MongoDB enabling encryption when dbPath is not empty

I installed mongoDB 6 and Percona for the encryption feature.

Unfortunately, I can not enable encryption (enableEncryption:true) because MongoDB has already some data at dbPath (ie /var/lib/mongodb) after its installation. I know that Percona can not enable encryption in existing data, but how can purge the data inside the dbPath to enable my local encryption? I am on Ubuntu 20

I tried to delete the files inside the dbPath, (security - Error when enabling data encryption using local key MONGODB - Stack Overflow) hoping that mongoDB will recreate the appropriate files with “empty” data but in this case, mongod service could not even be started.

Percona documentation says nothing about the steps needed to enable the encryption in this case. Any help?

The logs I get when

enableEncryption: true

{"t":{"$date":"2023-07-18T16:03:51.195+03:00"},"s":"I",  "c":"CONTROL",  "id":20698,   "ctx":"-","msg":"***** SERVER RESTARTED *****"}
{"t":{"$date":"2023-07-18T16:03:51.200+03:00"},"s":"I",  "c":"NETWORK",  "id":4915701, "ctx":"-","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":17},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":17},"outgoing":{"minWireVersion":6,"maxWireVersion":17},"isInternalClient":true}}}
{"t":{"$date":"2023-07-18T16:03:51.203+03:00"},"s":"W",  "c":"NETWORK",  "id":551190,  "ctx":"-","msg":"Server certificate has no compatible Subject Alternative Name. This may prevent TLS clients from connecting","tags":["startupWarnings"]}
{"t":{"$date":"2023-07-18T16:03:51.203+03:00"},"s":"I",  "c":"NETWORK",  "id":4913010, "ctx":"-","msg":"Certificate information","attr":{"subject":"emailAddress=g_papaioannou@rocketmail.com,CN=127.0.0.1,OU=IT,O=MinEdu.gr,L=Larisa,ST=Larisa,C=GR","issuer":"emailAddress=g_papaioannou@rocketmail.com,CN=127.0.0.1,OU=IT-formes,O=MinEdu.gr,L=Larisa,ST=\\C3\\8E\\C3\\8E\\C2\\B1Larisa,C=GR","thumbprint":"DDAF10E1464019C239AE37BF9563851ABBDF265F","notValidBefore":{"$date":"2021-12-03T10:09:07.000Z"},"notValidAfter":{"$date":"2038-05-08T10:09:07.000Z"},"keyFile":"/etc/ssl/mongoCer/mongodb.pem","type":"Server"}}
{"t":{"$date":"2023-07-18T16:03:51.206+03:00"},"s":"I",  "c":"CONTROL",  "id":23285,   "ctx":"main","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2023-07-18T16:03:51.206+03:00"},"s":"I",  "c":"NETWORK",  "id":4648601, "ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize."}
{"t":{"$date":"2023-07-18T16:03:51.220+03:00"},"s":"I",  "c":"REPL",     "id":5123008, "ctx":"main","msg":"Successfully registered PrimaryOnlyService","attr":{"service":"TenantMigrationDonorService","namespace":"config.tenantMigrationDonors"}}
{"t":{"$date":"2023-07-18T16:03:51.220+03:00"},"s":"I",  "c":"REPL",     "id":5123008, "ctx":"main","msg":"Successfully registered PrimaryOnlyService","attr":{"service":"TenantMigrationRecipientService","namespace":"config.tenantMigrationRecipients"}}
{"t":{"$date":"2023-07-18T16:03:51.220+03:00"},"s":"I",  "c":"REPL",     "id":5123008, "ctx":"main","msg":"Successfully registered PrimaryOnlyService","attr":{"service":"ShardSplitDonorService","namespace":"config.tenantSplitDonors"}}
{"t":{"$date":"2023-07-18T16:03:51.220+03:00"},"s":"I",  "c":"CONTROL",  "id":5945603, "ctx":"main","msg":"Multi threading initialized"}
{"t":{"$date":"2023-07-18T16:03:51.221+03:00"},"s":"I",  "c":"CONTROL",  "id":4615611, "ctx":"initandlisten","msg":"MongoDB starting","attr":{"pid":78773,"port":27017,"dbPath":"/var/lib/mongodb","architecture":"64-bit","host":"db-forms"}}
{"t":{"$date":"2023-07-18T16:03:51.221+03:00"},"s":"I",  "c":"CONTROL",  "id":23403,   "ctx":"initandlisten","msg":"Build Info","attr":{"buildInfo":{"version":"6.0.6-5","gitVersion":"b2fe1a70d01c32d2f2d6848dc3423aa2cfead3b2","openSSLVersion":"OpenSSL 1.1.1f  31 Mar 2020","modules":[],"allocator":"tcmalloc","environment":{"distarch":"x86_64","target_arch":"x86_64"}}}}
