mongo db docker image authentication failed - mongodb

I'm using https://hub.docker.com/_/mongo mongo image in my local docker environment, but I'm getting Authentication failed error. In docker-compose I add it like:
my-mongo:
image: mongo
restart: always
container_name: my-mongo
environment:
MONGO_INITDB_ROOT_USERNAME: mongo
MONGO_INITDB_ROOT_PASSWORD: asdfasdf
networks:
- mynet
I also tried to run mongo CLI from inside the container but still getting the same error:
root#76e6db78228b:/# mongo
MongoDB shell version v4.2.3
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("c87c0f0e-fe83-41a6-96e9-4aa4ede8fa25") }
MongoDB server version: 4.2.3
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
> use translations
switched to db translations
> db.auth("mongo", "asdfasdf")
Error: Authentication failed.
0
Also, I'm trying to create a separate user:
> use admin
switched to db admin
db.auth("mongo", "asdfasdf")
1
> db.createUser({
user: "user",
pwd: "asdfasdf",
roles: [ {role: "readWrite", db: "translations" } ]
})
Successfully added user: {
"user" : "user",
"roles" : [
{
"role" : "readWrite",
"db" : "translations"
}
]
}
> use translations
switched to db translations
> db.auth("user", "asdfasdf")
Error: Authentication failed.
0
and the same, what I'm doing wrong???
Updated:
root#8bf81ef1fc4f:/# mongo -u mongo -p asdfasdf --authenticationDatabase admin
MongoDB shell version v4.2.3
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("02231489-eaf4-40be-a108-248cec88257e") }
MongoDB server version: 4.2.3
Server has startup warnings:
2020-02-26T16:24:12.942+0000 I STORAGE [initandlisten]
2020-02-26T16:24:12.943+0000 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2020-02-26T16:24:12.943+0000 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).
The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.
To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
> db.createUser({user: "someuser", pwd: "asdfasdf", roles: [{role: "readWrite", db: "translations"}]})
Successfully added user: {
"user" : "someuser",
"roles" : [
{
"role" : "readWrite",
"db" : "translations"
}
]
}
> use translations
switched to db translations
> db.auth("someuser", "asdfasdf")
Error: Authentication failed.
0
>

After some time, I figured out.
On the same folder, create docker-compose.yml and init-mongo.js
docker-compose.yml
version: '3.7'
services:
database:
image: mongo
container_name : your-cont-name
command: mongod --auth
environment:
- MONGO_INITDB_DATABASE=my_db
- MONGO_INITDB_ROOT_USERNAME=admin
- MONGO_INITDB_ROOT_PASSWORD=root
ports:
- '27017-27019:27017-27019'
volumes:
- mongodbdata:/data/db
- ./init-mongo.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
volumes:
mongodbdata:
driver: local
init-mongo.js
db.createUser(
{
user: "your_user",
pwd: "your_password",
roles: [
{
role: "readWrite",
db: "my_db"
}
]
}
);
db.createCollection("test"); //MongoDB creates the database when you first store data in that database
Auth
First, execute the bash inside the container
docker exec -it your-cont-name bash
Now we can login.
For the admin
mongo -u admin -p root
For the your_user you have to specify the db (with the --authenticationDatabase) otherwise you'll have an auth error
mongo -u your_user -p your_password --authenticationDatabase my_db
After that, you should switch to the right db with
use my_db
If you don't execute this command, you'll be on test db
Note
For being sure of having the right config, i prefer to
docker-compose stop
docker-compose rm
docker volume rm <your-volume>
docker-compose up --build -d

as stated in the Docs
These variables, used in conjunction, create a new user and set that
user's password. This user is created in the admin authentication
database and given the role of root, which is a "superuser" role.
so you need to add --authenticationDatabase admin to your command since the mongod will be started with mongod --auth
example:
mongo -u mongo -p asdfasdf --authenticationDatabase admin

i have the same issue, after google two hours finally sovled;
solution:find out the host machine direcory mounted into mongodb container, delete it,then re-create the mongodb container.
mongo db container create by docker-compose.yaml mount a diretory from host mechine to the container for save the mongo datbases. when you remove the container the mouted direcotry do not deleted, so the default username and password pass by env var could be long time ago you set, now you change the user name and password. just do not work,cause recreate the container will not recreate the "admin" database .

I've fallen in this trap and wasted a day while everything was correct.
I'm writing this for future me(s) because it wasn't mentioned anywhere else and also to avoid my mistake while setting up user/pass combination to connect to their database from other services.
Assuming everything is right:👇
If you are mounting some local folder of yours as storage for your database like below:
services:
your_mongo_db:
// ...some config
volumes:
- ./__TEST_DB_DATA__:/data/db
- ./init-mongo.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
environment:
- "MONGO_INITDB_ROOT_USERNAME=root"
- "MONGO_INITDB_ROOT_PASSWORD=pass"
//...more config
Please remember to remove this folder before re-running your compose file. I think when you run the docker-compose command for the first time, Mongo will create and store the user data there (like any other collections) and then reuse it for the next time (since you mounted that volume).

I had the same problem myself,
Please first remove the username and password from credentials.
environment:
MONGO_INITDB_ROOT_USERNAME: mongo
MONGO_INITDB_ROOT_PASSWORD: asdfasdf
after you remove the credentials you may check dbs or users on your mongodb.
show dbs
show users
Those commands also needs auth, so if you can see them, can be null, then you fix your issue.
Than,
then create a admin user,
use admin
db.createUser({user: "root", pwd: "root", roles:["root"]})
then you can logout and try to connect with credentials to the shell as an admin.
In addition if you are still having some issues about creating new user,
In my case I changed mechanisms to SCRAM-SHA-1 than it worked like a charm.
{
user: "<name>",
pwd: passwordPrompt(), // Or "<cleartext password>"
customData: { <any information> },
roles: [
{ role: "<role>", db: "<database>" } | "<role>",
...
],
authenticationRestrictions: [
{
clientSource: ["<IP>" | "<CIDR range>", ...],
serverAddress: ["<IP>" | "<CIDR range>", ...]
},
...
],
mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
passwordDigestor: "<server|client>"
}

I had the same problem myself, follows this steps:
Steps 1 and 2 are to delete de old configuration, and set and apply the new configuration, its so important:
Delete to the containers mongo:
docker rm mongo -f
If you have created volumes, delete them:
docker volume rm $(docker volume ls -q) -f
In ports field of docker-compose.yml set:
- 27018:27017 ->
Its so important that ports is not 27017:27017, in my case it was generating conflict.
Up docker compose:
docker-compose up
Try now the connection with authentication!
Example of docker-compose.yml:
mongo:
container_name: mongo
image: mongo:4.4
restart: always
environment:
TZ: "Europe/Madrid"
MONGO_INITDB_ROOT_USERNAME: "user"
MONGO_INITDB_ROOT_PASSWORD: "admin1"
volumes:
- ./mongoDataBase:/data/db
ports:
- 27018:27017
Best regards!

Related

Running command during docker compose or docker build failed

I am trying to build mongo inside docker and I want to push database, collection and document inside the collection I tried with docker build and below my Dockerfile
FROM mongo
RUN mongosh mongodb://127.0.0.1:27017/demeter --eval 'db.createCollection("Users")'
RUN mongosh mongodb://127.0.0.1:27017/demeter --eval 'var document = {"_id": "61912ebb4b6d7dcc7e689914","name": "Test Account","email":"test#test.net", "role": "admin", "company_domain": "test.net","type": "regular","status": "active","createdBy": "61901a01097cb16e554f5a19","twoFactorAuth": false, "password": "$2a$10$MPDjDZIboLlD8xpc/RfOouAAAmBLwEEp2ESykk/2rLcqcDJJEbEVS"}; db.Users.insert(document);'
EXPOSE 27017
and using Docker Compose
version: '3.9'
services:
web:
build:
context: ./server
dockerfile: Dockerfile
ports:
- "8080:8080"
demeter_db:
image: "mongo"
volumes:
- ./mongodata:/data/db
ports:
- "27017:27017"
command: mongosh mongodb://127.0.0.1:27017/demeter --eval 'db.createCollection("Users")'
demeter_redis:
image: "redis"
I want to add the below records because the Web Server is using them in backend. if there is a better way of doing it I would be thankful.
What I get is the below error
demeter_db_1 | Current Mongosh Log ID: 61dc697509ee790cc89fc7aa
demeter_db_1 | Connecting to: mongodb://127.0.0.1:27017/demeter?directConnection=true&serverSelectionTimeoutMS=2000
demeter_db_1 | MongoNetworkError: connect ECONNREFUSED 127.0.0.1:27017
Knowing when I connect to interactive shell inside mongo container and add them manually things works fine.
root#8b20d117586d:/# mongosh 127.0.0.1:27017/demeter --eval 'db.createCollection("Users")'
Current Mongosh Log ID: 61dc64ee8a2945352c13c177
Connecting to: mongodb://127.0.0.1:27017/demeter?directConnection=true&serverSelectionTimeoutMS=2000
Using MongoDB: 5.0.5
Using Mongosh: 1.1.7
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
To help improve our products, anonymous usage data is collected and sent to MongoDB periodically (https://www.mongodb.com/legal/privacy-policy).
You can opt-out by running the disableTelemetry() command.
------
The server generated these startup warnings when booting:
2022-01-10T16:52:14.717+00:00: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine. See http://dochub.mongodb.org/core/prodnotes-filesystem
2022-01-10T16:52:15.514+00:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
------
{ ok: 1 }
root#8b20d117586d:/# exit
exit
Cheers

Starting mongo docker with docker-compose

My docker container is running through docker-compose. The init script appears to be creating the user I want to login with because of this log line:
mongo | Successfully added user: { "user" : "newUser", "roles" : [ "readWrite" ] }
mongo | bye
mongo | Error saving history file: FileOpenFailed Unable to open() file /home/mongodb/.dbshell: No such file or directory
mongo | {"t":{"$date":"2021-01-29T13:45:03.397+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn3","msg":"Connection ended","attr":{"remote":"127.0.0.1:60066","connectionId":3,"connectionCount":0}}
However since I'm seeing the "unable to open file /home/mongodb/.dbshell", it appears I cannot write to my data directory. Any idea what I could be doing wrong here?
Here's the docker-compose for mongo:
mongo:
image: mongo:4.4.3
container_name: mongo
restart: unless-stopped
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: root1
MONGO_INITDB_DATABASE: admin
command: mongod --port 27017
ports:
- '27017:27017'
volumes:
- ./data/mongodb:/data/db
- ./configs/mongodb/mongo-init.sh:/docker-entrypoint-initdb.d/mongo-init.sh:ro
This is my mongo-init.sh file.
#!/usr/bin/env bash
set -eu
mongo -- "admin" <<EOF
var rootUser = 'root';
var rootPassword = 'root1';
var admin = db.getSiblingDB('admin');
admin.auth(rootUser, rootPassword);
var user = 'newUser';
var passwd = 'newUserPass';
db.createUser({user: user, pwd: passwd, roles: ["readWrite"]});
EOF
I found the problem. There were 2 places I was wrong in my scripts. The MONGO_INITDB_DATABASE should not have been admin in my docker-compose- it should have been the database I was trying to create. The mongo-init.sh file should also have been like so instead:
mongo -- "newUserDB" <<EOF
var admin = db.getSiblingDB('admin');
admin.auth('root', 'root1');
db.createUser({user: 'newUser', pwd: 'newUserPass', roles: [{ role: "readWrite", db: "newUserDB" }]});
EOF
I noticed my user was getting created in the wrong database. The error above was throwing me off. That and the owner of the local volume was systemd-coredump, which is entirely ok because that's just a mapping of user ids that Mongo uses in the container. Nothing to do with an actual core dump. Fewf!

Create Dockerfile for mongoDB 4.2 with authentication

how would you script the Dockerfile to create admin user for mongoDB 4.2 ?
Is there a one line command to create admin users not using an interactive subshell ? (didn't see any in mongoDB documentation)
Thanks for your help.
Passing MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD does not work anymore (removed from Docker hub mongo image documentation).
The mongo Docker hub documentation only shows interactive shell admin user creation.
> mongo admin
executes mongo interactive shell but how do you write a shell script to enter commands in that subshell from the top level shell ?
FROM mongo
RUN mongo admin ???? db.createUser({ user: 'jsmith', pwd: 'some-initial-password', roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] });
The docker build process should display:
Successfully added user: {
"user" : "jsmith",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
OK, here's the way to add authetication via the Dockerfile.
create a init.js file:
db = new Mongo().getDB("admin");
// create admin user
db.createUser({
user: "admin",
pwd: "password",
roles: [
{
role: "clusterAdmin",
db: "admin"
}
]
});
// create non admin user
db.createUser({
user: "toto",
pwd: "123",
roles: [
{
role: "readWrite",
db: "tube"
}
]
});
create the Dockerfile:
FROM mongo
# init.js will be executed when the mongo instance runs
COPY ./init.js ./docker-entrypoint-initdb.d
build your docker image
docker build -t mongoAuth .
run the container (attached mode to see the logs)
docker run --name mongoContainer -p 27017:27017 mongoAuth
What I was missing was that I didn't set the database on which to create the users (admin database) by using:
db = new Mongo().getDB("admin");

