[SERVER-46625] Improve diagnostics when mongocryptd requests are sent to non-mongocryptd daemon Created: 04/Mar/20  Updated: 29/Oct/23  Resolved: 02/Jun/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.2.1
Fix Version/s: 4.7.0, 4.4.2, 4.2.11

Type: Improvement Priority: Major - P3
Reporter: Oleg Pudeyev (Inactive) Assignee: Katherine Wu (Inactive)
Resolution: Fixed Votes: 0
Labels: qopt-team
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
is related to PYTHON-2270 Test failure - test_encryption.TestSp... Closed
is related to SERVER-51044 [v4.4] Update blocklist pending 4.2 b... Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.4, v4.2
Sprint: Query 2020-04-20, Query 2020-05-04, Query 2020-05-18, Query 2020-06-01, Query 2020-06-15
Participants:

 Description   

The default port of mongocryptd is 27020. The default port of mongod is 27017. There is precedent (for example, mlaunch does this, as well as drivers' test suites in evergreen) to start launching mongod/mongos on 27017 and go up in port numbers until the required number of daemons is provisioned.

Following the described port allocation for mongod/mongos processes, eventually there is going to be a mongod or mongos on port 27020. When this happens, operations fail with the following cryptic error:

 
     Mongo::Error::OperationFailure:
       BSON field 'insert.jsonSchema' is an unknown field. (40415) (on localhost:27019, on localhost:14220, modern retry, attempt 1) (on localhost:27019, on localhost:14220, modern retry, attempt 1)
Shared Example Group: "a functioning encrypter" called from ./spec/integration/client_side_encryption/corpus_spec.rb:210

Note that the above exception is referencing localhost:27019.

Here is what happened:

  • I have a sharded cluster deployment that starts on the default port 27017 for the mongos. This is used for testing srv monitoring by the driver.
  • As part of this deployment, there is a 2-node replica set for one of the shards occupying ports 27019 and 27020.
  • Right now 27019 is the primary and 27020 is the secondary.
  • When running client side encryption tests, the driver assumes mongocryptd exists on port 27020 and tries to connect there.
  • The driver performs normal SDAM discovery, detects the topology as a replica set, finds the primary on 27019, and sends the command intended for mongocryptd to the primary on 27019.
  • The command fails because it is received by a mongod rather than mongocryptd but does not give this as the reason for failure.

Expected behavior:

As a user of the driver, when the driver sends a command intended for mongocryptd to a mongod/mongos I want to be informed that the command was received by the wrong process, so that I can immediately take corrective action (reconfigure the driver and/or my deployments).

Actual behavior:

The error message produced does not indicate the root cause of the problem (command received by wrong daemon).



 Comments   
Comment by Githook User [ 30/Sep/20 ]

Author:

{'name': 'Katherine Wu', 'email': 'katherine.wu@mongodb.com', 'username': 'kaywux'}

Message: SERVER-46625 Improve diagnostics when mongocryptd requests are sent to non-mongocryptd daemon

(cherry picked from commit becc8e5ecca4260e844725fa71f4ed1164647e4a)
(cherry picked from commit 77154fe6e600510d06d2e44015668aedfd8d2c97)
Branch: v4.2
https://github.com/mongodb/mongo/commit/e8b6b2815cdce52f980ccaf03d9753b377c1dd61

Comment by Githook User [ 11/Sep/20 ]

Author:

{'name': 'Katherine Wu', 'email': 'katherine.wu@mongodb.com', 'username': 'kaywux'}

Message: SERVER-46625 Improve diagnostics when mongocryptd requests are sent to non-mongocryptd daemon

(cherry picked from commit becc8e5ecca4260e844725fa71f4ed1164647e4a)
Branch: v4.4
https://github.com/mongodb/mongo/commit/77154fe6e600510d06d2e44015668aedfd8d2c97

Comment by Githook User [ 02/Jun/20 ]

Author:

{'name': 'Katherine Wu', 'email': 'katherine.wu@mongodb.com', 'username': 'kaywux'}

Message: SERVER-46625 Improve diagnostics when mongocryptd requests are sent to non-mongocryptd daemon
Branch: master
https://github.com/mongodb/mongo/commit/becc8e5ecca4260e844725fa71f4ed1164647e4a

Comment by Githook User [ 01/Jun/20 ]

Author:

{'name': 'Katherine Wu', 'email': 'katherine.wu@mongodb.com', 'username': 'kaywux'}

Message: Revert "SERVER-46625 Improve diagnostics when mongocryptd requests are sent to non-mongocryptd daemon"

This reverts commit 60124ec2ef0acf2e6747d620779cc40c9376c9b6.
Branch: master
https://github.com/mongodb/mongo/commit/d4db7598e6c5df02c2bd0778ee1a779f281cba0d

Comment by Githook User [ 01/Jun/20 ]

Author:

{'name': 'Katherine Wu', 'email': 'katherine.wu@mongodb.com', 'username': 'kaywux'}

Message: SERVER-46625 Improve diagnostics when mongocryptd requests are sent to non-mongocryptd daemon
Branch: master
https://github.com/mongodb/mongo/commit/60124ec2ef0acf2e6747d620779cc40c9376c9b6

Comment by David Storch [ 23/Mar/20 ]

Sending to the QO team for triage.

Comment by Mark Benvenuto [ 20/Mar/20 ]

Assigning to query team to investigate since this error is coming when a user does an insert. While the IDL parser is the one throwing this error, we could build a special case into IDL for this field in this case.

Generated at Thu Feb 08 05:11:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.