Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

salt-ssh can't use Mongo returner #50406

glkappe opened this issue Nov 7, 2018 · 4 comments


None yet
3 participants
Copy link

commented Nov 7, 2018

Description of Issue/Question

Master_job_cache:mongo can only be used when the user of Mongo is root, otherwise it will be wrong.


(Please provide relevant configs and/or SLS files (Be sure to remove sensitive info).)

CentOS 6.9 Final
PyMongo == 3.4.0
Already opened security.authorization=enabled
[root@DB123 master.d]# pip list
Package Version

backports-abc 0.5
boto 2.49.0
boto3 1.9.31
botocore 1.12.31
certifi 2018.8.24
chardet 3.0.4
docutils 0.14
futures 3.2.0
gevent 1.3.6
greenlet 0.4.15
idna 2.7
Jinja2 2.10
jmespath 0.9.3
MarkupSafe 1.0
module 0.2.1
msgpack 0.5.6
msgpack-python 0.5.6
MySQL-python 1.2.3
mysqlclient 1.3.13
pip 18.1
psutil 5.4.7
pycrypto 2.6.1
pydevd 1.4.0
pymongo 3.4.0
python-dateutil 2.7.3
PyYAML 3.13
pyzmq 17.0.0
requests 2.19.1
s3transfer 0.1.13
salt 2018.3.2
setuptools 40.4.3
six 1.11.0
tornado 4.5.3
urllib3 1.23
wheel 0.32.1

Master_job_cache:mongo can only be used when the user of Mongo is root, otherwise it will be wrong.

[root@ser1232 master.d]# salt-ssh 'ser123123'
[ERROR ] Authentication failed.
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/salt/client/ssh/", line 745, in run
self.returners['{0}.save_load'.format(self.opts['master_job_cache'])](jid, job_load)
File "/usr/local/lib/python2.7/site-packages/salt/returners/", line 243, in save_load
conn, mdb = _get_conn(ret=None)
File "/usr/local/lib/python2.7/site-packages/salt/returners/", line 152, in _get_conn
mdb.authenticate(user, password)
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 1048, in authenticate
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 505, in _cache_credentials
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 523, in authenticate
auth.authenticate(credentials, self)
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 470, in authenticate
auth_func(credentials, sock_info)
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 450, in _authenticate_default
return _authenticate_scram_sha1(credentials, sock_info)
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 229, in _authenticate_scram_sha1
res = sock_info.command(source, cmd)
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 419, in command
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 116, in command
File "/usr/local/lib/python2.7/site-packages/pymongo/", line 210, in _check_command_response
raise OperationFailure(msg % errmsg, code, response)
OperationFailure: Authentication failed.

mongodb log error:
SCRAM-SHA-1 authentication failed for root on salt from client ; AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch

Steps to Reproduce Issue

(Include debug logs if possible and relevant.)

Versions Report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)
salt-master == 2018.3.2
salt-minion == 2018.3.2


This comment has been minimized.

Copy link

commented Nov 7, 2018

I wonder if you can understand it.


This comment has been minimized.

Copy link

commented Nov 7, 2018

@glkappe thank you for reporting this. I have confirmed the issue exists. It looks like salt.returners.get_returner_options is not honoring the configured mongo user and is using the ssh username instead.

@dwoz dwoz added this to the Approved milestone Nov 7, 2018


This comment has been minimized.

Copy link

commented Nov 8, 2018

Thank you for the reply!
If it has been repaired, how can I know?


This comment has been minimized.

Copy link

commented Jan 9, 2019

Closing this out, if the problem persists please comment & we'll re-open the issue or feel free to open a new issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.