I am trying to setup a replica set with mongodb 3.4 and am facing the following error. Have tried searching around a bit but am not able to find a solution.
root#mongo-db-1:~# mongo MongoDB shell version v3.4.0 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.0
> use admin
switched to db admin
> db.auth('admin','****');
1
> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "DKkxOnMHCSSPwJCJyLA9Eg==", "storedKey" : "9aD//lm3eyeBN2LqZeTdqvvKXlU=", "serverKey" : "OX07H3FVQ447OqGMD7mCmX0WU0M=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
> rs.conf()
2016-12-20T09:58:45.579+0530 E QUERY [main] Error: Could not retrieve replica set config: {
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { replSetGetConfig: 1.0 }",
"code" : 13,
"codeName" : "Unauthorized"
} :
rs.conf#src/mongo/shell/utils.js:1262:11
#(shell):1:1
MongoDB Logs
2016-12-20T09:58:01.278+0530 I NETWORK [thread1] connection accepted from 127.0.0.1:60804 #2 (1 connection now open)
2016-12-20T09:58:01.279+0530 I NETWORK [conn2] received client metadata from 127.0.0.1:60804 conn2: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.0" }, os: { type: "Linux", name: "Ubuntu", architecture: "x86_64", version: "14.04" } }
2016-12-20T09:58:01.282+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" }
2016-12-20T09:58:01.285+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
2016-12-20T09:58:19.044+0530 I ACCESS [conn2] Successfully authenticated as principal admin on admin
2016-12-20T09:58:19.046+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
2016-12-20T09:58:45.578+0530 I ACCESS [conn2] Unauthorized: not authorized on admin to execute command { replSetGetConfig: 1.0 }
Is there something I am missing here?
Mongo Config
root#mongo-db-1:~# cat /etc/mongod.conf
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
security:
authorization: enabled
keyFile: /thefile
processManagement:
fork: true
replication:
replSetName: rs0
You must give clusterMagnager permissions to your "admin" user. To add the clusterManager role to your admin user you have to execute the following function after you authenticate.
db.grantRolesToUser(
"admin",
[ "clusterManager" ]
)
Your "admin" database user only has the userAdminAnyDatabase role.
However, the clusterManager role is needed to execute the replSetGetConfig command:
https://docs.mongodb.com/manual/reference/privilege-actions/#authr.replSetGetConfig
You will need to grant this role to your user to be able to execute this command. This can be done using db.grantRolesToUser().
Related
When you first install mongodb, there is no root user. You simply start mongo with (if on mac osx) "mongod --dbpath='/usr/local/var/mongodb'", and then run mongo in the shell and it will connect you without any authentication.
I create the admin user in the admin database:
> db
admin
> db.createUser({
"user" : "test1",
"pwd" : "test1",
"roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ]
})
> db.getUsers()
[
{
"_id" : "admin.test1",
"user" : "test1",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
]
Now I connect to mongo shell as admin user:
> db
admin
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "test1",
"db" : "admin"
}
],
"authenticatedUserRoles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
},
"ok" : 1
}
I start mongod with access control:
$ sudo mongod --auth --port 27017 --dbpath=.
Password:
2020-04-16T20:28:40.656-0400 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
2020-04-16T20:28:40.672-0400 I CONTROL [initandlisten] MongoDB starting : pid=8441 port=27017 dbpath=. 64-bit
I even turned on security:
$ cd /usr/local/etc/
$ vim mongod.conf
security:
authorization: "enabled"
Yet I can simply login with just "mongo":
$ mongo admin
MongoDB shell version v4.0.4
connecting to: mongodb://127.0.0.1:27017/admin
Implicit session: session { "id" : UUID("95879725-00ed-4cee-bd43-8ba093df1e19") }
MongoDB server version: 4.0.4
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [ ],
"authenticatedUserRoles" : [ ]
},
"ok" : 1
}
This is wild. What else must I do? Unless there is some type of automatic login when logged into the ip the server is running on?
Some commands do not require authentication. Try reading or writing to a collection.
Authentication itself is performed via a sequence of commands (you can read about those here) therefore some of the commands must by necessity not require authentication.
Some commands return different responses based on whether a connection is authenticated. For example, try {ismaster:1} with and without authentication.
I have 2 virtual machines with mongodb running on both. I have created a user and roles and added data for testing. Everything works until I try to set up a Replica set. When I run rs.initiate() I get the "...replSetHeartbeat requires authentication... " error seen below. I can connect to the "hulk" server from "hawkeye" manually by passing --host "nodeserver-hulk:27017. Any Ideas?
system
Ubuntu Server 18.04.4 LTS
Mongod v.4.2.3
rs.initiate command
rs.initiate(
{
_id: "r1",
version: 1,
members: [
{ _id: 0, host : "nodeserver-hulk:27017"},
{ _id: 1, host : "nodeserver-hawkeye:27017"}
]
}
)
rs.initiate error
{
"ok" : 0,
"errmsg" : "replSetInitiate quorum check failed because not all proposed set members responded affirmatively: nodeserver-hawkeye:27017 failed with command replSetHeartbeat requires authentication",
"code" : 74,
"codeName" : "NodeNotFound"
}
mongod.conf file(same for both servers)
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /mnt/mongo/data
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#security:
security:
authorization: 'enabled'
#operationProfiling:
#replication:
replication:
replSetName: 'r1'
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
show users command
> show users
{
"_id" : "admin.james",
"userId" : UUID("3ed97f2e-de49-4b98-84c8-566b34805863"),
"user" : "james",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
You need to add a keyFile in your security config so that each node can authenticate against the others.
https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/
security:
keyFile: <path-to-keyfile>
I have a database called flowers in which I have the collection named flower. When I first created it in MongoDB, I had no authentication set to it (I would just connect to it using the default port:27017 and localhost).