Docker MongoDB Cannot sign in as root

I'm trying to set up mongo using docker but I don't know the correct way to log in to mongo. It doesn't seem to have created the default root user as I have specified:
version: '3'
services:
location-mongo-db:
container_name: location-mongo-db
image: mongo
ports:
- "27017:27017"
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example
networks:
default:
external:
name: environment_location-mongo
I run
docker-compose -f docker-compose/db.yml -p location-mongo-db up -d --build
I then do
docker exec -it location-mongo-db sh
to get in to the shell and run # mongo from inside the container. I get the following:
# mongo
MongoDB shell version v4.0.0
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.0
> show dbs
2018-06-28T15:45:36.337+0000 E QUERY [js] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "command listDatabases requires authentication",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs#src/mongo/shell/mongo.js:65:1
shellHelper.show#src/mongo/shell/utils.js:865:19
shellHelper#src/mongo/shell/utils.js:755:15
#(shellhelp2):1:1
I don't know what the issue is. Here is my output from checking for the list of users:
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [ ],
"authenticatedUserRoles" : [ ]
},
"ok" : 1
}
What is missing? I've tried signing in a few different ways with -u root and -p etc but nothing so far works
When you start mongo client without params on mongo command, you connect yourself as unauthenticated user, with very limited privileges.
The right command to connect from your docker tty (and from your host terminal since you expose mongodb port) with your root user credentials is :
mongo -u root -p example --authenticationDatabase admin
To fully disable connection without authetication, you need to start mongod process with the --auth option.
EDIT : According to the doc, it seems that with the two env variables MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD set, mongod in docker container must start with --auth option automatically... but this behavior is not working for me.

Create Superuser in mongo

I'm trying to create a user in mongo who can do anything in any db.
According to the guide I created a new admin: http://docs.mongodb.org/manual/tutorial/add-user-administrator
This is the code:
use admin
db.addUser( { user: "try1",
pwd: "hello,
roles: [ "userAdminAnyDatabase" ] } )
Then I stopped mongo, enabled the auth and restarted mongo.
Then I tried to create a database with his user.
According with this guide: http://www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/
use fragola
db.users.save( {username:"fragolino"} )
And I get this: "not authorized for insert on fragola.users"
Anyone can help me?
from docs.mongodb.org-superuser-roles
Lets write answer that looks simple & also simple to implement
Steps :
1 : sudo apt-get install mongodb-org - in new terminal
2 : sudo mongod --port 27017 --dbpath /var/lib/mongodb
3 : mongo --port 27017 - in new terminal
4 : use admin
5 : As #drmirror said a user should have all 4 roles to be superuser
For Mongo Version 2.
db.createUser(
{
user: "tom",
pwd: "jerry",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})
For Mongo Version 3.
db.createUser(
{
user: "tom",
pwd: "jerry",
roles:["root"]
})
6 : sudo /etc/init.d/mongod stop OR sudo service mongod stop - in new terminal
7 : sudo /etc/init.d/mongod start OR sudo service mongod start
8 : restart your pc
9 : sudo mongod --auth --port 27017 --dbpath /var/lib/mongodb - in new terminal
10: mongo --port 27017 -u "tom" -p "jerry" --authenticationDatabase "admin" - in new terminal
Note : step 10 is most important step .
it will give Output on terminal like
MongoDB shell version: 2.6.11
connecting to: 127.0.0.1:27017/test
>
The role userAdminAnyDatabase gives the user the ability to create users and assign arbitrary roles to them. Because of this, that user has the power to do anything on the database, because he can give anybody any permission (including himself).
However, the userAdminAnyDatabase role by itself doesn't allow the user to do anything else besides assigning arbitrary rights to arbitrary users. To actually do something on the database, that user needs to have the following additional roles:
readWriteAnyDatabase
dbAdminAnyDatabase
clusterAdmin
A user who has the above three rights and userAdminAnyDatabase is a true super-user and can do anything.