[SERVER-32040] MongoS clients not seeing databases after config server change to CSRS, cannot authenticate Created: 20/Nov/17  Updated: 27/Oct/23  Resolved: 28/Nov/17

Status: Closed
Project: Core Server
Component/s: Security, Usability
Affects Version/s: 3.2.5
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Matt Bunter Assignee: Mark Agarunov
Resolution: Gone away Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

The three config servers were migrated to CSRS and WiredTiger last week. Followed the documentation here : https://docs.mongodb.com/manual/tutorial/upgrade-config-servers-to-replica-set/

Since the change, when connection to a mongoS, we cannot see the databases after using show dbs and we cannot connect using --authenticationDatabase admin --username root --password xxxxx --authenticationMechanism SCRAM-SHA-1

There are no errors in any logs, neither mongos, on the config servers, on the mongod machines. rs.conf and rs.status are OK.

The mongos have been stopped and restarted a few times to try and rectify this, with no luck.



 Comments   
Comment by Mark Agarunov [ 28/Nov/17 ]

Hello mattbunter,

Thank you for the additional information. I'm glad to hear the migration was successful and I apologize that the documentation was unclear. If possible, could you please open a DOCS ticket detailing the issues you've found with the documentation? We appreciate any feedback on how we can make this process more clear, so no time was wasted at all.

Thanks,
Mark

Comment by Matt Bunter [ 22/Nov/17 ]

We have successfully migrated to CSRS and WiredTiger for the config servers.

Both myself and my colleague found the migration procedure a bit confusing, in particular the modifications done on confServer1:port1

We feel that stressing that the dbpath and port of this server should not change throughout the migration procedure would help future readers. We also feel that a suggestion to start the 3rd 'new' config server on the same machine as confServer1:port1 would ensure that the same architecture as before the migration is maintained.

Apologies for 'wasting' your time with this.

Comment by Mark Agarunov [ 21/Nov/17 ]

Hello mattbunter,

Thank you for the report and update on the status. I'm glad to hear you've found a solution. If this is still an issue once you've made another attempt, please provide the complete logs from the nodes involved so we can diagnose the cause of the issue.

Thanks,
Mark

Comment by Matt Bunter [ 21/Nov/17 ]

We may have found the issue. Will be re-playing the migration procedure and will update here if it works.

Comment by Matt Bunter [ 21/Nov/17 ]

We have fallen back to the old non-replica set (SCCC) setup. We now see the full list of databases under the mongoS, and we can use the authentification.

We would still like any feedback on why this migration following the published procedure didn't work, and why there is no error message to search for that points us in the right direction.

Generated at Thu Feb 08 04:28:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.