[SERVER-9191] cannot see replsetoplogs when db needs admin logins Created: 31/Mar/13 Updated: 11/Jul/16 Resolved: 26/Jun/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Tools |
| Affects Version/s: | 2.4.1 |
| Fix Version/s: | 2.5.1 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Xiuming Chen | Assignee: | Matt Dannenberg |
| Resolution: | Done | Votes: | 0 |
| Labels: | pull-request | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||
| Issue Links: |
|
||||
| Operating System: | ALL | ||||
| Steps To Reproduce: | have a replset |
||||
| Participants: | |||||
| Description |
|
cannot see replsetoplogs when db needs admin logins |
| Comments |
| Comment by Brett Cave [ 01/Jul/14 ] |
|
Could this bug also be affecting mongooplog when replaying the oplog to a db with authentication enabled? http://stackoverflow.com/questions/24454372/mongooplog-is-failing-with-unauthorized-error/ I have added a user to admin with readWriteAnyDatabase,clusterAdmin in the admin db, but get the same error message, and wondering if its related to this bug, or possibly a new bug. I am seeing this on mongo 2.4.10. |
| Comment by Matt Kangas [ 26/Jun/13 ] |
|
Impact: fixes broken feature of REST interface. Merged in 23f8257fa |
| Comment by auto [ 26/Jun/13 ] |
|
Author: {u'username': u'cxmcc', u'name': u'Xiuming Chen', u'email': u'cc@cxm.cc'}Message: Signed-off-by: Matt Kangas <matt.kangas@10gen.com> |
| Comment by Xiuming Chen [ 05/Apr/13 ] |
|
Hi Eric, I have signed the agreement. Please let me know if there is any problem. thanks |
| Comment by Eric Milkie [ 05/Apr/13 ] |
|
Hi Xiuming. Thanks for the pull request. Have you signed the Contributor Agreement? |
| Comment by Xiuming Chen [ 05/Apr/13 ] |
|
@Jason I am trying to fix this by opening a pull request that I believe is gonna fix this issue: https://github.com/mongodb/mongo/pull/412 From the code I read, I think the oplog page should fail if the collection local.oplog.rs requires authentication, since the original logic tried to use DBClient to query without auth. |
| Comment by Xiuming Chen [ 31/Mar/13 ] |
|
the roles of the admin user is set to [ "clusterAdmin", "readWriteAnyDatabase", "dbAdminAnyDatabase" ] |
| Comment by J Rassi [ 31/Mar/13 ] |
|
I assume your admin user has either the role "dbAdminAnyDatabase" or "clusterAdmin" – note that these roles do not have the privilege to view replication statistics. You will need to grant this user the "read" role on the "local" database in order to access this information (however, be warned that the local database contains the oplog, which contains a record of every write to this replica set member). |