0

I've ran into this super annoying issue today.

Basically, I have setup a MongoDB database using the GCP Marketplace offering. It sets up a primary node, secondary, and an arbiter. Which is super cool. What it doesn't do is security. Like, at all. So only natural I had to set it up myself. Well, now 20 hours later and a few good punches to my own face I am still struggling to get it running.

Basically, this is my partial config:

security:
  authorization: enabled
  keyFile: '/etc/mongodKey'

If I comment out the keyFile the instance runs. But it cannot connect to any other nodes, because of the security being enabled. And no, I cannot disable it, are you mad?

The thing about the keyFile though... As I understand, mongod cannot open it, so it won't start. I suppose /etc is not a good place to put it in? I tried other folders, but to no avail. Nothing works.

And I need to have that security measure, since the database needs to be connected to by my colleagues using Robo 3T. So dropping the external IP address is out of the question.

What me do wrong? Please help as I'm pulling my own hair out.

This is the output of sudo service mongod status:

● mongod.service - MongoDB Database Server
   Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2019-08-21 15:28:08 UTC; 4min 29s ago
     Docs: https://docs.mongodb.org/manual
  Process: 1024 ExecStart=/usr/bin/mongod --config /etc/mongod.conf (code=exited, status=1/FAILURE)
 Main PID: 1024 (code=exited, status=1/FAILURE)
Aug 21 15:28:08 m-vm-0 systemd[1]: Started MongoDB Database Server.
Aug 21 15:28:08 m-vm-0 systemd[1]: mongod.service: Main process exited, code=exited, status=1/F
Aug 21 15:28:08 m-vm-0 systemd[1]: mongod.service: Unit entered failed state.
Aug 21 15:28:08 m-0 systemd[1]: mongod.service: Failed with result 'exit-code'.

Edit:

I checked the mongod.log. Yes it is a permission issue. And I cannot solve it.

I tried doing sudo chmod 400 /etc/mongodKey but it doesn't do anything. Please, someone, where do I put the key file so it is readable by mongodb? This is very important!

Improve this question
1
  • Ok, nvm. I got in trouble and then by accident I did sudo chmod 600 /etc and now I can't access that folder anymore. So the whole deployment is fucked and can't be fixed. Well, getting fired is not bad. I'll finally move onto doing something else. Fuck devops and fuck programming.
    – Dom Berk
    Commented Aug 21, 2019 at 16:32

1 Answer 1

Reset to default
0

If you use the GCP MongoDB marketplace deployment named "MongoDB", that allows you to setup replication, know the following:

They do not setup the security in the initial configuration, thus there are 2 options:

  1. Turn off the External IP
  2. Enable authorization in the mongod.conf

If you go for the first solution, you won't be able to easily connect to the database from any other external sources.

If you go for the second solution, you'll need to do the following:

  1. Generate a key, the whole process can be found here: https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/

  2. Copy the file contents

  3. SSH into all of your Compute Engine instances
  4. Choose a directory
  5. sudo touch <path to key>
  6. sudo nano <path to key>
  7. Paste the key you generated on your computer and save
  8. sudo chmod 600 <path to key>
  9. sudo chown mongodb: <path to key>
  10. Update your mongod.conf which is found under /etc/mongod.conf
  11. Uncomment security, authorization, keyFile
  12. Provide the path under key keyFile to your keyfile
  13. Stop all instances and start them again

Now MongoDB has access to the keyfile.

What as nightmare. And chmod 400 <path to key> didn't work for me as specified in the documentation. I had to set it to chmod 600 <path to key>.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .