PMXBOT Log file Viewer

Help | Karma | Search:

#mongodb logs for Tuesday the 15th of May, 2018

(Back to #mongodb overview) (Back to channel listing) (Animate logs)
[07:03:38] <Haris> hello all
[07:05:33] <Haris> on 3.6.4. I created an admin user, added the following in config fil and then restarted mongodb;
[07:05:33] <Haris> security:
[07:05:34] <Haris> authorization: "enabled"
[07:05:48] <Haris> since then, mongod wouldn't start
[07:06:04] <Haris> am I doing something wrong for 3.6.4 ?
[07:06:23] <Haris> this is ubuntu xenial (16.x)
[07:07:07] <Haris> guys ?
[07:08:08] <Haris> how to make the server restart with auth enabled ?
[07:09:42] <Haris> is it different for 3.6.4 ?
[07:09:58] <Haris> doc says I have to start mongod manually
[07:22:12] <lqez> Haris: Is there an error msgs in your log file?
[07:38:43] <mipo> hi :)
[07:40:26] <mipo> I have this structure document. and now I want to fetch all records which has available_users[count] == 30
[07:40:36] <mipo> or greater than 30
[07:41:01] <mipo> I've tried this but it didn't work: db.MyDoc.find({ available_users: { $all: [{count: {$gte: 30}}] } })
[07:41:36] <mipo> so, how to fetch all records which has available_users[count] >= 30
[07:41:37] <mipo> ?
[07:52:39] <Haris> server isn't starting
[07:52:48] <Haris> I get error on the line authorization: "enabled"
[08:34:36] <lqez> Haris: did you test it without quotation marks? like `authorization: enabled`
[08:48:44] <Haris> hmm
[08:48:45] <Haris> yes
[08:56:07] <naggappan> Hi team has some one used js scripts while starting the mongo db docker container. I have placed the scritps to /docker-entrypoint-initdb.d but it is not getting executed
[09:09:11] <lqez> Haris: what was your error msg? Please follow https://docs.mongodb.com/manual/tutorial/enable-authentication/ line by line
[09:15:55] <cryomatter> Hi guys, what patterns exists for launching mongos instances? I can imagine they can be launched on dedicated machines, on shard servers, on config servers and on application servers. Which one of these are you using guys?
[09:16:51] <derick> on the application servers
[09:18:52] <cryomatter> derick: thank you! May I ask you specs for your average appliation server and size of average collection in mongo?
[09:19:43] <derick> cryomatter: I don't run it in production, it's just trying things out
[09:20:04] <cryomatter> derick: okay, understood.
[09:49:36] <naggappan> @lqez: Do you know how to run init kind of scripts? like I need to create a DB and collections when I start the docker. Is it possible? I pushed scripts to /docker-entrypoint-initdb.d but those js files are not getting exected
[09:51:11] <lqez> how about to put them on /etc/rc.local
[10:09:48] <Haris> lqez: that url shows manual start of mongodb. plus it doesn't show how to configure it in /etc/mongodb.conf
[10:10:10] <Haris> I need a way to configure it in config file and just restart mongodb systemd service once
[10:10:36] <Haris> that url shows the 'rudimentary' way of what's needed to be done the right way
[10:10:53] <derick> Haris: https://docs.mongodb.com/manual/reference/configuration-options/#security.authorization
[10:11:05] <derick> it's linked from https://docs.mongodb.com/manual/tutorial/enable-authentication/#re-start-the-mongodb-instance-with-access-control
[10:11:14] <lqez> Yes, so I gave it to you.
[10:11:42] <derick> make sure you use the format as is described in https://docs.mongodb.com/manual/reference/configuration-options/#security-options though
[10:11:43] <Haris> hmm
[10:11:55] <derick> lqez: sorry, didn't see you had
[10:12:19] <lqez> First of all, try to run it --auth option with your own database
[10:12:19] <Haris> is it security.authorization is config file or security: \n\t\t authorization: enabled ?
[10:12:24] <Haris> ok
[10:12:29] <derick> the latter Haris
[10:12:39] <derick> just one \t though
[10:12:48] <derick> yaml is sensitive like that
[10:13:00] <lqez> yes, even we're in 21c
[10:15:27] <joannac> derick: our docs say "YAML does not support tab characters for indentation: use spaces instead.
[10:15:32] <joannac> are you sure tabs work?
[10:16:52] <derick> sorry, two spaces, then
[10:16:59] <derick> YAML (of course) does not do \t at all
[10:17:07] <derick> (one if the reasons I'm not a fan!)
[10:23:10] <Haris> its strange
[10:23:28] <Haris> when I run mongo with no -u / -p I get mongo cli prompt. I then auth
[10:23:39] <Haris> but there's no mention of what dbs a user can access
[10:23:56] <joannac> `show dbs` ?
[10:24:07] <Haris> or how to configure it, so that user only sees his own dbs only
[10:24:16] <derick> doesn't that just list all of them regardless of whether you have access?
[10:25:01] <Haris> yep
[10:25:05] <Haris> I need to limit that
[10:25:22] <Haris> to only the assigned dbs or the dbs to which access was granted. not the rest
[10:25:49] <lqez> btw, how did you begin mongod? --auth or after fixing mongodb.conf?
[10:26:00] <Haris> so far, with --auth
[10:26:08] <Haris> still need to know how to do it in mongodb.conf
[10:26:17] <lqez> then you must have a syntax problem on your conf
[10:26:27] <lqez> like derick and joannac said above
[10:26:31] <derick> Haris: both lqez and I linked you to the configuration file way of doing that now?
[10:26:48] <derick> it should tell you when the file has syntax errors
