Home > database >  Unable to auth against mongo docker container
Unable to auth against mongo docker container

Time:12-04

I've create a mongo server using the official docker container.

If I inspect the container I find the following expected env:

 "StdinOnce": false,
            "Env": [
                "MONGO_INITDB_ROOT_USERNAME=root",
                "MONGO_INITDB_ROOT_PASSWORD=xxxxx",
                "MONGO_INITDB_DATABASE=unpubd",
                "affinity:container==5b49b08d73960bfefe10eae7df25328f2296d9eb2c648af330e3ef75f928a289",
                ,
                "GOSU_VERSION=1.12",
                "JSYAML_VERSION=3.13.1",
                "MONGO_PACKAGE=mongodb-org",
                "MONGO_REPO=repo.mongodb.org",
                "MONGO_MAJOR=5.0",
                "MONGO_VERSION=5.0.4"
            ],

My understanding is that this should create a db called unpubd and a root user with the stated password.

The problem is that I'm unable to auth to the container. I've tried three different urls all with the same result.:

mongodb://root:XXXX@localhost:27017/
mongodb://root:XXXX@localhost:27017/unpub
mongodb://root:XXXX@localhost:27017/admin
mongodb://root:XXXX@localhost:27017/unpubd?authSource=admin

MongoDart Error: Authentication failed.

I've also tried the mongo command shell:

use admin
var x = new Mongo('localhost');
var mydb = x.getDB('unpubd');
mydb.auth('root', 'XXXX')
Error: Authentication failed.

I'm unclear about the auth db vs my unpubd db. Do I auth with the admin db? I assume the root user will be able to rw the unpub db?

Here is my docker-compose file

version: '3.1'

networks:
  unpubd:
    driver: bridge

volumes:
  mongodata: null

services:
  mongodb:
    container_name: mongo
    image: mongo:latest
    restart: on-failure
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
      MONGO_INITDB_DATABASE: ${MONGO_INITDB_DATABASE}
    volumes:
      - mongodata:/data/db 
    networks:
      - unpubd
    ports:
      - 27017:27017      

    logging:
      driver: "local"

  unpubd:
    container_name: unpubd
    image: noojee/unpubd:latest
    restart: on-failure
    depends_on:
      - mongodb
    environment:
      MONGO_ROOT_USERNAME: ${MONGO_ROOT_USERNAME}
      MONGO_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD}
      MONGO_DATABASE: ${MONGO_DATABASE}
      MONGO_HOST: ${MONGO_HOST}
      MONGO_PORT: ${MONGO_PORT}
      UNPUBD_PORT: ${UNPUBD_PORT}
      TZ: ${TZ}
    links:
      - mongodb
    networks:
      - unpubd
    ports:
      - ${UNPUBD_PORT}:${UNPUBD_PORT}
    logging:
      driver: "local"      

      

example .env file

MONGO_INITDB_ROOT_USERNAME=root
MONGO_INITDB_ROOT_PASSWORD=abc1234
MONGO_INITDB_DATABASE=unpubd
MONGO_DATABASE=unpubd
MONGO_ROOT_USERNAME=root
MONGO_ROOT_PASSWORD=abc1234
MONGO_DATABASE=unpubd
MONGO_HOST=mongodb
MONGO_PORT=27017
TZ=AUS Eastern Daylight Time
UNPUBD_HOST=0.0.0.0
UNPUBD_PORT=4000

CodePudding user response:

Took me a second to figure this out.

From the logs I can see that when the mongodb starts it does this:

mongo   | Successfully added user: {
mongo   |   "user" : "root",
mongo   |   "roles" : [
mongo   |       {
mongo   |           "role" : "root",
mongo   |           "db" : "admin"
mongo   |       }
mongo   |   ]
mongo   | }

As you can see, it creates the user in the admin db, not in the one you specify in the MONGO_INITDB_DATABASE.

Looking at the documentation for the mongo image on docker hub:

MONGO_INITDB_ROOT_USERNAME, MONGO_INITDB_ROOT_PASSWORD:

These variables, used in conjunction, create a new user and set that user's password. This user is created in the admin authentication database and given the role of root, which is a "superuser" role.

and

MONGO_INITDB_DATABASE:

This variable allows you to specify the name of a database to be used for creation scripts in /docker-entrypoint-initdb.d/*.js

What you need to do to make it work is create a script to add your user to the database that you use in the init env variable, something like:

db.createUser(
   {
     user: "root",
     pwd: "abc1234",
     roles: [ "readWrite", "dbAdmin" ]
   }
)

and bind it to /docker-entrypoint-initdb.d/

  • Related