Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31916

Initial request to a shardsvr mongod can return a clustertime signed with the null key

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 3.6.0-rc4
    • 3.7.1
    • Sharding
    • Fully Compatible
    • ALL
    • Sharding 2018-01-01, Sharding 2017-12-18

    Description

      When interacting with a mongod in a sharded cluster, the first time a client connects directly to a mongod (instead of via mongos) it can receive a null signed clustertime. Ordinarily, this will only happen when the client has the special authorized to advance clock privilege, but it can also happen the first time an unprivileged client communicates (if that's before keys have been synced).

      When that client later attempts to gossip the time, they can receive a

      Cache Reader No keys found for HMAC that is valid for time: { ts: Timestamp 1510338396000|21 } with id: 0
      

      style error. This will only occur when the cluster itself has auth enabled (as otherwise no validation is necessary).

      For current tests, that involves blacklisting:

      • jstests/sharding/aggregation_currentop.js
      • jstests/sharding/auth_slaveok_routing.js

      and forcing jstests/libs/override_methods/validate_collections_on_shutdown.js to abort if it sees KeyNotFound.

      We should come up with a strategy to handle this and remove the blacklist

      Attachments

        Issue Links

          Activity

            People

              misha.tyulenev@mongodb.com Misha Tyulenev
              jason.carey@mongodb.com Jason Carey
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: