resetting the admin database in a replica set

[Lee Henson]

Someone along the line we've lost the ability to perform user administration on our 3-node v2.4 replica set. I can read and write to all databases, but I can't query or update the system.users collection in any database. As I understand it, the only way to recover full admin rights is to remove the admin db data files on all of the nodes. I tried following the procedure outlined here: http://www.terminalinflection.com/mongo-db-force-admin-removal/ but it was not successful:

- I ran db.shutdownServer() on each secondary

- on what was the primary node, I checked rs.status() and could see that it had stepped itself down to become a secondary because there was now no majority available

- I moved admin data files out of the data directory

- I was able to connect to the mongo console without needing to authenticate

- I was not able to add a new admin user, because the node was a secondary and rejected the update

I have since:

- I replaced the data files and restarted all the nodes

- verified the replica set is in a healthy state

Is there a better documented procedure that I can follow that is tailored to v2.4, specifically v2.4.9?

Cheers

[Asya Kamsky]

I'm not familiar with the site you referenced but their instructions work - it doesn't look like you followed them.   You should stop all replica nodes and remove admin db from all of them.  Then when you restart you will need to create initial admin user and then the rest of the users you need.

Asya

--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
 
For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user...@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at http://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/4f7217ef-bd72-4832-9b19-d5b44c445fe9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Lee Henson]

Yeah I managed to do this in the end by removing the admin db from all nodes, then restarting each node and letting the replica set become healthy again. Then on the primary I could add new users again. I personally feel like the instructions suggest adding the db user to a single node while the other nodes are not running. This doesn't work because at this point the the node will have stepped down to secondary and won't accept writes.

You received this message because you are subscribed to a topic in the Google Groups "mongodb-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mongodb-user/qfMKme1PRr4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mongodb-user...@googlegroups.com.

To post to this group, send email to mongod...@googlegroups.com.
Visit this group at http://groups.google.com/group/mongodb-user.

To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/CAOe6dJCfOH1nPtWf6m_nyPK1WR-qNEY7HbfHt50dmgU2QRZQ0w%40mail.gmail.com.