Secondary node is not connecting after configuring MongoDB replica set on single machine

Ops and Admin Installation & Upgrades
#1

Primary setup on same server host

1. Shut down the old standalone mongod instance

systemctl stop mongod.service

2. create backup for /etc/mongod.conf

cp /etc/mongod.conf /etc/mongod-primary.conf

create /etc/mongod-primary.conf and edit with below variable changes

path: /data/mongoDB/log/mongo-primary.log

pidFilePath: /data/mongoDB/mongod-primary.pid

net:

port: 27017

bindIp: 0.0.0.0

replication:

replSetName: nccidevrepset

3. create a new mongod-primary.service

cd /usr/lib/systemd/system/

cp mongod.service mongod-primary.service

Environment=“OPTIONS=-f /etc/mongod-primary.conf”

PIDFile=/data/mongoDB/mongod-primary.pid

Change new Config file and pid path

4. Let systemctl know we’ve made some changes:

systemctl daemon-reload

5. add below lines in /etc/sudoers file

%mongod ALL = /usr/bin/systemctl * mongod-primary.service

6. start mongod-primary.service

Error:

BadValue: security.keyFile is required when authorization is enabled with replica sets

Troubleshoot

MongoDB replica set needs both user account and keyfile. Keyfile seems for authentication between servers in the replica set, not for logging in.

Create mongodb key file on linux, copy to all db servers with mode 600 intact:

openssl rand -base64 741 > /data/mongoDB/mongodb-primary.key

chmod 600 mongodb-primary.key

Add in mongod-primary.conf file:

security:

authorization: enabled

keyFile: /data/mongoDB/mongodb-primary.key

Now execute start mongod-primary.service

7. connect to the instance as you normally connect

mongo --port 27017 -u “mongoadmin” -p “mongoadmin” --authenticationDatabase “admin”

8. Initiate the replica set in Mongo shell and check the status

rs.initiate()

nccidevqarepset: PRIMARY> rs.status()

{

“info2” : “no configuration specified. Using a default configuration for the set”,

“me” : “ghsazevdcmsdb05:27017”,

Standby/secondary setup on same server host

Create a separate data and log directory for standby

cd /data/mongoDB/

mkdir mongostandby

mkdir logstandby

Create a separate mongod.conf for standby and edit below details

For example: /etc/mongod-standby.conf

where to write logging data.

systemLog:

destination: file

logAppend: true

path: /data/mongoDB/logstandby/mongo-standby.log

Where and how to store data.

storage:

dbPath: /data/mongoDB/mongostandby

journal:

enabled: true

engine:

wiredTiger:

how the process runs

processManagement:

fork: true # fork and run in background

pidFilePath: /data/mongoDB/mongod-standby.pid # location of pidfile

timeZoneInfo: /usr/share/zoneinfo

network interfaces

net:

port: 27018

bindIp: 0.0.0.0

replication:

replSetName: nccidevrepset

3. create a service file mongod-standby.service and change the content

Change new Config file and pid path

cd /usr/lib/systemd/system/

Environment=“OPTIONS=-f /etc/mongod-secondary.conf”

PIDFile=/data/mongoDB/mongod-secondary.pid

4. Let systemctl know we’ve made some changes:

systemctl daemon-reload

5. add below lines in /etc/sudoers file

%mongod ALL = /usr/bin/systemctl * mongod-secondary.service

6. start mongod-standby.service

systemctl start mongod-standby.service

Troubleshoot

MongoDB replica set needs both user account and keyfile. Keyfile seems for authentication between servers in the replica set, not for logging in.

Create mongodb key file on linux, copy to all db servers with mode 600 intact:

openssl rand -base64 741 > /data/mongoDB/mongodb-secondary.key

chmod 600 mongodb-secondary.key

Add in mongod-secondary.conf file:

security:

authorization: enabled

keyFile: /data/mongoDB/mongodb-secondary.key

Now execute start mongod-secondary.service

7. login to secondary instance

mongo --port 27018 -u “mongoadmin” -p “mongoadmin” --authenticationDatabase “admin”

MongoDB shell version v4.4.8

connecting to: mongodb://127.0.0.1:27018/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb

Error: Authentication failed. :

connect@src/mongo/shell/mongo.js:374:17

@(connect):2:6

exception: connect failed

exiting with code 1

#2

any idea, why i am not able to connect to secondary node although service status is active??

#3

Keyfile should be shared between members
Why create separate keyfile for secondary?
Could be due to this you are unable to authenticate?

#4

Hi @Chinmaya_Das
Is right @Ramachandra_Tummala, the keyfile must be the same among the replica set member.
With keyfile authentication, each mongod instances in the replica set uses the contents of the keyfile as the shared password for authenticating other members in the deployment. Only mongod instances with the correct keyfile can join the replica set.
Also you have to give:
chmod 400 path-to-keyfile

For more details, you can refer to this page:
Update Replica Set to Keyfile Authentication — MongoDB Manual

I hope it can help you,
Best regards.

#5

I used single key file

still same error

-bash-4.2$ mongo --port 27018 -u “mongoadmin” -p “mongoadmin” --authenticationDatabase “admin”
MongoDB shell version v4.4.8
connecting to: mongodb://127.0.0.1:27018/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:374:17
@(connect):2:6
exception: connect failed
exiting with code 1

#6

secondary instance i am not able connect

#7

Hi @Chinmaya_Das,
show the output of the rs.conf() & the rs.status() command from the primary.