Sharding auth unauthorized problem

618 views
Skip to first unread message

Kroniak

unread,
Apr 18, 2012, 7:22:33 AM4/18/12
to mongodb-user
Hi.

I have problem with authorize to shard mongo servers.

When I tried run "var p = db..find();" in mongo shell after successful
auth to mongos I got "unauthorized".
When I tried to connect to server from Jasper Report Server I got
"unathorized java exception" on DBCursor fetch.

Without --auth or --keyfile I dont have this issue.

Can anybody help me?

Kroniak

unread,
Apr 18, 2012, 10:51:45 AM4/18/12
to mongod...@googlegroups.com
version 2.0.4

среда, 18 апреля 2012 г., 15:22:33 UTC+4 пользователь Kroniak написал:

Sam Millman

unread,
Apr 18, 2012, 11:04:17 AM4/18/12
to mongod...@googlegroups.com
This may sound like a dumb question but have you made sure the user your using the access the shards have permissions and are correctly indentified?

2012/4/18 Kroniak <guit...@gmail.com>
--
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To view this discussion on the web visit https://groups.google.com/d/msg/mongodb-user/-/onaT3TWA1mcJ.

To post to this group, send email to mongod...@googlegroups.com.
To unsubscribe from this group, send email to mongodb-user...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mongodb-user?hl=en.

Kroniak

unread,
Apr 19, 2012, 4:00:51 AM4/19/12
to mongod...@googlegroups.com
Yes, I have user which have full access to db config, and my dbs. 
In other our java application we dont have this issue.

in mongo shell I see:

./mongo mydb
mongo>db.auth('','');
mongo>1
mongo> db
mongo> mydb
mongo>var p = db.packets.find();
mongo>unauthorized


среда, 18 апреля 2012 г., 19:04:17 UTC+4 пользователь Sammaye написал:
This may sound like a dumb question but have you made sure the user your using the access the shards have permissions and are correctly indentified?

2012/4/18 Kroniak <guit...@gmail.com>
version 2.0.4

среда, 18 апреля 2012 г., 15:22:33 UTC+4 пользователь Kroniak написал:
Hi.

I have problem with authorize to shard mongo servers.

When I tried run "var p = db..find();" in mongo shell after successful
auth to mongos I got "unauthorized".
When I tried to connect to server from Jasper Report Server I got
"unathorized java exception" on DBCursor fetch.

Without --auth or --keyfile I dont have this issue.

Can anybody help me?

--
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To view this discussion on the web visit https://groups.google.com/d/msg/mongodb-user/-/onaT3TWA1mcJ.

To post to this group, send email to mongod...@googlegroups.com.
To unsubscribe from this group, send email to mongodb-user+unsubscribe@googlegroups.com.

Barrie

unread,
Apr 20, 2012, 6:31:35 PM4/20/12
to mongod...@googlegroups.com
Kroniak,

Can you connect to the primary shard for that db and call db.system.users.find()?  You can find out the primary db for the shard by calling db.printShardingStatus() from mydb.

Barrie 

Kroniak

unread,
Apr 24, 2012, 3:21:10 AM4/24/12
to mongod...@googlegroups.com
I have same account in config db and in my db on both shard server in local collections.
It was not fix issue. 

суббота, 21 апреля 2012 г., 2:31:35 UTC+4 пользователь Barrie написал:

Barrie

unread,
Apr 24, 2012, 5:12:54 PM4/24/12
to mongod...@googlegroups.com
Is there anything in the logs that confirms that there's a problem with authentication? 

