Each time I try connecting to my localhost server using SSL/TLS certificate I get an error which says, connection attempt failed: HostUnreachable
Things I've tried
I've tried restarting my system
I've tried changing the tls to SSL
I've also cross-checked the file path for mongodb.pem,
I'm really at a loss.
This is the code I ran and the error I'm getting
MongoDB shell version v5.0.9
connecting to: mongodb://localhost:27017/?compressors=disabled&gssapiServiceName=mongodb
Error: couldn't connect to server localhost:27017, connection attempt failed: HostUnreachable: Connection reset by peer :
connect#src/mongo/shell/mongo.js:372:17
#(connect):2:6
exception: connect failed
exiting with code 1
This is my mongo.cfg file
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: C:\Program Files\MongoDB\Server\5.0\data
journal:
enabled: true
# engine:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: C:\Program Files\MongoDB\Server\5.0\log\mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
#processManagement:
security:
authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
This is the command I used to connect to the server
mongo --tls --tlsCAFile mongodb.pem --host localhost
So this is the weirdest thing.
I have two centOS 7 servers running mongo. I now wanted to enforce authentication so I added the security.authorization: enabled to the mongod.conf file.
I already have a user on database "buzzztv".
So when I ran mongod --conf /etc/mongod.conf on the first server everything went fine.
Then I did the exact same thing on the second server and whenever I try to connect with one of the users I get the following error:
connecting to: mongodb://127.0.0.1:27017/?authSource=buzzztv&compressors=disabled&gssapiServiceName=mongodb
2020-02-20T13:02:35.166+0000 E QUERY [js] Error: Authentication failed. :
connect#src/mongo/shell/mongo.js:341:17
#(connect):2:6
2020-02-20T13:02:35.168+0000 F - [main] exception: connect failed
2020-02-20T13:02:35.168+0000 E - [main] exiting with code 1
Now if I run mongod --fork --logpath /var/log/mongodb/mongod.log --auth the login works perfectly fine.
So obiously I could just run this command, but I want to use the mongod.conf.
Here is my mongod.conf file, I checked and it is a perfect copy of the file from the server in which it does work.
Any ideas?
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 # 127.0.0.1 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
security:
authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
So after several hurtful hours of looking into it, I neede to change the
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
Apparently something was wrong with my /var/lib/mongo so I backed up the data, and created a new folder /var/lib/mongodb
Then edited the mongod.conf file to:
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
Then it all worked fine. Now I'll just re-create the users and re-insert all the data and I'm good to go.
Hope this saves someone the wasteful hours I've lost
I was running mongo 3.4 on centOS. It was using authorization. I needed to upgrade it to mongo 3.6. I upgraded it and now I'm not able to connect it through any means remotely. Neither with the shell nor with the node server itself.
Here is the mongoose connection.
const uri = 'mongodb://admin:12345#host:27017/db?authSource=admin';
mongoose.connect(uri);
Here is mongod.conf
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
# network interfaces
net:
port: 27017
# bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
security:
authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
Probably the upgrade was not successful, and the restart of the mongod service failed.
View the logs in /var/log/mongodb/mongod.log and check for any inconsistency in the mongod.conf.
Check if the service is up and if it is listening on port 27017.
service mongod status
netstat -tl | grep 27017 # or using the ss command
ss -tl | grep 27017
From the official documentation:
Starting in MongoDB 3.6, mongod and mongos instances bind to localhost by default. Remote clients cannot connect to an instance bound only to localhost. To override and bind to other ip addresses, use the net.bindIp configuration file setting or the --bind_ip command-line option to specify a list of ip addresses.
Try the following setting to enable the service to listen on all the interfaces
net:
port: 27017
bindIp: 0.0.0.0
I am using mongoDB Cluster with version 3.4 in google cloud compute engine, actually past week my database got attacked by hackers that's why i thought about using authorization so that i can avoid these types of attack. Now to add Authorizations i saw this article how-to-create-mongodb-replication-clusters, now i have added a keyfile with chmod 0600 on each of my cluster node, but now when i am trying to add my first admin user i am getting below error
use admin
switched to db admin
rs0:PRIMARY> db.createUser({user: "RootAdmin", pwd: "password123", roles: [ { role: "root", db: "admin" } ]});
2017-01-21T18:19:09.814+0000 E QUERY [main] Error: couldn't add user: not authorized on admin to execute comm
and { createUser: "RootAdmin", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writ
eConcern: { w: "majority", wtimeout: 300000.0 } } :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
DB.prototype.createUser#src/mongo/shell/db.js:1290:15
#(shell):1:1
I have searched everywhere but haven't found anything on why i am getting this error.
Can anyone please help me how can i solve this error.
UPDATE
My config file is given below for each of the instances
Secondary Server Config
#!/bin/bash
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: false
#engine:
mmapv1:
smallFiles: true
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
replication:
replSetName: rs0
#processManagement:
security:
authorization: disabled
keyFile: /opt/mongodb/keyfile
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
Arbiter Server Config
#!/bin/bash
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /mnt/mongodb/db
journal:
enabled: true
#engine:
#mmapv1:
#smallFiles: true
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /mnt/mongodb/log/mongodb.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
replication:
replSetName: rs0
#processManagement:
security:
authorization: disabled
keyFile: /opt/mongodb/keyfile
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
Primary Server Config
#!/bin/bash
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /mnt/mongodb/db
journal:
enabled: true
#engine:
#mmapv1:
#smallFiles: true
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /mnt/mongodb/log/mongodb.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
replication:
replSetName: rs0
#processManagement:
security:
authorization: disabled
keyFile: /opt/mongodb/keyfile
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
You have to change your mongod.conf file to disable authorization before creating such admin user
security:
authorization: disabled
After that, restart the mongod service and open mongodb shell to create the admin user
use admin
db.createUser({user:"RootAdmin",pwd:"blahblah",roles:["root"]})
Remember to enable authorization back on after creating user.
johnlowvale's answer is correct, but
keyFile implies security.authorization.
source: https://docs.mongodb.com/manual/reference/configuration-options/#security.keyFile
You have to disable authorization AND the keyFile.
security:
authorization: disabled
# keyFile: /opt/mongodb/keyfile
(insufficient rep or I'd have just commented this on johnlowvale's answer)
Once you are connected to this first node, you can initiate the replica set with rs.initiate(). Again, this command must be run from the same host as the mongod to use the localhost exception.
We can create our admin user with the following commands:
rs.initiate()
use admin
db.createUser({
user: "admin",
pwd: "pass",
roles: [
{role: "root", db: "admin"}
]
})
edit vim /lib/systemd/system/mongod.service
remove --auth
restart
#ExecStart=/usr/bin/mongod --quiet --auth --config /etc/mongod.conf
ExecStart=/usr/bin/mongod --quiet --config /etc/mongod.conf
use admin
db.createUser({user:"RootAdmin",pwd:"blahblah",roles:["root"]})
To be able to create a new user, you need to first disable security in /etc/mongod.conf
// security:
// authorization: enabled
Then restart Mongodb server
sudo service mongo restart
After this you can add the user and role that you want from the shell.
db.createUser({
user: 'test_user',
pwd: 'test',
roles: [
{ role: "userAdmin", db: "test" },
{ role: "dbAdmin", db: "test" },
{ role: "readWrite", db: "test" }
]
})
To enable authenticated connection
Uncomment the line again in /etc/mongod.conf
security:
authorization: enabled
and restart the server again
When a new database is setup with authorisation/security enabled but no users set up, you can only connect to it from the localhost. In your config file you should have bind ip set to 127.0.0.1 I think in order to make sure you connect to it with the correct authorisation to create new users.
This is what it says in Mongo course M103
By default, a mongod that enforces authentication but has no configured users only allows connections through the localhost.
I have my mongod.conf file as follows:
systemLog:
destination: file
logAppend: true
path: /home/abc/mongoDB/log/mongod.log
# Where and how to store data.
storage:
dbPath: /home/abc/mongoDB/data/db
journal:
enabled: true
processManagement:
fork: true
pidFilePath: /home/abc/mongoDB/mongod.pid
# network interfaces
net:
port: 27018
bindIp: 127.0.0.1
ssl:
mode: requireSSL
PEMKeyFile: /home/abc/mongodb.pem
I have made sure the .pem file is located in the path i mentioned above.
I'm trying to run a instance of mongodb reading the .conf file with the following command:
mongod -f /home/abc/mongoDB/mongod.conf
It was working fine until i tried to include SSL but now i'm getting the following message:
[abc#abc ~]$ mongod -f /home/abc/mongoDB/mongod.conf
Unrecognized option: security.sslPEMKeyfile
try 'mongod --help' for more information
I created the .pem file with openssl as follows:
openssl req -new -x509 -days 365 -out mongodb-cert.crt -keyout mongodb-cert.key
and then merged the files with :
cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
Could anyone help what I did wrong here?
My approach was based on this.
the following configuration worked form me:
net:
port: 27018
bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
ssl:
mode: requireSSL
PEMKeyFile: /home/abc/mongodb.pem
PEMKeyPassword: password
CAFile: /home/abc/client.pem
more info here