MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Submitted
Categories Under Review
Created by Guest
Created on Jun 1, 2021

RELATED FEEDBACK

MongoDB Agent (Automation Module): don't attempt to auth with `net.tls.clusterFile` / `net.tls.certificateKeyFile` and use Agent X.509 cert

Problem Statement, _**What is the problem?**_ MongoDB Agent (Automation Module) attempts to auth with `net.tls.clusterFile` / `net.tls.certificateKeyFile` X.509 certificate first, pretending it is a Replica Set member. _**Why is this a problem?**_ MongoDB Server process logs are flooded by unnecessary noise from such MongoDB Agent (Automation Module) auth attempts pretending it is Replica Set member. MongoDB Server will always log Replica Set member auth certificate usage outside of internal MongoDB Server client (https://github.com/mongodb/mongo/blob/6212e50e73dd032b448a514fe6893c6490a28a9f/src/mongo/db/commands/authentication_commands.cpp#L294-L300), Example, {"t":{"$date":"2021-05-10T11:08:03.110+0000"},"s":"W", "c":"ACCESS", "id":20430, "ctx":"conn116","msg":"Client isn't a mongod or mongos, but is connecting with a certificate with cluster membership"} Proposal, * Don't attempt to auth with X.509 certificate from `net.tls.clusterFile` / `net.tls.certificateKeyFile` MongoDB Server parameters and use MongoDB Agent X.509 certificate configured.
  • Guest
    Mar 14, 2022
    this may be a duplicate of https://feedback.mongodb.com/forums/924355-ops-tools/suggestions/43545084-mongodb-agent-automation-module-don-t-attempt-t
    Reply
  • Guest
    Sep 9, 2021
    there is a similar issue when automation agent tries to connect as SCRAM-SHA-1 even if it's disabled and fails. I will add it here to group all authentication issues for automation agent. ```Testing auth with username __system db=local to ***:27017 (local=false) connectMode=SingleConnect ipversion=0 tls=true [2021-09-09T10:25:22.801+1000] [.info] [cm/mongoclientservice/mongoclientservice.go:func1:1603] [10:25:22.801] Returning false for checkAuth on connParams=***:27017 (local=false) because we believe err is an auth failed error err=connection() : auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-1": (AuthenticationFailed) Authentication failed. (topology.ConnectionError) [2021-09-09T10:25:22.801+1000] [.info] [cm/mongoctl/processctl.go:GetKeyHashes:1881] [10:25:22.801] Unable to successfully auth to ***:27017 (local=false) using desired auth key 2021-09-08T23:11:51.625+1000 I ACCESS [conn1967736] SASL SCRAM-SHA-1 authentication failed for __system on local from client ***:50742 ; AuthenticationFailed: ### ```
    Reply