Then I wanted to restrict the access to this database, in order to be accessed only with a set of username & password. First, I created an admin in the admin database:
> use admin
switched to db admin
> db.createUser(
... {
... user: "myUserAdmin",
... pwd: "abc123",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "myUserAdmin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
> show users
{
"_id" : "admin.myUserAdmin",
"user" : "myUserAdmin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
Then I exited mongo, I restarted the service. Then I created a user for my database:
> use flowers
switched to db flowers
> db.createUser(
... {
... user: "adminfl",
... pwd: "flower1",
... roles: [ "dbOwner", "readWrite"]
... }
... )
Successfully added user: { "user" : "adminfl", "roles" : [ "dbOwner", "readWrite" ] }
After this I exited mongo once again, restarted the service.... from Compass I tried to connect to database flowers using the username and password and specify the authentication database: flowers. Everything went well to this point.
My problem is: when I connect to mongo using the authentication I can see all the databases, and when I connect without authentication, I have the same result.
How can I make my database flowers visible only when I connect with a username & password?
Update: This is my mongod.cfg:
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: C:\Program Files\MongoDB\Server\4.0\data
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: C:\Program Files\MongoDB\Server\4.0\log\mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
#processManagement:
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
Try adding below line if not added in your mongod.conf =>
security:
authorization: enabled
Then restart mongodb and you are good to go.
Ok looking at your mongo conf we can see there is space in your db and log path viz "Program Files" which can create issue.
Workaround is:
1) Make data, log and conf directory like C:\data\db, C:\data\log and C:\data\mongod.conf.
2) Make path changes in mongod.conf for dbpath and logpath.
3) Add security authorization: enabled in mongod.conf as suggested.
4) Remove mongod service if already installed and install service again.
5) Restart service. Hope this helps.
I'm running MongoDB 3.2.15 on Ubuntu 16.04 LTS
I can't execute rs.initiate();. It returns the following error
{
"ok" : 0,
"errmsg" : "assertion src/mongo/db/repl/replset_commands.cpp:275",
"code" : 8
}
opened mongo with the following arguments
mongod --config /etc/mongod.conf --replSet rs0
Configuration file :
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
net:
port: 27017
bindIp: 0.0.0.0
The log file :
2017-07-26T08:25:38.400+0000 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-07-26T08:25:42.186+0000 I COMMAND [conn1] initiate : no configuration specified. Using a default configuration for the set
2017-07-26T08:25:42.186+0000 I - [conn1] Assertion failure h != "localhost" src/mongo/db/repl/replset_commands.cpp 275
Try this (success for me):
mongo
> config = {_id:"rs0", members:[ {_id:0, host:"127.0.0.1:27017"}]}
{
"_id" : "rs0",
"members" : [
{
"_id" : 0,
"host" : "127.0.0.1:27017"
}
]
}
> rs.initiate(config)
{ "ok" : 1 }
Reference: http://blog.csdn.net/Aegeaner/article/details/56277129
There's another answer here: Can't connect to MongoDB with authentication enabled. I tried that but still can;t figure out what's wrong why my configuration.
I use Ubuntu 14.04, Mongo 3.4.1(latest) installed as a service
First after installation I run this command, just like its documentation here:
mongo --port 27017
use admin
db.createUser({user: "adminUser",pwd: "abc123",roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
it returns Successfully added user. Then I reconfigure the /etc/mongod.conf
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
net:
port: 27017
bindIp: 127.0.0.1
security:
authorization: enabled
Save and restarted the mongod server : sudo service mongod restart
try to connect with: mongo -u "adminUser" -p "abc123" --authenticationDatabase "admin"
which is successfull, then if I change to another database with command use testDatabase, I cant make any operation to it.
use testDatabase
db.createCollection("people")
results:
{
"ok" : 0,
"errmsg" : "not authorized on testDatabase to execute command { create: \"people\" }",
"code" : 13,
"codeName" : "Unauthorized"
}
Here is registered users in my database
use admin
db.system.users.find()
{ "_id" : "admin.adminUser",
"user" : "adminUser",
"db" : "admin",
"credentials" : { "SCRAM-SHA-1" : {....} },
"roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ]
}
It seems that userAdminAnyDatabase role doesn't work anymore or is there anything wrong with my setup?
Built in roles UserAdmin & UserAdminAnyDatabase role allows you to create user and roles in database.
For read/ readWrite operations on database you have to create user with read/ readWrite role for that database.
Other option will be to add the role to the current user you have.
Something like this for example.
use test
db.createUser(
{
user: "myTester",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "test" },
{ role: "read", db: "reporting" } ]
}
)