-
Type: Bug
-
Resolution: Duplicate
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Testing Infrastructure
-
Replication
-
ALL
-
The following snippet results in a JavaScript error when initializing a cluster:
'use strict'; var x509_options = { sslMode: "requireSSL", sslPEMKeyFile: "jstests/libs/server.pem", sslCAFile: "jstests/libs/ca.pem", sslClusterFile: "jstests/libs/cluster_cert.pem", sslAllowInvalidHostnames: "", clusterAuthMode: "x509" }; var st = new ShardingTest({ shards: 2, mongos: 1, other: { enableBalancer: true, configOptions: x509_options, mongosOptions: x509_options, rsOptions: x509_options, shardOptions: x509_options } }); st.stop();
With the following backtrace:
assert: command failed: { "ok" : 0, "errmsg" : "not authorized on admin to execute command { serverStatus: 1.0, lsid: { id: UUID(\"aeb11c69-c642-4f3b-8910-915161999c85\") }, $db: \"admin\" }", "code" : 13, "codeName" : "Unauthorized" } with original command request: { "serverStatus" : 1, "lsid" : { "id" : UUID("aeb11c69-c642-4f3b-8910-915161999c85") } } on connection: connection to ip-10-122-78-134.ec2.internal:20520 _getErrorWithCode@src/mongo/shell/utils.js:25:13 doassert@src/mongo/shell/assert.js:18:14 _assertCommandWorked@src/mongo/shell/assert.js:719:17 assert.commandWorked@src/mongo/shell/assert.js:811:16 _isRunningWithoutJournaling/result<@src/mongo/shell/replsettest.js:214:32 asCluster@src/mongo/shell/replsettest.js:203:20 _isRunningWithoutJournaling@src/mongo/shell/replsettest.js:213:22 ReplSetTest/this._updateConfigIfNotDurable@src/mongo/shell/replsettest.js:1167:13 ReplSetTest/this._setDefaultConfigOptions@src/mongo/shell/replsettest.js:1176:9 ReplSetTest/this.initiateWithAnyNodeAsPrimary@src/mongo/shell/replsettest.js:1318:9 initiateReplicaSet@src/mongo/shell/shardingtest.js:1634:9 ShardingTest@src/mongo/shell/shardingtest.js:1709:13 @jstests/ssl/sharding_with_x509.js:20:10 @jstests/ssl/sharding_with_x509.js:3:2
The cause of this seems to be that when initializing a shard as a replica set a server status command is being executed but the only authentication method available is by using a keyFile, so there is no way of using x509. There is an old ticket proposing a refactor of ShardingTest and ReplSetTest. Until this is fixed, tests like sharding_with_x509.js or speculative-auth-sharding.js must be blacklisted.
- is depended on by
-
SERVER-55824 Make ssl_get_more.js start shards as replicaset
- Closed
- is related to
-
SERVER-53605 Ensure replsettest.asCluster works with clusterAuthMode = x509
- Closed
-
SERVER-43899 Blacklist sharding_with_x509.js and speculative-auth-sharding.js start shards as replica sets
- Closed
- related to
-
SERVER-14017 Refactor ShardingTest and ReplSetTest objects to use separate control and test connections
- Backlog