Log file Viewer

[01:05:08] <jeff__> Hello

[01:08:01] <jeff__> Hello, I'm trying to setup MongoDB's SSL. I've compiled a MongoDB and created my self-signed certificate with a private key. However, when I start the mongoDB with the sslMode = requireSSL, sslPEMKeyFile = /etc/ssl/mongodb.pem, it shows that I need to have a CA

[01:08:30] <jeff__> However, I'm not using any validate certificate at this point, and only have a self-signed certificate.

[01:09:20] <jeff__> I read through many articles about SSL with MongoDB, but most of the use CA, and the official guideline on the mongodb website does not work

[01:10:25] <jeff__> Hope you guys can help me on this -- Question summary: Can I use self-signed certificate with MongoDB (SSL)? If so, how to configure Mongo, given I already have a SSL-version Mongo and the keys.

[01:10:28] <jeff__> THanks!

[01:13:34] <joannac> I didn't think mongod would refuse to start without --sslCAFile

[06:29:37] <inad922> hello

[06:29:45] <inad922> How does one store files in mongodb?

[06:32:52] <joannac> gridfs

[07:21:44] <johnste_> Can I tag queries so I can distinguish queries from different sources (but same user, client, etc)?

[07:26:57] <johnste_> Ah, $comment should probably work.

[07:27:53] <joannac> with profiling on, yes

[08:57:47] <MoTiOnXml> \o all

[09:25:52] <_NiC> I have a user that looks like this: { "_id" : ObjectId("508a86ec2e5d5e01ccbbf1ee"), "user" : "admin", "readOnly" : false, "pwd" : "passwordhash" } but I'm confused ... what privileges does this user have?

[09:26:27] <_NiC> that's in the admin db btw.

[09:27:57] <rspijker> which version of mongod is this _NiC ?

[09:28:09] <_NiC> rspijker, 2.4

[09:28:38] <_NiC> .8

[09:29:08] <rspijker> that’s not really a valid user document then...

[09:29:21] <_NiC> rspijker, I'm setting up the mikoomi zabbix plugin, and trying to figure out what user to create for it to read the stats.. that user above is from a dev environment

[09:29:31] <rspijker> that looks like a 2.2 formatted document

[09:29:46] <rspijker> in 2.2 there was a readOnly field iirc

[09:29:46] <_NiC> could be. that environment might've been upgraded from 2.2 at some point

[09:30:01] <rspijker> in 2.4 it looks like this: http://docs.mongodb.org/v2.4/reference/method/db.addUser/

[09:30:36] <rspijker> o, there’s actually a bit htere about legacy documents

[09:30:38] <rspijker> read that :)

[09:30:41] <_NiC> yeah, that's how I've added my current users. I guess what I'm looking for is the role needed for a monitoring user to fetch what it needs

[09:31:18] <_NiC> ah, right. that makes sense.

[09:31:53] <rspijker> it depends on your mikoomi config

[09:32:01] <rspijker> well.. how you’ve hacked the script, really.. :P

[09:32:09] <_NiC> hehe

[09:32:23] <_NiC> we haven't done much, just added some 2.4 stuff

[09:32:27] <rspijker> I think the default set of info it gathers requires quite a bit of privs

[09:35:00] <_NiC> hm.

[09:46:06] <_NiC> clusterMonitor didn't seem to help

[09:46:39] <_NiC> it was only listed on the 2.6 docs though :-\

[09:50:37] <_NiC> readAnyDatabase didn't work either :(

[09:53:05] <rspijker> what are you seeing exactly?

[09:53:27] <_NiC> the user isn't even able to fetch the mongodb_version

[09:53:31] <_NiC> which seems a bit strange.

[09:53:40] <_NiC> I'll try to connect with my admin user

[09:53:52] <rspijker> the script might be kind of all or nothing...

[09:54:01] <rspijker> as in, if anything fails, it just doesn;t report back anything

[09:54:16] <_NiC> there are actually some items that has values in the .data file

[09:55:04] <_NiC> with my admin user who has all kinds of permissions, I get lots of data

[09:56:27] <rspijker> yeah… some values will require very precise privs to get

[09:56:42] <rspijker> like read on config, read on admin, etc.

[09:56:58] <rspijker> and some roles are a bit unclear. iirc readAnyDatabase does NOT include read on admin, for instance

[09:57:08] <_NiC> oh

[09:57:46] <_NiC> hm..

