I find MongoDB’s startup sequence fascinating.
Full logs
{"t":{"$date":"2022-04-17T22:31:42.832+02:00"},"s":"I", "c":"REPL", "id":40440, "ctx":"initandlisten","msg":"Starting the TopologyVersionObserver"}
{"t":{"$date":"2022-04-17T22:31:42.832+02:00"},"s":"I", "c":"REPL", "id":40445, "ctx":"TopologyVersionObserver","msg":"Started TopologyVersionObserver"}
{"t":{"$date":"2022-04-17T22:31:42.833+02:00"},"s":"I", "c":"NETWORK", "id":23015, "ctx":"listener","msg":"Listening on","attr":{"address":"/tmp/mongodb-27017.sock"}}
{"t":{"$date":"2022-04-17T22:31:42.833+02:00"},"s":"I", "c":"NETWORK", "id":23015, "ctx":"listener","msg":"Listening on","attr":{"address":"10.0.1.1"}}
{"t":{"$date":"2022-04-17T22:31:42.833+02:00"},"s":"I", "c":"NETWORK", "id":23015, "ctx":"listener","msg":"Listening on","attr":{"address":"127.0.0.1"}}
{"t":{"$date":"2022-04-17T22:31:42.833+02:00"},"s":"I", "c":"NETWORK", "id":23016, "ctx":"listener","msg":"Waiting for connections","attr":{"port":27017,"ssl":"on"}}
{"t":{"$date":"2022-04-17T22:31:42.833+02:00"},"s":"I", "c":"NETWORK", "id":22943, "ctx":"listener","msg":"Connection accepted","attr":{"remote":"10.0.1.1:57554","connectionId":2,"connectionCount":1}}
{"t":{"$date":"2022-04-17T22:31:42.851+02:00"},"s":"W", "c":"NETWORK", "id":23236, "ctx":"conn2","msg":"Client connecting with server's own TLS certificate"}
{"t":{"$date":"2022-04-17T22:31:42.852+02:00"},"s":"I", "c":"ACCESS", "id":5286202, "ctx":"conn2","msg":"Different user name was supplied to saslSupportedMechs","attr":{"error":{"code":17,"codeName"
:"ProtocolError","errmsg":"Attempt to switch database target during SASL authentication."}}}
{"t":{"$date":"2022-04-17T22:31:42.852+02:00"},"s":"W", "c":"ACCESS", "id":20430, "ctx":"conn2","msg":"Client isn't a mongod or mongos, but is connecting with a certificate with cluster membership
"}
{"t":{"$date":"2022-04-17T22:31:42.852+02:00"},"s":"I", "c":"ACCESS", "id":20429, "ctx":"conn2","msg":"Successfully authenticated","attr":{"client":"10.0.1.1:57554","mechanism":"MONGODB-X509","use
r":"CN=db1,OU=MONGO_CLUSTER,O=MY_ORG,L=MY_CITY,ST=MY_STATE,C=MY_COUNTRY","db":"$external"}}
{"t":{"$date":"2022-04-17T22:31:42.853+02:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn2","msg":"Connection ended","attr":{"remote":"10.0.1.1:57554","connectionId":2,"connectionCount":0}}
So, if I’m reading right, when starting up:
- db1 (10.0.1.1) connects to… db1!
- mongod running on db1 complains that the connection from db1 to db1 was using the server certificate of db1🤔
- Weird warning about “Different user name was supplied to saslSupportedMechs”
- mongod complaining that the client who just connected isn’t a mongod (it is!), but is using a cluster membership certificate
- Great success! Succesfully authenticated using the db1’s certificate