“WT_CONNECTION.open_session: only configured to support 20020”

Frankly speaking, the explanation provided in SERVER-30421 and SERVER-17364 is a bit vague and “hand wavy” to me but at least there are steps that could help mitigate it:

  1. Decrease idle cursor timeout (default value is 10 minutes):
    In mongodb.conf:

      cursorTimeoutMillis: 30000

    Using mongo cli:

    use admin
    db.runCommand({setParameter:1, cursorTimeoutMillis: 30000})
  2. Increase session_max:
          configString: "session_max=40000"

Changing Oplog size or when root role is not enough

Managing MongoDB sometimes involves increasing Oplog size sine the default setting (5% of free disk space if running wiredTiger on a 64-bit platform) is not enough. And if you’re running MongoDB older than 3.6 that requires some manual intervention described in the documentation. It’s pretty straightforward even if it requires a node downtime as part of the rolling maintenance operation. But what is more important is that the paper glosses over the fact that to be able to create a new oplog just having “root role” is not enough.

> db.runCommand({ create: "oplog.rs", capped: true, size: (32 * 1024 * 1024 * 1024) })
	"ok" : 0,
	"errmsg" : "not authorized on local to execute command { create: \"oplog.rs\", capped: true, size: (32 * 1024 * 1024 * 1024) }",
	"code" : 13

Granting an additional “readWrite” role on “local” db fixes the problem:

db.grantRolesToUser("admin", [{role: "readWrite", db: "local"}])

As stated in SERVER-28449 that has been done intentionally:

This intentional and is due to a separation of privileges. The root role is a super-set of permissions affecting user data specifically, not system data, therefore the permissions must be explicitly granted to perform operations on local.

So, please, keep that in mind and don’t flip out =)