问题
We have a MongoDB (v 3.2.8) replicaSet with the following configuration:
replication:
replSetName: replica
security:
keyFile: mongo.key
Our replicaSet status rs.status() currently looks like this:
{
"set" : "replica",
"date" : ISODate("2016-11-11T15:43:29.164Z"),
"myState" : 1,
...
"members" : [
{
"_id" : 4,
"name" : "mongo_1:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 155,
...
"self" : true
}
{
"_id" : 5,
"name" : "mongo_2:27017",
"health" : 1,
"state" : 1,
"stateStr" : "SECONDARY",
"uptime" : 145,
...
"self" : false
},
{
"_id" : 6,
"name" : "mongo_3:27017",
"health" : 1,
"state" : 1,
"stateStr" : "SECONDARY",
"uptime" : 150,
...
"self" : false
}
],
"ok" : 1
}
For authentication, we have the following user (db.getUsers()) in the admin database:
[
{
"_id" : "admin.user",
"user" : "user",
"db" : "admin",
"roles" : [
{
"role" : "clusterManager",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "backup",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "db_users"
},
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "restore",
"db" : "admin"
}
]
}
]
When we try connecting from a Rails application, we get the authentication errors in the log files of the secondary members:
I ACCESS [conn221] authenticate db: admin
{ authenticate: 1, user: "user", nonce: "xxx", key: "xxx" }
I ACCESS [conn221] Failed to authenticate user@admin with mechanism
MONGODB-CR: AuthenticationFailed: MONGODB-CR credentials missing in
the user document
I ACCESS [conn221] Unauthorized: not authorized on db_users
to execute command { aggregate: "mongo_users", pipeline: [...],
cursor: {}, allowDiskUse: true }
On dropping the secondary members from the replica set, every read/write query works fine on the primary mongoDB server. Also note that the command mongo db_users -u user --password password --authenticationDatabase admin works fine locally on all the three members. Our rails application uses 'mongoid' v(5.1.1) gem as the MongoDB client, with the following settings in mongoid.yml.
production:
clients:
default:
database: db_users
hosts:
- mongo_1:27017
- mongo_2:27017
- mongo_2:27017
options:
user: 'user'
password: 'password'
auth_source: admin
safe: true
wait_queue_timeout: 300
read:
mode: :secondary_preferred
We are also facing similar authentication issues when trying to connect using mongo_engine on our Flask backend, the difference being that it fails to authenticate at all on having the security option enabled in mongoid.conf. Wondering if we are setting up the user role correctly in the admin database, or if someone has faced similar issues while setting up replicaSet configurations, and possible solutions for our issue.
来源:https://stackoverflow.com/questions/41702142/mongodb-replicaset-authentication-issue-with-secondary