Problems on M310 / X.509

I am now in a situation where I would like to run this command in the mongo shell and I can’t.

db.getSiblingDB("$external").runCommand({createUser: “C=US,ST=New York,L=New York City,O=MongoDB,OU=University2,CN=M310 Client”, roles: [{role: ‘root’, db:‘admin’}])

At this point I have tried two ways to start mongod on my three servers.

1st)
mongod --replSet TO_BE_SECURED --dbpath ./M310-HW-1.3/r0 --logpath ./M310-HW-1.3/r0/mongodb.log --port 31130 --fork --sslMode requireSSL --clusterAuthMode x509 --sslPEMKeyFile ./shared/certs/server.pem --sslCAFile ./shared/certs/ca.pem

2nd)
mongod --replSet TO_BE_SECURED --dbpath ./M310-HW-1.3/r0 --logpath ./M310-HW-1.3/r0/mongodb.log --port 31130 --fork

Both of those two method seemingly work to start the servers, but neither looks good at the end for what I want.

If I use the first way, then I am able to connect with the mongo shell, using this command:

mongo --host “TO_BE_SECURED/database.m310.mongodb.university:31130” --ssl --sslPEMKeyFile ./shared/certs/client.pem --sslCAFile ./shared/certs/ca.pem

If I use the second way, I am able to connect with the mongo shell, using this command:

mongo --host “TO_BE_SECURED/database.m310.mongodb.university:31130”

But in both case, I can’t run the above command:
db.getSiblingDB("$external").runCommand…

If someone can tell me what I am missing that would be great.

First mongod command is correct as yu need mongod with x509 authentication
Second mongod starts a instacne without any authentication

For mongo use the first command.Don’t use replicaset name in the command
Just use --host database.m310.mongodb.university and give the port separately --port 31130

Is your replica up?how did you initialize
Asking this because you are at user creation step

Thanks for the reply.

I used the same mongod command for the three servers. Of course changing the port each time as well as the paths. And rs.initiate(…) at some point. But I remember running rs.initiate only once and that seems to be enough. On the other hand I have tried and killed the mongods several times, using variations.

ok
Did you try this:

mongo --host database.m310.mongodb.university --port 31130 with rest of the options as you used

Following your indications using:

mongo --host database.m310.mongodb.university --port 31130 --ssl --sslPEMKeyFile ./shared/certs/client.pem --sslCAFile ./shared/certs/ca.pem

I was indeed able to get in, but there is still an issue with the command: "db.getSiblingDB …createUser… ". Here is how it goes when I try:

MongoDB Enterprise TO_BE_SECURED:PRIMARY> db.getSiblingDB("$external").runCommand({createUser: “C=US,ST=New York,L=New York City,O=MongoDB,OU=University2,CN=M310 Client”, roles: [{role: ‘root’, db:‘admin’}])
… ^C

MongoDB Enterprise TO_BE_SECURED:PRIMARY>

As you can see I had to hit CTRL-C, or I would wait for ever.

What am I missing?

I finally solved the problem. If you look carefully at my db.getSiblingDB… command you will see that a curly brace is missing.

Thanks for your help anyway!

The three little dots is the line continuation prompt, indicating that the command you are entering is not syntactically terminated. Most often, a missing quote or double quote, a missing closing brace or missing closing parenthesis. But as seen in the following example. The missing part can be something else.

> db.test.find( { a : 1 
... , b : 2 } )

Yes. I should have been alerted by the … indeed.
I just didn’t know that.