Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-22039

printShardingSize command fails on not authorized in a sharded cluster with authentication enabled

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.7.2
    • Affects Version/s: 2.6.11, 3.0.6, 3.0.8, 3.4.10, 3.6.2
    • Component/s: Sharding
    • Fully Compatible
    • ALL
    • Hide
      1. Start a cluster with 1 to several shards, with authentication enabled and a user (--auth --username tmpuser --password 123456 ).
      2. Connect to the mongos instance using mongo shell: 
        mongo localhost:27017/admin -u <admin_user> -p <password>
      3. Shard a collection - MUST 
        sh.enableSharding("sampledb")
sh.shardCollection("sampledb.samplecoll",{a:1})
      4. Switch to the DB and insert documents into it.commands: 
        mongos> use sampledb
for (var i =0; i<2000; i++){db.samplecoll.insert({a:i,b:i+2})}
      5. Run the printShardingSizes command 
        mongos> printShardingSizes()

      Output:

      	{ "_id" : "sampledb", "partitioned" : true, "primary" : "shard01" }
		sampledb.samplecoll chunks:
			{ "a" : { "$minKey" : 1 } } -->> { "a" : 1 } on : shard02 {
	"errmsg" : "not authorized on sampledb to execute command { dataSize: \"sampledb.samplecoll\", keyPattern: { a: 1.0 }, min: { a: MinKey }, max: { a: 1.0 } }",
	"code" : 13
      Show
      Start a cluster with 1 to several shards, with authentication enabled and a user (--auth --username tmpuser --password 123456 ). Connect to the mongos instance using mongo shell: mongo localhost:27017/admin -u <admin_user> -p <password> Shard a collection - MUST sh.enableSharding( "sampledb" ) sh.shardCollection( "sampledb.samplecoll" ,{a:1}) Switch to the DB and insert documents into it.commands: mongos> use sampledb for ( var i =0; i<2000; i++){db.samplecoll.insert({a:i,b:i+2})} Run the printShardingSizes command mongos> printShardingSizes() Output: { "_id" : "sampledb" , "partitioned" : true , "primary" : "shard01" } sampledb.samplecoll chunks: { "a" : { "$minKey" : 1 } } -->> { "a" : 1 } on : shard02 { "errmsg" : "not authorized on sampledb to execute command { dataSize: \" sampledb.samplecoll\ ", keyPattern: { a: 1.0 }, min: { a: MinKey }, max: { a: 1.0 } }" , "code" : 13
    • Sharding 2018-02-12

      Problem description

      When running the command printShardingSizes, on a sharded cluster with authentication enabled, a "not authorized on <DB> to execute command

      { dataSize: \"sample.samplecol1\"}

      ..." error will appear. 

      mongos> printShardingSizes()
--- Sharding Status --- 
  sharding version: {
	"_id" : 1,
	"minCompatibleVersion" : 5,
	"currentVersion" : 6,
	"clusterId" : ObjectId("5685130fc895ab9401e7cc50")
}
  shards:
      {
	"_id" : "shard02",
...
...
...
  databases:
	{ "_id" : "admin", "partitioned" : false, "primary" : "config" }
	{ "_id" : "sampledb", "partitioned" : true, "primary" : "shard01" }
		sampledb.samplecoll chunks:
			{ "a" : { "$minKey" : 1 } } -->> { "a" : 1 } on : shard02 {
	"errmsg" : "not authorized on sampledb to execute command { dataSize: \"sampledb.samplecoll\", keyPattern: { a: 1.0 }, min: { a: MinKey }, max: { a: 1.0 } }",
	"code" : 13
}

      Hypothesis

      The command wraps the dataSize command and executes it directly on the primaries of the shards, from the mongos, by connecting through the shell (without authentication). In the snippet of the code wrapped by the printShardingSizes command, the "mydb" variable attempts to connect directly to the primaries of the shards. As the authentication is enabled on the cluster level, the command itself fails on a "not authorized" error.

      var mydb = shards[chunk.shard].getDB(db._id)
var out = mydb.runCommand({dataSize: coll._id,
          keyPattern: coll.key,
           min: chunk.min,
           max: chunk.max });

      I have tested this scenario several times, on versions 2.6.11, 3.0.6 and 3.0.8. all with the same results.

      Workaround

      mongos> use sampledb
mongos> db.runCommand({dataSize:"sampledb.samplecoll",keyPattern:{a:1},min:{ a: MinKey },max: { a: MaxKey }})

            Assignee:
            blake.oler@mongodb.com Blake Oler
            Reporter:
            idan.sher@mongodb.com Idan Sher
            Votes:
            1 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: