Loading...

XML

Word

Printable

JSON

Type: Question
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 3.4.1
Component/s: Admin, Security
Labels:
None

CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

I'm trying to create a MongoDB cluster on a docker swarm with authentication.
(My process work when auth is disabled)

So I have 3 mongo instance (started with option `--auth --replicaset REPLICASET_NAME`)on the same crypted overlay network. (mongo1, mongo2 and mongo3)

On node with mongo1 container I initiate the replicaset and create the db admin

    docker exec -ti $(docker ps -f "name=mongo1" -q) mongo
    > rs.initiate()
    {
            "info2" : "no configuration specified. Using a default configuration for the set",
            "me" : "84ab8d1609c8:27017",
            "ok" : 1
    }
    REPLICASET_NAME:SECONDARY> use admin
    switched to db admin
    REPLICASET_NAME:PRIMARY> db.createUser({ user: "myUserAdmin", pwd: "123456", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
    Successfully added user: {
            "user" : "myUserAdmin",
            "roles" : [
                    {
                            "role" : "userAdminAnyDatabase",
                            "db" : "admin"
                    }
            ]
    }
    REPLICASET_NAME:PRIMARY> exit

After that I create the clusterAdmin

    docker exec -ti $(docker ps -f "name=mongo1" -q) mongo -u myUserAdmin --authenticationDatabase "admin" -p
    MongoDB shell version v3.4.1
    Enter password:
    connecting to: mongodb://127.0.0.1:27017/admin
    MongoDB server version: 3.4.1
    REPLICASET_NAME:PRIMARY> db.createUser({user: "myClusterAdmin", pwd: "123456", roles: [ { role: "clusterAdmin", db: "admin" } ]})
    Successfully added user: {
            "user" : "myClusterAdmin",
            "roles" : [
                    {
                            "role" : "clusterAdmin",
                            "db" : "admin"
                    }
            ]
    }
    REPLICASET_NAME:PRIMARY> exit

Now when I used the clusterAdmin to add replicaset member, I have an error

    docker exec -ti $(docker ps -f "name=mongo1" -q) mongo -u myClusterAdmin -p
    MongoDB shell version v3.4.1
    Enter password:
    connecting to: mongodb://127.0.0.1:27017
    MongoDB server version: 3.4.1
    REPLICASET_NAME:PRIMARY>rs.add("mongo2")
    {
        "ok" : 0,
        "errmsg" : "Quorum check failed because not enough voting nodes responded; required 2 but only the following 1 voting nodes responded: c4fe398cc7b8:27017;
    the following nodes did not respond affirmatively: mongo2:27017 failed with not authorized on admin to execute command { replSetHeartbeat: \"REPLICASET_NAME\", pv:
    1, v: 2, from: \"c4fe398cc7b8:27017\", fromId: 0, checkEmpty: false }",
        "code" : 74,
        "codeName" : "NodeNotFound"
    }

So I have a "NodeNotFound" error but I can ping mongo2 from mongo1 and the mongo2 respond

    docker exec -ti $(docker ps -f "name=mongo1" -q) mongo --host mongo2 -u myUserAdmin  -p
    MongoDB shell version v3.4.1
    Enter password:
    connecting to: mongodb://mongo2:27017/
    MongoDB server version: 3.4.1
    2017-01-12T16:09:34.043+0000 E QUERY    [main] Error: Authentication failed. :
    DB.prototype._authOrThrow@src/mongo/shell/db.js:1459:20
    @(auth):6:1
    @(auth):1:2
    exception: login failed

So do you know why it's not working ?
I did something stupid ?

Thanks in advance for your help

Assignee:: Unassigned
Reporter:: dducatel
Participants:: dducatel, Ramon Fernandez Marina
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Jan 16 2017 02:19:02 PM UTC
Updated:: Jan 16 2017 02:58:15 PM UTC
Resolved:: Jan 16 2017 02:58:15 PM UTC

Details

Description

Attachments

Activity

People

Dates