i have a problem with mongostat .
test1 :
mongostat
2019-11-15T16:06:55.722+0100 Failed: error connecting to db server: no reachable servers
test2:
mongostat -u "dominio\\username" -p password--host hostname --authenticationMechanism PLAIN --authenticationDatabase '$external' --ssl --sslCAFile /pathcert
2019-11-15T16:07:44.682+0100 Failed: not authorized on admin to execute command { serverStatus: 1, recordStats: 0, $readPreference: { mode: "secondaryPreferred" }, $db: "admin" }.
I have 2 questions:
- with mongostat can i specify a specific DB?
- the username that privileges need to have?
How can I resolve these?
Related
I'm running a bash script called by Dockerfile.
I give my user the necessary permissions:
chown -R mongodb:mongodb /home/mongod
I have one replica with 3 instances.
Before initiating this replica, I start the mongod process respective to each instance:
nohup gosu mongodb mongod --config /home/mongodb/instanceR0.conf
nohup gosu mongodb mongod --config /home/mongodb/instanceR1.conf
nohup gosu mongodb mongod --config /home/mongodb/instanceR2.conf
All the processes started successfully.
After, I want to connect to one of the instances in order to authenticate and initiate the replica set:
# connect to one db instance
nohup gosu mongodb mongo --port 57040 --ssl --host example.com --sslPEMKeyFile /home/mongodb/certificateExample.pem --sslCAFile /home/mongodb/caExample.pem
# authenticate with user
nohup gosu mongodb mongo "db.getSiblingDB('\$external').auth({ mechanism: 'MONGODB-X509', user: 'CN=example.com,OU=StackOverflow,O=Example,L=City,ST=City,C=PT' })"
# initiate replica sets
nohup gosu mongodb mongo "rs.initiate({ _id: 'replicaExample', members: [{ _id : 0, host : '127.0.0.1:57040' }, { _id : 1, host : '127.0.0.1:57041' }, { _id : 2, host : '127.0.0.1:57042' }] })"
The problem happens when connecting to one db instance. It connects successfully to the mongo shell but when executing authenticate with user it leaves the mongo shell.
connecting to: mongodb://example.com:57040/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("27eb0298-2766-4efb-8054-211e18c88ea8") }
MongoDB server version: 4.2.6
bye
How can I construct a bash script command which after connecting to a db instance, will continue inside the mongo shell and execute the 2 remaining commands (authenticate with user and initiate replica sets?
Solution:
Use --eval after the statement to run the javascript functions.
For example:
nohup gosu mongodb mongo --port 57040 --ssl --host example.com --sslPEMKeyFile /home/mongodb/certificateExample.pem --sslCAFile /home/mongodb/caExample.pem --eval "db.getSiblingDB('\$external').auth({ mechanism: 'MONGODB-X509', user: 'CN=example.com,OU=StackOverflow,O=Example,L=City,ST=City,C=PT' });rs.initiate({ _id: 'replicaExample', members: [{ _id : 0, host : '127.0.0.1:57040' }, { _id : 1, host : '127.0.0.1:57041' }, { _id : 2, host : '127.0.0.1:57042' }] })"
I have recently installed mongodb on one of our windows 2016 server with below configuration and running mongod as
mongod --config C:\mongo_db\config\mongo_db_configuration.conf --auth
--config file
net:
# MongoDB server listening port
#bindIp: 0.0.0.0,192.168.43.250
port: 27017
bindIpAll: true
storage:
# Data store directory
dbPath: "C:\\mongo_db\\db"
mmapv1:
# Reduce data files size and journal files size
smallFiles: true
systemLog:
# Write logs to log file
destination: file
path: "C:\\mongo_db\\logs\\mongodb.log"
security:
authorization: enabled
We have created a root user in admin database
MongoDB Enterprise > db.runCommand({connectionStatus:1})
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "root",
"db" : "admin"
}
],
"authenticatedUserRoles" : [
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
}
]
},
"ok" : 1
}
I am able to connect to the mongod instance locally (mongo --port 27017 -u "root" -p "12345" --authenticationDatabase admin) but getting error while connecting remotely.the server firewall is disabled.
