Unable to acquire security key[s]

Murat_Suluhan · December 20, 2021, 11:55am

Hello

I am quite new to MongoDB. I have installed 3 nodes on virtual environment. All nodes have MongoDB 5.0.4 with Rocky Linux release 8.5 (Green Obsidian)

I am tryingto authentication setup for replication

I created key with following command under /mongokey directory
openssl rand -base64 756 > mongoRepKey

Then changed owner to mongod:mongod key directory and also file.
Directory’s permission is 600 and key file’s permission is 400

I also copied key to other hosts’ same directory with same permission and ownerships

Then I edited security lines in mongod.conf as following
security:
authorization: enabled
keyFile: /mongokey/mongoRepKey

When I try to restart mongod, if fails with following error

{“t”:{"$date":“2021-12-20T14:51:19.494+03:00”},“s”:“I”, “c”:“NETWORK”, “id”:4915701, “ctx”:“main”,“msg”:“Initialized wire specification”,“attr”:{“spec”:{“incomingExternalClient”:{“minWireVersion”:0,“maxWireVersion”:13},“incomingInternalClient”:{“minWireVersion”:0,“maxWireVersion”:13},“outgoing”:{“minWireVersion”:0,“maxWireVersion”:13},“isInternalClient”:true}}}
{“t”:{"$date":“2021-12-20T14:51:19.494+03:00”},“s”:“I”, “c”:“CONTROL”, “id”:23285, “ctx”:“main”,“msg”:“Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols ‘none’”}
{“t”:{"$date":“2021-12-20T14:51:19.496+03:00”},“s”:“W”, “c”:“ASIO”, “id”:22601, “ctx”:“main”,“msg”:“No TransportLayer configured during NetworkInterface startup”}
{“t”:{"$date":“2021-12-20T14:51:19.496+03:00”},“s”:“I”, “c”:“NETWORK”, “id”:4648601, “ctx”:“main”,“msg”:“Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize.”}
{“t”:{"$date":“2021-12-20T14:51:19.497+03:00”},“s”:“I”, “c”:“ACCESS”, “id”:20254, “ctx”:“main”,“msg”:“Read security file failed”,“attr”:{“error”:{“code”:30,“codeName”:“InvalidPath”,“errmsg”:“Error reading file /mongokey/mongoRepKey: Permission denied”}}}
{“t”:{"$date":“2021-12-20T14:51:19.497+03:00”},“s”:“I”, “c”:“ASIO”, “id”:22582, “ctx”:“main”,“msg”:“Killing all outstanding egress activity.”}
{“t”:{"$date":“2021-12-20T14:51:19.497+03:00”},“s”:“F”, “c”:“CONTROL”, “id”:20575, “ctx”:“main”,“msg”:“Error creating service context”,“attr”:{“error”:“Location5579201: Unable to acquire security key[s]”}}

I could not find a solution for this simple problem ? Is there any recommended path?
What is my problem ?

Thanks for your help
Best regards

Ramachandra_Tummala · December 20, 2021, 2:07pm

It clearly says permission issue
Show us contents of the dir
ls -lrt /mongokey/
ls -lrt /mongokey/mongoRepKey
How was mongod started
Who is the owner of mongod

Murat_Suluhan · December 20, 2021, 2:51pm

Hello Ramachandra

Here is the permissions and ownerships of directory and keyFile

[root@mongoose01 /]# pwd
/
[root@mongoose01 /]# ll | grep mongokey
drw-------. 2 mongod mongod 25 Dec 20 14:45 mongokey
[root@mongoose01 /]# ll mongokey/
total 4
-r--------. 1 mongod mongod 1024 Dec 20 14:45 mongoRepKey

I am using root for restart operations

Thanks

Ramachandra_Tummala · December 20, 2021, 4:25pm

Why root to start mongod?

You should start it as normal user