[SERVER-5876] user authentication should retry on primary Created: 18/May/12  Updated: 11/Jul/16  Resolved: 22/May/12

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.1.1
Fix Version/s: 2.1.2

Type: Bug Priority: Major - P3
Reporter: Eric Milkie Assignee: Greg Studer
Resolution: Done Votes: 0
Labels: buildbot
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-5882 uncaught exception with user 'bar' no... Closed
is duplicated by SERVER-5895 auth.js times out waiting for user au... Closed
Related
is related to SERVER-5887 user management behavior in shell/dri... Closed
Operating System: ALL
Participants:

 Description   

http://buildbot.mongodb.org/builders/Linux%2064-bit%20concurrency/builds/244/steps/test_9/logs/stdio

This recurring failure in sharding/auth.js might be due to replication. We addUser() and then immediately try to authenticate using this user; even with getLastError(), sometimes we still get an error saying the user is missing.

The theory is that addUser() went to the primary but the authentication was done on a secondary. Should it be a requirement that adding users should be done with getLastError and w=all? Or should we change the auth code to retry a user lookup on the primary if a secondary doesn't have a user?

This test used to pass reliably; a change was committed recently that sped things up (or at least changed the timing of things) and now the test fails frequently, especially on faster builders.



 Comments   
Comment by Greg Studer [ 21/May/12 ]

For some tests, 15s isn't enough time to allow the lock to replicate. Configurable delay as well? Mongos makes it very ugly to ensure replication to secondaries once we call getLastError() once.

Comment by Greg Studer [ 21/May/12 ]

w=all doesn't exist, see related ticket for future improvements. There is now a configurable parameter so you can specify the desired replication amount, defaults to "majority". Tried to catch all the other tests affected, but may need to tweak in the future to handle slow builders.

Comment by auto [ 21/May/12 ]

Author:

{u'login': u'gregstuder', u'name': u'Greg Studer', u'email': u'greg@10gen.com'}

Message: SERVER-5876 buildbot auth.js + others - make sure we wait for replication of users added for security
Branch: master
https://github.com/mongodb/mongo/commit/847b343fa5a23b02fddb29b12dd689fde0e1fe91

Comment by Eliot Horowitz (Inactive) [ 20/May/12 ]

I think we should make addUser do a w=all with a low timeout (5 seconds?)
Just need to make sure error reporting to user is clean.

Generated at Thu Feb 08 03:10:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.