Info

We have many mongos (v4.0.20) instances running in a pod in kubernetes. And there is a lot of such pods in every node. Occasionally we got strange error:  2020-10-19T07:37:08.257+0000 E - [TaskExecutorPool-0] cannot open /dev/urandom Operation not permitted  2020-10-19T07:37:08.257+0000 F - [TaskExecutorPool-0] Fatal Assertion 28839 at src/mongo/platform/random.cpp 161  2020-10-19T07:37:08.280+0000 F - [TaskExecutorPool-0] Got signal: 6 (Aborted). (Sometimes it is [conn-nnn] instead of [TaskExecutorPool-0]) Looks like there some kernel bug or limitation concerning too many openings of /dev/urandom (probably, in conjunction with lxc environment). Looks like patch for https://jira.mongodb.org/browse/SERVER-43641 fixes it by opening /dev/urandom just once in a process (while it was not main intention of a patch) https://github.com/mongodb/mongo/commit/e1f433d2c47f623ceb5d1d1aee7605fefb71b846#diff-e00f3865e22fbd4dfd1c2e65cbac4e9e53e5e008e79260a1b6a333c67de64f36L154-R184 Could you backport this patch to 4.0.x and 4.2.x, please? Or just make similar thing: open /dev/urandom once per process.

Top User Comments

spencer.jackson@10gen.com commented on Tue, 10 Nov 2020 23:33:34 +0000: Unfortunately, I do not believe backporting SERVER-43641 would be feasible. Random number generation is integral to several server components, and to our test infrastructure. The initial work done in SERVER-43641 resulted in follow-on work to upgrade some usage of non-cryptographic PRNGs to tolerate different outputs from the generators. These changes relied on newer APIs that existed in the server, and so cannot be backported. My recommendation would be to file an upstream issue with your containerization services to figure out why opening /dev/urandom results in "operation not permitted", or upgrade to a newer version of MongoDB that contains SERVER-43641. eric.sedor commented on Mon, 26 Oct 2020 16:05:58 +0000: Hello, We do have SERVER-25659 open, which looks like it may help. But we are passing this ticket on to an appropriate team to comment on the feasibility of backporting SERVER-43641.

Steps to Reproduce