mongodb replica set error "...replSetHeartbeat requires authentication..." after running rs.initiate() - mongodb

I have 2 virtual machines with mongodb running on both. I have created a user and roles and added data for testing. Everything works until I try to set up a Replica set. When I run rs.initiate() I get the "...replSetHeartbeat requires authentication... " error seen below. I can connect to the "hulk" server from "hawkeye" manually by passing --host "nodeserver-hulk:27017. Any Ideas?
system
Ubuntu Server 18.04.4 LTS
Mongod v.4.2.3
rs.initiate command
rs.initiate(
{
_id: "r1",
version: 1,
members: [
{ _id: 0, host : "nodeserver-hulk:27017"},
{ _id: 1, host : "nodeserver-hawkeye:27017"}
]
}
)
rs.initiate error
{
"ok" : 0,
"errmsg" : "replSetInitiate quorum check failed because not all proposed set members responded affirmatively: nodeserver-hawkeye:27017 failed with command replSetHeartbeat requires authentication",
"code" : 74,
"codeName" : "NodeNotFound"
}
mongod.conf file(same for both servers)
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /mnt/mongo/data
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#security:
security:
authorization: 'enabled'
#operationProfiling:
#replication:
replication:
replSetName: 'r1'
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
show users command
> show users
{
"_id" : "admin.james",
"userId" : UUID("3ed97f2e-de49-4b98-84c8-566b34805863"),
"user" : "james",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}

You need to add a keyFile in your security config so that each node can authenticate against the others.
https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/
security:
keyFile: <path-to-keyfile>

Related

MongoDB single node replica set faild on restart azure vm

I'm running mongodb single node replica set on azure VM with Linux (ubuntu 20.04).
everything worked fine and i was able to start the replica set following the documentation from mongodb.
today i restarted the VM from the azure portal and the mongodb server seems to refuse getting connections.
I got this log from mongod.log :
"c":"CONTROL", "id":20698, "ctx":"main","msg":"***** SERVER RESTARTED *****"}
"c":"REPL", "id":21405, "ctx":"ReplCoord-0","msg":"Locally stored replica set configuration does not have a valid entry for the current node; waiting for reconfig or remote heartbeat","attr":{"error":{"code":74,"codeName":"NodeNotFound","errmsg":"No host described in new configuration with {version: 2, term: 5} for replica set rs0 maps to this node"},"localConfig":{"_id":"rs0","version":2,"term":5,"protocolVersion":1,"writeConcernMajorityJournalDefault":true,"members":[{"_id":0,"host":"cloud.visual-factories.com:27017","arbiterOnly":false,"buildIndexes":true,"hidden":false,"priority":1.0,"tags":{},"slaveDelay":0,"votes":1}],"settings":{"chainingAllowed":true,"heartbeatIntervalMillis":2000,"heartbeatTimeoutSecs":10,"electionTimeoutMillis":10000,"catchUpTimeoutMillis":-1,"catchUpTakeoverDelayMillis":30000,"getLastErrorModes":{},"getLastErrorDefaults":{"w":1,"wtimeout":0},"replicaSetId":{"$oid":"610b7cd7fb1f746f7ce41e65"}}}}}
"c":"REPL", "id":21392, "ctx":"ReplCoord-0","msg":"New replica set config in use","attr":{"config":{"_id":"rs0","version":2,"term":5,"protocolVersion":1,"writeConcernMajorityJournalDefault":true,"members":[{"_id":0,"host":"cloud.visual-factories.com:27017","arbiterOnly":false,"buildIndexes":true,"hidden":false,"priority":1.0,"tags":{},"slaveDelay":0,"votes":1}],"settings":{"chainingAllowed":true,"heartbeatIntervalMillis":2000,"heartbeatTimeoutSecs":10,"electionTimeoutMillis":10000,"catchUpTimeoutMillis":-1,"catchUpTakeoverDelayMillis":30000,"getLastErrorModes":{},"getLastErrorDefaults":{"w":1,"wtimeout":0},"replicaSetId":{"$oid":"610b7cd7fb1f746f7ce41e65"}}}}}
"c":"REPL", "id":21394, "ctx":"ReplCoord-0","msg":"This node is not a member of the config"}
"c":"REPL", "id":21358, "ctx":"ReplCoord-0","msg":"Replica set state transition","attr":{"newState":"REMOVED","oldState":"STARTUP"}}
"c":"-", "id":20883, "ctx":"conn1","msg":"Interrupted operation as its client disconnected","attr":{"opId":2573}}
"c":"NETWORK", "id":22989, "ctx":"conn1","msg":"Error sending response to client. Ending connection from remote","attr":{"error":{"code":9001,"codeName":"SocketException","errmsg":"Broken pipe"},"remote":"127.0.0.1:55402","connectionId":1}}
this is my replication config :
{
"_id" : "rs0",
"version" : 2,
"term" : 2,
"protocolVersion" : NumberLong(1),
"writeConcernMajorityJournalDefault" : true,
"members" : [
{
"_id" : 0,
"host" : "cloud.visual-factories.com:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
}
],
"settings" : {
"chainingAllowed" : true,
"heartbeatIntervalMillis" : 2000,
"heartbeatTimeoutSecs" : 10,
"electionTimeoutMillis" : 10000,
"catchUpTimeoutMillis" : -1,
"catchUpTakeoverDelayMillis" : 30000,
"getLastErrorModes" : {
},
"getLastErrorDefaults" : {
"w" : 1,
"wtimeout" : 0
},
"replicaSetId" : ObjectId("611419575ebb3f4f4ebe44ab")
}
}
and mongod.conf
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
security:
authorization: enabled
keyFile: /etc/keyfile.txt
#operationProfiling:
replication:
replSetName: "rs0"
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
any ideas why this is happen ?