Kroniak

unread,
Apr 25, 2012, 2:06:45 PM4/25/12
to mongod...@googlegroups.com
Log shard server there are no errors
Log config server there are no errors
Log mongos server there are:


Wed Apr 25 21:56:00 [conn2] Request::process ns: test.system.namespaces msg id:7 attempt: 0
Wed Apr 25 21:56:00 [conn2] single query: test.system.namespaces  {}  ntoreturn: 0 options : 0
Wed Apr 25 21:56:00 [conn2] User Assertion: 15845:unauthorized
Wed Apr 25 21:56:00 [conn2] AssertionException while processing op type : 2004 to : test.system.namespaces :: caused by :: 15845 unauthorized


Log Jasper report server:

net.sf.jasperreports.engine.JRException: unauthorized
at com.jaspersoft.mongodb.connection.MongoDbConnection.setDatabase(MongoDbConnection.java:102)
at com.jaspersoft.mongodb.connection.MongoDbConnection.<init>(MongoDbConnection.java:70)
My java client successful logged into test db.

среда, 25 апреля 2012 г., 1:12:54 UTC+4 пользователь Barrie написал:

Barrie

unread,
Apr 25, 2012, 3:53:29 PM4/25/12
to mongod...@googlegroups.com
Are you sure you're starting your mongos with --auth and --keyfile?  Can you send the first ten lines of each log file? 

Kroniak

unread,
Apr 27, 2012, 7:41:31 AM4/27/12
to mongod...@googlegroups.com
I am starting mongos with --keyfile options.

Wed Apr 25 21:54:47 [initandlisten] MongoDB starting : pid=1790 port=27019 dbpath=/mongodb/./config 64-bit host=mongodb1
Wed Apr 25 21:54:47 [initandlisten] db version v2.0.4, pdfile version 4.5
Wed Apr 25 21:54:47 [initandlisten] git version: 329f3c47fe8136c03392c8f0e548506cb21f8ebf
Wed Apr 25 21:54:47 [initandlisten] build info: Linux ip-10-110-9-236 2.6.21.7-2.ec2.v1.2.fc8xen #1 SMP Fri Nov 20 17:48:28 EST 2009 x86_64 BOOST_LIB_VERSIO$
Wed Apr 25 21:54:47 [initandlisten] options: { configsvr: true, dbpath: "./config", directoryperdb: true, fork: true, keyFile: "/mongodb/conf/key", logpath:$

Wed Apr 25 21:54:48 ./bin/mongos db version v2.0.4, pdfile version 4.5 starting (--help for usage)
Wed Apr 25 21:54:48 git version: 329f3c47fe8136c03392c8f0e548506cb21f8ebf
Wed Apr 25 21:54:48 build info: Linux ip-10-110-9-236 2.6.21.7-2.ec2.v1.2.fc8xen #1 SMP Fri Nov 20 17:48:28 EST 2009 x86_64 BOOST_LIB_VERSION=1_41
Wed Apr 25 21:54:48 [mongosMain] waiting for connections on port 27017
Wed Apr 25 21:54:48 [Balancer] about to contact config servers and shards
Wed Apr 25 21:54:48 [websvr] admin web console waiting for connections on port 28017
Wed Apr 25 21:54:48 [Balancer] config servers and shards contacted successfully

Wed Apr 25 21:54:46 [initandlisten] MongoDB starting : pid=1775 port=27018 dbpath=/mongodb/./data 64-bit host=mongodb1
Wed Apr 25 21:54:46 [initandlisten] db version v2.0.4, pdfile version 4.5
Wed Apr 25 21:54:46 [initandlisten] git version: 329f3c47fe8136c03392c8f0e548506cb21f8ebf
Wed Apr 25 21:54:46 [initandlisten] build info: Linux ip-10-110-9-236 2.6.21.7-2.ec2.v1.2.fc8xen #1 SMP Fri Nov 20 17:48:28 EST 2009 x86_64 BOOST_LIB_VERSIO$
Wed Apr 25 21:54:46 [initandlisten] options: { dbpath: "./data", directoryperdb: true, fork: true, keyFile: "/mongodb/conf/key", logpath: "./log/shard.log"

среда, 25 апреля 2012 г., 23:53:29 UTC+4 пользователь Barrie написал:

Greg Studer

unread,
Apr 27, 2012, 1:37:07 PM4/27/12
to mongodb-user
./mongo mydb

Wed Apr 25 21:56:00 [conn2] AssertionException while processing op
type :
2004 to : test.system.namespaces :: caused by :: 15845 unauthorized

