Home / server / Questions / 1170213
Accepted
Malkavian
Asked: 2025-01-16 19:51:49 +0800 CST

mongodb6 on almalinux9.5 is giving me error: Unable to acquire security key, when attempting a replica set

  • 772

I was attempting to create a mongodb cluster with replica set using 3 pc. I am very new to mongodb. the 3 pc have almalinux9.5 and mongodb v6 installed. so far I issued those commands as root.

 yum install https://repo.percona.com/yum/percona-release-latest.noarch.rpm
 percona-release enable psmdb-60 release
 yum list percona-server-mongodb --showduplicates
 yum install percona-server-mongodb
 systemctl start mongod
 systemctl status mongod
 systemctl stop mongod
 mongosh
 sudo firewall-cmd --add-port=27017/tcp --permanent
 firewall-cmd --reload
 systemctl restart mongod
 rm /tmp/mongodb-27017.sock
 systemctl restart mongod
 systemctl status mongod
 mongosh --port 27017  --authenticationDatabase "admin" -u "admin" -p
 nano /etc/mongod.conf 
 systemctl stop mongod

the conf file is this one:

dbPath: /var/lib/mongo
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongo/mongod.log
processManagement:
  fork: true
  pidFilePath: /var/run/mongod.pid
net:
  port: 27017
  bindIp: 0.0.0.0
security:
  authorization: enabled
replication:
  replSetName: "rs0"
security:
    keyFile: /etc/mongodb/keyfile

when I try to start mongod, and I do it as root, i get this error log:

{"t":{"$date":"2025-01-16T12:01:48.622+01:00"},"s":"I",  "c":"CONTROL",  "id":23285,   "ctx":"-","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2025-01-16T12:01:48.629+01:00"},"s":"I",  "c":"NETWORK",  "id":4915701, "ctx":"-","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":17},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":17},"outgoing":{"minWireVersion":6,"maxWireVersion":17},"isInternalClient":true}}}
{"t":{"$date":"2025-01-16T12:01:48.630+01:00"},"s":"I",  "c":"NETWORK",  "id":4648601, "ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize."}
{"t":{"$date":"2025-01-16T12:01:48.632+01:00"},"s":"I",  "c":"ACCESS",   "id":20254,   "ctx":"main","msg":"Read security file failed","attr":{"error":{"code":30,"codeName":"InvalidPath","errmsg":"permissions on /etc/mongodb/keyfile are too open"}}}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"I",  "c":"SHARDING", "id":5847201, "ctx":"main","msg":"Balancer command scheduler stop requested"}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"I",  "c":"ASIO",     "id":22582,   "ctx":"main","msg":"Killing all outstanding egress activity."}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"F",  "c":"CONTROL",  "id":20575,   "ctx":"main","msg":"Error creating service context","attr":{"error":"Location5579201: Unable to acquire security key[s]"}}

To better explain my attempt I made a keyfile called keyfile and used scp to copy it on the 3 pc at the path: /etc/mongodb/keyfile, the keyfile has now permission 644. How do I fix that error Unable to acquire security key and what does it means?

linux

1 Answers

  1. Best Answer

    The answer is right there in the error message.

    The keyfile has 644 permissions. It must not have group or world permissions at all. Change the permissions to 400 and make sure that it is owned by the user mongod which is the user that is running the mongod daemon. Also, make sure that the directory path to the keyfile can be traversed by mongod.

    • 0