Mongodb authentication in Graylog and Primary node not processing messages

Graylog Central (peer support)
1

Hi All,

Could anyone please help on below issue.

I have enabled the MongoDB authentication in Graylog. But it did not worked as expected.

the DB role which I have selected was “root” and below was the error.

2019-01-12T07:01:34.584+0000 I ACCESS [conn43] Unauthorized: not authorized on graylog to execute command { createIndexes: “users”, indexes: [ { key: { roles: 1 }, name: “roles_1”, ns: “graylog.users” } ] }
2019-01-12T07:01:34.780+0000 I ACCESS [conn43] Unauthorized: not authorized on graylog to execute command { find: “nodes”, filter: { node_id: “6ad654b2-dc1d-45af-ab7e-bbc1279b9a39” }, limit: 1, singleBatch: true }
2019-01-12T07:01:34.780+0000 I ACCESS [conn47] Unauthorized: not authorized on graylog to execute command { find: “cluster_events”, filter: { consumers: { $nin: [ “6ad654b2-dc1d-45af-ab7e-bbc1279b9a39” ] } }, sort: { timestamp: 1 } }
2019-01-12T07:01:34.887+0000 I ACCESS [conn47] Unauthorized: not authorized on graylog to execute command { find: “roles”, filter: {} }

I have reverted the change. Please confirm if the below role is sufficient for Mongod DB
roles: [ { role: “readWrite”, db: “graylog” },
{ role: “dbAdmin”, db: “graylog” }]

Also I am running two node cluster. But now one node (primary) is not processing any message.

Node 1 In 0 / Out 0 msg/s.
The journal contains 0 unprocessed messages in 1 segment. 0 messages appended, 0 messages read in the last second.

Node2 In 9,283 / Out 9,278 msg/s.
The journal contains 1,520 unprocessed messages in 4 segments. 6,733 messages appended, 6,733 messages read in the last second.

Elastic search cluster is green and healthy.

Please help on this

2

Have you set the username and password in your graylog config well?
http://docs.graylog.org/en/2.4/pages/configuration/server.conf.html#mongodb
Could you connect to your mongodb with your username and password? (mongo -u root graylog)

Do you send any message directly to the node 1?

3

Did you provide the needed rights to the user that Graylog is using now?

http://docs.graylog.org/en/2.5/pages/configuration/multinode_setup.html#mongodb-replica-set

4

Yes. I have provided the needed rights.

5

Yes. I have provided the mongodb user details in the server.conf file as well.

I did not tried to send messages directly to Node1. Also I am not seeing any errors in the log files.

6

You missed the answer.

So you want the graylog node 1 process the messages what you don’t send?!

7

When you run a cluster - ALL Nodes need to be configured in the same way. When running one Node with Authentication and one without it is very likely that you create a total mess.

8

Sorry for the late reply. The configurations are same on the both nodes.

I have created a new user with roles (read write and db admin). Now the mongodb is working. But still i am not seeing any messages in node1

There are 2 active nodes

Node1 In 0 / Out 0 msg/s.

The journal contains 0 unprocessed messages in 1 segment. 0 messages appended, 0 messages read in the last second.

Current lifecycle state:

Running

Message processing:

Enabled

Load balancer indication:

ALIVE

Node2 In 8,439 / Out 8,966 msg/s.

The journal contains 2,759 unprocessed messages in 3 segments. 8,369 messages appended, 8,410 messages read in the last second.

Current lifecycle state:

Running

Message processing:

Enabled

Load balancer indication:

ALIVE

9

sorry fro the late reply

messages are send to both nodes. But node 1 is not processing any messages after the restart of the services.

10

did you sherlocked it down already?

Send messages manually to the node that is not processing from the node itself, from a network host and checked if that is going into?

You had mixed two issues in your initial posting and for me as a reader it is not clear what is the current issue you are talking about and what is the current state.

11

It can mean two things.

  1. the node doesn’t get messages
  2. the node process all of the messages immediately (rarely)
12

Now the messages are processing on both nodes.

Again the mongoDB logs is showing below errors

[conn137] Unauthorized: not authorized on graylog to execute command { find: “roles”, filter: {} }
2019-01-20T08:26:35.984+0000 I ACCESS [conn124] Unauthorized: not authorized on graylog to execute command { createIndexes: “users”, indexes: [ { key: { roles: 1 }, name: “roles_1”, ns: “graylog.users” } ] }
2019-01-20T08:26:35.985+0000 I ACCESS [conn124] Unauthorized: not authorized on graylog to execute command { createIndexes: “users”, indexes: [ { key: { roles: 1 }, name: “roles_1”, ns: “graylog.users” } ] }
2019-01-20T08:26:35.985+0000 I ACCESS [conn137] Unauthorized: not authorized on graylog to execute command { createIndexes: “users”, indexes: [ { key: { roles: 1 }, name: “roles_1”, ns: “graylog.users” } ] }

Below is my MongoDB user conf

db.getUsers( { showCredentials: true } )
[
{
“_id” : “graylog.graylogadmin”,
“user” : “graylogadmin”,
“db” : “graylog”,
“credentials” : {
“SCRAM-SHA-1” : {
“iterationCount” : 10000,
“salt” : “”,
“storedKey” : “”,
“serverKey” : “”
}
},
“roles” : [
{
“role” : “readWrite”,
“db” : “graylog”
},
{
“role” : “dbAdmin”,
“db” : “graylog”
}
]
}

show dbs
admin 0.000GB
graylog 0.018GB
local 0.217GB

In Graylog conf

mongodb_uri = mongodb://graylogadmin:xxxxx@localhost:27017/graylog

13

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.