{"t":{"$date":"2023-07-18T16:03:51.221+03:00"},"s":"I",  "c":"CONTROL",  "id":51765,   "ctx":"initandlisten","msg":"Operating System","attr":{"os":{"name":"Ubuntu","version":"20.04"}}}
{"t":{"$date":"2023-07-18T16:03:51.221+03:00"},"s":"I",  "c":"CONTROL",  "id":21951,   "ctx":"initandlisten","msg":"Options set by command line","attr":{"options":{"config":"/etc/mongod.conf","net":{"bindIp":"0.0.0.0","port":27017,"tls":{"certificateKeyFile":"/etc/ssl/mongoCer/mongodb.pem","mode":"requireTLS"}},"processManagement":{"fork":true,"pidFilePath":"/var/run/mongodb/mongod.pid","timeZoneInfo":"/usr/share/zoneinfo"},"security":{"authorization":"disabled","enableEncryption":true,"encryptionKeyFile":"/etc/mongodb-keyfile","relaxPermChecks":true},"storage":{"dbPath":"/var/lib/mongodb"},"systemLog":{"destination":"file","logAppend":true,"path":"/var/log/mongodb/mongod.log"}}}}
{"t":{"$date":"2023-07-18T16:03:51.222+03:00"},"s":"I",  "c":"STORAGE",  "id":22270,   "ctx":"initandlisten","msg":"Storage engine to use detected by data files","attr":{"dbpath":"/var/lib/mongodb","storageEngine":"wiredTiger"}}
{"t":{"$date":"2023-07-18T16:03:51.222+03:00"},"s":"I",  "c":"STORAGE",  "id":22297,   "ctx":"initandlisten","msg":"Using the XFS filesystem is strongly recommended with the WiredTiger storage engine. See http://dochub.mongodb.org/core/prodnotes-filesystem","tags":["startupWarnings"]}
{"t":{"$date":"2023-07-18T16:03:51.222+03:00"},"s":"I",  "c":"STORAGE",  "id":29115,   "ctx":"initandlisten","msg":"Master encryption key has been read from the key management facility.","attr":{"keyManagementFacilityType":"encryption key file","keyIdentifier":{"encryptionKeyFilePath":"/etc/mongodb-keyfile"}}}
{"t":{"$date":"2023-07-18T16:03:51.223+03:00"},"s":"I",  "c":"STORAGE",  "id":29037,   "ctx":"initandlisten","msg":"Initializing KeyDB with wiredtiger_open config: {cfg}","attr":{"cfg":"create,config_base=false,extensions=[local=(entry=percona_encryption_extension_init,early_load=true,config=(cipher=AES256-CBC,rotation=false))],encryption=(name=percona,keyid=\"\"),log=(enabled,file_max=5MB),transaction_sync=(enabled=true,method=fsync),"}}
{"t":{"$date":"2023-07-18T16:03:52.066+03:00"},"s":"I",  "c":"STORAGE",  "id":29039,   "ctx":"initandlisten","msg":"Encryption keys DB is initialized successfully"}
{"t":{"$date":"2023-07-18T16:03:52.066+03:00"},"s":"I",  "c":"STORAGE",  "id":22315,   "ctx":"initandlisten","msg":"Opening WiredTiger","attr":{"config":"create,cache_size=1453M,session_max=33000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,remove=true,path=journal,compressor=snappy),builtin_extension_config=(zstd=(compression_level=6)),file_manager=(close_idle_time=600,close_scan_interval=10,close_handle_minimum=2000),statistics_log=(wait=0),json_output=(error,message),verbose=[recovery_progress:1,checkpoint_progress:1,compact_progress:1,backup:0,checkpoint:0,compact:0,evict:0,history_store:0,recovery:0,rts:0,salvage:0,tiered:0,timestamp:0,transaction:0,verify:0,log:0],encryption=(name=percona,keyid=\"/default\"),extensions=[local=(entry=percona_encryption_extension_init,early_load=true,config=(cipher=AES256-CBC)),],"}}
{"t":{"$date":"2023-07-18T16:03:52.095+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":95486,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:639:unable to read root page from file:WiredTiger.wt","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.095+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":95660,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:645:WiredTiger has failed to open its metadata","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.095+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":95703,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:648:This may be due to the database files being encrypted, being from an older