So it's a bit unclear, but it seems from what you've posted that
you're connecting and trying to auth to "mydb" but the auth error is
coming from the "test" db. Which database are you expecting to
connect to? By default, when connecting in the shell, you'll get the
test database as the "db" variable.
> >>>>>>> 2012/4/18 Kroniak <guitar...@gmail.com>
>
> >>>>>>>> version 2.0.4
>
> >>>>>>>> среда, 18 апреля 2012 г., 15:22:33 UTC+4 пользователь Kroniak
> >>>>>>>> написал:
>
> >>>>>>>>> Hi.
>
> >>>>>>>>> I have problem with authorize to shard mongo servers.
>
> >>>>>>>>> When I tried run "var p = db..find();" in mongo shell after
> >>>>>>>>> successful
> >>>>>>>>> auth to mongos I got "unauthorized".
> >>>>>>>>> When I tried to connect to server from Jasper Report Server I got
> >>>>>>>>> "unathorized java exception" on DBCursor fetch.
>
> >>>>>>>>> Without --auth or --keyfile I dont have this issue.
>
> >>>>>>>>> Can anybody help me?
>
> >>>>>>>>  --
> >>>>>>>> You received this message because you are subscribed to the Google
> >>>>>>>> Groups "mongodb-user" group.
> >>>>>>>> To view this discussion on the web visit
> >>>>>>>>https://groups.google.com/d/msg/mongodb-user/-/onaT3TWA1mcJ.
>
> >>>>>>>> To post to this group, send email to mongod...@googlegroups.com.
> >>>>>>>> To unsubscribe from this group, send email to
> >>>>>>>> mongodb-user...@googlegroups.com.

Kroniak

unread,
Apr 27, 2012, 1:58:38 PM4/27/12
to mongod...@googlegroups.com
Sorry, in my first message I was talking about "mydb".
I'll say it again:

1. The name of "mydb" is "test".
2. I connecting as ./mongo test
3 .User with rw grants there are in config db and in test db.
4. All daemon is runnung with options --keyFile.
5. There are 2 servers, 
a) mongos, config db, shard 1
b) shard 2
6. Default shard for "test" db is shard 1
7. My java client with java driver 2.7 succefull connect and requests data from test."collection"
8. When I try to connet via Jasper Report Serve or Jasper IReports, I have error in Jasper Log.

net.sf.jasperreports.engine.JRException: unauthorized
at com.jaspersoft.mongodb.connection.MongoDbConnection.setDatabase(MongoDbConnection.java:102)
at com.jaspersoft.mongodb.connection.MongoDbConnection.<init>(MongoDbConnection.java:70)

9. mongos succefull connected to shard and config db.

It's all.



пятница, 27 апреля 2012 г., 21:37:07 UTC+4 пользователь Greg Studer написал:

Kroniak

unread,
Apr 27, 2012, 2:03:54 PM4/27/12
to mongod...@googlegroups.com
10.

>./mongo test
>db.auth('...','...');
1
>var p = db.tcoll.find();
unathorized 

11. without sharding and enabled --auth I don't have any errors.

пятница, 27 апреля 2012 г., 21:58:38 UTC+4 пользователь Kroniak написал:

Greg Studer

unread,
Apr 27, 2012, 3:29:23 PM4/27/12
to mongodb-user
Hmm - a few things to try - can you get the same behavior when using
an admin user? Obviously not what you want, but good to see if
something's wrong with the authentication path we're using here in
general.

Since you can connect via java, a second debugging step would be to
turn the logLevel of mongos up to 5 - -vvvvv - and record the
operations on mongos when you connect and request data, compared with
the operations when you run from the shell.
> >> > >>>>>>>> mongodb-user...@googlegroups.com.

Kroniak

unread,
May 2, 2012, 12:14:54 PM5/2/12
to mongod...@googlegroups.com
For clear test I recreate sharding cluster without user db.
There are only config db, 2 shards, 1 mongos on primary shard and 1 config server.