"C:\Mongodb>mongo.exe 192.168.0.171:27017/admin -u root -p 12345
MongoDB shell version v4.0.4
connecting to: mongodb://192.168.0.171:27017/admin
Implicit session: session { "id" : UUID("c68e9dd5-6f7b-4356-bc3e-688a7e2b3e1d") }
MongoDB server version: 4.0.4
2018-11-26T23:50:47.534+0800 E QUERY [js] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1685:20
#(auth):6:1
#(auth):1:2
exception: login failed"
I stumbled upon this when I was having the same problem. I was connecting to a MongoDB server version 4.2.6 from a MongoDB shell version v3.6.9. In case anyone else finds this question like I did, here's the syntax that worked:
mongo --host mongodb://username:password#IP:PORT/ --authenticationDatabase admin
I'm also having similar issue with my virtual machines. I have 2 linux and 1 windows machine (which are remotely connected to my windows machine). Let's say Linux A has mongo with credentials. When I try to login from my windows machine, I got the same error that you mention.
However, when I connect mongo from linux B to linux A, I can successfully connect from shell using:
mongo --host 192.168.1.6 --port 27017 -u username -p 'pwd'
I use exact same command from windows as well but somehow it fails to login. Maybe this command could work on your environment but waiting for proper solution as well.
When I'm trying to import json to my MongoDB which is password authenticated, encrypted and TLS/SSL based connection, I'm getting error.
This is the mongoImport Im writting:
mongoimport --verbose --ssl --sslCAFile "C:\server\cert\rootCA.pem" --sslPEMKeyFile "C:\server\cert\server.pem" --sslFIPSMode --host 127.0.0.1 --port 27017 --username databaseAdmin --password password123 --authenticationDatabase admin --db test_coll --collection blocks --file "C:\data\blocks.json"
And I got the following error message:
2018-07-20T15:21:27.365+0530 filesize: 6392 bytes
2018-07-20T15:21:27.366+0530 using fields:
2018-07-20T15:21:30.368+0530 [........................] test_coll.blocks
0B/6.24KB (0.0%)
2018-07-20T15:21:30.928+0530 [........................] test_coll.blocks
0B/6.24KB (0.0%)
2018-07-20T15:21:30.928+0530 Failed: error connecting to db server: no reachable servers, openssl error: Host validation error
2018-07-20T15:21:30.928+0530 imported 0 documents
Hostname in their certificates should match the specified hostname. So, I updated my hostname to localhost.
Now, my mongoimport command looks like:
mongoimport --verbose --ssl --sslCAFile "C:\server\cert\rootCA.pem" --sslPEMKeyFile "C:\server\cert\server.pem" --sslFIPSMode --host localhost --port 27017 --username databaseAdmin --password password123 --authenticationDatabase admin --db test_coll --collection blocks --file "C:\data\blocks.json"
And now it works.
If I set up my container without auth eg)
docker run --name some-mongo -d -p 27017:27017 mongo
I can connect to my mongoDB from a remote machine eg)
mongo [serverIP]
However, my issue is when using the --auth flag
Following the documentation:
docker run --name some-mongo -d -p 27017:27017 mongo --auth
> db.createUser({ user: 'foo', pwd: 'bar', roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] })
results in connections being refused:
$ mongo -u foo -p bar [serverIP]
MongoDB shell version v3.4.9
connecting to: [serverIP]
2017-12-09T14:01:41.114-0600 W NETWORK [thread1] Failed to connect to [serverIP]:27017, in(checking socket for error after poll), reason: Connection refused
2017-12-09T14:01:41.115-0600 E QUERY [thread1] Error: couldn't connect to server [serverIP]:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:237:13
#(connect):1:6
exception: connect failed
I double-checked and the port looks to be open on the server:
$ netstat -tuplen
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
...
tcp6 0 0 :::27017 :::* LISTEN 0 53238875 -
...
(Docker is running on a debian Digital Ocean droplet)
You need to specify the --authenticationDatabase flag
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
see the tutorial
I've followed the steps as mentioned in How do I add an admin user to Mongo in 2.6?
