MongoDB Unauthorized: replSetGetConfig

Question

I am trying to setup a replica set with mongodb 3.4 and am facing the following error. Have tried searching around a bit but am not able to find a solution.

root@mongo-db-1:~# mongo MongoDB shell version v3.4.0 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.0
> use admin 
switched to db admin
> db.auth('admin','****'); 
1
> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "DKkxOnMHCSSPwJCJyLA9Eg==", "storedKey" : "9aD//lm3eyeBN2LqZeTdqvvKXlU=", "serverKey" : "OX07H3FVQ447OqGMD7mCmX0WU0M=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
> rs.conf()
2016-12-20T09:58:45.579+0530 E QUERY    [main] Error: Could not retrieve replica set config: {
    "ok" : 0,
    "errmsg" : "not authorized on admin to execute command { replSetGetConfig: 1.0 }",
    "code" : 13,
    "codeName" : "Unauthorized"
} :
rs.conf@src/mongo/shell/utils.js:1262:11
@(shell):1:1

MongoDB Logs

2016-12-20T09:58:01.278+0530 I NETWORK  [thread1] connection accepted from 127.0.0.1:60804 #2 (1 connection now open)
2016-12-20T09:58:01.279+0530 I NETWORK  [conn2] received client metadata from 127.0.0.1:60804 conn2: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.0" }, os: { type: "Linux", name: "Ubuntu", architecture: "x86_64", version: "14.04" } }
2016-12-20T09:58:01.282+0530 I ACCESS   [conn2] Unauthorized: not authorized on admin to execute command { getLog: "startupWarnings" }
2016-12-20T09:58:01.285+0530 I ACCESS   [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
2016-12-20T09:58:19.044+0530 I ACCESS   [conn2] Successfully authenticated as principal admin on admin
2016-12-20T09:58:19.046+0530 I ACCESS   [conn2] Unauthorized: not authorized on admin to execute command { replSetGetStatus: 1.0, forShell: 1.0 }
2016-12-20T09:58:45.578+0530 I ACCESS   [conn2] Unauthorized: not authorized on admin to execute command { replSetGetConfig: 1.0 }

Is there something I am missing here?

Mongo Config

root@mongo-db-1:~# cat /etc/mongod.conf
storage:   
    dbPath: /var/lib/mongodb
    journal:
        enabled: true
# where to write logging data.
systemLog:   
    destination: file   
    logAppend: true   
    path: /var/log/mongodb/mongod.log
# network interfaces 
net:   
    port: 27017   
    bindIp: 127.0.0.1
security:   
    authorization: enabled   
    keyFile: /thefile
processManagement:   
    fork: true
replication:   
    replSetName: rs0

Answer 1

Your "admin" database user only has the userAdminAnyDatabase role.

However, the clusterManager role is needed to execute the replSetGetConfig command: https://docs.mongodb.com/manual/reference/privilege-actions/#authr.replSetGetConfig

You will need to grant this role to your user to be able to execute this command. This can be done using db.grantRolesToUser().

Answer 2

You must give clusterMagnager permissions to your "admin" user. To add the clusterManager role to your admin user you have to execute the following function after you authenticate.

db.grantRolesToUser(
   "admin",
   [ "clusterManager" ]
)