mongodb replication with admin authentication error - mongodb

I have three nodes of mongodb replication set
2 servers have the data and the third is an arbiter
54.83.20.44 : 27017 (primary)
54.197.243.55 : 40000 (secondary)
23.21.148.73 : 27017 (arbiter)
All things have been configured well with automatic failover.
BUT, I ignored any thing about authentication.
I can connect to the replset using "Robomongo" (desktop mongodb management tool) without username/password :(
So I connected to admin database of primary member and ran this command:
mongo
use admin
db.addUser("username", "password");
Then, I restarted mongod process with --auth option
This is my log after restart:
[rsBackgroundSync] replSet not trying to sync from 54.197.243.55:40000, it is vetoed for 8 more seconds
[rsHealthPoll] could not authenticate against 54.197.243.55:40000, { code: 18, ok: 0.0, errmsg: "auth fails" }
[rsHealthPoll] replset info 54.197.243.55:40000 thinks that we are down
What can I do ?
Adding username/password to all admin servers
or primary server only?

I think you should restart all the mongod instances with --auth option.

if you are using replication authentication you must enable with keyfile authentication otherwise they will go out of sync state

Related

Reset mongodb root password

I have forgot my mongodb root user password for the shared cluster of 3 nodes. I have gone through stack overflow for the same issue but was unable to replicate due to different configuration. Below is my configuration
mongodb version 4.4.
replication on 3 servers(nodes) using keyfile authentication.
all nodes are running in docker containers.
In case useful, I have other credentials that were created through root user for backup and read write permission but they dont have access to admin database.
Please guide me if you have any solution. thanks
unable to find anything to try
The official way of doing this is:
Restart the MongoDB without authorization, i.e. mongod --noauth ... or via configuration file
security:
authorization: disabled
Then you can logon without password and change credentials of the root user.
Attention: while the MongoDB is running without authorization, every user connects with root privileges, so you better restart the MongoDB in maintenance mode, i.e.
net:
bindIp: localhost
port: 55555
#replication:
# replSetName: shardA
#sharding:
# clusterRole: shardsvr
setParameter:
skipShardingConfigurationChecks: true
disableLogicalSessionCacheRefresh: true
Then you can connect only from localhost using port 55555 (which is not configured by other cluster members nor known by other users)
You need to do this only on the configuration server, because user accounts are stored there, not on the shards or mongos members.
However, there is a much simpler way to achieve the same, use the keyfile for authentication:
mongosh --authenticationDatabase local -u __system -p "$(tr -d '\011-\015\040' < /path/to/keyfile)"

[MongoDB Ops Manager]mongo.mongoUri ops manager db hosts connection not working

I have installed MongoDB Ops Manager Database [3 instances]
/etc/mongod.conf -> bindIp: 0.0.0.0
And I have Installed Ops Manager Application
In /conf/conf-mms.properties my config for mongo.mongoUri is below
mongo.mongoUri=mongodb://1.2.3.4:27017,5.6.7.8:27017,9.10.11.12:27017
Error:
Failure to connect to configured mongo instance: Config{loadBalance=false.....
pre-flight is getting failed
Notes:
mongod is running in all db servers
If single db is mentioned in mongo.mongoUri then application can connect to that database like mongo.mongoUri=mongodb://1.2.3.4:27017
I guess I need to create as replica set as per doc so i tried below command in main database server
mongod --port 27017 --dbpath /home/ubuntu/data/appdb --replSet rs0 --bind_ip localhost,5.6.7.8,9.10.11.12
{"t":{"$date":"2021-01-06T17:36:07.509+00:00"},"s":"E", "c":"STORAGE", "id":20568, "ctx":"initandlisten","msg":"Error setting up listener","attr":{"error":{"code":9001,"codeName":"SocketException","errmsg":"Cannot assign requested address"}}}
Issue is fixed. Single(standalone) database host was able to connect. But for multiple databases to connect we need to implement replica set first for the mongodb databases.

Unable to launch mongos

I am attempting a simple sharding set up (on a single host without any replica set). However I am unable to go any further because this is what happens when i try to start mongos:
C:\>mongos --configdb localhost:27010 --port 27011
I get:
BadValue: configdb supports only replica set connection string
try 'mongos --help' for more information
I am failing to see what is lacking. I tried mongos --help, but according to that valid arguments for --configdb are <config replset name>/<host1:port>, <host2:port>, etc. But this is what I've done.
I have not done anything else than starting the config server:
mongod --configsvr --port 27010
which is the one I am trying to connect the mongos to.
Any ideas on how this can be resolved?
Thankful for any advice in advance.
You have set up the config server as a standalone mongod process, but as of MongoDB 3.4 that isn't supported: it must be a replicaset:
config servers: Config servers store metadata and configuration settings for the cluster. As of MongoDB 3.4, config servers must be deployed as a replica set (CSRS).
The minimum setup is to have a single mongod process, configured as a 1-member replica set; then your mongos process connects to the replica set:
mongos --configdb replsetname/localhost:27010 --port 27011

Sharded Cluster authentication in mongodb 3.2.4

I have 6 mongod server.
2 shard with replica set of two servers each(totally 4 mongod server)
2 config server
2 mongos which will run on shard server itself
I would like to enable authentication on sharded cluster. I tried enabling --auth while starting the 6 mongod instances but it throwing below error.
SHARDING [mongosMain] Error initializing sharding state, sleeping for 2 seconds and trying again :: caused by :: Unauthorized: could not get updated shard list from config server due to not authorized for query on config.shards
How to enable authentication in sharded cluster? I'm using mongodb 3.2.4 version.
How config server will communicate internally with other mongod server?
Do i need to create user on each mongod separately in admin db?
Please help me to understand this.
-Thanks in advance.
For shared cluster, you have to use keyfile or x.509 certificate authentication for inter cluster communication.
Please refer to this link:
https://docs.mongodb.com/manual/core/security-internal-authentication/
To create users, connect to the mongos and add the users. Since version 2.6+, MongoDB stores user login data in the admin database of the config servers, so you don't have to create user on each mongod separately.
Also you can refer to these links:
http://pe-kay.blogspot.in/2016/02/update-existing-mongodb-replica-set-to.html
http://pe-kay.blogspot.in/2016/02/securing-mongodb-using-x509-certificate.html

Trouble connecting to Mongo Config Server from mongos

Folks,
I am setting up a MongoDB Cluster. The problem is when I am starting up 'mongos' it fails to connect to Mongod Config Server. If I start 'mongos' from localhost with same server as Mongod Config Server it connects & works.
localhost-$ mongos --port 30000 --configdb server-02:20000 [Works]
server-01-$ mongos --port 30000 --configdb server-02:20000 [Does Not Work]
Since from localhost I am able to start mongos by connecting to mongo config server & execute queries, it appears that config server is running fine.
Not able to understand what prevents servers to connect to one of their peers. When I attemped to connect first time from localhost, I got a prompt from OS asking whether process 'mongos' should be allowed to accept incoming connections for which I clicked allow. Perhaps if server fails silently because of this permission issue, with no way to prompt.
Error I recieve:
Sun May 8 01:14:46 ./mongos db version v1.8.1, pdfile version 4.5 starting (--help for usage)
Sun May 8 01:14:46 git version: a429cd4f535b2499cc4130b06ff7c26f41c00f04
Sun May 8 01:14:46 build sys info: Linux bs-linux64.10gen.cc 2.6.21.7-2.ec2.v1.2.fc8xen #1 SMP Fri Nov 20 17:48:28 EST 2009 x86_64 BOOST_LIB_VERSION=1_41
uncaught exception in mongos main:
11002 socket exception [6] server [server-02:20000] mongos connectionpool error: couldn't connect to server server-02:20000
Well I did try clean install yet the problem persisted, so I moved my mongos to a different server with new install & it appears to connect to config server without any issue. Apparently there is some sort of socket contention issue with first server I tried to run mongos.
In all the directories of your mongodb's datas, you have a mongo.lock file. If this file is not empty, it seems to mean that one instance of mongodb executable (config, shard data server) is already running.
Just delete this file in each directory if not empty.
Check your bindip value, which is used by your mongo service. Take out the bindip flag. It works perfectly.