At first, "auth=true" in the /etc/mongod.conf file is commented out so that authentication is not done and I could create the following users in respective dbs.
Admin:
use admin;
db.createUser({user: "mongoRoot", pwd: "password", roles: [{role: "root", db: "admin"}]});
db.createUser({user: "mongoAdmin", pwd: "password", roles: ["readWrite"]});
db.createUser({user: "siteUserAdmin", pwd: "password", roles: [{role: "userAdminAnyDatabase", db: "admin"}]});
db.createUser({user: "mongoDBAdmin", pwd: "password", roles: [{role: "dbAdmin", db: "admin"}]});
db.createUser({user: "mongoDBOwner", pwd: "password", roles: [{role: "dbOwner", db: "admin"}]});
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]}); (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin', the user mongoWrite is able to login as done in https://gist.github.com/tamoyal/10441108)
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]}); (Added in admin so that by giving the command from the command-line 'mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin', the user mongoRead is able to login as done in https://gist.github.com/tamoyal/10441108)
Config:
use config;
db.createUser({user: "mongoConfig", pwd: "password", roles: [{role: "readWrite", db: "config"}]});
Test:
use test;
db.createUser({user: "mongoTest", pwd: "password", roles: [{role: "readWrite", db: "test"}]});
mongo_database:
use mongo_database;
db.createUser({user: "mongoWrite", pwd: "password", roles: [{role: "readWrite",db: "mongo_database"}]});
db.createUser({user: "mongoRead", pwd: "password", roles: [{role: "read", db: "mongo_database"}]});
db.createUser({user: "mongoAdmin", pwd: "password", roles: [{role: "readWrite", db: "mongo_database"}]});
After making sure that all the required users are added, turning on the authentication by uncommenting "auth=true" in the /etc/mongod.conf file and restarting the mongodb.
[ec2-user#ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoWrite -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({ "nInserted" : 1 })
rs0:PRIMARY> exit
bye
[ec2-user#ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoRead -p password --authenticationDatabase admin
MongoDB shell version: 2.6.10
connecting to: 127.0.0.1:27018/mongo_database
rs0:PRIMARY> db.test.insert({"Hello":"World"});
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on mongo_database to execute command { insert: \"test\", documents: [ { _id: ObjectId('559bba6ead81843e121c5ac7'), Hello: \"World\" } ], ordered: true }"
}
})
rs0:PRIMARY>
Everything works fine till this point. The only issue that am encountering is that my log file is getting bombarded with the following 2 lines at almost tens of thousand lines per minute and within no time, my disk is running out of space.
2015-07-07T11:40:28.340+0000 [conn3] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55913d82b47aa336e4f971c2') }
2015-07-07T11:40:28.340+0000 [conn2] Unauthorized not authorized on admin to execute command { writebacklisten: ObjectId('55923232e292bbe6ca406e4e') }
Just to give an idea, in a span of 10 seconds, 10 MB worth of log file is generated consisting of just the above mentioned 2 lines.
[ec2-user#ip-xxx-xx-xx-xx ~]$ date
Tue Jul 7 11:44:01 UTC 2015
[ec2-user#ip-xxx-xx-xx-xx ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvdh 4.8G 388M 4.2G 9% /log
[ec2-user#ip-xxx-xx-xx-xx ~]$ date
Tue Jul 7 11:44:14 UTC 2015
[ec2-user#ip-xxx-xx-xx-xx ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvdh 4.8G 398M 4.2G 9% /log
To my knowledge, the authentication seems to be working fine. Just that the logs are getting filled at super sonic speed. What am I doing wrong? Please help. Thanks In Advance.
The excessive logging was from the config servers and even after adding the authentication to the config servers with authentication turned on, it wouldn't stop. Upgraded to mongo 3.0.4 for replica sets, turned on the authentication on replica sets and upgraded mongo to 3.0.4 on config servers and it started working fine without any issues (Same steps on mongo 2.6.x would result in the issue I mentioned above). So, we planned to upgrade to 3.0.4 in order to bypass this issue. Hope, it will be helpful to someone.