[SERVER-3587] mongos should check with config servers about auth on startup Created: 12/Aug/11  Updated: 11/Jul/16  Resolved: 18/Aug/11

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 1.9.2
Fix Version/s: 2.0.0-rc0

Type: Bug Priority: Minor - P4
Reporter: Bernie Hackett Assignee: Kristina Chodorow (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Participants:

 Description   

This is more of a usability issue than a bug. If you set up a sharded cluster with auth and forget to start mongos with --keyFile everything runs fine until you add an admin user. After adding the user db.auth() will fail without a useful error and balancing rounds will fail.

MongoDB shell version: 1.9.2
connecting to: test
mongos> use admin
switched to db admin
mongos> db.runCommand(

{'addShard': 'localhost:27018'}

)

{ "shardAdded" : "shard0000", "ok" : 1 }

mongos> db.runCommand(

{'addShard': 'localhost:27019'}

)

{ "shardAdded" : "shard0001", "ok" : 1 }

mongos> db.system.users.find()
mongos> db.system.users.count()
0
mongos> db.addUser('theadmin', 'mypassword')
{
"singleShard" : "localhost:27020",
"n" : 0,
"connectionId" : 14,
"err" : null,
"ok" : 1
}
{
"user" : "theadmin",
"readOnly" : false,
"pwd" : "02cdbcb825fda3c0824be229afa605e8",
"_id" : ObjectId("4e456aa827b2e95a4ccfbe29")
}
mongos> db.auth('theadmin', 'mypassword')
0

Fri Aug 12 11:02:06 [Balancer] distributed lock 'balancer/behackett-dt:27017:1313172036:1804289383' unlocked.
Fri Aug 12 11:02:16 [Balancer] ~ScopedDBConnection: _conn != null
Fri Aug 12 11:02:16 [Balancer] ~ScopedDbConnection: _conn != null
Fri Aug 12 11:02:16 [Balancer] caught exception while doing balance: nextSafe():

{ $err: "unauthorized db:config lock type:-1 client:127.0.0.1", code: 10057 }

Fri Aug 12 11:02:33 [conn1] authenticate:

{ authenticate: 1.0, user: "theadmin", nonce: "90a00bd5b3a86963", key: "ded39b5832e03051d7a0558b55355072" }

mongos should check with the config servers to see if they were started with --keyFile on first startup and log a useful warning. This will potentially cut down on mongodb-user questions.



 Comments   
Comment by Kristina Chodorow (Inactive) [ 18/Aug/11 ]

Now errors out suggesting you start with --keyFile (people could start with the wrong keyFile, but it should give them the right idea).

Comment by auto [ 18/Aug/11 ]

Author:

{u'login': u'kchodorow', u'name': u'Kristina', u'email': u'kristina@10gen.com'}

Message: do not start mongos without checking auth SERVER-3587
Branch: master
https://github.com/mongodb/mongo/commit/93ce4de477c610b8ba667b22b72121bd00a40d0b

Comment by Kristina Chodorow (Inactive) [ 17/Aug/11 ]

They don't, they just start spewing errors when they first try to do stuff. It should be easy to make them ping the config servers right away for 2.0.

Comment by Eliot Horowitz (Inactive) [ 16/Aug/11 ]

@kristina - shouldn't things fail immediately if the mongos doesn't have --keyfile and the config servers do?

Generated at Thu Feb 08 03:03:28 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.