[10:27:37] <Haris> that url says configure ecurity.authorization = "enabled", where-as config file says it should be security: \n\t authorization: "enabled"
[10:27:43] <derick> no
[10:27:56] <derick> security:\n authorization: "enabled"
[10:28:00] <derick> no \t, just " "
[10:28:15] <Haris> using spaces
[10:30:22] <Haris> 2018-05-15T15:29:48.300+0500 E STORAGE [initandlisten] WiredTiger error (13) [1526380188:300413][10284:0x7f3b68cd09c0], file:WiredTiger.wt, connection: /var/lib/mongodb/WiredTiger.turtle: handle-open: open: Permission denied
[10:30:22] <Haris> 2018-05-15T15:29:48.301+0500 E - [initandlisten] Assertion: 28595:13: Permission denied src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp 416
[10:30:22] <Haris> 2018-05-15T15:29:48.302+0500 I STORAGE [initandlisten] exception in initAndListen: Location28595: 13: Permission denied, terminating
[10:30:46] <lqez> it does not related with security / auth things
[10:31:07] <Haris> I have no mongodb process running. why is it exiting ?
[10:31:24] <Haris> do I need to configure apparmor on this ubuntu box to allow access to this file/folder/socket ?
[10:31:52] <derick> you probably are not starting mongodb as the right user
[10:32:00] <Haris> I'm root
[10:32:09] <derick> ls -l /var/lib/mongodb/WiredTiger.turtle shows?
[10:32:41] <derick> it's possibel that with init scripts, it still tries to start it as a different user (mongodb)
[10:32:44] <Haris> # ls -l /var/lib/mongodb/WiredTiger.turtle
[10:32:44] <Haris> -rw------- 1 root root 1071 May 15 15:28 /var/lib/mongodb/WiredTiger.turtle
[10:32:47] <lqez> It might be changed to root:root while you're running mongo with --auth option
[10:32:53] <derick> and as you have started mongodb yourself by hand, that might now no longer work
[10:33:07] <lqez> yeah
[10:33:19] <Haris> that actually worked. now I stopped it. and attempted to restart it via systemd
[10:33:31] <Haris> that bit failed
[10:33:33] <lqez> then you have to give it back to mongodb
[10:33:51] <lqez> like `chown -R mongodb:mongodb /var/lib/mongodb/`
[10:33:58] <Haris> should I remove this file ? most probably mongo will recreate it ?
[10:34:31] <lqez> Haris: try it again after changing the permission
[10:34:32] <Haris> ok chown done
[10:35:13] <Haris> ok. this time it started normally
[10:35:14] <lqez> got luck?
[10:35:25] <Haris> space vs \t issue :[
[10:35:28] <lqez> yeah it should
[10:35:44] <Haris> yes
[10:39:57] <naggappan> @lqez can you give me some example js file to create a collection
[10:41:23] <lqez> most simplest one is: db.createCollection("sample")
[10:41:52] <lqez> Please see https://docs.mongodb.com/manual/reference/method/db.createCollection/ for more
[10:42:45] <lqez> And also https://docs.mongodb.com/manual/tutorial/write-scripts-for-the-mongo-shell/ will help you to write scripts
[10:47:40] <Haris> has the consistency of writes been improved since 3.4.x ?
[10:51:07] <derick> consistency? you're going to have to clarify what you mean
[10:52:02] <Haris> there was an article, which linked to many other articles about botched write consistency issue since 2.x, till 3.4.x
[10:52:09] <Haris> I have it bookmarked somewhere
[10:54:01] <derick> do you mean the jepsen tests?
[10:54:17] <Haris> ok. now I'm connected as the admin or admin with role userAdminAnyDatabase. still when I craete new db, collection, I get error, that I'm not authorized
[10:54:41] <derick> i think there is a different role for *creating* dbs
[10:57:47] <Haris> how many roles are there ? Can I assign them all to my admin user ?
[10:57:56] <Haris> dumb Q. but still asking
[10:59:03] <derick> sure
[10:59:32] <derick> there are a lot of roles: https://docs.mongodb.com/manual/reference/built-in-roles/
[10:59:45] <Haris> will I need to turn off / disable auth to make it happen or can I do it from this level ?
[11:00:28] <Haris> via cli
[11:01:15] <Haris> common sense says, useradminanydatabase role can't do it. will have to turn off auth
[11:01:46] <derick> that seems likely, but I'm not an expert
[11:02:25] <Haris> turning off auth untill I have at least one absolute admin role, to safeguard against all scenarios'
[11:21:16] <Haris> the built-in roles page could use some examples under a heading
[11:26:15] <Haris> is there a page on how to add roles via cli ? a cheat sheet sort, a quick preview of things
[11:32:37] <Haris> how to add a superuser priv role for an already existing user. my two attempts failed
[11:34:05] <lqez> Haris: If you wanna make a super-user, please see https://stackoverflow.com/questions/22638258/create-superuser-in-mongo
[11:34:16] <lqez> I don't know why MongoDB uses these rules, but they did
[13:38:54] <maryo_> Hello derick, possible for you to help me with setting up an SSH Tunnel? for accessing the MongoDB?
[13:41:02] <derick> somebody mentioned last night that Compass already lets you do that
[13:41:55] <derick> in the "Connect to Host" screen, you can just change "SSH Tunnel" to "Use Password" and fill in the details
[13:42:17] <maryo_> derick, perfect I will try that o/
[13:42:53] <derick> the docs are at https://docs.mongodb.com/compass/current/connect/ too
[14:02:10] <maryo_> thank you derick
[14:05:32] <derick> works?
[14:12:08] <maryo_> derick, yep just got it working :)
[14:12:12] <maryo_> thanks a ton