PowerProtect Cyber Recovery: 설치가 실패하고 "Failed to Set MongoDB 자격: Admin DB 자격 증명을 변경하지 못했습니다. 관리 데이터베이스에 연결할 수 없음

Failed to set MongoDB credential:Failed to change admin DB credential:Unable to connect to theadmindatabase :server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:17112, Type: Unknown, Last error: connection() error occurred during connection handshake: dial tcp 127.0.0.1:17112: connect: connection refused }, ] }

다음 KB 문서 212531 PowerProtect Cyber Recovery를 확인하십시오. Cyber Recovery의 새로운 설치 19.13 이상 실패 - v8.7 물리적 서버 또는 가상 머신에서 CPU의 AVX 기능을 사용할 수 있도록 MongoDB 자격 증명을 설정하지 못했습니다.

"docker ps -a" 명령은 아래와 같이 MongoDB docker 인스턴스가 종료 상태임을 보여줍니다.

[root@cradmin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c3fe3dc5959f localhost:14779/cr_mongo:6.0.5 "/bin/bash /usr/loca" 4 minutes ago Exited (1) 4 minutes ago cr_mongo-auth_1 
3fbf3db0c71d localhost:14779/cr_registry:2.8.1.7 "/entrypoint.sh /etc" 4 minutes ago Up 4 minutes 127.0.0.1:14779->5000/tcp cr_registry

"docker logs cr_mongo-auth_1"를 실행하면 인증서를 읽을 수 없습니다.

[root@crm-cradmin]# cat mongo.txt
=> Waiting for confirmation of MongoDB service startup...
{"t":{"$date":"2023-08-17T15:25:23.384Z"},"s":"I",  "c":"CONTROL",  "id":5760901, "ctx":"-","msg":"Applied --setParameter options","attr":{"serverParameters":{"opensslCipherConfig":{"default":"HIGH:!EXPORT:!aNULL@STRENGTH","value":"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA"}}}}
about to fork child process, waiting until server is ready for connections.
forked process: 23

{"t":{"$date":"2023-08-17T10:25:23.386-05:00"},"s":"I",  "c":"CONTROL",  "id":20698,   "ctx":"-","msg":"***** SERVER RESTARTED *****"}
{"t":{"$date":"2023-08-17T10:25:23.392-05:00"},"s":"I",  "c":"NETWORK",  "id":4915701, "ctx":"main","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":17},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":17},"outgoing":{"minWireVersion":6,"maxWireVersion":17},"isInternalClient":true}}}
{"t":{"$date":"2023-08-17T10:25:23.394-05:00"},"s":"E",  "c":"NETWORK",  "id":23248,   "ctx":"main","msg":"Cannot read certificate file","attr":{"keyFile":"/cr/ssl/certs/CRSERVICE.pem","error":"error:FFFFFFFF8000000D:system library::Permission denied"}}
{"t":{"$date":"2023-08-17T10:25:23.394-05:00"},"s":"D1", "c":"ASSERT",   "id":23074,   "ctx":"main","msg":"User assertion","attr":{"error":"InvalidSSLConfiguration: Can not set up PEM key file.","file":"src/mongo/util/net/ssl_manager_openssl.cpp","line":2643}}
{"t":{"$date":"2023-08-17T10:25:23.395-05:00"},"s":"F",  "c":"CONTROL",  "id":20574,   "ctx":"main","msg":"Error during global initialization","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"Can not set up PEM key file."}}}
ERROR: child process failed, exited with 1
To see additional information in this output, start without the "--fork" option.

인증서에는 cr/etc/ssl/certs에 644개의 사용 권한이 없습니다. 

cr:/opt/dellemc/cr/etc/certs/ssl # ls -al
total 116
drwxrwxrwx 2 cyber-recovery-admin 14999 4096 Aug 30 15:10 .
drwx------ 3 root                 root  4096 Apr  7 17:52 ..
-rw------- 1 root                 root  1716 May 30 11:17 CRSERVICE.crt
-rw------- 1 root                 root  1766 May 30 11:17 CRSERVICE.key
-rw------- 1 root                 root  3482 May 30 11:17 CRSERVICE.pem

1. 아래 명령을 사용하여 umask 022를 사용하도록 사용자 루트를 설정합니다.

# umask 022

2. 다음을 실행하여 현재 umask를 확인합니다. 

# umask

3. 다음 명령을 실행합니다.

# ./crsetup --deploy. 

4. 재부팅 후에도 루트가 022의 umask를 유지하도록 하십시오. 그렇지 않으면 재부팅 후 MongoDB docker 인스턴스가 시작되지 않습니다.

cd ~ (for root home directory)
vi .bashrc (do not forget the Dot before bashrc).
Add the following line:
umask 022
Save the file.