Erro rs.initiate do MongoDB: a verificação de quorum replSetInitiate falhou porque nem todos os membros do conjunto proposto responderam afirmativamente

Tive que iniciar meu próprio conjunto de réplicas com autenticação interna habilitada usando certificados X.509, mas falhei. Qualquer conselho é bem-vindo.

MongoDB 3.2 x64 no Debian 8.2 x64.

É um problema do curso da Universidade MongoDB "M310: MongoDB Security".

Um tutor:

Você pode abrir os membros do seu servidor com opções de autenticação, rs.initiate e criar seu usuário.

Eu tenho essa estrutura de pastas:

~
`-- shared
    `-- certs
        |-- ca.pem
        |-- client.pem
        `-- server.pem

Eu criei este script bash que configura meu conjunto de réplicas:

#!/bin/bash

course="M310"
exercise="HW-1.3"
workingDir="$HOME/${course}-${exercise}"
dbDir="$workingDir/db"
logName="mongodb.log"

ports=(31130 31131 31132)
replSetName="rs1"

host=`hostname -f`
initiateStr="rs.initiate({
                 _id: '$replSetName',
                 version: 1,
                 members: [
                  { _id: 0, host: '$host:${ports[0]}' },
                  { _id: 1, host: '$host:${ports[1]}' },
                  { _id: 2, host: '$host:${ports[2]}' }
                 ]
                })"

# create working folder
mkdir -p "$workingDir/"{r0,r1,r2}

# launch mongod's
for ((i=0; i < ${#ports[@]}; i++))
do
    mongod --dbpath "$workingDir/r$i" --logpath "$workingDir/r$i/$logName" --port ${ports[$i]} --replSet $replSetName --fork --sslMode requireSSL --sslPEMKeyFile ~/shared/certs/server.pem --sslCAFile ~/shared/certs/ca.pem --auth
    sleep 3
done

echo "Initiate replSet"
mongo --port ${ports[0]} --ssl --sslPEMKeyFile ~/shared/certs/client.pem --sslCAFile ~/shared/certs/ca.pem --host $host --eval "$initiateStr"

O último comando retorna este erro:

MongoDB shell version: 3.2.11
connecting to: database.m310.mongodb.university:31130/test
{
        "ok" : 0,
        "errmsg" : "replSetInitiate quorum check failed because not all proposed set members responded affirmatively: database.m310.mongodb.university:31131 failed with not authorized on admin to execute command { replSetHeartbeat: \"rs1\", pv: 1, v: 1, from: \"database.m310.mongodb.university:31130\", fromId: 0, checkEmpty: true }, database.m310.mongodb.university:31132 failed with not authorized on admin to execute command { replSetHeartbeat: \"rs1\", pv: 1, v: 1, from: \"database.m310.mongodb.university:31130\", fromId: 0, checkEmpty: true }",
        "code" : 74
}

Este é o arquivo mongodb.log da instância r0:

2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten] MongoDB starting : pid=6091 port=31130 dbpath=/home/enabokov/M310-HW-1.3/r0 64-bit host=database.m310.mongodb.university
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten] db version v3.2.11
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten] git version: 009580ad490190ba33d1c6253ebd8d91808923e4
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.1k 8 Jan 2015
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten] allocator: tcmalloc
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten] modules: none
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten] build environment:
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten]     distmod: debian71
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten]     distarch: x86_64
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten]     target_arch: x86_64
2017-01-18T15:48:08.498+0300 I CONTROL  [initandlisten] options: { net: { port: 31130, ssl: { CAFile: "/home/enabokov/shared/certs/ca.pem", PEMKeyFile: "/home/enabokov/shared/certs/server.pem", mode: "requireSSL" } }, processManagement: { fork: true }, replication: { replSet: "rs1" }, security: { authorization: "enabled" }, storage: { dbPath: "/home/enabokov/M310-HW-1.3/r0" }, systemLog: { destination: "file", path: "/home/enabokov/M310-HW-1.3/r0/mongodb.log" } }
2017-01-18T15:48:08.536+0300 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-01-18T15:48:09.958+0300 I CONTROL  [initandlisten] 
2017-01-18T15:48:09.958+0300 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-01-18T15:48:09.958+0300 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-01-18T15:48:09.958+0300 I CONTROL  [initandlisten] 
2017-01-18T15:48:09.958+0300 I CONTROL  [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 7948 processes, 65536 files. Number of processes should be at least 32768 : 0.5 times number of files.
2017-01-18T15:48:09.958+0300 I CONTROL  [initandlisten] 
2017-01-18T15:48:10.833+0300 I REPL     [initandlisten] Did not find local voted for document at startup;  NoMatchingDocument: Did not find replica set lastVote document in local.replset.election
2017-01-18T15:48:10.833+0300 I REPL     [initandlisten] Did not find local replica set configuration document at startup;  NoMatchingDocument: Did not find replica set configuration document in local.system.replset
2017-01-18T15:48:10.834+0300 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/home/enabokov/M310-HW-1.3/r0/diagnostic.data'
2017-01-18T15:48:10.834+0300 I NETWORK  [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-01-18T15:48:11.188+0300 I NETWORK  [initandlisten] waiting for connections on port 31130 ssl
2017-01-18T15:48:21.914+0300 I NETWORK  [initandlisten] connection accepted from 127.0.0.1:56026 #1 (1 connection now open)
2017-01-18T15:48:21.922+0300 I ACCESS   [conn1] note: no users configured in admin.system.users, allowing localhost access
2017-01-18T15:48:21.927+0300 I REPL     [conn1] replSetInitiate admin command received from client
2017-01-18T15:48:21.947+0300 I REPL     [conn1] replSetInitiate config object with 3 members parses ok
2017-01-18T15:48:21.947+0300 I ASIO     [NetworkInterfaceASIO-Replication-0] Connecting to database.m310.mongodb.university:31131
2017-01-18T15:48:21.948+0300 I ASIO     [NetworkInterfaceASIO-Replication-0] Connecting to database.m310.mongodb.university:31132
2017-01-18T15:48:21.965+0300 I ASIO     [NetworkInterfaceASIO-Replication-0] Successfully connected to database.m310.mongodb.university:31131
2017-01-18T15:48:21.966+0300 W REPL     [ReplicationExecutor] Got error (Unauthorized: not authorized on admin to execute command { replSetHeartbeat: "rs1", pv: 1, v: 1, from: "database.m310.mongodb.university:31130", fromId: 0, checkEmpty: true }) response on heartbeat request to database.m310.mongodb.university:31131; { ok: 1.0, hbmsg: "" }
2017-01-18T15:48:21.966+0300 I ASIO     [NetworkInterfaceASIO-Replication-0] Successfully connected to database.m310.mongodb.university:31132
2017-01-18T15:48:21.967+0300 W REPL     [ReplicationExecutor] Got error (Unauthorized: not authorized on admin to execute command { replSetHeartbeat: "rs1", pv: 1, v: 1, from: "database.m310.mongodb.university:31130", fromId: 0, checkEmpty: true }) response on heartbeat request to database.m310.mongodb.university:31132; { ok: 1.0, hbmsg: "" }
2017-01-18T15:48:21.967+0300 E REPL     [conn1] replSetInitiate failed; NodeNotFound: replSetInitiate quorum check failed because not all proposed set members responded affirmatively: database.m310.mongodb.university:31131 failed with not authorized on admin to execute command { replSetHeartbeat: "rs1", pv: 1, v: 1, from: "database.m310.mongodb.university:31130", fromId: 0, checkEmpty: true }, database.m310.mongodb.university:31132 failed with not authorized on admin to execute command { replSetHeartbeat: "rs1", pv: 1, v: 1, from: "database.m310.mongodb.university:31130", fromId: 0, checkEmpty: true }
2017-01-18T15:48:21.969+0300 I NETWORK  [conn1] end connection 127.0.0.1:56026 (0 connections now open)

Sem o parâmetro --auth, meu conjunto de réplicas é iniciado com êxito, mas preciso da autenticação x509 ativada para resolver o problema.