search

percona / mongodb_exporter

A Prometheus exporter for MongoDB including sharding, replication and storage engines
Apache License 2.0
1.15k stars 426 forks source link

aggregate: \"system.profile\" permission denied #784

Open andrii88-ku opened 7 months ago

andrii88-ku commented 7 months ago

i have mongodb_exporter - MongoDB Prometheus exporter Version: v0.40.0 Commit: cb3db89 Build date: 2023-11-08T07:32:28Z

with next options

OPTIONS="--mongodb.uri=mongodb://siteRootAdmin:****@127.0.0.1:27017 --collect-all --discovering-mode --compatible-mode --collector.diagnosticdata --collector.collstats --collector.replicasetstatus --collector.dbstats --collector.topmetrics --collector.indexstats --log.level=warn --web.listen-address=:9001 --collector.dbstatsfreestorage --mongodb.global-conn-pool "

descriptions for user siteRootAdmin

{ "_id" : "admin.siteRootAdmin", "userId" : UUID("9e35a9f6-8ead-4696-a694-9988f6d735d8"), "user" : "siteRootAdmin", "db" : "admin", "roles" : [ { "role" : "readAnyDatabase", "db" : "admin" }, { "role" : "root", "db" : "admin" } ], "mechanisms" : [ "SCRAM-SHA-1", "SCRAM-SHA-256" ] }

But on exporter logs i have next errors:

Jan 22 18:49:15 dc3-mng-common-test-01-vs.test-fuib.com mongodb_exporter[42002]: time="2024-01-22T18:49:15+02:00" level=error msg="cannot get $indexStats cursor for collection orbusdb.system.profile: (Unauthorized) not authorized on orbusdb to execute command { aggregate: \"system.profile\", pipeline: [ { $indexStats: {} } ], cursor: {}, lsid: { id: UUID(\"229f9246-e6eb-4e28-a35b-d08eca870d02\") }, $clusterTime: { clusterTime: Timestamp(1705942146, 1), signature: { hash: BinData(0, 8B5C5F7605DB359139169C045DE5EA820B50F81C), keyId: 7281938929484300292 } }, $db: \"orbusdb\", $readPreference: { mode: \"primaryPreferred\" } }" Jan 22 18:49:15 dc3-mng-common-test-01-vs.test-fuib.com mongodb_exporter[42002]: time="2024-01-22T18:49:15+02:00" level=error msg="cannot get $indexStats cursor for collection astradb.system.profile: (Unauthorized) not authorized on astradb to execute command { aggregate: \"system.profile\", pipeline: [ { $indexStats: {} } ], cursor: {}, lsid: { id: UUID(\"229f9246-e6eb-4e28-a35b-d08eca870d02\") }, $clusterTime: { clusterTime: Timestamp(1705942146, 1), signature: { hash: BinData(0, 8B5C5F7605DB359139169C045DE5EA820B50F81C), keyId: 7281938929484300292 } }, $db: \"astradb\", $readPreference: { mode: \"primaryPreferred\" } }"

What is wrong, what privileges are missing for siteRootAdmin Thanks.

siegenthalerroger commented 4 months ago

Hi @andrii88-ku I ran into a similar issue with Unauthorized for $indexstats. I discovered this error only appeared for secondaries, not the primary. I believe MongoDB doesn't provide these infos on secondaries, the same is true for anything that requires a secondary. The "unauthorized" is a red-herring.

If this is the case for you too, I think percona should make sure to not request metrics from replicas that won't be able to provide answers.