version or due to corruption on disk","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.095+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":95774,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:651:You should confirm that you have opened the database with the correct options including all encryption and compression options","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.108+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":108100,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:639:unable to read root page from file:WiredTiger.wt","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.108+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":108225,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:645:WiredTiger has failed to open its metadata","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.108+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":108259,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:648:This may be due to the database files being encrypted, being from an older version or due to corruption on disk","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.108+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":108292,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:651:You should confirm that you have opened the database with the correct options including all encryption and compression options","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.120+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":119954,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:639:unable to read root page from file:WiredTiger.wt","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.120+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":120056,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:645:WiredTiger has failed to open its metadata","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.120+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":120104,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:648:This may be due to the database files being encrypted, being from an older version or due to corruption on disk","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.120+03:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":-31802,"message":{"ts_sec":1689685432,"ts_usec":120137,"thread":"78773:0x7f8797cbad00","session_dhandle_name":"file:WiredTiger.wt","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__wt_btree_tree_open:651:You should confirm that you have opened the database with the correct options including all encryption and compression options","error_str":"WT_ERROR: non-specific WiredTiger error","error_code":-31802}}}
{"t":{"$date":"2023-07-18T16:03:52.123+03:00"},"s":"W",  "c":"STORAGE",  "id":22347,   "ctx":"initandlisten","msg":"Failed to start up WiredTiger under any compatibility version. This may be due to an unsupported upgrade or downgrade."}
{"t":{"$date":"2023-07-18T16:03:52.123+03:00"},"s":"W",  "c":"STORAGE",  "id":22348,   "ctx":"initandlisten","msg":"WiredTiger metadata corruption detected"}
{"t":{"$date":"2023-07-18T16:03:52.123+03:00"},"s":"F",  "c":"STORAGE",  "id":50944,   "ctx":"initandlisten","msg":"Please read the documentation for starting MongoDB with --repair here: http://dochub.mongodb.org/core/repair"}
{"t":{"$date":"2023-07-18T16:03:52.123+03:00"},"s":"F",  "c":"ASSERT",   "id":23091,   "ctx":"initandlisten","msg":"Fatal assertion","attr":{"msgid":50944,"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp","line":1127}}
{"t":{"$date":"2023-07-18T16:03:52.123+03:00"},"s":"F",  "c":"ASSERT",   "id":23092,   "ctx":"initandlisten","msg":"\n\n***aborting after fassert() failure\n\n"}

It seems the removing all files inside the dbPath, enabling encryption and restarting the mongod service it resolves the problem. The files are recreated and it works as expected.

image