Hi there,
I have been using MongoDB for over ten years, but today I am facing a problem and I don’t know how to best deal with.
So I have a large production database that started out with MongoDB 2.x (not sure exactly which, perhaps 2.4), and which has been updated all the way to 4.2 and very recently to 5.0. I thought everything was ok until I discovered, today, that mongodump no longers perform my daily backups.
Failure message is:
mongodump --oplog -u admin -p <my password here> --authenticationDatabase admin --out /data/backup/
2023-03-27T08:11:27.198+0200 Failed: error creating intents to dump: error creating intents for database admin: error counting admin.system.new_users: (Unauthorized) not authorized on admin to execute command { count: "system.new_users", lsid: { id: UUID("11218ac0-f185-4035-ac82-e06b31273527") }, $clusterTime: { clusterTime: Timestamp(1679897486, 4), signature: { hash: BinData(0, 83B632FBABBB17FECFA209B38BD559DD413C8E97), keyId: 7158403034257555467 } }, $db: "admin", $readPreference: { mode: "primaryPreferred" } }
After some googling/reading it seems that this admin.system.new_users collection was (automatically) created during upgrade to 2.6, but never cleaned up. Its content is obsolete and could be safely deleted, and that would fix the mongodump issue, except that, for some reason, I can’t.
Every attempt to delete it fails with “can’t drop system collection” (probably because it is in the system namespace), and it can’t be renamed either, any attempt to do so ends with “Invalid system namespace”.
Looking at mongodb source code, there seem to be no easy way to drop that old unwanted collection which prevents me from backing up my database.
Actually I managed to get my backups working again by adding a specific role to my admin user privileges: [ { resource : { "db" : "admin", "collection" : "system.new_users" }, actions: [ "find" ] }]
, but this isn’t fully satisfying.
Of course a full re-creation of the database without the offending collection would work, but that would result in an unacceptable downtime for my customers.
So my question: is there a way to have mongodb drop that collection, bypassing the system namespace checks ? It seems that crafting a specific oplog entry could actually do that, but I not very comfortable with playing with such dark magic on a production database!
Any idea ?
Thanks