[SERVER-27697] Fail to build MongoDB replcaset with Auth on Swarm Created: 16/Jan/17  Updated: 16/Jan/17  Resolved: 16/Jan/17

Status: Closed
Project: Core Server
Component/s: Admin, Security
Affects Version/s: 3.4.1
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: dducatel Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

I'm trying to create a MongoDB cluster on a docker swarm with authentication.
(My process work when auth is disabled)

So I have 3 mongo instance (started with option `--auth --replicaset REPLICASET_NAME`)on the same crypted overlay network. (mongo1, mongo2 and mongo3)

On node with mongo1 container I initiate the replicaset and create the db admin

    docker exec -ti $(docker ps -f "name=mongo1" -q) mongo
    > rs.initiate()
    {
            "info2" : "no configuration specified. Using a default configuration for the set",
            "me" : "84ab8d1609c8:27017",
            "ok" : 1
    }
    REPLICASET_NAME:SECONDARY> use admin
    switched to db admin
    REPLICASET_NAME:PRIMARY> db.createUser({ user: "myUserAdmin", pwd: "123456", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
    Successfully added user: {
            "user" : "myUserAdmin",
            "roles" : [
                    {
                            "role" : "userAdminAnyDatabase",
                            "db" : "admin"
                    }
            ]
    }
    REPLICASET_NAME:PRIMARY> exit

After that I create the clusterAdmin

    docker exec -ti $(docker ps -f "name=mongo1" -q) mongo -u myUserAdmin --authenticationDatabase "admin" -p
    MongoDB shell version v3.4.1
    Enter password:
    connecting to: mongodb://127.0.0.1:27017/admin
    MongoDB server version: 3.4.1
    REPLICASET_NAME:PRIMARY> db.createUser({user: "myClusterAdmin", pwd: "123456", roles: [ { role: "clusterAdmin", db: "admin" } ]})
    Successfully added user: {
            "user" : "myClusterAdmin",
            "roles" : [
                    {
                            "role" : "clusterAdmin",
                            "db" : "admin"
                    }
            ]
    }
    REPLICASET_NAME:PRIMARY> exit

Now when I used the clusterAdmin to add replicaset member, I have an error

    docker exec -ti $(docker ps -f "name=mongo1" -q) mongo -u myClusterAdmin -p
    MongoDB shell version v3.4.1
    Enter password:
    connecting to: mongodb://127.0.0.1:27017
    MongoDB server version: 3.4.1
    REPLICASET_NAME:PRIMARY>rs.add("mongo2")
    {
        "ok" : 0,
        "errmsg" : "Quorum check failed because not enough voting nodes responded; required 2 but only the following 1 voting nodes responded: c4fe398cc7b8:27017;
    the following nodes did not respond affirmatively: mongo2:27017 failed with not authorized on admin to execute command { replSetHeartbeat: \"REPLICASET_NAME\", pv:
    1, v: 2, from: \"c4fe398cc7b8:27017\", fromId: 0, checkEmpty: false }",
        "code" : 74,
        "codeName" : "NodeNotFound"
    }

So I have a "NodeNotFound" error but I can ping mongo2 from mongo1 and the mongo2 respond

    docker exec -ti $(docker ps -f "name=mongo1" -q) mongo --host mongo2 -u myUserAdmin  -p
    MongoDB shell version v3.4.1
    Enter password:
    connecting to: mongodb://mongo2:27017/
    MongoDB server version: 3.4.1
    2017-01-12T16:09:34.043+0000 E QUERY    [main] Error: Authentication failed. :
    DB.prototype._authOrThrow@src/mongo/shell/db.js:1459:20
    @(auth):6:1
    @(auth):1:2
    exception: login failed

So do you know why it's not working ?
I did something stupid ?

Thanks in advance for your help



 Comments   
Comment by Ramon Fernandez Marina [ 16/Jan/17 ]

Thanks for your report. Please note that the SERVER project is for reporting bugs or feature suggestions for the MongoDB server. For MongoDB-related support discussion please post on the mongodb-user group or Stack Overflow with the mongodb tag, where your question will reach a larger audience. A question like this involving more discussion would be best posted on the mongodb-user group. See also our Technical Support page for additional support resources.

Regards,
Ramón.

Generated at Thu Feb 08 04:15:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.