mongodb serverStatus fails if auth is enabled

[xcolour]

We use the serverStatus command to collect metrics from MongoDB.

If authentication is enabled (that is, auth = true in the mongod.conf), this command fails with the following error:

2012-12-18 23:23:02,884 - checks - ERROR - Unable to get MongoDB status
Traceback (most recent call last):
File "/usr/share/datadog/agent/checks/db/mongo.py", line 113, in check
status = db.command('serverStatus') # Shorthand for {'serverStatus': 1}
File
"/usr/lib/python2.6/site-packages/pymongo-2.4-py2.6-linux-x86_64.egg/pymongo/database.py",
line 395, in command
msg, allowable_errors)
File
"/usr/lib/python2.6/site-packages/pymongo-2.4-py2.6-linux-x86_64.egg/pymongo/helpers.py",
line 144, in _check_command_response
raise OperationFailure(msg % details["errmsg"])
OperationFailure: command SON([('serverStatus', 1)]) failed: exception:
unauthorized db:admin ns:admin lock type:0 client:10.52.30.71

NOTE: If the agent is configured to connect to localhost and an admin user has never been created, everything will be fine because mongo allows admin connections to localhost in the absence of admin users. So, make sure you have an admin user to be able to reproduce this issue:

$ mongo
> use admin
> db.addUser('admin', 'admin')

[xcolour]

I've investigated this further. It appears (although it was unclear from the documentation) that the calls we're doing to gather mongo stats all require admin permissions. We probably just never noticed because if authentication is disabled or an admin user hasn't been configured, all connections to localhost are automatically admin-authenticated.

We should update the check to gather stats as per the following gist:

https://gist.github.com/66bcd83207cfdd38b3e3

And we should update the instructions to have the user create a read-only admin account and use that in their connection string:

> use admin
> db.addUser('datadog', 'pass', true)

[xcolour]

fixed in 019b9c5

[devinrsmith]

Just ran into this. For me, I had to give the datadog user the additional role of "clusterMonitor" http://docs.mongodb.org/manual/reference/built-in-roles/

[gdelgado]

Just ran into this issue and using "devinrsmith" suggestion fixed it. Documentation should be updated in datadog.

[alq666]

@gdelgado updated the external documentation first in DataDog/documentation@1832334

[BretFisher]

db.grantRolesToUser("datadog",[{ role: "clusterMonitor", db:"admin" }])

[dimsamaras]

Thanks @devinrsmith.
Here are my 2cents:

i have my db hosted on mLab and the Mongo version is 2.6:
on datadog Agent define:

• • server: mongodb://datadog:pass@mongo-url:mongo-port,mongo-replica-url:mongo-port/admin?replicaSet=replica-id

mLab only suggests the working db name....

then using the mongo client:

use admin
db.auth("user","pass")
db.createUser("datadog","pass",true)
db.runCommand({grantRolesToUser:"datadog",roles:["clusterMonitor"]})

[DI-DaveGoodine]

Thank you @dimsamaras - the db.runCommand finally got the integration working for me.