Can't open backup cursor if data-at-rest encryption is enabled

General

Escalation

General

Escalation

Description

Hi,

Can't open backup cursor if data-at-rest encryption is enabled in PSMDB.

config file

------------
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
......
security:
   enableEncryption: true
   encryptionKeyFile: /etc/mongodb/enc.key

Successful PSMDB start with clean $DATADIR folder

{"t":{"$date":"2022-08-17T21:11:44.995+00:00"},"s":"I",  "c":"STORAGE",  "id":29039,   "ctx":"initandlisten","msg":"Encryption keys DB is initialized successfully"}

Actual data dir structure

ls -lah *
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 collection-0--3583302226484935484.wt
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 collection-2--3583302226484935484.wt
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 collection-4--3583302226484935484.wt
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 index-1--3583302226484935484.wt
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 index-3--3583302226484935484.wt
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 index-5--3583302226484935484.wt
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 index-6--3583302226484935484.wt
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 _mdb_catalog.wt
-rw------- 1 mongod mongod    5 Aug 17 21:08 mongod.lock
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 sizeStorer.wt
-rw------- 1 mongod mongod  114 Aug 17 21:08 storage.bson
-rw------- 1 mongod mongod   50 Aug 17 21:08 WiredTiger
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 WiredTigerHS.wt
-rw------- 1 mongod mongod   21 Aug 17 21:08 WiredTiger.lock
-rw------- 1 mongod mongod 1.2K Aug 17 21:08 WiredTiger.turtle
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 WiredTiger.wt

diagnostic.data:
total 36K
drwx------ 2 mongod mongod 4.0K Aug 17 21:08 .
drwxr-xr-x 5 mongod mongod 4.0K Aug 17 21:08 ..
-rw------- 1 mongod mongod  12K Aug 17 21:08 metrics.2022-08-17T21-08-03Z-00000
-rw------- 1 mongod mongod  15K Aug 17 21:08 metrics.interim

journal:
total 301M
drwx------ 2 mongod mongod 4.0K Aug 17 21:08 .
drwxr-xr-x 5 mongod mongod 4.0K Aug 17 21:08 ..
-rw------- 1 mongod mongod 100M Aug 17 21:08 WiredTigerLog.0000000001
-rw------- 1 mongod mongod 100M Aug 17 21:08 WiredTigerPreplog.0000000001
-rw------- 1 mongod mongod 100M Aug 17 21:08 WiredTigerPreplog.0000000002

key.db:
total 16M
drwx------ 2 mongod mongod 4.0K Aug 17 21:08 .
drwxr-xr-x 5 mongod mongod 4.0K Aug 17 21:08 ..
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 key.wt
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 parameters.wt
-rw------- 1 mongod mongod   50 Aug 17 21:08 WiredTiger
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 WiredTigerHS.wt
-rw------- 1 mongod mongod   21 Aug 17 21:08 WiredTiger.lock
-rw------- 1 mongod mongod 5.0M Aug 17 21:08 WiredTigerLog.0000000001
-rw------- 1 mongod mongod 5.0M Aug 17 21:08 WiredTigerPreplog.0000000001
-rw------- 1 mongod mongod 5.0M Aug 17 21:08 WiredTigerPreplog.0000000002
-rw------- 1 mongod mongod 1.2K Aug 17 21:08 WiredTiger.turtle
-rw------- 1 mongod mongod 4.0K Aug 17 21:08 WiredTiger.wt

Try to open backup cursor

> db.aggregate([{$backupCursor: {}}])
uncaught exception: Error: command failed: {
    "ok" : 0,
    "errmsg" : "Failed to get a file's size. Filename: /var/lib/mongodb/key.db/journal/WiredTigerLog.0000000001 Error: No such file or directory",
    "code" : 31403,
    "codeName" : "Location31403"
} with original command request: {
    "aggregate" : 1,
    "pipeline" : [
        {
            "$backupCursor" : {
                
            }
        }
    ],
    "cursor" : {
        
    },
    "lsid" : {
        "id" : UUID("18220143-bf3f-4565-9761-ff4a980bab43")
    }
} on connection: connection to 127.0.0.1:27017 : aggregate failed :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
doassert@src/mongo/shell/assert.js:18:14
_assertCommandWorked@src/mongo/shell/assert.js:759:17
assert.commandWorked@src/mongo/shell/assert.js:851:16
DB.prototype._runAggregate@src/mongo/shell/db.js:281:5
DB.prototype.aggregate@src/mongo/shell/db.js:300:12
@(shell):1:1

There aren't any files in $DATADIR/key.db/journal/ and there is no such directory, journal files are stored in $DATADIR/journal/ and $DATADIR/key.db but without subfolder (is it intended?)

Please check and fix the issue.

Environment

None

Smart Checklist

Activity

Done

Details
Assignee
Igor Solodovnikov
Reporter
Sandra Romanchenko
Fix versions
4.2.22-22
4.4.16-16
5.0.11-10
Priority
Medium

Smart Checklist

Created August 17, 2022 at 9:19 PM

Updated March 6, 2024 at 4:23 PM

Resolved August 23, 2022 at 12:41 PM

Can't open backup cursor if data-at-rest encryption is enabled

Description

Environment

Smart Checklist

Activity

Details
Assignee
Igor Solodovnikov
Reporter
Sandra Romanchenko
Fix versions
4.2.22-22
4.4.16-16
5.0.11-10
Priority
Medium

Details

Assignee

Reporter

Fix versions

Priority

Smart Checklist

Smart Checklist

Flag notifications

Something's gone wrong

Something's gone wrong

Can't open backup cursor if data-at-rest encryption is enabled

Description

Environment

Smart Checklist

Activity

DetailsAssigneeIgor SolodovnikovIgor SolodovnikovReporterSandra RomanchenkoSandra RomanchenkoFix versions4.2.22-224.4.16-165.0.11-10PriorityMedium

Details

Assignee

Reporter

Fix versions

Priority

Smart ChecklistOpen Smart Checklist

Smart Checklist

Flag notifications

Something's gone wrong

Something's gone wrong

Details
Assignee
Igor Solodovnikov
Reporter
Sandra Romanchenko
Fix versions
4.2.22-22
4.4.16-16
5.0.11-10
Priority
Medium

Smart Checklist