How does one connect to mongo in lab 1.3 to do rs.initiate etc

MongoDB University M310: MongoDB Security
#1

Hello TA,

I do not know how in the world i can connect to the mongo at a port in order to rs.initiate.

I was able to up the 3 instances of mongod at the ports stated.

But i cannot connect to either of instance on any of the 3 ports.

keep getting following error. I did exactly what was asked of after unzipping the m310-certs.zip, which was to m310-certs folder, i copied the folder under shared. Also the folder it tries to create is "m310-certs"not the “certs”. I tried creating certs folder and stil lge the same error.

mongo --port 31130 --ssl --sslPEMKeyFile client.pem --sslCAFile ca.pem
MongoDB shell version: 3.2.22
connecting to: 127.0.0.1:31130/test
2020-01-14T02:40:39.781+0000 E NETWORK [thread1] The server certificate does not match the host name 127.0.0.1
2020-01-14T02:40:39.782+0000 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name 127.0.0.1 :
connect@src/mongo/shell/mongo.js:231:14
@(connect):1:6

exception: connect failed

Pls help

TA,

Samir

#2

You must specify one of the bindIp values as a host name.

#3

Hello JB,

We meet again. :stuck_out_tongue:

so does that mean that i have to specify --host wile i am trying to connect to mongo ?

TA,

Samir

#4

It’s inevitable :male_detective:

Give it a try.

#5

i will give it a shot after i am done with lab 1.5

thanks to the infrastructure vm issue i had to club all lab towards the end.

BTW do you know what the process is to request extension for the lab completion of course. mine is due in next 13 hrs and some mins.

TA,

Samir

#6

It looks like you solved the issue with the slow connection?

Deadline dates are fixed, there’s no extension. You can always rejoin the next session and start afresh.

You might just finish all the labs in under 13 hours :wink:

#9

:+1:

Remember to delete possible lab answers from your previous post.

#10

alright. i deleted the post which i think had possible lab answer.

#11

Hello JB,

There is something wrong…

i did setup go thru’ the auth part of cert and status came back as “1”

but when i run validate script for the 1.3 i get the my message is incorrect.

also for some reason my rs.status is coming back with “secondary”, “startup”,“startup”

have you encountered this ?

#12

fyi i am re-doing the lab.

if the rs.status comes back as the same than ther eis certianly an issue

I have only one attempt remaining for the lab.

#13

Ensure that the first user you create is on localhost. And ensure that you add the other two nodes on the same host as the primary.

#14

@007_jb,

below is what i get after i add the node on port 31131 and then i am unable to connect on 31130 cause it becomes secondary…

last time i did rs.add i did is fast without checking the rs.status in between.

---------------------------------------------------------------------------------------------------------
MongoDB Enterprise CERT_SECURED:PRIMARY> db.getSiblingDB("$external").runCommand({createUser: “C=US,ST=New York,L=New York City,O=MongoDB,OU=University2,CN=M310 Client”, roles: [{role: ‘root’, db: ‘admin’}]})
{ “ok” : 1 }
MongoDB Enterprise CERT_SECURED:PRIMARY> db.getSiblingDB("$external").auth({user: “C=US,ST=New York,L=New York City,O=MongoDB,OU=University2,CN=M310 Client”, mechanism: “MONGODB-X509”})
1
MongoDB Enterprise CERT_SECURED:PRIMARY> rs.status()
{
“set” : “CERT_SECURED”,
“date” : ISODate(“2020-01-14T05:46:19.902Z”),
“myState” : 1,
“term” : NumberLong(1),
“heartbeatIntervalMillis” : NumberLong(2000),
“members” : [
{
“_id” : 0,
“name” : “database:31130”,
“health” : 1,
“state” : 1,
“stateStr” : “PRIMARY”,
“uptime” : 174,
“optime” : {
“ts” : Timestamp(1578980751, 4),
“t” : NumberLong(1)
},
“optimeDate” : ISODate(“2020-01-14T05:45:51Z”),
“infoMessage” : “could not find member to sync from”,
“electionTime” : Timestamp(1578980719, 2),
“electionDate” : ISODate(“2020-01-14T05:45:19Z”),
“configVersion” : 1,
“self” : true
}
],
“ok” : 1
}
MongoDB Enterprise CERT_SECURED:PRIMARY> rs.add(“database.m310.mongodb.university:31131”)
{ “ok” : 1 }
MongoDB Enterprise CERT_SECURED:PRIMARY> rs.status()
{
“set” : “CERT_SECURED”,
“date” : ISODate(“2020-01-14T05:50:58.005Z”),
“myState” : 1,
“term” : NumberLong(1),
“heartbeatIntervalMillis” : NumberLong(2000),
“members” : [
{
“_id” : 0,
“name” : “database:31130”,
“health” : 1,
“state” : 1,
“stateStr” : “PRIMARY”,
“uptime” : 453,
“optime” : {
“ts” : Timestamp(1578981051, 1),
“t” : NumberLong(1)
},
“optimeDate” : ISODate(“2020-01-14T05:50:51Z”),
“electionTime” : Timestamp(1578980719, 2),
“electionDate” : ISODate(“2020-01-14T05:45:19Z”),
“configVersion” : 2,
“self” : true
},
{
“_id” : 1,
“name” : “database.m310.mongodb.university:31131”,
“health” : 1,
“state” : 0,
“stateStr” : “STARTUP”,
“uptime” : 6,
“optime” : {
“ts” : Timestamp(0, 0),
“t” : NumberLong(-1)
},
“optimeDate” : ISODate(“1970-01-01T00:00:00Z”),
“lastHeartbeat” : ISODate(“2020-01-14T05:50:57.531Z”),
“lastHeartbeatRecv” : ISODate(“1970-01-01T00:00:00Z”),
“pingMs” : NumberLong(4),
“configVersion” : -2
}
],
“ok” : 1
}
MongoDB Enterprise CERT_SECURED:PRIMARY> rs.status()
2020-01-14T05:51:21.713+0000 E QUERY [thread1] Error: error doing query: failed: network error while attempting to run command ‘replSetGetStatus’ on host ‘localhost:31130’ :
DB.prototype.runCommand@src/mongo/shell/db.js:135:1
DB.prototype.adminCommand@src/mongo/shell/db.js:152:1
rs.status@src/mongo/shell/utils.js:1111:12
@(shell):1:1

2020-01-14T05:51:21.716+0000 I NETWORK [thread1] trying reconnect to localhost:31130 (127.0.0.1) failed
2020-01-14T05:51:21.735+0000 I NETWORK [thread1] reconnect localhost:31130 (127.0.0.1) ok
MongoDB Enterprise CERT_SECURED:SECONDARY>
MongoDB Enterprise CERT_SECURED:SECONDARY> exit
bye
---------------------------------------------------------------------------------------------------------

Also i cannot give the replset name casue there is no primary

Will redo the lab.

i think after i create the user i have to connect to replset first.

What i do not know is how do i connect to replset name using the user which essentially is the subject of client cert.

PS:- yeah i named the repl set CERT_SECURED :stuck_out_tongue: and will be deleting the post since it may possibly have answers to lab.

TA,

Samir

#15

It’s difficult to read without proper indentation. Use one of these methods:
image

#16

prefer snips :stuck_out_tongue:

image
image1704×629 21.3 KB

#17

i have included the rs.add for 31131 port just for reference in prior snip at bottom and this at top.

image
image1431×954 27 KB

#18

have tried the lab for 4th tiem and even now getting same issue. i do rs.add and the status flips of the connection to secondary. also just prior i do rs.status amd it shows the node added in “strartup” state.

Am calling it a night for now since am in NA and its pretty late now.

TTYL

TA,

Samir

#19

image
image733×737 119 KB

PS: For me, it’s sometimes better to have a paste of the code than a screenshot, e.g. searching for specific words, being able to quote/reference it, and it being on one page.

#20

thanks JB,

Now i am seeing primary, secondary, secondary as status.

TA,

Samir

#21

image
image891×772 16.8 KB

#22

:slightly_smiling_face: :+1: