of the mongod that should become SECONDARY shows nothing, the last two lines are:

      2015-05-19T20:48:36.584-0400 I REPL     [initandlisten] Did not find local replica set configuration document at startup;  NoMatchingDocument Did not find replica set configuration document in local.system.replset
2015-05-19T20:48:36.591-0400 I NETWORK  [initandlisten] waiting for connections on port 37017

      It's clear that I cannot rs.initiate() in this node because it will self vote to be PRIMARY and that would create a conflict, so the line that states "Did not find local replica set configuration document at startup" is to be ignores as far as I know.

      So I would think that the permission should be ok since I'm using the same key file in every mongod process and the replSet is the same in every config file, and that's all the tutorial states to be needed, but obviously something is missing.

      Any ideas? Is this a bug?

            Assignee:
            ramon.fernandez@mongodb.com Ramon Fernandez Marina
            Reporter:
            jdiego@digital-legends.com Juan Manuel Diego G
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: