Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

salt-ssh can't use Mongo returner #50406

Closed
glkappe opened this issue Nov 7, 2018 · 4 comments

Comments

Projects
None yet
3 participants
@glkappe
Copy link

commented Nov 7, 2018

Description of Issue/Question

Master_job_cache:mongo can only be used when the user of Mongo is root, otherwise it will be wrong.

Setup

(Please provide relevant configs and/or SLS files (Be sure to remove sensitive info).)

CentOS 6.9 Final
PyMongo == 3.4.0
Percona-Server-MongoDB-34-mongos-3.4.17-2.15.el6.x86_64
Already opened security.authorization=enabled
[root@DB123 master.d]# pip list
Package Version


backports-abc 0.5
backports.ssl-match-hostname 3.5.0.1
boto 2.49.0
boto3 1.9.31
botocore 1.12.31
certifi 2018.8.24
chardet 3.0.4
docutils 0.14
futures 3.2.0
gevent 1.3.6
greenlet 0.4.15
idna 2.7
Jinja2 2.10
jmespath 0.9.3
MarkupSafe 1.0
module 0.2.1
msgpack 0.5.6
msgpack-python 0.5.6
MySQL-python 1.2.3
mysqlclient 1.3.13
pip 18.1
psutil 5.4.7
pycrypto 2.6.1
pydevd 1.4.0
pymongo 3.4.0
python-dateutil 2.7.3
PyYAML 3.13
pyzmq 17.0.0
requests 2.19.1
s3transfer 0.1.13
salt 2018.3.2
setuptools 40.4.3
singledispatch 3.4.0.3
six 1.11.0
tornado 4.5.3
urllib3 1.23
wheel 0.32.1

Master_job_cache:mongo can only be used when the user of Mongo is root, otherwise it will be wrong.

[root@ser1232 master.d]# salt-ssh 'ser123123' test.ping
[ERROR ] Authentication failed.
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/salt/client/ssh/init.py", line 745, in run
self.returners['{0}.save_load'.format(self.opts['master_job_cache'])](jid, job_load)
File "/usr/local/lib/python2.7/site-packages/salt/returners/mongo_future_return.py", line 243, in save_load
conn, mdb = _get_conn(ret=None)
File "/usr/local/lib/python2.7/site-packages/salt/returners/mongo_future_return.py", line 152, in _get_conn
mdb.authenticate(user, password)
File "/usr/local/lib/python2.7/site-packages/pymongo/database.py", line 1048, in authenticate
connect=True)
File "/usr/local/lib/python2.7/site-packages/pymongo/mongo_client.py", line 505, in _cache_credentials
sock_info.authenticate(credentials)
File "/usr/local/lib/python2.7/site-packages/pymongo/pool.py", line 523, in authenticate
auth.authenticate(credentials, self)
File "/usr/local/lib/python2.7/site-packages/pymongo/auth.py", line 470, in authenticate
auth_func(credentials, sock_info)
File "/usr/local/lib/python2.7/site-packages/pymongo/auth.py", line 450, in _authenticate_default
return _authenticate_scram_sha1(credentials, sock_info)
File "/usr/local/lib/python2.7/site-packages/pymongo/auth.py", line 229, in _authenticate_scram_sha1
res = sock_info.command(source, cmd)
File "/usr/local/lib/python2.7/site-packages/pymongo/pool.py", line 419, in command
collation=collation)
File "/usr/local/lib/python2.7/site-packages/pymongo/network.py", line 116, in command
parse_write_concern_error=parse_write_concern_error)
File "/usr/local/lib/python2.7/site-packages/pymongo/helpers.py", line 210, in _check_command_response
raise OperationFailure(msg % errmsg, code, response)
OperationFailure: Authentication failed.

mongodb log error:
SCRAM-SHA-1 authentication failed for root on salt from client 192.168.1.1:48772 ; AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch

Steps to Reproduce Issue

(Include debug logs if possible and relevant.)

Versions Report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)
salt-master == 2018.3.2
salt-minion == 2018.3.2

@glkappe

This comment has been minimized.

Copy link
Author

commented Nov 7, 2018

I wonder if you can understand it.

@dwoz

This comment has been minimized.

Copy link
Contributor

commented Nov 7, 2018

@glkappe thank you for reporting this. I have confirmed the issue exists. It looks like salt.returners.get_returner_options is not honoring the configured mongo user and is using the ssh username instead.

@dwoz dwoz added this to the Approved milestone Nov 7, 2018

@glkappe

This comment has been minimized.

Copy link
Author

commented Nov 8, 2018

Thank you for the reply!
If it has been repaired, how can I know?
@dwoz

@garethgreenaway

This comment has been minimized.

Copy link
Member

commented Jan 9, 2019

Closing this out, if the problem persists please comment & we'll re-open the issue or feel free to open a new issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.