Mongo not starting with KeyFile line in security section of config:

Hi,

I have deployed MongoDB on my Macbook/OSX with brew.
Created mongod.conf file with all basic fields as: systemlog, storage, net.
It works perfectly - I created admin, use DB, etc.

Then tired to do authorisation/security.
So when added under security: authorisation: enabled, it works well to.

So then tried to do keyfile with key. I created key as requested on doc pages.
Then made chmod 400 to the file - which is located in anyplace, but could be as /opt/homebrew/etc
mongod is running from my account, so there are privilidges as they should be.

But it’s not starting.

shows: mongodb-community@5.0 error 512 under ‘brew services list’

Any hints?

Thanks. J.

1 Like

Check mongod.log.It may give more details
Is it standalone or replica?
Share security section of your config file

Sure, it’s very simple config:
security:
authorization: enabled
KeyFile: /Users/jpolec/mongo_test/new_key

systemLog:
destination: file
path: /opt/homebrew/etc/log
logAppend: true

storage:
dbPath: /opt/homebrew/etc/db

#replication:

replSetName: “equity_replica”

net:
bindIp: localhost
port: 27017


And what I have found when commented with # KeyFile: the log is created. But once I uncomment, so want to use KeyFile:, no log is created. In the same location. Strange. And no mongod is running.

the brew services list shows error as:
mongodb-community@5.0 error 512 jpolec ~/Library/LaunchAgents/homebrew.mxcl.mongodb-community@5.0.plist

I have not put any replica yet. As try to run it without replica first to see step by step. So it’s commented with #.

Keyfile is used with replica for internal authentication between members and also for role based access control

Hi, Yes, I know why the keyfile is used for.
This is my intention to do replica of 2-3 members.

Hence can’t run with Security keyfile:
security:
authorization: enabled
KeyFile: /Users/jpolec/mongo_test/new_key

it doesn’t start with this on one server. On the other is works fine. So therefore I am confused.
Once it starts, then I will start doing replicas.

please re-format your file contents with code blocks: </> button in the editor or between triple single quotes like this:

```
file content
```

where is your config file located? try to run an instance with mongod --config /path/to/config/mongod.conf. if it has fork enabled in it, comment that line before starting. doing this will start the server in the current terminal and will print errors to screen. it should exit immediately, if not use “ctrl+c” (cmd+c?). copy that log and share here. (don’t forget to format)

Thank you. Please see below.

security:
 authorization: "enabled"
 KeyFile: /Users/jpolec/mongo_test/new_key

systemLog:
  destination: file
  path: /opt/homebrew/etc/log
  logAppend: true

storage:
   dbPath: /opt/homebrew/etc/db

#replication:
#  replSetName: "equity_replica"

net:
  bindIp: localhost
  port: 27017

and when I comment the KeyFile line it starts well. I have user with admin privileges, etc. and it works well. Once I uncomment the KeyFile like, it shows errors.

% brew services list                                      
Name                  Status     User   File
mongodb-community     none              
mongodb-community@5.0 error  512 jpolec ~/Library/LaunchAgents/homebrew.mxcl.mongodb-community@5.0.plist

also the directory has chmod 400 set

-r--------  1 jpolec  staff  1024 Dec  7 12:38 /Users/jpolec/mongo_test/new_key

and in case I commenting the KeyFile line, I can see log, and the mongod.conf log is read properly.

Thanks for help.

@Jakub_Polec , you misunderstood me.

  • edit all your posts above and re-format code parts.
  • open a terminal and run mongod --config /where/ever//is/that/mongod.conf and give us the logs you see on the screen. use sudo if you need.

The keyfile should have chmod 400 permission
And the directory where it resides should be owned by mongod

2 Likes

@Ramachandra_Tummala has a nice point: more privilege issues.

in case you haven’t known:

  • almost all services in a unix-like system come with their respective user name and group (but without a home folder). this is to restrict the resources they have access to.
    • MongoDB services run with user:mongod and group:mongod
  • file/folder permissions can be read 4-0-0 which corresponds to owner-group-others. 400 means it can only be “read by owner”.
    • the file belongs to whoever owns the shell the editor (or file-creating command) starts.
  • chown and chgrp are used to change owner and group own files/folders, mostly by the root.

back to your problem. if it is this owner/group issue, then my suggested method to run as your user would “possibly” fail due to permissions to data folder and log file (or run just fine … permissions), but would definetely succesfuly run with root permissions (sudo). that is why it was/is important to run that command.

before moving on, change file permissions to 444 so it can be read by mongod, and try to run the service again. if it runs fine, you will know what to do: move file to a safe location, change user/group, change permission of both “the file and the folder it resides in”.

Unrecognized option: security.KeyFile

you know why programming mistakes that cause error as “bug”!? because they are so small they are hard to notice. (besides the real cockroach fried inside electronics :slight_smile: )

config file uses camel case names. where the first letter is small. your file should read keyFile, not KeyFile. please, correct that and report back if you get any more errors.

1 Like

Thank you so much.

Yes, I have discovered that put the name “KeyFile” with capital K and it should start with lower k.
No more errors.

Thank you and much appreciated. Happy to use MongoDB and recommend to the others.

1 Like

Great job,
I am so happy to hear from you big success and progress
Best wishes,
Lahcene