[SERVER-48715] Sending cluster time to an arbiter with auth enabled results in an error Created: 11/Jun/20  Updated: 29/Oct/23  Resolved: 16/Jun/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.7.0

Type: Task Priority: Major - P3
Reporter: Kevin Albertson Assignee: Kevin Pulo
Resolution: Fixed Votes: 0
Labels: PM-1645-Milestone-3
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by CDRIVER-3708 /Client/descriptions failure Closed
Problem/Incident
Backwards Compatibility: Fully Compatible
Sprint: Sharding 2020-06-29
Participants:
Linked BF Score: 25

 Description   

Commands including a $clusterTime sent to an arbiter result in an error when auth is enabled on the server.

I reproduced locally by creating a three node (PSA) replica set with auth enabled using mlaunch:

mlaunch init --replicaset --arbiter --nodes=2 --auth --username user --password password --name replicaSet --setParameter enableTestCommands=1 --verbose --dir repro

The error can be reproduced by sending a command to the arbiter with a $clusterTime obtained from another node. Example with the shell:

var cmd = {
  "isMaster": 1,
  "$clusterTime" : {
    "clusterTime" : Timestamp(1591812742, 1),
    "signature" : {
        "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
        "keyId" : NumberLong(0)
    }
  }
}
 
db.runCommand(cmd)

Replies with:

{
	"ok" : 0,
	"errmsg" : "aborting keys cache refresh because node is shutting down",
	"code" : 91,
	"codeName" : "ShutdownInProgress"
}

Interestingly, this occurs without authenticating the connection, but I cannot reproduce this if the server is started without auth enabled.

Behavior appears in server version 4.5.0-1606-gbd74e90, but not 4.5.0-1602-g5c6e1e5.

The most relevant looking server commit is 7074dee1fbf6763c0d463c377c2e47d8ef2c4f6f.

This originally appeared as a C driver test failure in CDRIVER-3708.



 Comments   
Comment by Githook User [ 11/Jul/20 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-3708 skip two tests on latest auth replset

Until SERVER-48715 is resolved, skip tests with auth against a >4.4
replica set that rely on arbiters being discovered.

Also skips the DNS auth test failures described in CDRIVER-3709.
Branch: r1.17
https://github.com/mongodb/mongo-c-driver/commit/91d0016a0d0ac342a34ff49ba6661f60f3de6f26

Comment by Githook User [ 16/Jun/20 ]

Author:

{'name': 'Kevin Pulo', 'email': 'kevin.pulo@mongodb.com', 'username': 'devkev'}

Message: SERVER-48715 correctly handle $clusterTime on arbiters when auth is enabled
Branch: master
https://github.com/mongodb/mongo/commit/2d910ef001820ede2d16e597947a4e0893040030

Comment by Githook User [ 15/Jun/20 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-3708 skip two tests on latest auth replset

Until SERVER-48715 is resolved, skip tests with auth against a >4.4
replica set that rely on arbiters being discovered.

Also skips the DNS auth test failures described in CDRIVER-3709.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/43c5aaf21185156cc9e56ac25ac105c51f0a44be

Generated at Thu Feb 08 05:17:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.