1

I am using mongodb with two servers physically located in respectively Italy and France.

The France server runs Ubuntu server is the Primary of the replica set, and works fine, i.e it accepts connections from mongo shell whether locally or remotely and is continuously updated by a python client.

The second server in Italy works fine standalone with CentOS, but get stuck to STARTUP status when starting as part of the replica set. The log indicates that it received the configuration from the primary.

I tried a several things to fix the issue but none of them works:

  • Try to use keyfile (or not) between members of the replica set.
  • Check the Firewall is open on both sides with nmap
  • Add iptables rules to assert the mongodb port accept in/out traffic.
  • Check mongod is up and listening on all IP on both sides.
  • Configure (or not) the same admin user on secondary before restarting with --replSet. This step can only be done when secondary is standalone, since started as member of the replica set, it is stuck in transient state and thus it does not accept user creation. Hence it follows that login to the secondary fails.

Also both members (France:primary and Italy:secondary) are started with --auth, --replSet rs0, --keyFile.

I researched the issue on the web before, and found the closest answer here: MonogoDB Replica Set Status Not changing from Startup to Secondary

But the author mention that the secondary did not received the configuration which makes the issue different than this one.

Thanks for your help.

Nicolas Denoyelle
  • 11
  • 4

2 Answers2

0

Ran into a similar issue. Are you running iptables or nftables?

For me, accepting inbound packets from 127.0.0.0/8 to port 27017 and outbound packets to 127.0.0.0/8 port 27017 did the job.

Here are the rules I added using nft, but they are specific to my nftables setup so they might not work as-is for you.

nft add rule inet filter input ip saddr 127.0.0.0/8 tcp dport 27017 accept
nft add rule inet filter output ip daddr 127.0.0.0/8 tcp dport 27017 accept

And here is the equivalent for iptables.

iptables -A INPUT -s 127.0.0.0/8 -p tcp -m tcp --dport 27017 -j ACCEPT
iptables -A OUTPUT -d 127.0.0.0/8 -p tcp -m tcp --dport 27017 -j ACCEPT
sunknudsen
  • 6,356
  • 3
  • 39
  • 76
0

I had the same issue and what solved it for me was making sure the name of each member was using the IP address rather than hostname. I change the members already in the replica set to use IP address by just re-configuring with

conf=rs.conf()
conf.members[0].host="XX.XX.XX.XX:27017"
conf.members[1].host="XX.XX.XX.XX:27017"
conf.members[2].host="XX.XX.XX.XX:27017"
rs.reconfig(conf, {force: true})

and then I added my new member by IP address

rs.add("XX.XX.XX.XX:27017")

and it worked.

naths
  • 1
  • 1