I'm writing gitlab pipeline which has to dynamically create new user for newly created application environment. Tho it looks super trivial I'm getting following error:
uncaught exception: SyntaxError: unexpected token: identifier :
from following file:
// createUser.js
use admin
db.createUser(
{
user: "test",
pwd: "test",
roles: [
{
role: "readWrite",
db: "some-123123123-db-name"
}
]
}
)
which is used in pipeline like that
new user setup:
image: mongo:4.2.6
...
script:
- mongo --host ${MONGO_HOST} --username ${MONGO_ADMIN_USERNAME} --password ${MONGO_ADMIN_PASSWORD} --authenticationDatabase admin createReviewUser.js
Thanks for any tips!
If you check out the docs on writing scripts for the mongo shell you will see that instead of using use to get a database you do:
conn = new Mongo();
db = conn.getDB("myDatabase");
There is lots of other good info in there. Check it our before converting what you use
a the mongo prompt into a script.
Related
how would you script the Dockerfile to create admin user for mongoDB 4.2 ?
Is there a one line command to create admin users not using an interactive subshell ? (didn't see any in mongoDB documentation)
Thanks for your help.
Passing MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD does not work anymore (removed from Docker hub mongo image documentation).
The mongo Docker hub documentation only shows interactive shell admin user creation.
> mongo admin
executes mongo interactive shell but how do you write a shell script to enter commands in that subshell from the top level shell ?
FROM mongo
RUN mongo admin ???? db.createUser({ user: 'jsmith', pwd: 'some-initial-password', roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] });
The docker build process should display:
Successfully added user: {
"user" : "jsmith",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
OK, here's the way to add authetication via the Dockerfile.
create a init.js file:
db = new Mongo().getDB("admin");
// create admin user
db.createUser({
user: "admin",
pwd: "password",
roles: [
{
role: "clusterAdmin",
db: "admin"
}
]
});
// create non admin user
db.createUser({
user: "toto",
pwd: "123",
roles: [
{
role: "readWrite",
db: "tube"
}
]
});
create the Dockerfile:
FROM mongo
# init.js will be executed when the mongo instance runs
COPY ./init.js ./docker-entrypoint-initdb.d
build your docker image
docker build -t mongoAuth .
run the container (attached mode to see the logs)
docker run --name mongoContainer -p 27017:27017 mongoAuth
What I was missing was that I didn't set the database on which to create the users (admin database) by using:
db = new Mongo().getDB("admin");
I followed meteor/mongodb: Use different DB for authentication & read/write to a T and am receiving the error when trying to query the db:
Exception while invoking method 'myMethod' MongoError: not authorized for query on myDB.bobRocks
I setup the user in Mongo using:
use admin
db.createUser(
{
user: 'bob',
pwd: '12345',
roles: [
{ role: 'readWrite', db: 'myDB'},
]
}
)
My Database call is:
var myDB = new MongoInternals.RemoteCollectionDriver("mongodb://10.10.10.100:27017/myDB");
BobRocks = new Mongo.Collection('bobRocks', { _driver: myDB })
Finally I'm using:
MONGO_URL=mongodb://bob:12345#10.10.10.100:27017/admin meteor run
What am I missing? I would assume the authentication would follow the MONGO_URL declaration but it doesn't appear to.
If you are using linux then you have to export the mongourl like then meteor run like this.
export MONGO_URL=mongodb://bob:12345#10.10.10.100:27017/admin meteor run
Or if you are using windows then you have to set the mongourl then meteor run.
SET MONGO_URL=mongodb://bob:12345#10.10.10.100:27017/admin meteor run
Please try to connect using mongo cli first.
You also didn't pass username and password here
var myDB = new MongoInternals.RemoteCollectionDriver("mongodb://10.10.10.100:27017/myDB");
You can pass username and password here like you pass in mongo url like this.
var myDB = new MongoInternals.RemoteCollectionDriver("mongodb://bob:12345#10.10.10.100:27017/myDB");
And please make sure myDB is exist on remote server.
I'm trying to create a CRUD database administrator.
From what I read from official documentation, there is a role readWrite, but I don't really got the process of creating an admin.
So I ran mongod without --auth and created a user with these parameters:
use myCustomDB
db.createUser({
user: "snoop",
pwd:"stickyickyicky",
roles:[{role:"readWrite", db:"myCustomDB"}]
});
The command line answered Successfully added new user blah blah..
but when I authenticate it returns 1, which, I suppose is true. But when I run command for example db.peops.find() it gives me this Error: error: { "$err" : "not authorized for query on myCustomDB.peops", "co de" : 13 }
It may be your find call. Try formatting like this:
db.getCollection('peops').find({})
If that's not it, it might be your auth schema. This may not be the best method, but I thought I would share the steps I take to setup a super admin and database specific admin, and a read only user. The all caps should be replaced with corresponding credential / db name:
1.Change Mongo Security Method
sudo service mongod start
mongo
use admin
db.system.version.remove({})
db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
2.Create Super Admin User
use admin
db.createUser( { user: "SUPERADMINUSER", pwd: "SUPERADMINPASS", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
3.Create db Admin with read/write access
use DATABASE
db.createUser( { user: "DBADMIN", pwd: "DBPASSWORD", roles: [ { role: "userAdmin", db: "DATABASE" }, { role: "readWrite", db: "DATABASE" }] } )
db.createUser( { user: "DBREADONLYUSER", pwd: "DBREADONLYPASS", roles: [ { role: "read", db: "DATABASE" }] } )
4.Edit mongod.config in /etc folder
sudo service mongod stop
in mongod.config edit so that auth = true is not commented out.
5. Restart mongo, security in place
sudo service mongod start
***Troubleshooting: If you are running mongo 3.2 you can likely skip the db.system.version remove and insert commands, you may want/need to upgrade to SCRAM-SHA-1, if so run db.adminCommand({authSchemaUpgrade: 1}); set up users the same way as shown above, when editing your /etc/mongod.conf file instead of auth=true comment in security: and add authorization=true as follows:
security:
authorization: enabled
If I run Meteor locally it works perfectly. If I call Meteor with a MONGO_URL that has no username:password it works perfectly too. However, if I turn on the MongoDB authentication and restart and then run Meteor with the username:password set, as in MONGO_URL="mongodb://username:password#127.0.0.1:27017/meteor", then I get an authentication failure as Meteor loads. I have checked that the username and password are correct. I have read that there maybe problems with Meteor and MongoDB authentication so does anyone have any information on this? I am using the following versions:
Meteor - 1.0.3.2
MongoDB - 2.6.7 (installed via brew)
I20150304-21:48:00.597(1)? Exception in callback of async function: MongoError: auth failed
I20150304-21:48:00.598(1)? at Object.toError (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/utils.js:110:11)
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1128:31
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1843:9
I20150304-21:48:00.598(1)? at Server.Base._callHandler (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/base.js:445:41)
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:468:18
I20150304-21:48:00.598(1)? at [object Object].MongoReply.parseBody (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)
I20150304-21:48:00.599(1)? at [object Object].<anonymous> (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:426:20)
I20150304-21:48:00.599(1)? at [object Object].emit (events.js:95:17)
I20150304-21:48:00.599(1)? at [object Object].<anonymous> (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/connection_pool.js:201:13)
I20150304-21:48:00.599(1)? at [object Object].emit (events.js:98:17)
=================================================
I thought I had an answer to the above but alas not, I made suggested changes and I still could not authenticate. So, to provide more details:
I have upgraded to MonogoDB 3.0.0
I delete the database so that a brand new one was created.
My config file is as follows:
systemLog:
destination: file
path: /usr/local/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /usr/local/var/mongodb
net:
bindIp: 127.0.0.1
security:
authorization: enabled
On the "admin" database a "super user" has been created as follows:
use admin
db.createUser({user: "superuser", pwd: "password", roles:["root"]})use admin
I then created a user on the "meteor" database
db.auth("superuser", "password")
use meteor
db.createUser({user: "meteor", pwd: "password", roles: [{ role: "readWrite", db: "meteor"}]})
The above step generates:
Successfully added user: {
"user" : "meteor",
"roles" : [
{
"role" : "readWrite",
"db" : "meteor"
}
]
}
If I perform a db.getUsers() I get the message:
[
{
"_id" : "meteor.meteor",
"user" : "meteor",
"db" : "meteor",
"roles" : [
{
"role" : "readWrite",
"db" : "meteor"
}
]
}
]
If I comment out the two security lines in the config then I can access MongoDB from Meteor or RoboMongo without a problem - using mongodb:127.0.0.1:27017/meteor. If I uncomment the two security lines in the config then I can no longer access MongoDB from either Meteor or MongoDB - using mongodb://meteor:password#127.0.0.1:27017/meteor. In the last instance I continue to get the message that authentication failed. In the MongoDB logs I have:
authenticate db: meteor { authenticate: 1, nonce: "xxx", user: "meteor", key: "xxx" }
2015-03-08T14:34:44.909+0100 I ACCESS [conn7] Failed to authenticate meteor#meteor with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user meteor#meteor
Update
The answer below and the configuration above work on v2.6.7
I haven't seen the issues you describe and without seeing code or knowing how you "turned on" MongoDB authentication I need to guess - so let's focus on what made things work for me.
You should check where the user was created. In MongoDB there are multiple databases, each having their own users. When using your connection string
mongodb://username:password#127.0.0.1:27017/meteor
you are authenticating against the meteor database. Using a tool such as RoboMongo I'd check if the user is actually inside that database or whether you created it inside the admin (or any other) database.
As a quick rundown:
When securing MongoDB you need to set an admin account, change the mongodb.conf file that it contains the line auth = true and restart. Then using the admin account you create a new (low-privilege) db user that has only access to the meteor database. You can do this using the command line like this (code for 2.6 as this was in your questions and will be default for next Meteor version):
db.createUser(
{ user: "username",
pwd: "password",
roles: [
{ role: "readwrite", db: "meteor" }
]
})
If you run mongod on the same box as Meteor I think we can safely rule out any issues with net.port or net.bindIpconfig settings where the DB would simply not listen to requests.
If you did all this and restarted MongoDB, perhaps a meteor reset inside your projects can help fix anything.
it turns out for me was just about having special chars on the password and a dash on the username, once i made it simpler it all worked like magic :(
I had the same issue when I deployed on my new VPS.
On this new VPS, mongo version is 3.0.1
To solve the problem, a meteor update before building the package and it works
(meteor version: 1.0.4.1)
I'm trying to create a mongoDB user on a DigitalOcean droplet. I tried a lot of combinations, but basically, I can't make this work.
To start the service, I use mongod --noauth. Below is the command I used:
use admin
db.createUser( { user: "userhere", pwd: "passhere", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
I restarted the service and tried to connect using:
mongo admin --port 61370 --host <host> -u userhere -p
Enter password:
2015-01-21T13:30:17.279-0500 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed
It doesn't connect.
Does anyone know the step-by-step on how to create a user on MongoDB?
You must create the user with the appropriates privileges. So you should connect to your mongo instance with :
mongo -u siteUserAdmin -p password
See the documentation as well : http://docs.mongodb.org/manual/tutorial/add-user-to-database/
Try specifying -authenticationDatabase option
mongo -u mongoadmin -p password -authenticationDatabase admin