Hi,
I am using 5.4.0-66-generic #74~18.04.2-Ubuntu
So I am facing issue in mongodb service after integrate or enable encryption in mongodb.conf
So My question is HashiCorp Vault integration only support bionic kernal only?
1 Like
Hi Vijendra.
I don’t know off the top of my head what linux distributions Hashicorp Vault can be installed on, sorry.
From the position of Percona Server for MongoDB this is another program, on another server, that it reaches over a TCP network. So it doesn’t matter if you use the same OS as your MongoDB server or a different one.
https://www.percona.com/doc/percona-server-for-mongodb/LATEST/data_at_rest_encryption.html
1 Like
@Akira_Kurogane
can you please help me out
i got error when restart mongodb service
{"t":{"$date":"2021-03-23T18:32:06.239+05:30"},"s":"I", "c":"CONTROL", "id":20698, "ctx":"main","msg":"***** SERVER RESTARTED *****"}
{"t":{"$date":"2021-03-23T18:32:06.249+05:30"},"s":"I", "c":"CONTROL", "id":23285, "ctx":"main","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2021-03-23T18:32:06.253+05:30"},"s":"W", "c":"ASIO", "id":22601, "ctx":"main","msg":"No TransportLayer configured during NetworkInterface startup"}
{"t":{"$date":"2021-03-23T18:32:06.254+05:30"},"s":"I", "c":"NETWORK", "id":4648601, "ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize."}
{"t":{"$date":"2021-03-23T18:32:06.255+05:30"},"s":"I", "c":"STORAGE", "id":4615611, "ctx":"initandlisten","msg":"MongoDB starting","attr":{"pid":4648,"port":27017,"dbPath":"/var/lib/mongodb","architecture":"64-bit","host":"percona-VirtualBox"}}
{"t":{"$date":"2021-03-23T18:32:06.255+05:30"},"s":"I", "c":"CONTROL", "id":23403, "ctx":"initandlisten","msg":"Build Info","attr":{"buildInfo":{"version":"4.4.4-6","gitVersion":"f3dd4bc7c7500705a537de40bb4d6127ba498bd3","openSSLVersion":"OpenSSL 1.1.1 11 Sep 2018","modules":[],"allocator":"tcmalloc","environment":{"distarch":"x86_64","target_arch":"x86_64"}}}}
{"t":{"$date":"2021-03-23T18:32:06.255+05:30"},"s":"I", "c":"CONTROL", "id":51765, "ctx":"initandlisten","msg":"Operating System","attr":{"os":{"name":"Ubuntu","version":"18.04"}}}
{"t":{"$date":"2021-03-23T18:32:06.255+05:30"},"s":"I", "c":"CONTROL", "id":21951, "ctx":"initandlisten","msg":"Options set by command line","attr":{"options":{"config":"/etc/mongod.conf","net":{"bindIp":"127.0.0.1","port":27017},"processManagement":{"fork":true,"pidFilePath":"/var/run/mongod.pid"},"security":{"enableEncryption":true,"vault":{"port":8200,"secret":"secret/data/dc/psmongodb1","serverCAFile":"/etc/mongodb/vault.crt","serverName":"192.168.159.238","tokenFile":"/etc/mongodb/token"}},"storage":{"dbPath":"/var/lib/mongodb","journal":{"enabled":true}},"systemLog":{"destination":"file","logAppend":true,"path":"/var/log/mongodb/mongod.log"}}}}
{"t":{"$date":"2021-03-23T18:32:06.257+05:30"},"s":"I", "c":"STORAGE", "id":22270, "ctx":"initandlisten","msg":"Storage engine to use detected by data files","attr":{"dbpath":"/var/lib/mongodb","storageEngine":"wiredTiger"}}
{"t":{"$date":"2021-03-23T18:32:06.257+05:30"},"s":"I", "c":"STORAGE", "id":22297, "ctx":"initandlisten","msg":"Using the XFS filesystem is strongly recommended with the WiredTiger storage engine. See http://dochub.mongodb.org/core/prodnotes-filesystem","tags":["startupWarnings"]}
{"t":{"$date":"2021-03-23T18:32:06.267+05:30"},"s":"I", "c":"STORAGE", "id":29037, "ctx":"initandlisten","msg":"Initializing KeyDB with wiredtiger_open config: {cfg}","attr":{"cfg":"create,config_base=false,extensions=[local=(entry=percona_encryption_extension_init,early_load=true,config=(cipher=AES256-CBC,rotation=false))],encryption=(name=percona,keyid=\"\"),log=(enabled,file_max=5MB),transaction_sync=(enabled=true,method=fsync),"}}
{"t":{"$date":"2021-03-23T18:32:07.070+05:30"},"s":"I", "c":"STORAGE", "id":29039, "ctx":"initandlisten","msg":"Encryption keys DB is initialized successfully"}
{"t":{"$date":"2021-03-23T18:32:07.070+05:30"},"s":"I", "c":"STORAGE", "id":22315, "ctx":"initandlisten","msg":"Opening WiredTiger","attr":{"config":"create,cache_size=481M,session_max=33000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000,close_scan_interval=10,close_handle_minimum=250),statistics_log=(wait=0),verbose=[recovery_progress,checkpoint_progress,compact_progress],encryption=(name=percona,keyid=\"/default\"),extensions=[local=(entry=percona_encryption_extension_init,early_load=true,config=(cipher=AES256-CBC)),],"}}
{"t":{"$date":"2021-03-23T18:32:07.134+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:134668][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 606: unable to read root page from file:WiredTiger.wt: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.136+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:136083][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 612: WiredTiger has failed to open its metadata: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.137+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:136977][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 615: This may be due to the database files being encrypted, being from an older version or due to corruption on disk: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.137+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:137593][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 618: You should confirm that you have opened the database with the correct options including all encryption and compression options: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.156+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:156562][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 606: unable to read root page from file:WiredTiger.wt: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.157+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:157444][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 612: WiredTiger has failed to open its metadata: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.158+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:158097][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 615: This may be due to the database files being encrypted, being from an older version or due to corruption on disk: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.159+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:159056][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 618: You should confirm that you have opened the database with the correct options including all encryption and compression options: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.181+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:181090][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 606: unable to read root page from file:WiredTiger.wt: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.182+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:182249][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 612: WiredTiger has failed to open its metadata: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.182+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:182908][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 615: This may be due to the database files being encrypted, being from an older version or due to corruption on disk: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.183+05:30"},"s":"E", "c":"STORAGE", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":-31802,"message":"[1616504527:183526][4648:0x7f79a21cc140], file:WiredTiger.wt, connection: __wt_btree_tree_open, 618: You should confirm that you have opened the database with the correct options including all encryption and compression options: WT_ERROR: non-specific WiredTiger error"}}
{"t":{"$date":"2021-03-23T18:32:07.187+05:30"},"s":"W", "c":"STORAGE", "id":22347, "ctx":"initandlisten","msg":"Failed to start up WiredTiger under any compatibility version. This may be due to an unsupported upgrade or downgrade."}
{"t":{"$date":"2021-03-23T18:32:07.187+05:30"},"s":"W", "c":"STORAGE", "id":22348, "ctx":"initandlisten","msg":"WiredTiger metadata corruption detected"}
{"t":{"$date":"2021-03-23T18:32:07.187+05:30"},"s":"F", "c":"STORAGE", "id":50944, "ctx":"initandlisten","msg":"Please read the documentation for starting MongoDB with --repair here: http://dochub.mongodb.org/core/repair"}
{"t":{"$date":"2021-03-23T18:32:07.188+05:30"},"s":"F", "c":"-", "id":23091, "ctx":"initandlisten","msg":"Fatal assertion","attr":{"msgid":50944,"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp","line":1293}}
{"t":{"$date":"2021-03-23T18:32:07.188+05:30"},"s":"F", "c":"-", "id":23092, "ctx":"initandlisten","msg":"\n\n***aborting after fassert() failure\n\n"}
1 Like
In another forum post solved yesterday user “psone” resolved what appears to be the same issue.
The most relevant log messages are:
... unable to read root page from file ...
... WiredTiger has failed to open its metadata ...
... This may be due to the database files being encrypted, being from an older version or due to corruption on disk ...
...
... You should confirm that you have opened the database with the correct options including all encryption and compression options ...
and the end result was the mongod exited startup more or less immediately.
The solution was: if there are existing files in the dbPath directory you must delete them after you change the encryption option in the mongod conf file. You can’t migrate non-encrypted data files to encrypted ones, or vice versa.
In a replica set the node being restarted will do an initial sync and get the all the document data from another node (probably a primary). If it is a standalone you can’t get that - use mongodump to save all the data outside first, then import again after restarting.
1 Like