Hi,
I am attempting to do some housekeeping on our database (see below). With v4+'s database authenticated access control enabled, I am able to get what I assume is an authenticated shell with cryosparcm mongo, but issuing a subsequent compact command returns an error: not authorized on meteor to execute command.
Apologies for the naive question, but is there a way of getting around this short of temporarily disabling CRYOSPARC_DB_ENABLE_AUTH? Perhaps an additional undocumented authentication step?
Cheers,
Hi @Rajan ,
It is possible to reduce the size of the MongoDB database by using the compact command, but please note this is a blocking command; cryoSPARC will not work while this command is running.
MongoDB does not release storage space back to the OS when you delete documents, which is why the storage size remains the same.
First, create a backup of your database.
Then, in a shell on the master node:
cryosparcm restart
eval $(cryosparcm env)
mongo localhost:$CRYOSPARC_MONGO_PORT # will c…
wtempel
December 4, 2022, 10:56pm
2
Does this happen inside a mongo shell that you just opened withcryosparcm mongo?full command executed?
Hi @wtempel ,
Thanks.
Yes.
I attempted to copy-and-paste the commands listed in the linked post. I am attaching an example stdout stream (identifying info deleted):
$ cryosparcm mongo
MongoDB shell version v3.6.23
connecting to: mongodb://<hostname_deleted>:65501/meteor?authSource=admin&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("<deleted>") }
MongoDB server version: 3.6.23
meteor:PRIMARY> db.runCommand({compact:'projects', force: true})
{
"operationTime" : Timestamp(1670200242, 1),
"ok" : 0,
"errmsg" : "not authorized on meteor to execute command { compact: \"projects\", force: true, lsid: { id: UUID(\"<deleted>\") }, $clusterTime: { clusterTime: Timestamp(1670199973, 2), signature: { hash: BinData(0, <deleted>), keyId: <deleted> } }, $db: \"meteor\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(1670200242, 1),
"signature" : {
"hash" : BinData(0,"<deleted>"),
"keyId" : NumberLong("<deleted>")
}
}
}
For reference, I am logged in as the linux owner of the cryoSPARC installation prior to issuing cryosparcm mongo. Also, db.stats() returns the expected output in the db shell.
Just in case it’s relevant, below are the contents of cryosparcm/config.sh. It seems to have carried over from v3.3.2 rather than being updated to a v4-like form. (The CRYOSPARC_DB_ENABLE_AUTH variable was manually added after updating to v4.)
export CRYOSPARC_LICENSE_ID="<deleted>"
export CRYOSPARC_MASTER_HOSTNAME="<hostname_deleted>"
export CRYOSPARC_DB_ENABLE_AUTH=true
export CRYOSPARC_DB_PATH="/<deleted>/cryosparc2/db"
export CRYOSPARC_BASE_PORT=65500
export CRYOSPARC_DEVELOP=false
export CRYOSPARC_INSECURE=false
export CRYOSPARC_CLICK_WRAP=true
export CRYOSPARC_SUPERVISOR_SOCK_FILE="/tmp/<deleted>.sock"
Cheers,
nwong
December 6, 2022, 3:40pm
4
Hi @leetleyang ,
Thanks for bringing this to our attention. To run admin commands on the database with access control enabled, you can use the following commands:
eval $(cryosparcm env)
mongo_uri=$(python -c "from cryosparc_compute import database_management; print(database_management.get_mongo_uri('admin'))")
mongo $mongo_uri
Hope this helps,
Nicholas Wong
Hi @nwong ,
Thanks for the help. It seems to be returning a similar error though. It’s not the compact command that requires a different syntax, is it?
$ eval $(cryosparcm env)
$ mongo_uri=$(python -c "from cryosparc_compute import database_management; print(database_management.get_mongo_uri('admin'))")
$ mongo $mongo_uri
MongoDB shell version v3.6.23
connecting to: mongodb:/<hostname_redacted>:65501/admin?authSource=admin&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("<redacted>") }
MongoDB server version: 3.6.23
meteor:PRIMARY> db.runCommand({compact:'projects', force: true})
{
"operationTime" : Timestamp(1670368747, 4),
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { compact: \"projects\", force: true, lsid: { id: UUID(\"<redacted>\") }, $clusterTime: { clusterTime: Timestamp(1670368744, 1), signature: { hash: BinData(0, <redacted>), keyId: <redacted> } }, $db: \"admin\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(1670368747, 4),
"signature" : {
"hash" : BinData(0,"<redacted>"),
"keyId" : NumberLong("<redacted>")
}
}
}
Interestingly, db.stats() returns an unauthorized error now as well unless first switching to db meteor (use meteor).
Cheers,
nwong
December 7, 2022, 3:41pm
6
Hi @leetleyang ,
Apologies, I forgot to include a parameter in my last reply. Could you please try it again using:
mongo_uri=$(python -c "from cryosparc_compute import database_management; print(database_management.get_mongo_uri('admin', admin=True))")
The argument admin=True is necessary to use admin credentials when connecting to the database.
Alternatively, you can also set CRYOSPARC_DB_ENABLE_AUTH=false in config.sh and restart CryoSPARC to launch the database without access control.
2 Likes
Hi @nwong ,
Brilliant! That does the trick.
Cheers,
2 Likes