Details
-
Bug
-
Status: Closed
-
Major - P3
-
Resolution: Duplicate
-
None
-
None
-
ALL
-
Description
The following snippet results in a JavaScript error when initializing a cluster:
'use strict';
|
|
var x509_options = {
|
sslMode: "requireSSL",
|
sslPEMKeyFile: "jstests/libs/server.pem",
|
sslCAFile: "jstests/libs/ca.pem",
|
sslClusterFile: "jstests/libs/cluster_cert.pem",
|
sslAllowInvalidHostnames: "",
|
clusterAuthMode: "x509"
|
};
|
|
var st = new ShardingTest({
|
shards: 2,
|
mongos: 1,
|
other: {
|
enableBalancer: true,
|
configOptions: x509_options,
|
mongosOptions: x509_options,
|
rsOptions: x509_options,
|
shardOptions: x509_options
|
}
|
});
|
|
st.stop();
|
With the following backtrace:
assert: command failed: {
|
"ok" : 0,
|
"errmsg" : "not authorized on admin to execute command { serverStatus: 1.0, lsid: { id: UUID(\"aeb11c69-c642-4f3b-8910-915161999c85\") }, $db: \"admin\" }",
|
"code" : 13,
|
"codeName" : "Unauthorized"
|
} with original command request: {
|
"serverStatus" : 1,
|
"lsid" : {
|
"id" : UUID("aeb11c69-c642-4f3b-8910-915161999c85")
|
}
|
} on connection: connection to ip-10-122-78-134.ec2.internal:20520
|
_getErrorWithCode@src/mongo/shell/utils.js:25:13
|
doassert@src/mongo/shell/assert.js:18:14
|
_assertCommandWorked@src/mongo/shell/assert.js:719:17
|
assert.commandWorked@src/mongo/shell/assert.js:811:16
|
_isRunningWithoutJournaling/result<@src/mongo/shell/replsettest.js:214:32
|
asCluster@src/mongo/shell/replsettest.js:203:20
|
_isRunningWithoutJournaling@src/mongo/shell/replsettest.js:213:22
|
ReplSetTest/this._updateConfigIfNotDurable@src/mongo/shell/replsettest.js:1167:13
|
ReplSetTest/this._setDefaultConfigOptions@src/mongo/shell/replsettest.js:1176:9
|
ReplSetTest/this.initiateWithAnyNodeAsPrimary@src/mongo/shell/replsettest.js:1318:9
|
initiateReplicaSet@src/mongo/shell/shardingtest.js:1634:9
|
ShardingTest@src/mongo/shell/shardingtest.js:1709:13
|
@jstests/ssl/sharding_with_x509.js:20:10
|
@jstests/ssl/sharding_with_x509.js:3:2
|
The cause of this seems to be that when initializing a shard as a replica set a server status command is being executed but the only authentication method available is by using a keyFile, so there is no way of using x509. There is an old ticket proposing a refactor of ShardingTest and ReplSetTest. Until this is fixed, tests like sharding_with_x509.js or speculative-auth-sharding.js must be blacklisted.
Attachments
Issue Links
- is depended on by
-
SERVER-55824 Make ssl_get_more.js start shards as replicaset
-
- Closed
-
- is related to
-
SERVER-53605 Ensure replsettest.asCluster works with clusterAuthMode = x509
-
- Closed
-
-
SERVER-43899 Blacklist sharding_with_x509.js and speculative-auth-sharding.js start shards as replica sets
-
- Closed
-
- related to
-
SERVER-14017 Refactor ShardingTest and ReplSetTest objects to use separate control and test connections
-
- Backlog
-