Wed May  2 19:59:04 [conn10] User Assertion: 15845:unauthorized
Wed May  2 19:59:04 [conn10] AssertionException while processing op type : 2004 to : config.system.namespaces :: caused by :: 15845 unauthorized
  • By "./mongo config" I connect successfully.
 db.system.namespaces.find(); -- running without erorrs.
  • By my java app too without errors.
пятница, 27 апреля 2012 г., 23:29:23 UTC+4 пользователь Greg Studer написал:

Kroniak

unread,
May 2, 2012, 12:42:07 PM5/2/12
to mongod...@googlegroups.com
In the last clear test I didn't create user in admin db. There are not "admin db".
When I was connection to "./mongo config" I was using localhost connection to config and I didn't have errors.

Then:

./mongo admin
MongoDB shell version: 2.0.4
connecting to: admin
mongos> db
admin
mongos> var p =db.system.users.find();
mongos> p
mongos> db.addUser('dba','...');
  db.addUser('dba','');
{
        "singleShard" : "192.168.2.68:27019",
        "n" : 0,
        "connectionId" : 4,
        "err" : null,
        "ok" : 1
}
{
        "user" : "dba",
        "readOnly" : false,
        "pwd" : "...",
        "_id" : ObjectId("4fa15ede63ddf5ed65fb163e")
}
> var p =db.system.users.find();
unauthorized
> db.auth('dba','...');
1
mongos> var p =db.system.users.find();
mongos> p
{ "_id" : ObjectId("4fa15ede63ddf5ed65fb163e"), "user" : "dba", "readOnly" : false, "pwd" : "" }
mongos> exit

OK. No errors! 
After I created admin db I got:

 ./mongo config
MongoDB shell version: 2.0.4
connecting to: config
> var p =db.system.users.find();
unauthorized
> db.auth('dba','');
1
> db.system.users.find();
{ "_id" : ObjectId("4f98330c1d8a80e758c02313"), "user" : "dba", "readOnly" : false, "pwd" : "" }
> var p = db.system.users.find();
unauthorized

There are no errors in mongos log.
Error in JasperServer is still.

I break my head! HELP!






среда, 2 мая 2012 г., 20:14:54 UTC+4 пользователь Kroniak написал:

Greg Studer

unread,
May 2, 2012, 12:54:23 PM5/2/12
to mongodb-user
Hmm - the issue here might be connecting on the localhost machine
allows you default authorization, which is why the shell and app are
working - does your java app work when on a different host from mongos

On May 2, 12:14 pm, Kroniak <guitar...@gmail.com> wrote:
> For clear test I recreate sharding cluster without user db.
> There are only config db, 2 shards, 1 mongos on primary shard and 1 config
> server.
>
>    - When I try connect to mongos by JasperStudio
>    (mongodb://192.168.2.68:27017/config) I have same error. LogLevel 5.
>
> Wed May  2 19:59:04 [conn10] User Assertion: 15845:unauthorized
> Wed May  2 19:59:04 [conn10] AssertionException while processing op type :
> 2004 to : config.system.namespaces :: caused by :: 15845 unauthorized
>
>    - By "./mongo config" I connect successfully.
>
>  db.system.namespaces.find(); -- running without erorrs.
>
>    - By my java app too without errors.
> ...
>
> read more »

Kroniak

unread,
May 2, 2012, 2:54:25 PM5/2/12
to mongod...@googlegroups.com
Possible.

Look at my last post with admin db and shell.

среда, 2 мая 2012 г., 20:54:23 UTC+4 пользователь Greg Studer написал:

Greg Studer

unread,
May 2, 2012, 4:54:08 PM5/2/12
to mongodb-user
Crossed messages, see the post now.

