search

10gen / mongo-orchestration

Apache License 2.0
7 stars 11 forks source link

Cannot create initial user when clusterauthmode set #159

Closed bjori closed 9 years ago

bjori commented 9 years ago

clusterAuthMode needs to be stripped out when creating the initial user :]

{                                                                                    
    "name": "mongod",                                                                
    "id" : "STANDALONE-X509",                                                        
    "auth_key": "secret",                                                            
    "login": "root",                                                                 
    "password": "toor",                                                              
    "procParams": {                                                                  
        "dbpath": "/tmp/standalone-x509/",                                           
        "ipv6": true,                                                                
        "logappend": true,                                                           
        "logpath": "/tmp/standalone-x509/m.log",                                     
        "journal": true,                                                             
        "port": 2300,                                                                
        "setParameter": {"enableTestCommands": 1}                                    
    },                                                                               
    "sslParams": {                                                                   
        "clusterAuthMode": "x509",                                                   
        "sslMode": "requireSSL",                                                     
        "sslCAFile": "/phongo/scripts/ssl/ca.pem",                                   
        "sslPEMKeyFile": "/phongo/scripts/ssl/server.pem",                           
        "sslWeakCertificateValidation": true                                         
    }                                                                                
}

results in:

2014-12-19T10:27:52.220-0800 [conn1] end connection 192.168.112.10:54698 (1 connection now open) 2014-12-19T10:27:52.228-0800 [conn2] warning: no SSL certificate provided by peer 2014-12-19T10:27:52.231-0800 [initandlisten] connection accepted from 192.168.112.10:54700 #3 (2 connections now open) 2014-12-19T10:27:52.232-0800 [conn2] end connection 192.168.112.10:54699 (1 connection now open) 2014-12-19T10:27:52.238-0800 [conn3] warning: no SSL certificate provided by peer 2014-12-19T10:27:52.239-0800 [conn3] Unauthorized not authorized on admin to execute command { usersInfo: "root" } 2014-12-19T10:27:52.240-0800 [conn3] Unauthorized not authorized on admin to execute command { createUser: "root", pwd: "xxx", digestPassword: false, roles: [ "__system", "clusterAdmin", "dbAdminAnyDatabase", "readWriteAnyDatabase", "userAdminAnyDatabase" ], writeConcern: { fsync: true } } 2014-12-19T10:27:52.241-0800 [signalProcessingThread] got signal 15 (Terminated), will terminate after current cmd ends 2014-12-19T10:27:52.241-0800 [conn3] end connection 192.168.112.10:54700 (0 connections now open)

llvtt commented 9 years ago

resolved in 9aa35e28487ce87da61996a25c9dccbf1367ee98