-
Type:
Bug
-
Resolution: Works as Designed
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Sharding
-
Labels:None
-
ALL
In the last week or two, the C Driver's mongo-orchestration config files for starting a sharded cluster with TLS and auth have stopped working intermittently with the latest MongoDB server build. Shard servers now log this, and the cluster fails to initialize:
2018-08-01T22:40:39.605+0000 I NETWORK [listener] connection accepted from 127.0.0.1:57142 #75 (6 connections now open)
2018-08-01T22:40:39.609+0000 W NETWORK [conn75] SSL peer certificate validation failed: unsupported certificate purpose
2018-08-01T22:40:39.609+0000 I NETWORK [conn75] received client metadata from 127.0.0.1:57142 conn75: { driver: { name: "MongoDB Internal Client", version: "4.1.1-175-g075d7fe" }, os: { type: "Linux", name: "Ubuntu", architecture: "x86_64", version: "14.04" } }
2018-08-01T22:40:39.610+0000 I ACCESS [conn75] SASL SCRAM-SHA-1 authentication failed for __system on local from client 127.0.0.1:57142 ; AuthenticationFailed: It is not possible to authenticate as the __system user on servers started without a --keyFile parameter
2018-08-01T22:40:39.610+0000 I NETWORK [conn75] end connection 127.0.0.1:57142 (5 connections now open)
The C Driver's current configuration looks like this:
Mongo orchestration starts two members per replica set for the shards, and it does not pass --keyFile to the shard servers. I've filed this as a possible mongo orchestration bug:
https://github.com/10gen/mongo-orchestration/issues/251
I'm nevertheless filing this as a SERVER bug because the server used to work with this configuration. Either --keyFile has unintentionally become a requirement, or it's intentional and it needs to be documented.
- causes
-
-
- Closed
-