[SERVER-32040] MongoS clients not seeing databases after config server change to CSRS, cannot authenticate Created: 20/Nov/17 Updated: 27/Oct/23 Resolved: 28/Nov/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Usability |
| Affects Version/s: | 3.2.5 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Matt Bunter | Assignee: | Mark Agarunov |
| Resolution: | Gone away | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Participants: |
| Description |
|
The three config servers were migrated to CSRS and WiredTiger last week. Followed the documentation here : https://docs.mongodb.com/manual/tutorial/upgrade-config-servers-to-replica-set/ Since the change, when connection to a mongoS, we cannot see the databases after using show dbs and we cannot connect using --authenticationDatabase admin --username root --password xxxxx --authenticationMechanism SCRAM-SHA-1 There are no errors in any logs, neither mongos, on the config servers, on the mongod machines. rs.conf and rs.status are OK. The mongos have been stopped and restarted a few times to try and rectify this, with no luck. |
| Comments |
| Comment by Mark Agarunov [ 28/Nov/17 ] |
|
Hello mattbunter, Thank you for the additional information. I'm glad to hear the migration was successful and I apologize that the documentation was unclear. If possible, could you please open a DOCS ticket detailing the issues you've found with the documentation? We appreciate any feedback on how we can make this process more clear, so no time was wasted at all. Thanks, |
| Comment by Matt Bunter [ 22/Nov/17 ] |
|
We have successfully migrated to CSRS and WiredTiger for the config servers. Both myself and my colleague found the migration procedure a bit confusing, in particular the modifications done on confServer1:port1 We feel that stressing that the dbpath and port of this server should not change throughout the migration procedure would help future readers. We also feel that a suggestion to start the 3rd 'new' config server on the same machine as confServer1:port1 would ensure that the same architecture as before the migration is maintained. Apologies for 'wasting' your time with this. |
| Comment by Mark Agarunov [ 21/Nov/17 ] |
|
Hello mattbunter, Thank you for the report and update on the status. I'm glad to hear you've found a solution. If this is still an issue once you've made another attempt, please provide the complete logs from the nodes involved so we can diagnose the cause of the issue. Thanks, |
| Comment by Matt Bunter [ 21/Nov/17 ] |
|
We may have found the issue. Will be re-playing the migration procedure and will update here if it works. |
| Comment by Matt Bunter [ 21/Nov/17 ] |
|
We have fallen back to the old non-replica set (SCCC) setup. We now see the full list of databases under the mongoS, and we can use the authentification. We would still like any feedback on why this migration following the published procedure didn't work, and why there is no error message to search for that points us in the right direction. |