[09:58:24] <_NiC> so if I add otherDBRoles: { admin: read } that might do it? *tries*

[10:01:15] <rspijker> things like serverStatus, which I think is used quite extensively, require clusterAdmin

[10:01:41] <rspijker> I think that’s probably the command used to get the version, for instance

[10:02:12] <_NiC> Eek. Seems a bit scary to give admin rights.. :-)

[10:04:17] <_NiC> gave it clusterAdmin and readAnyDatabase now, works fine. I'll try to remove the last

[10:04:47] <rspijker> clusterAdmin is probably the most important. Since it provides access to the serverStatus command

[10:05:10] <rspijker> if you’re really worried, I’d advise upgrading to 2.6. It gives you much more controls in terms of access mgmt

[10:06:13] <_NiC> without readAnyDatabase some stuff failed

[10:07:04] <_NiC> I'll go for "clusterAdmin", "readAnyDatabase" then

[10:07:11] <_NiC> And consider upgrading to 2.6 :-)

[10:07:13] <_NiC> Thanks for your help!

[10:07:24] <_NiC> (again)

[10:10:13] <rspijker> no worries

[11:24:21] <_NiC> When restoring a database, I get "Error creating index mycollection.users: 16548 not authorized to create index on mycollection.users

[11:24:48] <_NiC> the user has readWrite and dbAdmin in the database

[11:26:43] <_NiC> dbAdmin should provide ensureIndex() which allows it to create an index..

[11:26:47] <_NiC> I'm confused :-\

[11:41:38] <_NiC> hm, ah. no. it was system.

[11:41:41] <_NiC> the users.

[11:41:49] <_NiC> which I'll skip from the restore.

[11:41:51] <_NiC> all is good. :-)

[13:13:29] <jatt> hi, I imported a csv file using mongoimport but when I check the collection the number of objects (got with .count()) is different than the number of rows in the file. what could be the reason of this?

[13:14:49] <jatt> I'm using mongodb version v2.4.9.

[13:51:03] <MathiasM> hey! anyone here?? :)

[14:15:56] <_NiC> MathiasM, I count 371 nicknames, so I'd say... yes.

[14:36:50] <jeff__> Hello, I'm trying to setup MongoDB's SSL. I've compiled a MongoDB and created my self-signed certificate with a private key. However, when I start the mongoDB with the sslMode = requireSSL, sslPEMKeyFile = /etc/ssl/mongodb.pem, it shows that I need to have a CA. However, I'm not using any validate certificate at this point, and only have a self-signed certificate. Hope you guys can help me on this -- Question summary: Can I use self-signed

[14:36:51] <jeff__> certificate with MongoDB (SSL)? If so, how to configure Mongo, given I already have a SSL-version Mongo and the keys.

[14:37:14] <jeff__> (I asked this question yesterday but I leave the chat room…. not sure if someone answered that already. Thanks.)

[14:42:23] <rspijker> jeff__: hmmm, according to the docs it should be fine if you just don’t specify the CA file

[14:43:28] <jeff__> No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter

[14:43:57] <jeff__> this is the warning msg if I don’t have a CA file

[14:44:12] <jeff__> Although it’s only a warning msg, mongodb does not start.

[14:46:19] <rspijker> which version of mongodb is this jeff__ ?

[14:46:43] <jeff__> db version v2.6.3 (sorry, I should mention this earilier)

[14:53:37] <includex> hi guys, what's de difference between mongodb-10gen and mongodb-org packages? (can I read it somewhere?)

[14:54:44] <kali> includex: -10gen are obsolete

[14:54:58] <kali> includex: 10gen is the former name of the company developping mongodb

[14:55:14] <includex> kali ahhhh ok then... mystery solved :)

[14:55:20] <includex> kali many thanks :)

[14:55:48] <rspijker> jeff__: then I have no idea… Aparently the docs are wrong :/

[14:56:19] <jeff__> hmm…thanks

[15:03:29] <level09> has any one worked with mongoengine ?

[15:07:46] <Number6> kali: -10gen is not obsolete. -10gen was the package name used pre 2.6.X

[15:08:51] <Number6> 2.4 is still supported, with bug fixes as needed.

[15:10:22] <level09> what is the best field type to store bcrypt hash strings ?

[16:31:06] <auroraeosrose> jmikola you about?

[21:21:05] <BigOrangeSU> Hi All-

[21:22:10] <BigOrangeSU> Had a quick question about mongo oplog, I wanted to know the recommended practice for iterating through collections then ETL'ing to a different system, then tailing the oplog. How can I ensure that while I am doing the first import of the collections, then I start tailing the oplog, I don't process duplicate data?