Not the answer you need?
Register and ask your own question!

Privileges required to monitor a MongoDB router

ac2ac2 ContributorInactive User Role Beginner
I was trying to setup the monitoring of a MongoDB sharded cluster and, although I have been able to configure the replica sets (shards), I am struggling to properly work with the MongoDB routers.
pmm-client connect using a user (previously used with MMS) called mms with clusterMonitor and readAnyDatabase roles, but as soon as I activate the mongodb:metrics service, the mongos log file is filled with messages like the following (coming 1 block per second):

2016-12-13T15:51:48.622+0000 I ACCESS [conn559] Successfully authenticated as principal mms on admin
2016-12-13T15:51:48.623+0000 I NETWORK [conn559] query on admin.$cmd: { query: "1", help: 1 } failed to: mongocfg-hxvm-001:27019 (10.7.49.239) exception: "query" had the wrong type. Expected Object, found String
2016-12-13T15:51:48.623+0000 I NETWORK [conn559] query on admin.$cmd: { query: "1", help: 1 } failed to: mongocfg-pgvm-001:27019 (10.42.24.102) exception: "query" had the wrong type. Expected Object, found String
2016-12-13T15:51:48.623+0000 I NETWORK [conn559] query on admin.$cmd: { query: "1", help: 1 } failed to: mongocfg-oyvm-001:27019 (10.32.24.102) exception: "query" had the wrong type. Expected Object, found String
2016-12-13T15:51:48.623+0000 W NETWORK [conn559] db exception when initializing on config, current connection state is { state: { conn: "SyncClusterConnection [mongocfg-hxvm-001:27019 (10.7.49.239),mongocfg-pgvm-001:27019 (10.42.24.102),mongocfg-oyvm-001:2...", vinfo: "config:mongocfg-hxvm-001:27019,mongocfg-pgvm-001:27019,mongocfg-oyvm-001:27019", cursor: "(empty)", count: 0, done: false }, retryNext: false, init: false, finish: false, errored: false } :: caused by :: 6 all servers down/unreachable when querying: mongocfg-hxvm-001:27019,mongocfg-pgvm-001:27019,mongocfg-oyvm-001:27019

Checking the 42003 daemon log, it displays the following entries:

E1213 15:51:53.106705 21846 sharding_topology.go:85] Failed to execute find query on 'config.chunks'!
E1213 15:51:53.532863 21846 sharding_topology.go:112] Failed to execute find query on 'config.collections'!
E1213 15:51:53.624214 21846 sharding_topology.go:85] Failed to execute find query on 'config.chunks'!

However the mms user is able to issue queries against the config database:

mongos> db.auth('mms','XXXXXXXX')
1
mongos> use config
switched to db config
mongos> db.chunks.findOne()
{
"_id" : "eva_hsapiens_grch37.variants_1_2-chr_"5"start_506294",
"lastmod" : Timestamp(15246, 0),
"lastmodEpoch" : ObjectId("574806fe54d3eec4a2fb2ec9"),
"ns" : "eva_hsapiens_grch37.variants_1_2",
"min" : {
"chr" : "5",
"start" : 506294
},
"max" : {
"chr" : "5",
"start" : 616474
},
"shard" : "ebiclu01rs04"
}

Can anyone please help?

Regards,
Alessio

Comments

  • weberweber Advisor Inactive User Role Beginner
    Hello,

    Looks like you need to create user according to the instructions here https://github.com/Percona-Lab/prome...ngodb_exporter

    db.getSiblingDB("admin").createUser({ user: "mongodb_exporter", pwd: "s3cr3tpassw0rd", roles: [ { role: "clusterMonitor", db: "admin" }, { role: "read", db: "local" } ] })
  • ac2ac2 Contributor Inactive User Role Beginner
    Hello and thanks a lot for your reply.

    I am a bit confused by your answer, I don't have any problem with the monitoring of the mongod processes (where the local database is relevant), the issues are related to the mongos, where local in not an entity. Moreover the warning that are reported are related to the config database, apparently.
    The "mms" use I use with the mongodb_exporter has the following privileges on all the nodes:

    { "_id" : "admin.mms", "user" : "mms", "db" : "admin", "credentials" : { "MONGODB-CR" : "XXXXXXX" }, "roles" : [ { "role" : "clusterMonitor", "db" : "admin" }, { "role" : "readAnyDatabase", "db" : "admin" } ] }

    As you can see I have included readAnyDatabase on the admin database, which should be a superset of read on any specific database.
This discussion has been closed.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.