Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3587

mongos should check with config servers about auth on startup

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: 1.9.2
    • Fix Version/s: 2.0.0-rc0
    • Component/s: None
    • Labels:
      None
    • Operating System:
      ALL

      Description

      This is more of a usability issue than a bug. If you set up a sharded cluster with auth and forget to start mongos with --keyFile everything runs fine until you add an admin user. After adding the user db.auth() will fail without a useful error and balancing rounds will fail.

      MongoDB shell version: 1.9.2
      connecting to: test
      mongos> use admin
      switched to db admin
      mongos> db.runCommand(

      {'addShard': 'localhost:27018'}

      )

      { "shardAdded" : "shard0000", "ok" : 1 }

      mongos> db.runCommand(

      {'addShard': 'localhost:27019'}

      )

      { "shardAdded" : "shard0001", "ok" : 1 }

      mongos> db.system.users.find()
      mongos> db.system.users.count()
      0
      mongos> db.addUser('theadmin', 'mypassword')
      {
      "singleShard" : "localhost:27020",
      "n" : 0,
      "connectionId" : 14,
      "err" : null,
      "ok" : 1
      }
      {
      "user" : "theadmin",
      "readOnly" : false,
      "pwd" : "02cdbcb825fda3c0824be229afa605e8",
      "_id" : ObjectId("4e456aa827b2e95a4ccfbe29")
      }
      mongos> db.auth('theadmin', 'mypassword')
      0

      Fri Aug 12 11:02:06 [Balancer] distributed lock 'balancer/behackett-dt:27017:1313172036:1804289383' unlocked.
      Fri Aug 12 11:02:16 [Balancer] ~ScopedDBConnection: _conn != null
      Fri Aug 12 11:02:16 [Balancer] ~ScopedDbConnection: _conn != null
      Fri Aug 12 11:02:16 [Balancer] caught exception while doing balance: nextSafe():

      { $err: "unauthorized db:config lock type:-1 client:127.0.0.1", code: 10057 }

      Fri Aug 12 11:02:33 [conn1] authenticate:

      { authenticate: 1.0, user: "theadmin", nonce: "90a00bd5b3a86963", key: "ded39b5832e03051d7a0558b55355072" }

      mongos should check with the config servers to see if they were started with --keyFile on first startup and log a useful warning. This will potentially cut down on mongodb-user questions.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: