<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:16:19 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-2783] test-valgrind-latest-sharded-auth-openssl cannot initialize MongoDB</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-2783</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;Seen here:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://evergreen.mongodb.com/task/mongo_c_driver_valgrind_ubuntu_test_valgrind_latest_sharded_auth_openssl_patch_bb34c6f2fdf52a2c91ab0fcb67e8aed1e7a5a5b4_5b61185dc9ec444d01677620_18_08_01_02_18_05&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://evergreen.mongodb.com/task/mongo_c_driver_valgrind_ubuntu_test_valgrind_latest_sharded_auth_openssl_patch_bb34c6f2fdf52a2c91ab0fcb67e8aed1e7a5a5b4_5b61185dc9ec444d01677620_18_08_01_02_18_05&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Mongo Orchestration tries to start a sharded cluster of replica sets with SSL and auth. According to the log file in mongo-agxOY7/mongod.log, the replica on port 27219 seems to reject connection attempts from the other replicas:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:36:37.579+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:56037 #12 (3 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:36:37.584+0000 W NETWORK  [conn12] SSL peer certificate validation failed: unsupported certificate purpose&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:36:37.584+0000 I NETWORK  [conn12] end connection 127.0.0.1:56037 (2 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;The replica seems to &lt;b&gt;accept&lt;/b&gt; connections from Mongo Orchestration itself, which uses PyMongo to connect.&lt;/p&gt;

&lt;p&gt;Later, it logs errors like:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:40:39.605+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:57142 #75 (6 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:40:39.609+0000 W NETWORK  [conn75] SSL peer certificate validation failed: unsupported certificate purpose&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:40:39.609+0000 I NETWORK  [conn75] received client metadata from 127.0.0.1:57142 conn75: { driver: { name: &quot;MongoDB Internal Client&quot;, version: &quot;4.1.1-175-g075d7fe&quot; }, os: { type: &quot;Linux&quot;, name: &quot;Ubuntu&quot;, architecture: &quot;x86_64&quot;, version: &quot;14.04&quot; } }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:40:39.610+0000 I ACCESS   [conn75] SASL SCRAM-SHA-1 authentication failed for __system on local from client 127.0.0.1:57142 ; AuthenticationFailed: It is not possible to authenticate as the __system user on servers started without a --keyFile parameter&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:40:39.610+0000 I NETWORK  [conn75] end connection 127.0.0.1:57142 (5 connections now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;I don&apos;t know whether the SSL error is the root cause, or a symptom, or doesn&apos;t matter. The AuthenticationFailed error seems crucial.&lt;/p&gt;

&lt;p&gt;The other replicas log similarly. mongos logs:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:37:04.241+0000 I NETWORK  [ReplicaSetMonitor-TaskExecutor] can&apos;t authenticate to localhost:27218 as internal user, error: Authentication failed.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</description>
                <environment></environment>
        <key id="581134">CDRIVER-2783</key>
            <summary>test-valgrind-latest-sharded-auth-openssl cannot initialize MongoDB</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="jesse@mongodb.com">A. Jesse Jiryu Davis</assignee>
                                    <reporter username="jesse@mongodb.com">A. Jesse Jiryu Davis</reporter>
                        <labels>
                    </labels>
                <created>Wed, 1 Aug 2018 23:36:21 +0000</created>
                <updated>Sat, 28 Oct 2023 11:29:39 +0000</updated>
                            <resolved>Mon, 6 Aug 2018 19:40:40 +0000</resolved>
                                    <version>1.12.0</version>
                                    <fixVersion>1.13.0</fixVersion>
                                    <component>tests</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="1968122" author="xgen-internal-githook" created="Mon, 6 Aug 2018 19:41:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;A. Jesse Jiryu Davis&apos;, &apos;email&apos;: &apos;jesse@mongodb.com&apos;, &apos;username&apos;: &apos;ajdavis&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2783&quot; title=&quot;test-valgrind-latest-sharded-auth-openssl cannot initialize MongoDB&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2783&quot;&gt;&lt;del&gt;CDRIVER-2783&lt;/del&gt;&lt;/a&gt; use one-node replica sets as shards&lt;/p&gt;

&lt;p&gt;Work around this Mongo Orchestration issue by using one-node replica&lt;br/&gt;
sets as shard servers with TLS and auth:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/10gen/mongo-orchestration/issues/251&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-orchestration/issues/251&lt;/a&gt;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/e1f5405d8861d7e70cd447b28d88d40acf89fa73&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/e1f5405d8861d7e70cd447b28d88d40acf89fa73&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1968121" author="xgen-internal-githook" created="Mon, 6 Aug 2018 19:41:50 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;A. Jesse Jiryu Davis&apos;, &apos;email&apos;: &apos;jesse@mongodb.com&apos;, &apos;username&apos;: &apos;ajdavis&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2783&quot; title=&quot;test-valgrind-latest-sharded-auth-openssl cannot initialize MongoDB&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2783&quot;&gt;&lt;del&gt;CDRIVER-2783&lt;/del&gt;&lt;/a&gt; update test certificates&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/6a16e7bacaef0a5755b537447cf1a6c4718749db&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/6a16e7bacaef0a5755b537447cf1a6c4718749db&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1967814" author="shane.harvey" created="Mon, 6 Aug 2018 16:46:59 +0000"  >&lt;p&gt;This looks like it&apos;s caused by the same issue described in HELP-7061. MO attempts to shutdown the server on port 27218 (log file &quot;/data/mci/4098235018245251bf48b09ce9d836b8/mongoc/MO/db/mongo-IegT5e/mongod.log&quot;) and the shutdown command fails on the server with:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:37:17.970+0000 I COMMAND  [conn50] command admin.$cmd command: shutdown { shutdown: 1, force: true, $readPreference: { mode: &quot;secondaryPreferred&quot; }, $db: &quot;admin&quot; } numYields:0 ok:0 errMsg:&quot;operation was interrupted&quot; errName:InterruptedDueToStepDown errCode:11602 reslen:415 locks:{ Global: { acquireCount: { r: 2, W: 2 }, acquireWaitCount: { W: 1 }, timeAcquiringMicros: { W: 221 } } } protocol:op_query 6374ms&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2018-08-01T22:37:17.970+0000 I NETWORK  [conn50] Error sending response to client: SocketException: Broken pipe. Ending connection from 127.0.0.1:60715 (connection id: 50)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;Pymongo never gets a network/socket error and is stuck waiting for a response from the mongod. TCP keepalive should eventually cause a socket error but the curl times out first:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;[2018/08/01 15:41:12.522] curl: (28) Operation timed out after 300000 milliseconds with 0 bytes received&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</comment>
                            <comment id="1967110" author="jesse" created="Sun, 5 Aug 2018 10:59:18 +0000"  >&lt;p&gt;Part of the problem is that MongoDB requires shard servers to start with --keyFile if there are multiple servers per shard and auth is enabled, but Mongo Orchestration doesn&apos;t do that correctly:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/10gen/mongo-orchestration/issues/251&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-orchestration/issues/251&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Until recently the C Driver&apos;s tests of a sharded cluster with OpenSSL and auth weren&apos;t running at all. Adding ASAN and Coverity tests happened to add new variants that &lt;b&gt;do&lt;/b&gt; test a sharded cluster with OpenSSL and auth, and now we&apos;re seeing that our tests are misconfigured.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10520">
                    <name>Problem/Incident</name>
                                                                <inwardlinks description="is caused by">
                                        <issuelink>
            <issuekey id="584119">SERVER-36459</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="584121">SERVER-36460</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|htuwqn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>