PowerProtect Cyber Recovery: Installationen misslyckas med felmeddelandet "Failed to Set MongoDB Credential: Det gick inte att ändra inloggningsuppgifterna för administratörsdatabasen: Det går inte att ansluta till administratörsdatabasen

Summary: Installationsskriptet för Crsetup misslyckas efter att nya MongoDB-lösenord lagts till med felmeddelandet "Failed to change admin DB credential."

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Skriptet "/crsetup --install" avslutas efter att MongoDB-lösenordet angetts med följande fel: 
Failed to set MongoDB credential:Failed to change admin DB credential:Unable to connect to theadmindatabase :server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:17112, Type: Unknown, Last error: connection() error occurred during connection handshake: dial tcp 127.0.0.1:17112: connect: connection refused }, ] }

Läs följande KB-artikel 212531 PowerProtect Cyber Recovery: Ny installation av Cyber Recovery 19.13 eller senare misslyckades – Det gick inte att ställa in MongoDB-inloggningsuppgifter, för att säkerställa att AVX-funktionen på CPU är tillgänglig på den fysiska v8.7-servern eller den virtuella datorn.

Kommandot "docker ps -a" visar att MongoDB-dockerinstansen är i slutstatus enligt nedan:

[root@cradmin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c3fe3dc5959f localhost:14779/cr_mongo:6.0.5 "/bin/bash /usr/loca" 4 minutes ago Exited (1) 4 minutes ago cr_mongo-auth_1 
3fbf3db0c71d localhost:14779/cr_registry:2.8.1.7 "/entrypoint.sh /etc" 4 minutes ago Up 4 minutes 127.0.0.1:14779->5000/tcp cr_registry

När du kör "docker logs cr_mongo-auth_1" visas att det inte kan läsa certifikat:

[root@crm-cradmin]# cat mongo.txt
=> Waiting for confirmation of MongoDB service startup...
{"t":{"$date":"2023-08-17T15:25:23.384Z"},"s":"I",  "c":"CONTROL",  "id":5760901, "ctx":"-","msg":"Applied --setParameter options","attr":{"serverParameters":{"opensslCipherConfig":{"default":"HIGH:!EXPORT:!aNULL@STRENGTH","value":"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA"}}}}
about to fork child process, waiting until server is ready for connections.
forked process: 23

{"t":{"$date":"2023-08-17T10:25:23.386-05:00"},"s":"I",  "c":"CONTROL",  "id":20698,   "ctx":"-","msg":"***** SERVER RESTARTED *****"}
{"t":{"$date":"2023-08-17T10:25:23.392-05:00"},"s":"I",  "c":"NETWORK",  "id":4915701, "ctx":"main","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":17},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":17},"outgoing":{"minWireVersion":6,"maxWireVersion":17},"isInternalClient":true}}}
{"t":{"$date":"2023-08-17T10:25:23.394-05:00"},"s":"E",  "c":"NETWORK",  "id":23248,   "ctx":"main","msg":"Cannot read certificate file","attr":{"keyFile":"/cr/ssl/certs/CRSERVICE.pem","error":"error:FFFFFFFF8000000D:system library::Permission denied"}}
{"t":{"$date":"2023-08-17T10:25:23.394-05:00"},"s":"D1", "c":"ASSERT",   "id":23074,   "ctx":"main","msg":"User assertion","attr":{"error":"InvalidSSLConfiguration: Can not set up PEM key file.","file":"src/mongo/util/net/ssl_manager_openssl.cpp","line":2643}}
{"t":{"$date":"2023-08-17T10:25:23.395-05:00"},"s":"F",  "c":"CONTROL",  "id":20574,   "ctx":"main","msg":"Error during global initialization","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"Can not set up PEM key file."}}}
ERROR: child process failed, exited with 1
To see additional information in this output, start without the "--fork" option.

Certifikaten har inte 644 behörigheter under cr/etc/ssl/certs: 

cr:/opt/dellemc/cr/etc/certs/ssl # ls -al
total 116
drwxrwxrwx 2 cyber-recovery-admin 14999 4096 Aug 30 15:10 .
drwx------ 3 root                 root  4096 Apr  7 17:52 ..
-rw------- 1 root                 root  1716 May 30 11:17 CRSERVICE.crt
-rw------- 1 root                 root  1766 May 30 11:17 CRSERVICE.key
-rw------- 1 root                 root  3482 May 30 11:17 CRSERVICE.pem

Cause

Crsetup-skriptet skapar filer som krävs av Docker-instanser och som måste ha behörigheten 644 (rw- r-- r--). I det här fallet överför en verkställd umask 077 behörigheten för filerna till 600 (rw---- ---). MongoDB kunde inte läsa certifikaten och andra filer för konfigurationen.

Resolution

  1. Ställ in användarroten så att umask 022 används med kommandot nedan:
# umask 022
  1. Kontrollera den aktuella umasken genom att köra: 
# umask
  1. Kör kommandot:
# ./crsetup --deploy. 
  1. Kontrollera att roten behåller umasken för 022 även efter omstart, annars startar inte MongoDB-dockerinstansen efter omstart.
cd ~ (for root home directory)
vi .bashrc (do not forget the Dot before bashrc).
Add the following line:
umask 022
Save the file. 

Kontakta Dells tekniska support om du vill ha mer information.

Affected Products

PowerProtect Cyber Recovery
Article Properties
Article Number: 000217057
Article Type: Solution
Last Modified: 08 Sept 2023
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.