MongoDB authentication restriction for database

I have a database called flowers in which I have the collection named flower. When I first created it in MongoDB, I had no authentication set to it (I would just connect to it using the default port:27017 and localhost).
Then I wanted to restrict the access to this database, in order to be accessed only with a set of username & password. First, I created an admin in the admin database:
> use admin
switched to db admin
> db.createUser(
... {
... user: "myUserAdmin",
... pwd: "abc123",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "myUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
> show users
{
"_id" : "admin.myUserAdmin",
"user" : "myUserAdmin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
Then I exited mongo, I restarted the service. Then I created a user for my database:
> use flowers
switched to db flowers
> db.createUser(
... {
... user: "adminfl",
... pwd: "flower1",
... roles: [ "dbOwner", "readWrite"]
... }
... )
Successfully added user: { "user" : "adminfl", "roles" : [ "dbOwner", "readWrite" ] }
After this I exited mongo once again, restarted the service.... from Compass I tried to connect to database flowers using the username and password and specify the authentication database: flowers. Everything went well to this point.
My problem is: when I connect to mongo using the authentication I can see all the databases, and when I connect without authentication, I have the same result.
How can I make my database flowers visible only when I connect with a username & password?
Update: This is my mongod.cfg:
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: C:\Program Files\MongoDB\Server\4.0\data
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: C:\Program Files\MongoDB\Server\4.0\log\mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
#processManagement:
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
Try adding below line if not added in your mongod.conf =>
security:
authorization: enabled
Then restart mongodb and you are good to go.
Ok looking at your mongo conf we can see there is space in your db and log path viz "Program Files" which can create issue.
Workaround is:
1) Make data, log and conf directory like C:\data\db, C:\data\log and C:\data\mongod.conf.
2) Make path changes in mongod.conf for dbpath and logpath.
3) Add security authorization: enabled in mongod.conf as suggested.
4) Remove mongod service if already installed and install service again.
5) Restart service. Hope this helps.

rs.initiate method not working on MongoDB

I'm running MongoDB 3.2.15 on Ubuntu 16.04 LTS
I can't execute rs.initiate();. It returns the following error
{
"ok" : 0,
"errmsg" : "assertion src/mongo/db/repl/replset_commands.cpp:275",
"code" : 8
}
opened mongo with the following arguments
mongod --config /etc/mongod.conf --replSet rs0
Configuration file :
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
net:
port: 27017
bindIp: 0.0.0.0
The log file :
2017-07-26T08:25:38.400+0000 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-07-26T08:25:42.186+0000 I COMMAND [conn1] initiate : no configuration specified. Using a default configuration for the set
2017-07-26T08:25:42.186+0000 I - [conn1] Assertion failure h != "localhost" src/mongo/db/repl/replset_commands.cpp 275
Try this (success for me):
mongo
> config = {_id:"rs0", members:[ {_id:0, host:"127.0.0.1:27017"}]}
{
"_id" : "rs0",
"members" : [
{
"_id" : 0,
"host" : "127.0.0.1:27017"
}
]
}
> rs.initiate(config)
{ "ok" : 1 }
Reference: http://blog.csdn.net/Aegeaner/article/details/56277129

Cannot connect with authentication to mongodb?

There's another answer here: Can't connect to MongoDB with authentication enabled. I tried that but still can;t figure out what's wrong why my configuration.
I use Ubuntu 14.04, Mongo 3.4.1(latest) installed as a service
First after installation I run this command, just like its documentation here:
mongo --port 27017
use admin
db.createUser({user: "adminUser",pwd: "abc123",roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
it returns Successfully added user. Then I reconfigure the /etc/mongod.conf
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
net:
port: 27017
bindIp: 127.0.0.1
security:
authorization: enabled
Save and restarted the mongod server : sudo service mongod restart
try to connect with: mongo -u "adminUser" -p "abc123" --authenticationDatabase "admin"
which is successfull, then if I change to another database with command use testDatabase, I cant make any operation to it.
use testDatabase
db.createCollection("people")
results:
{
"ok" : 0,
"errmsg" : "not authorized on testDatabase to execute command { create: \"people\" }",
"code" : 13,
"codeName" : "Unauthorized"
}
Here is registered users in my database
use admin
db.system.users.find()
{ "_id" : "admin.adminUser",
"user" : "adminUser",
"db" : "admin",
"credentials" : { "SCRAM-SHA-1" : {....} },
"roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ]
}
It seems that userAdminAnyDatabase role doesn't work anymore or is there anything wrong with my setup?
Built in roles UserAdmin & UserAdminAnyDatabase role allows you to create user and roles in database.
For read/ readWrite operations on database you have to create user with read/ readWrite role for that database.
Other option will be to add the role to the current user you have.
Something like this for example.
use test
db.createUser(
{
user: "myTester",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "test" },
{ role: "read", db: "reporting" } ]
}
)

MongoDB Unauthorized: replSetGetConfig

I am trying to setup a replica set with mongodb 3.4 and am facing the following error. Have tried searching around a bit but am not able to find a solution.
root#mongo-db-1:~# mongo MongoDB shell version v3.4.0 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.0
> use admin
switched to db admin
> db.auth('admin','****');
1
> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "DKkxOnMHCSSPwJCJyLA9Eg==", "storedKey" : "9aD//lm3eyeBN2LqZeTdqvvKXlU=", "serverKey" : "OX07H3FVQ447OqGMD7mCmX0WU0M=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
> rs.conf()
2016-12-20T09:58:45.579+0530 E QUERY [main] Error: Could not retrieve replica set config: {
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { replSetGetConfig: 1.0 }",
"code" : 13,
"codeName" : "Unauthorized"
} :
rs.conf#src/mongo/shell/utils.js:1262:11
#(shell):1:1
MongoDB Logs
2016-12-20T09:58:01.278+0530 I NETWORK [thread1] connection accepted from 127.0.0.1:60804 #2 (1 connection now open)
2016-12-20T09:58:01.279+0530 I NETWORK [conn2] received client metadata from 127.0.0.1:60804 conn2: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.0" }, os: { type: "Linux", name: "Ubuntu", architecture: "x86_64", version: "14.04" } }
2016-12-20T09:58:01.282+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" }
2016-12-20T09:58:01.285+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
2016-12-20T09:58:19.044+0530 I ACCESS [conn2] Successfully authenticated as principal admin on admin
2016-12-20T09:58:19.046+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
2016-12-20T09:58:45.578+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetConfig: 1.0 }
Is there something I am missing here?
Mongo Config
root#mongo-db-1:~# cat /etc/mongod.conf
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
security:
authorization: enabled
keyFile: /thefile
processManagement:
fork: true
replication:
replSetName: rs0
You must give clusterMagnager permissions to your "admin" user. To add the clusterManager role to your admin user you have to execute the following function after you authenticate.
db.grantRolesToUser(
"admin",
[ "clusterManager" ]
)
Your "admin" database user only has the userAdminAnyDatabase role.
However, the clusterManager role is needed to execute the replSetGetConfig command:
https://docs.mongodb.com/manual/reference/privilege-actions/#authr.replSetGetConfig
You will need to grant this role to your user to be able to execute this command. This can be done using db.grantRolesToUser().