> There are no errors in mongos log.
It looks like you were directly connected to the config server at this
point - the authentication paths are different, and probably confusing
the issue. Also, the shell calls getLastError() after lines without
return values, which I suspect is causing the "var p =" weirdness.
What you need to do is test using the dba user in mongos (using the
mongo shell) from the *remote* JasperServer with authentication as
"dba." From what I've seen here, that should work. If not, that's
what we need to debug,
> ...
>
> read more »

Kroniak

unread,
May 4, 2012, 8:42:15 AM5/4/12
to mongod...@googlegroups.com
My last test (debug level 5)

./mongo config
MongoDB shell version: 2.0.4
connecting to: config
> var p =db.system.users.find();
unauthorized
> db.auth('dba','...');
1
> db.system.users.find();
{ "_id" : ObjectId("4f98330c1d8a80e758c02313"), "user" : "dba", "readOnly" : false, "pwd" : "" }
> var p =db.system.users.find();
unauthorized
> db.getLastError();
unauthorized

Mongos log:

Fri May  4 16:31:48 BackgroundJob starting: ConnectBG
Fri May  4 16:31:48 [conn2] connected connection!
Fri May  4 16:31:48 [conn2] calling onCreate auth for 192.168.2.68:27019
Fri May  4 16:31:48 [conn2] initializing shard connection to 192.168.2.68:27019
Fri May  4 16:31:48 [conn2] initial sharding settings : { setShardVersion: "", init: true, configdb: "192.168.2.68:27019", serverID: ObjectId('4fa3cb288fd46$
Fri May  4 16:31:48 [conn2] initial sharding result : { initialized: true, ok: 1.0 }
Fri May  4 16:31:50 [Balancer] _inBalancingWindow:  now: 2012-May-04 16:31:50 startTime: 2012-May-04 00:00:00 stopTime: 2012-May-04 00:00:00
Fri May  4 16:31:50 [Balancer] skipping balancing round because balancing is disabled
Fri May  4 16:32:20 [PeriodicTask::Runner] task: DBConnectionPool-cleaner took: 0ms
Fri May  4 16:32:20 [PeriodicTask::Runner] task: DBConnectionPool-cleaner took: 0ms
Fri May  4 16:32:20 [WriteBackListener-192.168.2.68:27019] 192.168.2.68:27019 is not a shard node
Fri May  4 16:32:20 [Balancer] _inBalancingWindow:  now: 2012-May-04 16:32:20 startTime: 2012-May-04 00:00:00 stopTime: 2012-May-04 00:00:00
Fri May  4 16:32:20 [Balancer] skipping balancing round because balancing is disabled
Fri May  4 16:32:27 [conn2] Request::process ns: config.$cmd msg id:2 attempt: 0
Fri May  4 16:32:27 [conn2] single query: config.$cmd  { getlasterror: 1.0, w: 1.0 }  ntoreturn: -1 options : 0
Fri May  4 16:32:27 [conn2] Request::process ns: admin.$cmd msg id:3 attempt: 0
Fri May  4 16:32:27 [conn2] single query: admin.$cmd  { replSetGetStatus: 1, forShell: 1 }  ntoreturn: 1 options : 0
Fri May  4 16:32:50 [Balancer] _inBalancingWindow:  now: 2012-May-04 16:32:50 startTime: 2012-May-04 00:00:00 stopTime: 2012-May-04 00:00:00
Fri May  4 16:32:50 [Balancer] skipping balancing round because balancing is disabled
Fri May  4 16:33:08 [conn2] Request::process ns: config.$cmd msg id:4 attempt: 0
Fri May  4 16:33:08 [conn2] single query: config.$cmd  { getnonce: 1.0 }  ntoreturn: -1 options : 0
Fri May  4 16:33:08 [conn2] Request::process ns: config.$cmd msg id:5 attempt: 0
Fri May  4 16:33:08 [conn2] single query: config.$cmd  { authenticate: 1.0, user: "dba", nonce: "1171e776d436c958", key: "c899e5c219d98b9c9382be257ac98840" $
