Question about mongodb during opal set up

[Tom Bishop]

Hi,

 

I have a question that has arisen from one of our partners while setting up Opal.

 

Please note that they are using Redhat, which may or may not make a difference.

 

When I have done an Opal install in the past, I navigate to the web interface where it asks about the participant and data databases. Here I just use the suggested name (opal_ids and opal_data), and entered a username of opal and password. It then appears that the databases are created during this process. This is as per the instructions on the wiki: http://wiki.obiba.org/display/OPALDOC/Databases+Administration

 

However, it does not appear to work like this for our user, and when I tried this myself, it did not appear that the databases were created automatically – I got a ‘connection failed’ message. I had to go into the mongo shell and create them, and after that the connection was successful.

 

Also, although they  are the administrator, they do not see the admin section as shown in the screenshot.

 

Is this the correct behaviour?

 

Kind regards

 

Tom

 

 

[Ramin Maelstrom]

Hi Tom,

Before I can investigate I had a few of questions:

- What is the version of your partners OS?

- What version of MongoDB are they using?

- You mentioned creating your MongoDB databases with user and password, are you running your mongo server in auth mode (--auth)?

Thanks,

Ramin

--
You received this message because you are subscribed to the Google Groups "obiba-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to obiba-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tom Bishop]

Hi Ramin,

 

Thanks for getting in touch. Currently the situation is that I have asked them if they would be happy to start a fresh install as we tried a couple of things which might have caused further problems.

 

Let me see what their response is, and if we still have a problem I will refer back to you with this information

 

Tom

[Ramin Maelstrom]

Hi Tom,

No problem, keep me posted.

Ramin

[Ramin Maelstrom]

Hi Tom,

I thought this documentation update might interest you: http://wiki.obiba.org/display/OPALDOC/Databases+Administration#DatabasesAdministration-MongoDB. 

As a side note, the next Opal and Opal-Rserver stable RPM packages fix an important uninstall problem, please advise your partners to follow the steps described here to prevent any data loss: http://www.obiba.org/pages/rpm/ (under Installing Opal)

Regards,

Ramin

[Tom Bishop]

Hi Ramin,

 

That is helpful, thank you. I think we will be starting again with a clean install, and the wiki update will be useful for this

[Tom Bishop]

Hi Ramin,

 

Our partners tried a fresh install. They are using:

 

RHEL 7.2

mongodb-org-3.2

 

They seem to be able to register the opal_ids database but not opal_data. I enclose their details below.

 

If you would be able to help, this would be great as it using a lot of their time trying to get it to work.

 

Kind regards

 

Tom

 

-----------------------------------------------------------------------------------------------------------

 

From our partner:

 

I completely reinstalled opal-server, opal-rserver, rserver-admin and mongodb-org-server. Between uninstallation and re-installation, I checked that there were no left-overs from the old installations. Then, I followed SOP document again, reaching item 2.2.1 where I was to enter a username+password.

It sort-of worked. No problems registering opal_ids. With opal_data, it allowed me to indicate a username and a cryptic password, but also displayed a warning:




Having pressed "Save", things initially seemed fine. I could even upload a file. But when (in step 2.2.3), I wanted to create a test project, I got an error:




The MongoDB server is certainly listening on port 27017:

[loc_trar@s-ic-opal1p ~]$ echo -n "" | nc localhost 27017 && echo yes
yes

In /var/log/mongodb/mongod.log, there's lots of messages like:
2016-01-27T13:57:44.606+0100 I NETWORK  [initandlisten] connection accepted from 127.0.0.1:43657 #976 (1 connection now open)
2016-01-27T13:57:44.607+0100 I ACCESS   [conn976] SCRAM-SHA-1 authentication failed for opal on opal_data from client 127.0.0.1 ; UserNotFound Could not find user opal@opal_data
2016-01-27T13:57:44.608+0100 I NETWORK  [conn976] end connection 127.0.0.1:43657 (0 connections now open)

So again, it seems something went wrong with credentials-setup.

 

 

 

From: obiba...@googlegroups.com [mailto:obiba...@googlegroups.com] On Behalf Of Ramin Maelstrom
Sent: 25 January 2016 15:10
To: obiba...@googlegroups.com
Subject: Re: Question about mongodb during opal set up

 

Hi Tom,

[Ramin Maelstrom]

Hi Tom,

A few questions before I investigate:

1. are they running their MongoDB service in Client Access Control mode, either by starting the service with --auth option or have this option set to true in the mongod.conf file?

2. if the above is true, can you provide more information about the user:

Run these on the  command-line:

mongo # might need user/pasword if scenario 1. is true
use admin
db.system.users.find()

Regards,

Ramin

[Tom Bishop]

Hi Ramin,

 

I have asked about this and will let you know the response.

 

Thanks

 

Tom

[Tom Bishop]

Hi Ramin,

 

Apparently they are not running in client access control mode.

 

Does this help your investigation?

 

Thanks

 

Tom

 

From: obiba...@googlegroups.com [mailto:obiba...@googlegroups.com] On Behalf Of Ramin Maelstrom

Sent: 27 January 2016 15:05

[Ramin Maelstrom]

Hi Tom,

Yes it helps, I can now have the default setup for MongoDB installation. I will get back to you once I have a diagnosis. 

