joannacwolfcomm: check the database you are authentucating against
joannacdiegows: wiredtiger files are compressed, so they change a lot
joannaccwall: not that I'm aware of
cwallThanks joannac
wolfcommjoannac: i figured out the connection issue, and it turns out auth was working before, just not in the way i was expecting. i was expecting to NOT get a shell. if a user has no authorization whatsoever why is a shell granted? this seems very very bad.
joannacwolfcomm: the alternative way to auth is to connect and use db.auth(username, password)
joannacthe shell you get as an unathd user will not let you run very much
wolfcommjoannac: yeah, it's still an attack vector though. is there anyway to prevent this? i'm going to use ip tables but this still isn't enough imo.
joannacHave you set bindIp as well?
wolfcommjoannac: yeah
joannacwolfcomm: can you elaborate on what attack vector you see?
joannacYou have to be able to connect to the server in order to authenticate... so your connection is always going to be unauthenticated to begin with.
wolfcommjoannac: well i'm going to provide access to my db server to my app server. if my app server is compromised somehow my db server is granting a shell to an adversary. they might not have the credentials but a shell is a shell.
wolfcommit's ok. it's still a hole but i can live with it for now.
joannacwolfcomm: just to clarify, the mongo shell runs on the client side, and is not equivalent to having a shell on the server side (like what you would get if you ssh)
joannacyou do have an unauthenticated connection to the mongod server, which will refuse to run most commands (there are a few you can run, e.g. allowing connections to replica sets to find out which one is the current primary)
wolfcommjoannac: i understand, thank you for the info
kim_wildehello, how can I set my mongo instance up with notablescan = False and to be sure that's like this when booted up?
kim_wildenormally I do this command:
kim_wilde> db.getSiblingDB("admin").runCommand( { setParameter: 1, notablescan: 0 } )
kim_wilde{ "was" : false, "ok" : 1 }
kim_wildebut how to exeute it automatically during restart?
Derickkim_wilde: I don't think you can, unless you write a script
Derick(and run it in your start up script)
linociscohi all, of 3 nodes, I stepped down the primary, which is now secondary. How can I make all nodes up again?
Derickone of the other nodes is now primary
Derickso they should be all up?
linociscoDerick, Now stepped down node is not participating in replicaSet. How can I make it part of replicaSet?
kim_wildeDerick: how to write a script like this?
linociscoDerick, I tried rs.syncfrom("localhost:27019"). didn't work
Dericklinocisco: how did you step it down?
linociscoDerick, m101:PRIMARY> rs.stepDown()
Derickkim_wilde: a script is just a JS file with the same contents as what you would do on the shell, which you can run with "mongodb script.js"
Dericklinocisco: so what makes you think it's not participating?
Derickstepping down does do nothing more than to trigger an election making itself not available for election
linociscoDerick, ps -ef |grep mongod shows stepped down one is now shown
linociscoDerick, ps -ef |grep mongod shows stepped down one is not shown
kim_wildeDerick: okay!
kim_wildeDerick: thx
Dericklinocisco: so besides stepping one down, you also restarted the server itself?
Derickline 68: "lastHeartbeatMessage" : "not running with --replSet",
Derickyou forgot to restart it with the --replSet argument
Derickline 141-68 all say the same too
linociscoDerick, yes. I am not aware of that issue/option
linociscoDerick, how can I restart that? I hope I can join after restarting with some commands. but there is no
Derickhow did you start them in the first place?
linociscoDerick, mongo --port 27017
linociscoDerick, to start as replicaset, i ran
Dericklinocisco: right, but that is not how you *restart* the one with port 27017
Derickand "mongo --port 27017" is just the client, not the server
linociscono. last time is no. just mongo --port 27017
linociscoDerick, so , should I run that bash script again?
