[SERVER-3587] mongos should check with config servers about auth on startup Created: 12/Aug/11 Updated: 11/Jul/16 Resolved: 18/Aug/11 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 1.9.2 |
| Fix Version/s: | 2.0.0-rc0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Bernie Hackett | Assignee: | Kristina Chodorow (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Operating System: | ALL | ||||
| Participants: | |||||
| Description |
|
This is more of a usability issue than a bug. If you set up a sharded cluster with auth and forget to start mongos with --keyFile everything runs fine until you add an admin user. After adding the user db.auth() will fail without a useful error and balancing rounds will fail. MongoDB shell version: 1.9.2 ) { "shardAdded" : "shard0000", "ok" : 1 }mongos> db.runCommand( {'addShard': 'localhost:27019'}) { "shardAdded" : "shard0001", "ok" : 1 }mongos> db.system.users.find() Fri Aug 12 11:02:06 [Balancer] distributed lock 'balancer/behackett-dt:27017:1313172036:1804289383' unlocked. Fri Aug 12 11:02:33 [conn1] authenticate: { authenticate: 1.0, user: "theadmin", nonce: "90a00bd5b3a86963", key: "ded39b5832e03051d7a0558b55355072" }mongos should check with the config servers to see if they were started with --keyFile on first startup and log a useful warning. This will potentially cut down on mongodb-user questions. |
| Comments |
| Comment by Kristina Chodorow (Inactive) [ 18/Aug/11 ] |
|
Now errors out suggesting you start with --keyFile (people could start with the wrong keyFile, but it should give them the right idea). |
| Comment by auto [ 18/Aug/11 ] |
|
Author: {u'login': u'kchodorow', u'name': u'Kristina', u'email': u'kristina@10gen.com'}Message: do not start mongos without checking auth |
| Comment by Kristina Chodorow (Inactive) [ 17/Aug/11 ] |
|
They don't, they just start spewing errors when they first try to do stuff. It should be easy to make them ping the config servers right away for 2.0. |
| Comment by Eliot Horowitz (Inactive) [ 16/Aug/11 ] |
|
@kristina - shouldn't things fail immediately if the mongos doesn't have --keyfile and the config servers do? |