Uploaded image for project: 'Percona Server for MongoDB'
  1. Percona Server for MongoDB
  2. PSMDB-266

when using directoryperdb option it's possible to add collections to keydb directory



    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 3.6.8-2.0
    • Fix Version/s: 4.0.4-1, 3.6.10-3.0
    • Component/s: None
    • Labels:


      I'm reporting this so it can be discussed if "keydb" should be made reserved word so we can't create databases with this name.
      keydb directory inside db directory is used to store encryption keys and if we use directoryperdb startup option we can freely create a database named "keydb" and start adding collections and they will be added to keydb directory where encryption keys are stored.

      Howto repeat:
      1. start server with encryption and directoryperdb

      bin/mongod --port 27017 --storageEngine wiredTiger --dbpath /home/plavi/lab/psmdb/bin/percona-server-mongodb-4.0.4-1/nodes/db --logpath /home/plavi/lab/psmdb/bin/percona-server-mongodb-4.0.4-1/nodes/mongod.log --fork  --wiredTigerCacheSizeGB 1 --enableEncryption --encryptionKeyFile /home/plavi/lab/psmdb/bin/percona-server-mongodb-4.0.4-1/nodes/mongodb-keyfile --encryptionCipherMode AES256-CBC --replSet rs1 --directoryperdb

      2. create database keydb and add collection

      use keydb;
      db.korisnici.insert({ name: "Tomislav" })

      Observe that collection will be added to keydb directory:

       plavi@bender  ~/lab/psmdb/bin/percona-server-mongodb-4.0.4-1/nodes/db  ls -l keydb
      total 16520
      -rw------- 1 plavi plavi   16384 pro  12 12:58 collection-2-2610209665745778144.wt
      -rw------- 1 plavi plavi   16384 pro  12 12:53 index-3-2610209665745778144.wt
      -rw------- 1 plavi plavi 1097728 pro  12 13:11 key.wt
      -rw------- 1 plavi plavi    4096 pro  12 12:58 parameters.wt
      -rw------- 1 plavi plavi      45 pro  12 11:46 WiredTiger
      -rw------- 1 plavi plavi    4096 pro  12 12:58 WiredTigerLAS.wt
      -rw------- 1 plavi plavi      21 pro  12 11:46 WiredTiger.lock
      -rw------- 1 plavi plavi 5242880 pro  12 13:17 WiredTigerLog.0000000006
      -rw------- 1 plavi plavi 5242880 pro  12 12:58 WiredTigerPreplog.0000000001
      -rw------- 1 plavi plavi 5242880 pro  12 12:58 WiredTigerPreplog.0000000002
      -rw------- 1 plavi plavi    1066 pro  12 13:17 WiredTiger.turtle
      -rw------- 1 plavi plavi   36864 pro  12 13:17 WiredTiger.wt

      This feels fragile, but currently I don't have some exploit which breaks the server, eg. I have tried to drop collections and databases and since WT doesn't drop the db directory this doesn't touch the encryption keys.
      I have tried to copy database on the same server and on another server and only what is copied is "korisnici" collection, not the encryption keys.

      db.copyDatabase('keydb', 'tttt')
       plavi@bender  ~/lab/psmdb/bin/percona-server-mongodb-4.0.4-1/nodes/db/tttt  ls -alh
      total 40K
      drwx------  2 plavi plavi 4,0K pro  12 13:11 .
      drwxrwxr-x 11 plavi plavi 4,0K pro  12 13:12 ..
      -rw-------  1 plavi plavi  16K pro  12 13:11 collection-0-867564402946944453.wt
      -rw-------  1 plavi plavi  16K pro  12 13:11 index-1-867564402946944453.wt

      same with another server:

      > use keydb;
      switched to db keydb
      > db.runCommand( { clone: "localhost:27017" })
              "note" : "Support for the clone command has been deprecated. See http://dochub.mongodb.org/core/copydb-clone-deprecation",
              "clonedColls" : [
              "ok" : 1
       plavi@bender  ~/lab/psmdb/bin/percona-server-mongodb-4.0.4-1/nodes2/db  ls -l keydb
      total 8
      -rw------- 1 plavi plavi 4096 pro  12 13:24 collection-7-4365323876361500384.wt
      -rw------- 1 plavi plavi 4096 pro  12 13:24 index-8-4365323876361500384.wt

      Now this is not specific to "keydb" because "journal" directory is also affected by this and there was issue reported (I think this was mmap and because it was deleting the underlaying directory): https://jira.mongodb.org/browse/SERVER-2460

      WiredTiger currently doesn't delete db directory when db is dropped when using directoryperdb so it doesn't seem to be an issue now, but maybe we should consider and just make this database name reserved.

      BUT there's an open ticket to allow this and then it could become a problem for us:

      Some other related tickets for WT and dropping:

        Smart Checklist


            Issue Links



                igor.solodovnikov Igor Solodovnikov
                tomislav.plavcic@percona.com Tomislav Plavcic
                0 Vote for this issue
                3 Start watching this issue



                    Time Tracking

                    Original Estimate - Not Specified
                    Not Specified
                    Remaining Estimate - Not Specified
                    Not Specified
                    Time Spent - 1 day