Details
-
Bug
-
Resolution: Done
-
Critical - P2
-
None
-
None
-
None
-
None
-
ALL
Description
2 micro instances, one instance running 2.2.2
./bin/mongod --dbpath ./data --sslOnNormalPorts --sslPEMKeyFile ../gregorFreeBSD.pem --sslPEMKeyPassword mongo --replSet rs1
|
the other instance running 2.2.2 node and arbiter.
./bin/mongod --dbpath ./data/ --sslOnNormalPorts --sslPEMKeyFile ../gregorFreeBSD.pem --sslPEMKeyPassword mongo --replSet rs1 --smallfiles
|
./bin/mongod --dbpath ./data/arb/ --port 30000 --replSet rs1 --sslOnNormalPorts --sslPEMKeyFile ../gregorFreeBSD.pem --sslPEMKeyPassword mongo --smallfiles
|
rs1:PRIMARY> rs.status()
|
{
|
"set" : "rs1",
|
"date" : ISODate("2013-02-27T12:24:09Z"),
|
"myState" : 1,
|
"members" : [
|
{
|
"_id" : 0,
|
"name" : "ip-10-227-21-162:27017",
|
"health" : 1,
|
"state" : 1,
|
"stateStr" : "PRIMARY",
|
"uptime" : 2399,
|
"optime" : Timestamp(1361966564000, 1),
|
"optimeDate" : ISODate("2013-02-27T12:02:44Z"),
|
"self" : true
|
},
|
{
|
"_id" : 1,
|
"name" : "ip-10-48-238-94:27017",
|
"health" : 1,
|
"state" : 2,
|
"stateStr" : "SECONDARY",
|
"uptime" : 1634,
|
"optime" : Timestamp(1361966564000, 1),
|
"optimeDate" : ISODate("2013-02-27T12:02:44Z"),
|
"lastHeartbeat" : ISODate("2013-02-27T12:24:08Z"),
|
"pingMs" : 0
|
},
|
{
|
"_id" : 2,
|
"name" : "ip-10-48-238-94:30000",
|
"health" : 1,
|
"state" : 7,
|
"stateStr" : "ARBITER",
|
"uptime" : 1285,
|
"lastHeartbeat" : ISODate("2013-02-27T12:24:08Z"),
|
"pingMs" : 0
|
}
|
],
|
"ok" : 1
|
}
|
Take node from second instance offline and upgrade to 2.4.0-rc1 with --sslCAFile.
./bin/mongod --dbpath ../mongodb-linux-x86_64-subscription-ubuntu1104-2.2.2/data/ --sslOnNormalPorts --sslPEMKeyFile ../gregorFreeBSD.pem --sslCAFile ../cacert.pem --replSet rs1 --smallfiles
|
Repeated error message on this node upon restart is
Wed Feb 27 12:28:42.472 [initandlisten] connection accepted from 10.48.238.94:41645 #195 (1 connection now open)
|
Wed Feb 27 12:28:42.474 [conn195] ERROR: no SSL certificate provided by peer; connection rejected
|
Wed Feb 27 12:28:42.475 [conn195] SocketException handling request, closing client connection: 9001 socket exception [6]
|
Wed Feb 27 12:28:43.680 [initandlisten] connection accepted from 10.227.21.162:56636 #196 (1 connection now open)
|
Wed Feb 27 12:28:43.683 [conn196] ERROR: no SSL certificate provided by peer; connection rejected
|
Wed Feb 27 12:28:43.683 [conn196] SocketException handling request, closing client connection: 9001 socket exception [6]
|
Wed Feb 27 12:28:44.476 [initandlisten] connection accepted from 10.48.238.94:41647 #197 (1 connection now open)
|
Wed Feb 27 12:28:44.478 [conn197] ERROR: no SSL certificate provided by peer; connection rejected
|
Wed Feb 27 12:28:44.478 [conn197] SocketException handling request, closing client connection: 9001 socket exception [6]
|
This is incorrect - other nodes are using a CA signed cert so surely this upgrade should work? Or if not then the error message
no SSL certificate provided by peer
is incorrect - they are supplying a cert, but it's not being accepted.