Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3210

mongorestore throws error for config db upon full backup restore

XMLWordPrintableJSON

    • Type: Icon: Investigation Investigation
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 100.6.0
    • Component/s: mongorestore
    • Labels:
      None

      Problem Statement/Rationale

      When the authentication is enabled, and authenticated user has a different userId from that being restored from the backup,  mongorestore tool although apparently restoring most of the data, complains with:

      2022-10-31T15:02:56.013+0100    Failed: config.external_validation_keys: error creating indexes for config.external_validation_keys: createIndex error: (Unauthorized) command createIndexes requires authentication

      A second restore attempt succeeds without errors.

      Steps to Reproduce

      How could an engineer replicate the issue you’re reporting?

      $ mlaunch init --auth --dir rs5013 --nodes 3 --replicaset --name "rs5013" --port 27207 --binarypath mongodb-linux-x86_64-ubuntu2004-5.0.13/bin/
Generating keyfile: /data/mongodb/rs5013/keyfile
launching: "mongodb-linux-x86_64-ubuntu2004-5.0.13/bin/mongod" on port 27207
launching: "mongodb-linux-x86_64-ubuntu2004-5.0.13/bin/mongod" on port 27208
launching: "mongodb-linux-x86_64-ubuntu2004-5.0.13/bin/mongod" on port 27209
replica set 'rs5013' initialized.
...

rs5013:PRIMARY> db.getUsers()
[
    {
        "_id" : "admin.root",
        "userId" : UUID("7afce05e-88c9-4657-ba7e-9755a55bc0c8"),
        "user" : "root",
        "db" : "admin",
        "roles" : [
            {
                "role" : "root",
                "db" : "admin"
            }
        ],
        "mechanisms" : [
            "SCRAM-SHA-1",
            "SCRAM-SHA-256"
        ]
    }
]

rs5013:PRIMARY> use db1
switched to db db1
rs5013:PRIMARY> db.foo.insert({a:1})
WriteResult({ "nInserted" : 1 })

$ mongodb-database-tools-ubuntu2004-x86_64-100.6.0/bin/mongodump --oplog --port 27207 --username=root --password="password" --authenticationDatabase=admin --out=backup/10/
2022-10-31T14:59:40.262+0100    writing admin.system.users to backup/10/admin/system.users.bson
2022-10-31T14:59:40.263+0100    done dumping admin.system.users (1 document)
2022-10-31T14:59:40.263+0100    writing admin.system.version to backup/10/admin/system.version.bson
2022-10-31T14:59:40.263+0100    done dumping admin.system.version (2 documents)
2022-10-31T14:59:40.264+0100    writing config.tenantMigrationRecipients to backup/10/config/tenantMigrationRecipients.bson
2022-10-31T14:59:40.265+0100    writing config.external_validation_keys to backup/10/config/external_validation_keys.bson
2022-10-31T14:59:40.265+0100    writing db1.foo to backup/10/db1/foo.bson
2022-10-31T14:59:40.265+0100    writing config.tenantMigrationDonors to backup/10/config/tenantMigrationDonors.bson
2022-10-31T14:59:40.266+0100    done dumping config.external_validation_keys (0 documents)
2022-10-31T14:59:40.266+0100    done dumping config.tenantMigrationRecipients (0 documents)
2022-10-31T14:59:40.266+0100    done dumping config.tenantMigrationDonors (0 documents)
2022-10-31T14:59:40.266+0100    done dumping db1.foo (1 document)
2022-10-31T14:59:40.266+0100    writing captured oplog to 
2022-10-31T14:59:40.267+0100        dumped 1 oplog entry

$ mlaunch stop --dir rs5013
sent signal Signals.SIGTERM to 3 processes.
$ rm -fr rs5013 
$ mlaunch init --auth --dir rs5013 --nodes 3 --replicaset --name "rs5013" --port 27207 --binarypath mongodb-linux-x86_64-ubuntu2004-5.0.13/bin/
...

$ mongodb-database-tools-ubuntu2004-x86_64-100.6.0/bin/mongorestore --drop --oplogReplay --port 27207 --username=root --password="password" --authenticationDatabase=admin backup/10
2022-10-31T15:02:55.792+0100    preparing collections to restore from
2022-10-31T15:02:55.793+0100    reading metadata for config.external_validation_keys from backup/10/config/external_validation_keys.metadata.json
2022-10-31T15:02:55.794+0100    reading metadata for config.tenantMigrationDonors from backup/10/config/tenantMigrationDonors.metadata.json
2022-10-31T15:02:55.794+0100    reading metadata for config.tenantMigrationRecipients from backup/10/config/tenantMigrationRecipients.metadata.json
2022-10-31T15:02:55.794+0100    reading metadata for db1.foo from backup/10/db1/foo.metadata.json
2022-10-31T15:02:55.795+0100    dropping collection config.external_validation_keys before restoring
2022-10-31T15:02:55.795+0100    dropping collection config.tenantMigrationRecipients before restoring
2022-10-31T15:02:55.796+0100    dropping collection config.tenantMigrationDonors before restoring
2022-10-31T15:02:55.859+0100    restoring db1.foo from backup/10/db1/foo.bson
2022-10-31T15:02:55.870+0100    finished restoring db1.foo (1 document, 0 failures)
2022-10-31T15:02:55.917+0100    restoring config.external_validation_keys from backup/10/config/external_validation_keys.bson
2022-10-31T15:02:55.927+0100    finished restoring config.external_validation_keys (0 documents, 0 failures)
2022-10-31T15:02:55.936+0100    restoring config.tenantMigrationDonors from backup/10/config/tenantMigrationDonors.bson
2022-10-31T15:02:55.946+0100    finished restoring config.tenantMigrationDonors (0 documents, 0 failures)
2022-10-31T15:02:55.957+0100    restoring config.tenantMigrationRecipients from backup/10/config/tenantMigrationRecipients.bson
2022-10-31T15:02:55.971+0100    finished restoring config.tenantMigrationRecipients (0 documents, 0 failures)
2022-10-31T15:02:55.971+0100    restoring users from backup/10/admin/system.users.bson
2022-10-31T15:02:56.013+0100    replaying oplog
2022-10-31T15:02:56.013+0100    applied 0 oplog entries
2022-10-31T15:02:56.013+0100    restoring indexes for collection config.external_validation_keys from metadata
2022-10-31T15:02:56.013+0100    index: &idx.IndexDocument{Options:primitive.M{"expireAfterSeconds":0, "name":"ExternalKeysTTLIndex", "v":2}, Key:primitive.D{primitive.E{Key:"ttlExpiresAt", Value:1}}, PartialFilterExpression:primitive.D(nil)}
2022-10-31T15:02:56.013+0100    no indexes to restore for collection db1.foo
2022-10-31T15:02:56.013+0100    restoring indexes for collection config.tenantMigrationDonors from metadata
2022-10-31T15:02:56.013+0100    index: &idx.IndexDocument{Options:primitive.M{"expireAfterSeconds":0, "name":"TenantMigrationDonorTTLIndex", "v":2}, Key:primitive.D{primitive.E{Key:"expireAt", Value:1}}, PartialFilterExpression:primitive.D(nil)}
2022-10-31T15:02:56.013+0100    restoring indexes for collection config.tenantMigrationRecipients from metadata
2022-10-31T15:02:56.013+0100    index: &idx.IndexDocument{Options:primitive.M{"expireAfterSeconds":0, "name":"TenantMigrationRecipientTTLIndex", "v":2}, Key:primitive.D{primitive.E{Key:"expireAt", Value:1}}, PartialFilterExpression:primitive.D(nil)}
2022-10-31T15:02:56.013+0100    Failed: config.external_validation_keys: error creating indexes for config.external_validation_keys: createIndex error: (Unauthorized) command createIndexes requires authentication
2022-10-31T15:02:56.013+0100    1 document(s) restored successfully. 0 document(s) failed to restore.

      Expected Results

      A full backup and restore should use authentication in a consistent way and not fail in a middle leaving the destination in partial state. 

      Actual Results

      An error occurs during restore.

            Assignee:
            rohan.sharan@mongodb.com Rohan Sharan
            Reporter:
            przemek.malkowski@gmail.com Przemek Malkowski
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: