HW1.6 -- Replica Set status in recovering

Can’t add other nodes into replica set in LDAP mode.
Use KeyFile as internal auth to add other nodes.
Switch back to LDAP mode and replica set in the recovering.
MongoDB Enterprise HW16:RECOVERING> rs.isMaster()
“hosts” : [
“setName” : “HW16”,
“setVersion” : 3,
“ismaster” : false,
“secondary” : false,
“me” : “database:31160”,
“maxBsonObjectSize” : 16777216,
“maxMessageSizeBytes” : 48000000,
“maxWriteBatchSize” : 1000,
“localTime” : ISODate(“2019-01-15T04:06:51.155Z”),
“maxWireVersion” : 4,
“minWireVersion” : 0,
“ok” : 1
MongoDB Enterprise HW16:RECOVERING>

Run the validate script it returns

{ unauthorizedStatus: {“ok”:0,“errmsg”:“not authorized on admin to execute command { replSetGetStatus: 1.0 }”,“code”:13}, memberStatuses: Error: Missing expected field “mechanism” 2019-01-15T04:20:43.899+0000 E QUERY [thread1] TypeError: status.members is undefined : @(shell eval):9:16

@ GangXie

If the status is “RECOVERING”, then the replica set is not initialized properly. Note that you should create your user after initializing the replica set on the primary, but before adding additional members. HTH.

1 Like

You still need x509 as internal cluster authentication with ldap use authentication.

1 Like

Thanks DHz. I created ldap user “adam” and it is good. do I need to create another user?

Thanks steevej-1495. I shutdown the replica set after creating “adam” user. Then restart it with X509 certs. And the replica set is still in other mode not primary. Any suggestion?

What is the other mode?

It shows “OTHER” but not “PRIMARY” or “SECONDARY”

Disconnect and reconnect as you may have been in the middle of an election.

Tried a few times.

Here are the steps after saslauthd service started, could you please let me know which one was wrong?

vagrant@database:~$ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --dbpath /home/vagrant/M310-HW-1.6/r0 --logpath /home/vagrant/M310-HW-1.6/r0/mongo.log.log --port 31160 --replSet HW16 --fork

vagrant@database:~$ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --dbpath /home/vagrant/M310-HW-1.6/r1 --logpath /home/vagrant/M310-HW-1.6/r1/mongo.log.log --port 31161 --replSet HW16 --fork

vagrant@database:~$ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --dbpath /home/vagrant/M310-HW-1.6/r2 --logpath /home/vagrant/M310-HW-1.6/r2/mongo.log.log --port 31162 --replSet HW16 --fork

vagrant@database:~$ mongo admin --port 31160
MongoDB Enterprise > rs.initiate({
… _id: ‘HW16’,
… members: [
… { _id: 1, host: ‘database.m310.mongodb.university:31160’, priority: 1 }
… ]
… })
{ “ok” : 1 }
MongoDB Enterprise HW16:PRIMARY> db.getSiblingDB("$external").createUser({user: ‘adam’, roles: [{role: ‘root’, db: ‘admin’}]})

MongoDB Enterprise HW16:PRIMARY> db.getSiblingDB("$external").auth({mechanism: “PLAIN”, user: ‘adam’, pwd: ‘password’, digestPassword: false})

vagrant@database:~$ mongod --dbpath /home/vagrant/M310-HW-1.6/r0 --logpath /home/vagrant/M310-HW-1.6/r0/mongodb.log --port 31160 --replSet myReplSet --fork --sslMode requireSSL --clusterAuthMode x509 --sslPEMKeyFile ./shared/certs/server.pem --sslCAFile ./shared/certs/ca.pem --auth

vagrant@database:~$ mongod --dbpath /home/vagrant/M310-HW-1.6/r1 --logpath /home/vagrant/M310-HW-1.6/r1/mongodb.log --port 31161 --replSet myReplSet --fork --sslMode requireSSL --clusterAuthMode x509 --sslPEMKeyFile ./shared/certs/server.pem --sslCAFile ./shared/certs/ca.pem --auth

vagrant@database:~$ mongod --dbpath /home/vagrant/M310-HW-1.6/r2 --logpath /home/vagrant/M310-HW-1.6/r2/mongodb.log --port 31162 --replSet myReplSet --fork --sslMode requireSSL --clusterAuthMode x509 --sslPEMKeyFile ./shared/certs/server.pem --sslCAFile ./shared/certs/ca.pem --auth

After this the replica set never comes back and could not add new members to it.

First, I would recommend using a configuration file.

Second, I would check what the log files have to say.

Third, I have my SSL mode set to preferSSL. With requireSSL, I think that in addition of authenticating the user with LDAP the mongo client has to connect with SSL.

Ok, thanks steevej-1495