Mongodb URI with replicaSet

schurd · November 3, 2017, 2:16pm

Hello,

I try to set up Graylog, MongoDB and ES. MongodDB and ES is up and running.

In the GL server.conf I have:

mongodb_uri = mongodb://admin:glp@node1:27017/?replicaSet=rs_graylog,node2:27017/?replicaSet=rs_graylog,node3:27017/?replicaSet=rs_graylog

But this gives me this error on GL startup:

2017-11-03T15:13:11.831+01:00 ERROR [CmdLineTool] **Invalid configuration**
com.github.joschi.jadconfig.ValidationException: Couldn't run validator method
        at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:227) ~[graylog.jar:?]
        at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:100) ~[graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.processConfiguration(CmdLineTool.java:351) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.readConfiguration(CmdLineTool.java:344) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:177) [graylog.jar:?]
        at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
Caused by: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
        at com.github.joschi.jadconfig.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:53) ~[graylog.jar:?]
        at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:221) ~[graylog.jar:?]
        ... 5 more
Caused by: java.lang.IllegalArgumentException: **The connection string contains an invalid host 'lsvgk0703:27017/?replicaSet=rs_graylog'. The port '27017/?replicaSet=rs_graylog' is not a valid, it must be an integer between 0 and 65535**

How should this parameter look like? How to define a certain ReplicaSet? Or takes GL just the one and only ReplicaSet available?

Thanks in advance,

Regards,

Dietmar

py.taczynski · November 3, 2017, 2:20pm

Here is mine (without auth), db is graylog (default), replica set is also named graylog.
mongodb://mongo:27017,mongo2:27017/graylog?replicaSet=graylog

So I guess yours should be:
mongodb://admin:glp@node1:27017,node2:27017,node3:27017/graylog?replicaSet=rs_graylog

Take a look at:
http://docs.graylog.org/en/2.3/pages/configuration/multinode_setup.html

and
https://docs.mongodb.com/manual/reference/connection-string/

jan · November 3, 2017, 4:42pm

Hej @schurd

you should check the default server.conf:

github.com

Graylog2/graylog2-server/blob/2.3/misc/graylog.conf#L474-L475


# Use a replica set instead of a single host
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog

for that setting

schurd · November 6, 2017, 9:47am

Hello Jan, hello Pierre,

thanks a lot, now it works.
In addition, I had to add a mongodb user with db.user() with the roles dbAdmin and readWrite.

Regards,

Dietmar Schurr

schurd · November 6, 2017, 1:55pm

Hello,

now I ran in the next problem.
Obviously the access rights of teh MongoDB user graylog are not sufficient.
In the mongodb log file I get:

2017-11-06T14:50:16.515+0100 I REPL [ReplicationExecutor] Error in heartbeat request to node1:27017; Unauthorized: not authorized on admin to execute command { replSetHeartbeat: “rs_graylog”, configVersion: 3, from: “node2:27017”, fromId: 1, term: 3 }

And if I try rs.status with the mongo client I get:

    node1:~ # mongo -u graylog -p passwort graylog
    MongoDB shell version v3.4.9
    connecting to: mongodb://127.0.0.1:27017/graylog
    MongoDB server version: 3.4.9
    rs_graylog:OTHER> rs.status()
    {
    	"ok" : 0,
    	"errmsg" : "not authorized on admin to execute command { replSetGetStatus: 1.0 }",
    	"code" : 13,
    	"codeName" : "Unauthorized"
    }
    rs_graylog:OTHER> exit

There is a admin db and a graylog db. Does the graylog user need access to the admin db?
What access rights should be granted?

Thanks in advance!

Dietmar Schurr

jan · November 6, 2017, 4:17pm

Hej @schurd

as written here the user need the roles readWrite and dbAdmin to work.

with kind regards
Jan

schurd · November 7, 2017, 7:59am

Hello,

hmm, but that’s what I did:

rs_graylog:PRIMARY> db.createUser( {
... user: "graylog", pwd: "pwd",
... roles: [ { role: "readWrite", db: "graylog" }, { role: "dbAdmin", db: "graylog" } ] } )
Successfully added user: {
	"user" : "graylog",
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "graylog"
		},
		{
			"role" : "dbAdmin",
			"db" : "graylog"
		}
	]
}
rs_graylog:PRIMARY>

And still, it get authentication errors. That’s why I asked for which databases those access rights should be granted.

I will try to set more access rights.

Thanks in advance.

Dietmar Schurr

jochen · November 7, 2017, 8:37am

That’s because you only granted these permissions on the database named “graylog”, but not on “admin”.

not authorized on admin to execute command

Also see:

If you want to configure and read the MongoDB replica set with the user “graylog”, you need to grant sufficient permissions to it. Otherwise just use a dedicated admin user for MongoDB.

schurd · November 7, 2017, 1:31pm

Hallo Jochen,

now it works!!
I created once more the user graylog for the admin DB with this command:

    rs_graylog:PRIMARY> db.createUser( {
    ... user: "graylog", pwd: "pwd",
    ... roles: [ { role: "readWrite", db: "admin" }, { role: "dbAdmin", db: "admin" } ] } )
    Successfully added user: {
    	"user" : "graylog",
    	"roles" : [
    		{	"role" : "readWrite",
    			"db" : "admin"
    		},		{
    			"role" : "dbAdmin",
    			"db" : "admin"
    		}	] }
    rs_graylog:PRIMARY>

Then I still had problems, but the MongoDB Logs gave me errors without Graylog being started!!
Aha, obviously the MongoDB Nodes had problems to authenticate themeselves inside the cluster.

This way I realized, that I should create a KeyFile on the MongoDB nodes to enable authentication within the MongoDB cluster nodes. With the documentation from the MongoDB website this was quickly done.
Now, the MongoDB cluster worked wihtout errors
Then I enabled TLS/SSL with slef-signed certificates (as described in the MongoDB Dok).

After this Graylog was fine and running, no more authentication problems.

May be you could add in your documentation under “MongoDB replica set” a word about the KeyFile for MongoDB!

Thanks a lot for your help.

Regards,

Dietmar Schurr

system · November 21, 2017, 1:31pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to run graylog server (Couldn't run validator method) Graylog Central (peer support)	1	569	February 20, 2021
Questions about MongoDB replica set Graylog Central (peer support)	3	2123	February 14, 2018
Mongo_uri set correctly I think but graylog says ERROR [cluster] Expecting replica set member from set Graylog Central (peer support)	2	765	March 24, 2023
From standalone to three-node graylog setup Graylog Central (peer support)	3	883	September 10, 2017
Unable to connect graylog cluster with mongodb replicaset Graylog Central (peer support) pipeline-rules , debuggingpl	9	11920	March 14, 2018

Mongodb URI with replicaSet

Related topics