Derickyou need to stop the mongod that is running on port 27017 first
Derickand then only start the one from your script that mentions port 27017
Derickie, run line 4
linociscoDerick, so, stop existing mongo process which is not part of replicaSet and run line (4) from bash which is mongod --replSet m101 --logpath "1.log" --dbpath /data/rs1 --port 27017 --oplogSize 64 --fork --smallfiles
linociscoDerick, is that what you mean?
linociscoDerick, excuse me for dummy question. now ok. thanks
Dericklinocisco: yes
nohitallhi guys, when I try to use --oplog for mongodump I get Failed: error getting oplog start: not found
nohitallis this something that has to be configured?
nohitallnever mind I found out why
WebertRLZhello everyone
WebertRLZI'm using mongo 3.0, I need to update hundreds of collections in the following way;
WebertRLZthe collections contains documents. each document may contain an array of documents, and these documents may contain another array
WebertRLZsomething like: db.collection.findOne() === {_id:ObjectId("123456"), attachments:[{filename:"", contents:[{filename:"image1.jpg"}]}]}
WebertRLZI need to clean the attachments.contents from all elements of the attachments array
WebertRLZi have tried the following, which had only removed the first element of each document in the collection:
WebertRLZany hints?
darkfrogI have two collections: `sources` and `connections`. I'm trying to do a `$graphLookup` between the two. The `connections` collection has a `_from` and a `_to` that represent `sources._id` references. I want to start with a specific source id and aggregate across all connections returning the sources but following the examples on I'm having a hard tim
darkfroge getting it to work. It technically runs, but it always returns null for the `as`. Help is appreciated.
darkfrogthis is what it looks like currently:
darkfrogdestinations is an empty array
darkfrogDerick: you helped me yesterday, I'm hoping you have some experience with graph traversal. ;)
Derickdarkfrog: hmm, with a lookup?
Derickthese are tricky
darkfrogDerick: I'm discovering this. :)
darkfrogDerick: I'm exploring MongoDB in replacement of our current graph database as it doesn't scale well with millions of records, but it's important I can verify that graph traversals work.
Derickoh, right
darkfrogDerick: any idea what I'm doing wrong?
Dericksorry, trying to debug my own code first :)
darkfrogDerick: no worries, I'll be patient. Drop me a message when you have a chance.
darkfrogI'll keep staring at the documentation hoping it leads to some actual understanding
Derickdarkfrog: in the mean while, if you can provide me with sample documents etc, that'd be really helpful
darkfrogwill do
darkfrogDerick: here ya go:
darkfroghopefully that will help illuminate what I'm trying to do
Derickdustinm`: '_id': 'pg2QHgwl6745kUJJ8O0eew95SZ6qHwYZ' doesn't exist in sources.json
Derickdarkfrog: that was for you
darkfrogsorry, bad data:
darkfrogin the JSON sample I simplified the ids
darkfrogDerick: the idea is that I want to start with 0001 and traverse the graph connections to get connections 002 and 003. Ultimately, I want a multiplied probability as well, but I can handle that myself if necessary (0.8 probability for 0001 -> 0002 and 0.48 probability for 0001 -> 0003)
darkfrog0.48 being 0.8 * 0.6
WebertRLZso in respect of my question I guess my only option is to use a javascript interective mongo shell to do it
WebertRLZdb.collection.find({"attachments.contents":{$exists:true}}).forEach(function(doc){var attachments = doc.attachments; for(i in attachments){attachments[i].contents=[];db.collection.update({_id:doc._id},{"$set":{"attachments":attachments}});}})
darkfrogDerick: no rush, but I still haven't been able to figure this out
Derickdarkfrog: sorry, don't think I'm going to have the time today
darkfrogDerick: I understand....any suggestions of someone else that might be able to help?
darkfrogI guess I'll just post on StackOverflow
WebertRLZsorry darkfrog, never done anything like it before
darkfroganyone interested in offering a solution:
sphetI am wondering if someone can help me with a db layout issue - although really we are trying to access the data via python eve.
sphetWe have 500 tests which can fail on any revision. We want to say 'for all the tests that have had a failure in the last 10 revisions, give me the last 10 records for that test', essentially filtering out tests that have run successfullty for days