Regards,

Ramin

[Tom Bishop]

Hi Ramin,

 

I was wondering if you have made any progress with this diagnosis, as our partner is awaiting instructions to move forward.

 

Thank you

[Ramin Maelstrom]

Hi Tom,

I am sorry, I was quite busy last week and could not investigate. Another thing that could be helpful is the Opal log file. 

Thanks,

Ramin

[Tom Bishop]

Hi Ramin,

 

I have requested this file from them, hopefully they will be quick in responding

[Tom Bishop]

Hi Ramin,

 

Here is their opal.log file. I hope it helps!

 

Thanks

 

Tom

 

From: Tom Bishop
Sent: 01 February 2016 15:54
To: 'obiba...@googlegroups.com'
Subject: RE: Question about mongodb during opal set up

 

Hi Ramin,

 

I have requested this file from them, hopefully they will be quick in responding

 

Thanks

 

Tom

 

From: obiba...@googlegroups.com [mailto:obiba...@googlegroups.com] On Behalf Of Ramin Maelstrom

Sent: 01 February 2016 15:45

[Ramin Maelstrom]

Hi Tom,

Thanks I will check it out and come back to you later. Just out of curiosity, have they succeeded creating the DBs without user/pwd? I am only asking because I had tried clean installs on Fedora and CentOS 7  with and without client access control and in both cases Opal was able to use the MongoDBs. I am just trying to find out if their MongoDB works at all.

Thanks,

Ramin

 

[Tom Bishop]

Hi Ramin,

 

Apparently they were able to create the opal_ids database through the web GUI – see the original message for the details of the problem they had with opal_data.

[Ramin Maelstrom]

Hi Tom,

In your initial message (screenshot) I see that they have used a user/pwd. I wanted to know if they can create opal-ids and opal-data without user/pwd, just by name. They also have to make sure that their MongoDB installation is functional, i.e., they can create databases and collections from the MongoDB console (https://docs.mongodb.org/getting-started/shell/insert/).

Thanks,

Ramin

[Tom Bishop]

Hi Ramin,

 

Apologies I misunderstood your question, yes in the GUI they were specifying a username and password.

 

They have run the basic test on whether Mongo is working – it appears to be. There are a couple of warnings on start up though:

 

=============================================

-bash-4.2$ mongo

MongoDB shell version: 3.2.1

connecting to: test

Welcome to the MongoDB shell.

For interactive help, type "help".

For more comprehensive documentation, see

     http://docs.mongodb.org/

Questions? Try the support group

     http://groups.google.com/group/mongodb-user

Server has startup warnings:

2016-01-27T12:45:35.225+0100 I CONTROL  [initandlisten]

2016-01-27T12:45:35.225+0100 I CONTROL  [initandlisten] ** WARNING:

/sys/kernel/mm/transparent_hugepage/defrag is 'always'.

2016-01-27T12:45:35.225+0100 I CONTROL  [initandlisten] **        We

suggest setting it to 'never'

2016-01-27T12:45:35.225+0100 I CONTROL  [initandlisten]

2016-01-27T12:45:35.225+0100 I CONTROL  [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 4096 processes, 64000 files. Number of processes should be at least 32000 : 0.5 times number of files.

2016-01-27T12:45:35.225+0100 I CONTROL  [initandlisten]  > use test switched to db test  > db.restaurants.insert(

...    {

...       "address" : {

...          "street" : "2 Avenue",

...          "zipcode" : "10075",

...          "building" : "1480",

...          "coord" : [ -73.9557413, 40.7720266 ],

...       },

...       "borough" : "Manhattan",

...       "cuisine" : "Italian",

...       "grades" : [

...          {

...             "date" : ISODate("2014-10-01T00:00:00Z"),

...             "grade" : "A",

...             "score" : 11

...          },

...          {

...             "date" : ISODate("2014-01-16T00:00:00Z"),

...             "grade" : "B",

...             "score" : 17

...          }

...       ],

...       "name" : "Vella",

...       "restaurant_id" : "41704620"

...    }

... )

WriteResult({ "nInserted" : 1 })

>

=============================================

[Ramin Maelstrom]

Hi Tom,

I have installed a RedHat Server 7.2

Distributor ID:    RedHatEnterpriseServer
Description:    Red Hat Enterprise Linux Server release 7.2 (Maipo)
Release:    7.2
Codename:    Maipo

And a MongoDB 3.2

mongodb-org.x86_64                   3.2.1-1.el7             @mongodb-org-3.2   
mongodb-org-mongos.x86_64            3.2.1-1.el7             @mongodb-org-3.2   
mongodb-org-server.x86_64            3.2.1-1.el7             @mongodb-org-3.2   
mongodb-org-shell.x86_64             3.2.1-1.el7             @mongodb-org-3.2   
mongodb-org-tools.x86_64             3.2.1-1.el7             @mongodb-org-3.2   

You cannot create Opal with a MongoDB without a user and password that is in an authentication DB. When you try to do that the same error occurs (as your partners). Personally, I recommend that they go through the steps I described before and enable the Client Access Control to really secure the Mongo databases. They can create an admin user for all DBs and an opaladmin for Opal DBs. 

Let me know if the above option is viable for your partners.

Regards,

Ramin

[Tom Bishop]

Thanks Ramin, I have worked through these steps myself (although on Ubuntu) and it seems to work. Hopefully the same will happen for our partners.

 

Thank you again for your support with this