MongoDB 2.0 Replica + Set + Authentication configuration how? In mongod start when --auth, add rs.initiate(config) error?

[kuku]

MongoDB 2.0 Replica + Set + Authentication configuration how? In
mongod start when --auth, add rs.initiate(config) error?

[Ted Behling]

I also see an inability to use authentication with Replica Sets, in
Mongo 2.0.0. I rolled back to Mongo 1.8.3 and authenticated replica
sets work fine. In 2.0.0, with authentication on, if I do a
"rs.status()", some of my nodes show this error:

"errmsg" : "need to login"

It seems 10gen modified how authentication works in 2.0.0. If I open
the shell in 1.8.3, I can do some operations without authenticating,
but in 2.0.0, I can't do anything without authenticating.

Ted Behling

[sridhar]

To set up replica sets with authentication use the --keyfile option.
http://www.mongodb.org/display/DOCS/Security+and+Authentication#SecurityandAuthentication-ReplicaSetandShardingAuthentication.
The keyfile allows the RS members to authenticate with each other and
then you follow the normal initiate.
After the set is up, you can add users as you normally wold.. Note --
keyfile implies --auth.

[sridhar]

@Ted in 2.0 rs.status is an admin command. To run this when using --
keyfile (--auth) with RS, auth as an admin user before using it.

On Sep 21, 1:45 pm, sridhar <srid...@10gen.com> wrote:
> To set up replica sets with authentication use the --keyfile option.http://www.mongodb.org/display/DOCS/Security+and+Authentication#Secur....

[Alê Borba]

I'm auth as admin and then run rs.status in my primary node in replica set. I give the same errormsg in one of my nodes. 

What's wrong in --keyfile option in MongoDB 2.0?

[sridhar]

can you post the actual result of what you are seeing on rs.status()?

[Alê Borba]

This is my output:

PRIMARY> rs.status()

{

"set" : "PHPMongo",

"date" : ISODate("2011-09-22T19:52:44Z"),

"myState" : 1,

"members" : [

{

"_id" : 0,

"name" : "xxx.xxx.xxx.164:27017",

"health" : 1,

"state" : 1,

"stateStr" : "PRIMARY",

"optime" : {

"t" : 1316721163000,

"i" : 2

},

"optimeDate" : ISODate("2011-09-22T19:52:43Z"),

"self" : true

},

{

"_id" : 1,

"name" : "xxx.xxx.xxx.181:27017",

"health" : 0,

"state" : 8,

"stateStr" : "(not reachable/healthy)",

"uptime" : 0,

"optime" : {

"t" : 0,

"i" : 0

},

"optimeDate" : ISODate("1970-01-01T00:00:00Z"),

"lastHeartbeat" : ISODate("2011-09-22T19:52:42Z"),

"pingMs" : 0,

"errmsg" : "need to login"

},

{

"_id" : 2,

"name" : "xxx.xxx.xxx.143:27017",

"health" : 1,

"state" : 2,

"stateStr" : "SECONDARY",

"uptime" : 28974,

"optime" : {

"t" : 1316721162000,

"i" : 3

},

"optimeDate" : ISODate("2011-09-22T19:52:42Z"),

"lastHeartbeat" : ISODate("2011-09-22T19:52:42Z"),

"pingMs" : 0

}

],

"ok" : 1

}

[sridhar]

Looks like there is something incorrect with the auth on "xxx.xxx.xxx.
181:27017". Can you directly connect to your primary xxx.xxx.xxx.
164:27017 and run db.adminCommand({"getCmdLineOpts":1}). Repeat on a
direct connection to xxx.xxx.xxx.181:27017. Can you paste both
outputs.
Also can you make sure the key files on both the nodes match.

[Kyle Banker]

This appears to be a bug. Ticket created:
https://jira.mongodb.org/browse/SERVER-3929

[Alê Borba]

Hi all, sorry for delay.

My primary output for the command db.adminCommand({"getCmdLineOpts":1})

PRIMARY> db.adminCommand({"getCmdLineOpts":1})

{

"argv" : [

"mongod",

"--rest",

"--replSet",

"PHPMongo",

"--port",

"27017",

"--dbpath",

"/data/db/",

"--logpath",

"/var/log/mongo/mongod.log",

"--keyFile",

"/root/mongoKey"

],

"parsed" : {

"dbpath" : "/data/db/",

"keyFile" : "/root/mongoKey",

"logpath" : "/var/log/mongo/mongod.log",

"port" : 27017,

"replSet" : "PHPMongo",

"rest" : true

},

"ok" : 1

}

And the problem node's output:

SECONDARY> db.adminCommand({"getCmdLineOpts":1})

{

"argv" : [

"mongod",

"--rest",

"--replSet",

"PHPMongo",

"--port",

"27017",

"--dbpath",

"/data/db/",

"--logpath",

"/var/log/mongo/mongod.log",

"--keyFile",

"/root/mongoKey"

],

"parsed" : {

"dbpath" : "/data/db/",

"keyFile" : "/root/mongoKey",

"logpath" : "/var/log/mongo/mongod.log",

"port" : 27017,

"replSet" : "PHPMongo",

"rest" : true

},

"ok" : 1

}

[sridhar]

Do the key files in the 2 nodes match? If so you are probably hitting
the issue Kyle indicated in this thread.

[Alê Borba]

yes, they match. I'm sure.