Fri May  4 16:33:08 [conn2]  authenticate: { authenticate: 1.0, user: "dba", nonce: "1171e776d436c958", key: "c899e5c219d98b9c9382be257ac98840" }
Fri May  4 16:33:08 [conn2] Request::process ns: admin.$cmd msg id:6 attempt: 0
Fri May  4 16:33:08 [conn2] single query: admin.$cmd  { replSetGetStatus: 1, forShell: 1 }  ntoreturn: 1 options : 0
Fri May  4 16:33:20 [PeriodicTask::Runner] task: DBConnectionPool-cleaner took: 0ms
Fri May  4 16:33:20 [PeriodicTask::Runner] task: DBConnectionPool-cleaner took: 0ms
Fri May  4 16:33:20 [WriteBackListener-192.168.2.68:27019] 192.168.2.68:27019 is not a shard node
Fri May  4 16:33:20 [Balancer] _inBalancingWindow:  now: 2012-May-04 16:33:20 startTime: 2012-May-04 00:00:00 stopTime: 2012-May-04 00:00:00
Fri May  4 16:33:20 [Balancer] skipping balancing round because balancing is disabled
Fri May  4 16:33:28 [conn2] Request::process ns: config.system.users msg id:7 attempt: 0
Fri May  4 16:33:28 [conn2] single query: config.system.users  {}  ntoreturn: 0 options : 0
Fri May  4 16:33:28 [conn2] Request::process ns: admin.$cmd msg id:8 attempt: 0
Fri May  4 16:33:28 [conn2] single query: admin.$cmd  { replSetGetStatus: 1, forShell: 1 }  ntoreturn: 1 options : 0
Fri May  4 16:33:31 [conn2] Request::process ns: config.$cmd msg id:9 attempt: 0
Fri May  4 16:33:31 [conn2] single query: config.$cmd  { getlasterror: 1.0, w: 1.0 }  ntoreturn: -1 options : 0
Fri May  4 16:33:31 [conn2] Request::process ns: admin.$cmd msg id:10 attempt: 0
Fri May  4 16:33:31 [conn2] single query: admin.$cmd  { replSetGetStatus: 1, forShell: 1 }  ntoreturn: 1 options : 0
Fri May  4 16:33:50 [Balancer] _inBalancingWindow:  now: 2012-May-04 16:33:50 startTime: 2012-May-04 00:00:00 stopTime: 2012-May-04 00:00:00
Fri May  4 16:33:50 [Balancer] skipping balancing round because balancing is disabled
Fri May  4 16:34:20 [PeriodicTask::Runner] task: DBConnectionPool-cleaner took: 0ms
Fri May  4 16:34:20 [PeriodicTask::Runner] task: DBConnectionPool-cleaner took: 0ms
Fri May  4 16:34:20 [WriteBackListener-192.168.2.68:27019] 192.168.2.68:27019 is not a shard node
Fri May  4 16:34:20 [Balancer] _inBalancingWindow:  now: 2012-May-04 16:34:20 startTime: 2012-May-04 00:00:00 stopTime: 2012-May-04 00:00:00
Fri May  4 16:34:20 [Balancer] skipping balancing round because balancing is disabled
Fri May  4 16:34:50 [Balancer] _inBalancingWindow:  now: 2012-May-04 16:34:50 startTime: 2012-May-04 00:00:00 stopTime: 2012-May-04 00:00:00
Fri May  4 16:34:50 [Balancer] skipping balancing round because balancing is disabled




четверг, 3 мая 2012 г., 0:54:08 UTC+4 пользователь Greg Studer написал:

Greg Studer

unread,
May 9, 2012, 10:35:52 PM5/9/12
to mongodb-user
Ok - think what's going on here is a combination of two things - 1)
you have a config user with the same username (and I assume password)
as the admin user. This may be what's causing auth errors remotely -
the output of a remote shell session wasn't posted. 2) Confusingly,
the shell is running getLastError() after each line which evaluates to
undefined (aka "var x = ..."), and the result of that getLastError is
actually { ok : "true", err : "undefined" }. You can see this by
running use config, auth( "configUser"), then
"db.runCommand({ getLastError : true })".

If you want to avoid the shell weirdness, you can use .js scripts
instead.
> ...
>
> read more »
Reply all
Reply to author
Forward
0 new messages