-
Type: Bug
-
Resolution: Duplicate
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Tools and Replicator
-
(copied to CRM)
Problem Statement/Rationale
Dumping the config database with atlasAdmin permissions using mongodump 100.7.3+ is failing with:
2023-09-01T08:32:23.402+0100 Failed: error creating intents to dump: error counting config.system.indexBuilds: (Unauthorized) not authorized on config to execute command { count: "system.indexBuilds", lsid: { id: UUID("0b87c1e2-49eb-4dd9-9d74-5f6dc7f1d3cd") }, $clusterTime: { clusterTime: Timestamp(1693553542, 1), signature: { hash: BinData(0, FA95EAAADC7C85DEA85F44284E0CE44ABFAF286B), keyId: 7273755650985820183 } }, $db: "config" }
Steps to Reproduce
Try to dump the config database for a sharded Atlas cluster from a mongos
Expected Results
The dump will succeed
Actual Results
The dump fails.
Additional Notes
TOOLS-2537 excluded system.indexBuilds and TOOLS-3203 in 100.7.1 revamped the exclusion logic to only include the collections from this config file. TOOLS-3324 was then implemented in 100.7.3 to revert work done by TOOLS-3203 because certain collections were being excluded from config .
This line added by TOOLS-3324 is still in shouldSkipSystemNamespace in master, which results in all collections being dumped if --db=config is specified as an option:
if dump.ToolOptions.DB == "config" { return false }
We often ask customers to dump the config database and we have standard scripts that generate commands to dump the config db . We have also shared these with many customers in the past, who continue to use these. To these customers, this will now appear to be broken.
The workaround for this particular issue is to use --excludeCollection="system.indexBuilds but this seems less than ideal. This has the potential to become a growing list of exclusions that we need to manage across the global team and communicate to customers as this changes.
It would be preferable that the collections that were previously excluded pre-TOOLS-3203 ccould be ignored even if --db=config is specified as an option:
if collName == "transactions" || collName == "system.sessions" || collName == "transaction_coordinators" || collName == "system.indexBuilds"
- duplicates
-
TOOLS-3340 Add flag to mongodump/mongorestore that allows skipping of collections with permissions issues
- Closed