Mongodb authentication in Graylog and Primary node not processing messages


(Jayaprasad) #1

Hi All,

Could anyone please help on below issue.

I have enabled the MongoDB authentication in Graylog. But it did not worked as expected.

the DB role which I have selected was “root” and below was the error.

2019-01-12T07:01:34.584+0000 I ACCESS [conn43] Unauthorized: not authorized on graylog to execute command { createIndexes: “users”, indexes: [ { key: { roles: 1 }, name: “roles_1”, ns: “graylog.users” } ] }
2019-01-12T07:01:34.780+0000 I ACCESS [conn43] Unauthorized: not authorized on graylog to execute command { find: “nodes”, filter: { node_id: “6ad654b2-dc1d-45af-ab7e-bbc1279b9a39” }, limit: 1, singleBatch: true }
2019-01-12T07:01:34.780+0000 I ACCESS [conn47] Unauthorized: not authorized on graylog to execute command { find: “cluster_events”, filter: { consumers: { $nin: [ “6ad654b2-dc1d-45af-ab7e-bbc1279b9a39” ] } }, sort: { timestamp: 1 } }
2019-01-12T07:01:34.887+0000 I ACCESS [conn47] Unauthorized: not authorized on graylog to execute command { find: “roles”, filter: {} }

I have reverted the change. Please confirm if the below role is sufficient for Mongod DB
roles: [ { role: “readWrite”, db: “graylog” },
{ role: “dbAdmin”, db: “graylog” }]

Also I am running two node cluster. But now one node (primary) is not processing any message.

Node 1 In 0 / Out 0 msg/s.
The journal contains 0 unprocessed messages in 1 segment. 0 messages appended, 0 messages read in the last second.

Node2 In 9,283 / Out 9,278 msg/s.
The journal contains 1,520 unprocessed messages in 4 segments. 6,733 messages appended, 6,733 messages read in the last second.

Elastic search cluster is green and healthy.

Please help on this


#2

Have you set the username and password in your graylog config well?
http://docs.graylog.org/en/2.4/pages/configuration/server.conf.html#mongodb
Could you connect to your mongodb with your username and password? (mongo -u root graylog)

Do you send any message directly to the node 1?


(Jan Doberstein) #3

Did you provide the needed rights to the user that Graylog is using now?

http://docs.graylog.org/en/2.5/pages/configuration/multinode_setup.html#mongodb-replica-set


(Jayaprasad) #4

Yes. I have provided the needed rights.


(Jayaprasad) #5

Yes. I have provided the mongodb user details in the server.conf file as well.

I did not tried to send messages directly to Node1. Also I am not seeing any errors in the log files.


#6

You missed the answer.

So you want the graylog node 1 process the messages what you don’t send?!


(Jan Doberstein) #7

When you run a cluster - ALL Nodes need to be configured in the same way. When running one Node with Authentication and one without it is very likely that you create a total mess.


(Jayaprasad) #8

Sorry for the late reply. The configurations are same on the both nodes.

I have created a new user with roles (read write and db admin). Now the mongodb is working. But still i am not seeing any messages in node1

There are 2 active nodes

Node1 In 0 / Out 0 msg/s.

The journal contains 0 unprocessed messages in 1 segment. 0 messages appended, 0 messages read in the last second.

Current lifecycle state:

Running

Message processing:

Enabled

Load balancer indication:

ALIVE

Node2 In 8,439 / Out 8,966 msg/s.

The journal contains 2,759 unprocessed messages in 3 segments. 8,369 messages appended, 8,410 messages read in the last second.

Current lifecycle state:

Running

Message processing:

Enabled

Load balancer indication:

ALIVE


(Jayaprasad) #9

sorry fro the late reply

messages are send to both nodes. But node 1 is not processing any messages after the restart of the services.


(Jan Doberstein) #10

did you sherlocked it down already?

Send messages manually to the node that is not processing from the node itself, from a network host and checked if that is going into?

You had mixed two issues in your initial posting and for me as a reader it is not clear what is the current issue you are talking about and what is the current state.


#11

It can mean two things.

  1. the node doesn’t get messages
  2. the node process all of the messages immediately (rarely)

(Jayaprasad) #12

Now the messages are processing on both nodes.

Again the mongoDB logs is showing below errors

[conn137] Unauthorized: not authorized on graylog to execute command { find: “roles”, filter: {} }
2019-01-20T08:26:35.984+0000 I ACCESS [conn124] Unauthorized: not authorized on graylog to execute command { createIndexes: “users”, indexes: [ { key: { roles: 1 }, name: “roles_1”, ns: “graylog.users” } ] }
2019-01-20T08:26:35.985+0000 I ACCESS [conn124] Unauthorized: not authorized on graylog to execute command { createIndexes: “users”, indexes: [ { key: { roles: 1 }, name: “roles_1”, ns: “graylog.users” } ] }
2019-01-20T08:26:35.985+0000 I ACCESS [conn137] Unauthorized: not authorized on graylog to execute command { createIndexes: “users”, indexes: [ { key: { roles: 1 }, name: “roles_1”, ns: “graylog.users” } ] }

Below is my MongoDB user conf

db.getUsers( { showCredentials: true } )
[
{
“_id” : “graylog.graylogadmin”,
“user” : “graylogadmin”,
“db” : “graylog”,
“credentials” : {
“SCRAM-SHA-1” : {
“iterationCount” : 10000,
“salt” : “”,
“storedKey” : “”,
“serverKey” : “”
}
},
“roles” : [
{
“role” : “readWrite”,
“db” : “graylog”
},
{
“role” : “dbAdmin”,
“db” : “graylog”
}
]
}

show dbs
admin 0.000GB
graylog 0.018GB
local 0.217GB

In Graylog conf

mongodb_uri = mongodb://graylogadmin:xxxxx@localhost:27017/graylog