Environment Windows 2012 R2. MongoDB Enterprise 3.2.0, this is an evaluation version.
I am logged in as muser1.
Why it is looking for a field pwd?
How can I fix it?
c:\MongoDB\scripts>mongo.exe --authenticationMechanism=GSSAPI --authenticationDatabase='$external' --username muser1#TEST.MNG
MongoDB shell version: 3.2.0
connecting to: test
2016-01-14T14:03:37.572-0800 E QUERY [thread1] Error: Missing expected field "pwd" :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1395:16
#(auth):6:1
#(auth):1:2
exception: login failed
The user exists:
MongoDB Enterprise > user = db.system.users.findOne({user: "muser1#TEST.MNG"})
{
"_id" : "$external.muser1#TEST.MNG",
"user" : "muser1#TEST.MNG",
"db" : "$external",
"credentials" : {
"external" : true
},
"roles" : [
{
"role" : "readWrite",
"db" : "test"
}
]
}
Kerberos is correctly configured based on 3.2 documentation. DNS configured correctly.
MongoDB service is running with a domain account. SPN is there for the default and for the named service also. Tried to have just one of them configured alone then the other one, no luck.
c:\MongoDB\scripts>setspn -L m1svr
Registered ServicePrincipalNames for CN=Mongo1,CN=Users,DC=test,DC=mng:
mongodb/m1.test.mng
MongoDB_M1_D1/m1.test.mng
Here is the startup config file:
# Data Node, with minimal oplog and no jurnal
net:
port: 27017
systemLog:
verbosity: '0' #Debug level from 0-5
destination: file
path: C:\MongoDB\logs\m1-d1.log
logAppend: false
storage:
dbPath: C:\MongoDB\data\m1\D1
journal:
enabled: false
directoryPerDB : true
wiredTiger:
engineConfig:
cacheSizeGB: 1
statisticsLogDelaySecs: 1
journalCompressor: snappy
directoryForIndexes: true
collectionConfig:
blockCompressor: snappy
indexConfig:
prefixCompression: true
#replication:
# oplogSizeMB: 10
# replSetName: RSTest
security:
authorization: enabled
# sasl:
# hostName: m1.test.mng
# serviceName: MongoDB_M1_D1
# keyFile: F:\config\key1.txt
# clusterAuthMode: keyFile
setParameter:
authenticationMechanisms: GSSAPI,SCRAM-SHA-1
I tried to add a pwd field to the user document (just in case), but no luck.
I am out of ideas.
When using Kerberos Authentication, you need to define the fully qualified domain name for the server you are connecting to as part of the connection string. Note that the domain portion also needs to be in all caps. eg:
mongo.exe --host servername.TEST.MNG --authenticationMechanism=GSSAPI --authenticationDatabase='$external' --username muser1#TEST.MNG
Related
I have a mongodb server (v4.0) installed locally but I want to change the port it's listening on. I have read the docs and have created a mongod.cfg file in <install>/bin/ in ANSI format with valid YAML. The following is my config:
net:
bindIp: localhost
port: 30000
storage:
dbPath: C:\mongodb\data\db
journal:
enabled: true
systemLog:
destination: file
path: C:\mongodb\data\log\mongodb.log
quiet: true
logAppend: true
I can load that explicitly when I pass in the command mongod --config c:\MongoDB\bin\mongod.cfg but I want it to load every time I restart the service.
My issues:
When I run just mongod I get an error that it can't find the data in c:\data\... which is not what is set in the config. It is not loading the config from that file, how can I achieve this as default behavior (or at least change the default port in some other way)?
When I run mongod --config c:\MongoDB\bin\mongod.cfg it creates a new instance of mongodb which is listening on that port, but does not load my databases. In the c:\mongodb\data\db folder, I have a folder diagnostic.data and journal, as well as many .wt files with names like collection-[integer]-[randomNumber].wt and index-[integer]-[randomNumber].wt and _mdb.catalog.wt and some others (including a few WiredTiger files), so I believe this is the proper directory.
EDIT:
The results of running db.serverCmdLineOpts():
{
"argv": [
"c:\\MongoDB\\bin\\mongod.exe",
"--config",
"c:\\MongoDB\\bin\\mongod.cfg",
"--service"
],
"parsed": {
"config": "c:\\MongoDB\\bin\\mongod.cfg",
"net": {
"bindIp": "localhost",
"port": 30000
},
"processManagement": {
"windowsService": {
"description": "Service of MongoDB",
"displayName": "MongoDB Service",
"serviceName": "MongoDB"
}
},
"service": true,
"storage": {
"dbPath": "C:\\mongodb\\data\\db",
"journal": {
"enabled": true
}
},
"systemLog": {
"destination": "file",
"logAppend": true,
"path": "C:\\mongodb\\data\\log\\mongodb.log",
"quiet": true
}
},
"ok": 1
}
Install MongoDB as service with mongod --config c:\MongoDB\bin\mongod.cfg --install. Add Windows Service Options accordingly to your mongod.cfg:
processManagement:
windowsService:
serviceName: MongoDB
displayName: MongoDB Service
description: Service of MongoDB
Then start/stop MongoDB with your Service Manager or net start MongoDB and net stop MongoDB command. By default it will start with your Windows automatically.
I have added a shard server to my mongodb cluster. After adding the new shard server, I am getting this error on primary node.
DBException thrown :: caused by ::
CannotImplicitlyCreateCollection{ ns: "config.system.sessions" }:
request doesn't allow collection to be created implicitly
The new shard server is new and did not have any data earlier.
How did I add the shard server?
I create a file /etc/mongod.conf (just like my other shard servers)
sharding:
clusterRole: shardsvr
replication:
replSetName: shardReplicaSet10
storage:
dbPath: /mnt/mongodb
systemLog:
traceAllExceptions: true
path: /mnt/log/mongodb/out.log
logAppend: true
logRotate: rename
destination: file
processManagement:
fork: true
net:
bindIp: localhost,172.6.7.5
Then I have another member in this replicaSet with same config file, just the bindIp is changed.
I connected to my mongos node and add the replicaSet
sh.addShard("shardReplicaSet10/172.6.7.5:27018,172.6.7.6:27018")
I can confirm that I have initiated the replicaset using rs.initiate()
It turns out that whenever we add a new shard replicaSet, We need to give it a identity manually. I tried the steps given in this answer
https://dba.stackexchange.com/a/227877
and It worked. On primary of shard replicaSet, simply do this :
use admin
and add identity
db.system.version.insert({
"_id" : "shardIdentity",
"clusterId" : ObjectId("5f098ac1077eb0e078fd5c1e"),
"shardName" : "NameOfYourShardReplicaSet",
"configsvrConnectionString" : "configReplicaSet/ipofconfigserver:27019,ipofotherconfigserver:27019"
})
you can get cluster Id by using
sh.status()
on any of the mongos cluster.
No matter how I try to initialize my primary node, it always gets the name "name" : "127.0.0.1:27017", therefore any remote node additions in the replica set, fail with this message:
"errmsg" : "Either all host names in a replica set configuration must
be localhost references, or none must be; found 1 out of 2"
Here is my .conf
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: mongodb.primary, 127.0.0.1
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
How should I properly initialize my primary so that it does not bind to 127.0.0.1 only?
The mongodb.primary above is resolvable among all machines;
Here is the full error:
rs0:PRIMARY> rs.add('mongodb.secondary1:27017')
{
"operationTime" : Timestamp(1552552019, 1),
"ok" : 0,
"errmsg" : "Either all host names in a replica set configuration must be localhost references, or none must be; found 1 out of 2",
"code" : 103,
"codeName" : "NewReplicaSetConfigurationIncompatible",
"$clusterTime" : {
"clusterTime" : Timestamp(1552552019, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
The problem is clearly stated: the first replica set member is bound to localhost
To bind to all IPs (Not recommended to use this without authentication it's ok for testing though)
net:
bindIp: 0.0.0.0
See this document here
For you case the chances are that the MongoDB instances at DO are bound to localhost by default. However, you might need to bind them to a different IP address using the net.bindIp configuration option. Please be advised, this wille expose the MongoDB instance being accessible given they connect to the chosen port. Recommended to enable authentication if a MongoDB instance is bound to a different IP than localhost.
When I try to add a new node to my replicate set I get this message:
{
"ok" : 0,
"errmsg" : "Our replica set ID of 5890ad86c92c6c88e8573df0 did not match that of 10.0.253.3:27017, which is 5890a6b137e1380d1e697f2a",
"code" : 103,
"codeName" : "NewReplicaSetConfigurationIncompatible"
}
I had the same error and impossible to find out why ... I come back on the post to send the solution if others pass here.
Simply do not initialize the replicate on both servers:
I have two separate X and Y servers without mongodb, X and Y are IP addresses or domains.
Install mongodb on both servers
Edit the sudo nano /etc/mongod.conf configuration files on both servers
[in file] Replace bindIp: 127.0.0.1 with bindIp: 127.0.0.1,X on the X server
[in file] Replace bindIp: 127.0.0.1 with bindIp: 127.0.0.1,Y on the Y server
[in file] Replace #replication: with replication: on both servers
[in file] Add replSetName: "​​myReplicatName" line under replication: on both servers
Launch mongo with the configuration file on both servers
Only on server X run mongo and type commands
Mongo commands:
rs.initiate ({
_id: "rs0",
members: [{
_id: 1,
host: "X:27017"
}]
});
rs.add("Y:YPORT");
I'm using mongodb 2.6.1, Windows 7 64bit
I started mongod without --auth and create a first user using
db.createUser({
user: "root",
pwd: "xxx",
roles:
[{
role: "userAdminAnyDatabase",
db: "admin"
}]
})
I restarted mongod again with this configuration
systemLog:
destination: "file"
path: "c:\\mongodb\\log\\mongo.log"
quiet: true
logAppend: true
storage:
dbPath: "c:\\mongodb\\data\\db"
directoryPerDB: true
smallFiles: true
journal:
enabled: true
net:
bindIp: 127.0.0.1
port: 27017
http:
enabled: true
JSONPEnabled: true
RESTInterfaceEnabled: true
security:
authorization: enabled
There was no errors, so the authentication has been enabled.
I started mongo using mongo -u root -p --authenticationDatabase admin but I got error message shown below.
MongoDB shell version: 2.6.1
Enter password:
connecting to: test
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
I tried to use show collections but I got error message shown below.
2014-05-20T00:36:07.801+0700 error: {
"$err" : "not authorized for query on admin.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
But when I tried db.system.users.find() I can display the user in the collection without any error messages.
I also tried db.auth("root","xxx") but I got the same result, I can display user but I cannot list available collections.
I have 2 more db which were imported from the older version, without --auth these dbs work just fine, but starting mongod with authentication enabled, I cannot display anything inside those dbs.
Please help, solve the question.
In my case, the username: root was created with adminAnyDatabase, which actually has no priviliges such as find action.
Therefore as I expected the root to be top level user, so the root should be granted as superuser using root role.
use admin
db.grantRolesToUser(
"root",
[
{ role: "root", db: "admin" }
]
)
Also the adminAnyDatabase should be revoked
use admin
db.revokeRolesFromUser(
"root",
[
{ role: "adminAnyDatabase", db: "admin" }
]
)