Pages

Friday, October 20, 2017

Reset mongodb rootadmin password on replica set




Sometimes we have to manage credentials for lots of things and its obvious that we can forget one of them. Here I am going to explain that how we can reset "rootadmin" password for running mongodb replica set.

I am not going in details about installation, configuration or functionality detail. Instead, I'll directly jump to actual technical hacking stuff. Along with with we'll also learn some sed tricks that can be handy on many occasions.

Things responsible for Authentication/Permissions with in mongodb replica set-


security:
  keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
  authorization: "enabled"
keyFile - This is the path to file that stores the shared secret that all MongoDB instances use to authenticate to each other in a sharded cluster or replica set.
authorization - This will Enable or disable Role-Based Access Control (RBAC) to govern each user’s access to database resources and operations. By default, this will be Disabled

So, in working env when we forget rootadmin password. By the way "rootadmin" is the user who has all admin level access to perform anything on |admin| and other DBs.

$ mongo -u rootadmin -p secret   mongo-server:27017/admin
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
2017-10-20T13:44:29.431+0200 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):6:1
@(auth):1:2
exception: login failed


 So, first of all, stop all nodes in MongoDB replica set. Comment out the three line which will be there in your configuration files. Here I am running three instances on the same node so using |sed| trick to comment and uncomment the multiple config files.

Before making changes -


$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf 
node1/conf/mongod.conf-security:
node1/conf/mongod.conf:  keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf-  authorization: "enabled"
--
node2/conf/mongod.conf-security:
node2/conf/mongod.conf:  keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf-  authorization: "enabled"
--
node3/conf/mongod.conf-security:
node3/conf/mongod.conf:  keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf-  authorization: "enabled"


Comment out the security config parameter(Here I am commenting line number 20-22)-


$ sudo  sed  -i '20,22 s/^/#/' node?/conf/mongod.conf 

Check again after making changes(See the diference # ) -


$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf
node1/conf/mongod.conf-#security:
node1/conf/mongod.conf:#  keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf-#  authorization: "enabled"
--
node2/conf/mongod.conf-#security:
node2/conf/mongod.conf:#  keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf-#  authorization: "enabled"
--
node3/conf/mongod.conf-#security:
node3/conf/mongod.conf:#  keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf-#  authorization: "enabled"

Start all the nodes, and login without the password. 


$ mongo   mongo-server:27017/admin
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
Server has startup warnings:
2017-10-20T13:40:19.999+0200 I CONTROL  [initandlisten]
MongoDB Enterprise rs0:PRIMARY> show dbs
admin  0.078GB
local  6.075GB
MongoDB Enterprise rs0:PRIMARY> db
admin
MongoDB Enterprise rs0:PRIMARY> db.changeUserPassword("rootadmin","new-password")
MongoDB Enterprise rs0:PRIMARY>
bye

Now, Uncomment security stuff again in config file and give restart to all nodes.

$ sudo  sed  -i '20,22 s/^#//' node?/conf/mongod.conf
$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf
node1/conf/mongod.conf-security:
node1/conf/mongod.conf:  keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf-  authorization: "enabled"
--
node2/conf/mongod.conf-security:
node2/conf/mongod.conf:  keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf-  authorization: "enabled"
--
node3/conf/mongod.conf-security:
node3/conf/mongod.conf:  keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf-  authorization: "enabled" 

After that try to login again using new credentials.

$ mongo -u rootadmin -p new-password mongo-server:27017/admin
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
Server has startup warnings:
2017-10-20T13:47:30.262+0200 I CONTROL  [initandlisten]
MongoDB Enterprise rs0:PRIMARY> show dbs
admin  0.078GB
local  6.075GB
MongoDB Enterprise rs0:PRIMARY> 
Note: If you are not using the config file and just passing arguments, then you can stop and then start replica set nodes without these parameters.


Tuesday, August 9, 2016

Check dependencies of local RPM package

We all know that for managing packages or softwares on any system, we need some kind of tool which can be used to manage the packages or softwares. Different distributions have its know tool for achieving the same.

                     For example for RHEL/Centos/Fedora we use RPM(RPM Package Manager)
 for all rpm package management which take care of "installation, uninstallation, update, query etc.



              So, sometimes whenever we install any package we get lots of error regarding the dependencies. Here we are discussing that how we can list dependencies associated with particular rpm file.


1.) Check for file i,e, yet package is not installed:
         rpm -qpR {rpm-file}  
e.g. test
    -----
    -----
    output truncated..
  2.) If packages is already installed:
      rpm -qR {package-name}
e.g. :

   3.) Dry run without installing the package:
         rpm -Uvh --test {rpm-file}
  e.g.:

Finally, yes of course if you don't make these checks and just try to install then you will get list of missing dependencies as well.

Monday, April 25, 2016

Remount multiple NFS mount points on Client in one go

                                     Sometimes we may have number of mount points available on NFS clients and after making changes for any one of parameters, we have to remount all partitions. Doing umount and mount on multiple partitions will really be hectic job and there may be chances of human errors.
     
    We can do this using single command to achieve the same. Sharing some other commands as well, before moving to exact one :).

  • Get the list of all NFS mount points available on System:
                     Before moving ahead with changes, lets see how many partitions are their on system. Below command will do trick and give you all the nfs mount points without any header and headers.
    • Without headers -
                     #df -PF nfs | awk '{if(NR>1)print}'     # This command will suppress header line 


    • With headers-
                   #df -PF nfs 

  • Here goes the actual thing, where we need to mount and remount multiple nfs partitions after making changes to parameters.
                    #for M in $(mount | awk '/type nfs / {print $3;}'); do echo $M; sudo umount $M && sudo mount $M && echo "ok :)"; done


[Note: Execute at your own risk after doing testing on test environments ;) ]

Monday, March 21, 2016

"ERROR: Could not find cookbook in your cookbook path, skipping it" in Chef

Chef is a automation framework tool which help us to deploy code or configuration across multiple systems which may be physical, virtual or cloud systems.

Here I am just want to highlight one small issue which I got when I was trying to upload cookbook from my workstation. Everything was in place, but still it was throwing below error:

$ knife  cookbook upload cookbook_nameERROR: Could not find cookbook cookbook_name in your cookbook path, skipping it
ERROR: Failed to upload 1 cookbook.

Usually, by default knife will use default location specified in ~/.chef/knife.rb file for cookbook. In my everything was correctly configured as below :

$ cat ~/.chef/knife.rb | grep cookbook_path
cookbook_path [ '.', '..' ]
I was trying to upload as per directory name given to cookbook.


After, doing lots of search finally got to know that knife command will compare the cookbook name from metadata.rb file in cookbook directory. Then I made the correction in metadata.rb file and it works like charm as below:


Friday, October 2, 2015

Get Oracle Version details

In this small post, I am sharing the commands to get details about the oracle version you are using. Although much detail is there in Oracle documentation, but thought of sharing this small tips :).

Steps:

Connect to Oracle DB using CLI or UI tool as you wish. Here I am connecting with Oracel SQL Developer. There are number of ways for getting the details. I sharing below ones.

  1. select * from v$version;


  1.    2. select version from v$instance;

  2.             3. select * from product_component_version;*

  3. Regarding the release number format, there is very good explanation on Oracle Doc site. Please go through it for details.
  4. Thanks!!

Thursday, October 1, 2015

boot2docker Error

I have installed boot2docker and when I tried to play with docker, I have started getting below error for every docker commands that I run.

Error

FATA[0000] Get http:///var/run/docker.sock/v1.18/version: dial unix /var/run/docker.sock: An address incompatible with the requested protocol was used.. Are you trying to connect to a TLS-enabled daemon without TLS?



I have checked about the vm status and everything seems good, as below:


After some troubleshooting, I found that issue was with some system variables. Basically there are three variables, which you need to set to make this working. In windows you can use set command and in Linux you can use export command:

   set DOCKER_HOST=tcp://192.168.59.103:2376    
   set DOCKER_CERT_PATH=C:\Users\kuldeep.d.sharma\.boot2docker\certs\boot2docker-vm   
   set DOCKER_TLS_VERIFY=1

Note: When you initialize your boot2docker, it will provide you all details and ask to update variables. 
P.S.- Change above values accordingly :).

Below is the screen shot, where I tried to set each variable and saw the different result and dependencies of these variables on each other.




Thanks!!

Tuesday, August 4, 2015

Installing Jboss A-MQ 6.2

Jboss A-MQ 6.2 has been released on 2015-06-23 with lots of bug fixes along with major switch from Active MQ 5.9 to 5.11. Below are the steps for installing the new version and exploring the messaging world :) .



1.) Download JBoss A-MQ 6.2.0.GA Zip and md5 checksum to ensure the integrity.

2.) Compare the md5 checksum of zip file with downloaded one.

3.) If, both are same then unpack the archive. If you are unpacking the archive in windows, then make sure that you don't have any space and any special characters in name as %, $, # etc.

4.) Configure Users and Roles as per your requirements to $AMQ_HOME/etc/users.properties . Format will be as below.
# USER=PASSWORD,ROLE1,ROLE2,…

Note: I am using here simple admin password for demo, but in Live scenarios please choose strong password, as this password will be stored in plain text.  Jboss A-MQ 6.2 support RBAC(Role Based Access control), So we can assign different roles as per needed.

5.) Start AMQ instance.

6.) Login to console to view runtime information about container.

7.) Verify the Installations :
a.) Send message using below command, by default it will send 1000 messages to TEST queue.
#./bin/client "activemq:producer --user Username --password Password"
b.)  Check status about the messages:
#./bin/client "activemq:dstat"
c.) Run consumer client to consume the messages from TEST Queue as below :
#./bin/client "activemq:consumer --user Username --password Password"
d.) Again verify the Queue status by running following command:
#./bin/client "activemq:dstat"

You can explore all these information and even much more using hawtio console. It provide really impressive pictorial view for digging further and monitor the things using JMX mbeans.

Below are few screen shot from hawtio console:
ActiveMQ Tab :

Dashboard Tab:

JMX Tab: