Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-57277

Arbiter nodes, (set to authenticate session against them), continue to expect authentication even after a resync.

    • Type: Icon: Question Question
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 4.4.5
    • Component/s: None
    • None
    • Security 2021-06-28, Security 2021-07-12, Security 2021-07-26, Security 2021-08-09, Security 2021-08-23

      Some tech team typically deploys manually PSA Replica Sets, authentication enabled, configuring users on all the nodes, Arbiter included, following these steps:

         1) Start arbiter as a standalone process.
         2) Create the user.
         3) Bring the node up as a replica set member.

      Forcing an Initial Sync of Arbiter nodes installed following the above steps, the Arbiter can't longer authenticate sessions against it, but the Initial Sync does not revert the situation to a totally cleaned situation, because e.g. commands like db.shutdownServer() or rs.status() return the warning message:

      2021-05-07T11:03:36.269+0000 E QUERY [js] Error: shutdownServer failed: {"ok" : 0,"errmsg" : "command shutdown requires authentication","code" : 13,"codeName" : "Unauthorized"} :_getErrorWithCode@src/mongo/shell/utils.js:25:13DB.prototype.shutdownServer@src/mongo/shell/db.js:426:19@(shell):1:1

      Arbiter nodes correctly installed, to the command db.shutdownServer() allows to shutdown the process, while the command  rs.status()  returns the expected output.

      The questions are:

      1. Can the unexpected behaviour of these Arbiter nodes lead to other potential health issues for the Replica Set?
          
      2. What's the correct\best way to revert the configuration of Arbiters set to authenticate sessions against them? Is the Initial Sync not enough?

       

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            marco.barbierato@mongodb.com Marco Barbierato
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: