Helm Kubernetes MongoDB authentification - mongodb

How can we authenticate to a mongodb database created by helm stable/mongo chart (from another pod in the same cluster)?
The "one pod url" mongodb://user:password#mongodb:27017/dbname does not work because we have to authenticate to the admin pod
According to mongo documentation, we should use something like :
mongodb://user:password#mongodb-1,mongodb-2,mongodb-3:27017/dbname
but the chart only creates one service ?!
I tried also to add ?authSource=admin&replicaSet=rs0 at the url but authentication still fails..

I managed to connect with the following url (only as root) :
mongodb://root:<root_password>#mongodb.mongodb:27017/<db_name>?authSource=admin&replicaSet=rs0
with the --authenticationDatabase admin of the NOTES.txt converted to authSource=admin url parameter

Using the stable/mongodb chart and enabling the replicaSet option, you should connect to the service hostname <deployment fullname>-mongodb using the "root" user and mongodbRootPassword provided password using the --authenticationDatabase admin option (or setting authSource=admin in the connection URL). Example:
kubectl exec -it deployname-mongodb-primary-0 -- mongo dbname -u root -p rootpassword --authenticationDatabase admin
Intstead, if you set mongodbUsername, mongodbPassword and mongodbDatabase, you can connect as non-root user to the configured database; in this case, you should skip the --authenticationDatabase (or authSource=admin) option. Example:
kubectl exec -it deployname-mongodb-primary-0 -- mongo -u username -p userpassword

Related

Mongodb authentication inside a docker container

This is my situation. I have a mongodb docker container instance and i need to change the admin password. Now, I have the credentials to connect to the mongodb just fine, using the host and ip and the credentials. I have access to the server via ssh and I need to change the admin password. But if i do,
mongo manager --port 27017 -u "admin" -p "--------"
--authenticationDatabase "manager"
Gives me an authentication error. And i cannot run any administration commands such as: db.auth('admin', 'password')
My question is how can i stop mongo inside the container if i do?
docker exec -it mongodb bash
Any other workaround will work. The goal is the change the password or create a new admin user to control the users and roles.
Thank you so much for the help. Please let me know if more information is needed.
Are you sure your authenticationDatabase is "manager"?
In anyway, you don't need to stop mongo proces to interact with database but authenticate a user with necessary privileges using mongo shell.
Get access to running mongo container:
$ docker exec -it «container_name» bash
Authenticate using mongo shell:
$ mongo -u admin -p 123admin --authenticationDatabase admin
Once you authenticated, run shell script to switch to database that holds user's data.
$ use admin
Run changeUserPassword command to change password:
$ db.changeUserPassword("admin", "admin123")
Thats it.

Log in to mongo shell without declaring authentication DB

Is it possible to login on mongo shell without declaring the authentication DB? Here's an example, i log in to our mongo server using this command
[localhost$] mongo servername:27117 -u username -p passwd admin
Is there a way to log in without explicitly adding the admin db on the command?
Each user is associated with an authentication database. So if your user is declared in admin database (and authorization activated, what MUST be done in all environment server), it's mandatory to add this param in your login command.
See authentication, and more generally security for more details and explanations.
EDIT
In case of using Connection String URI Format, you can skip authentication database param, in this case 'admin' will be used by default for authentication database, and 'test' by default as target database.
Example : (your user is created in 'admin' database.)
Here's different behaviors :
authentication against 'admin', database targeted is 'test'
$ mongo --host mongodb://user:pwd#myhost:27000
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=admin
$ mongo --host mongodb://user:pwd#myhost:27000/?authSource=admin
authentication against 'admin', database targeted is 'admin'
$ mongo --host mongodb://user:pwd#myhost:27000/admin
$ mongo --host mongodb://user:pwd#myhost:27000/admin?authSource=admin
authentication against 'test', database targeted is 'test' (will not succeed)
$ mongo --host mongodb://user:pwd#myhost:27000/test
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=test
EDIT 2
As you really need to use mongo -h -u -p notation, create your user in your 'test' database, which will be used by default in this case :
this will authenticate against 'test' database, and target 'test' database
mongo -h 199.99.99.99:27000 -u user -p pwd

Mongodb replicaset creation with authentication through docker script

I am struggling to find out the solution to authenticate my mongo db replica set through docker script.I am able to achieve the target on native mongo of server but in docker image I am not able to implement the authentication.(I am able to create the replicaset on docker image as well).
I was facing the same issue, i had to do the process in a different order.
Try setting up the authentication first and then create replications.
1.start docker mongo without replica or auth
docker run --rm -p 22222:27017 -v datadb1:/data/db --name mongonew mongo:2.6
2.connect with mongo and add users you want. And make sure you add a superuser, we will use this user to initiate replication later
db.createUser({ user: "superuser", pwd: "superuser", roles: [ "userAdminAnyDatabase","readWriteAnyDatabase","dbAdminAnyDatabase","clusterAdmin" ]})
3.stop docker mongo and restart with replica and auth
docker run --rm -p 22222:27017 -v datadb1:/data/db --name mongonew mongo:2.6 --replSet replocalnew --auth
4.connect with mongo now. authenticate with the superuser we created.
db.auth("superuser","superuser");
5.now initiate replication
rs.initiate();

Connect to a specific database by default in mongodb

I am running a mongodb on a linux box. So every time I connect to it from the console (typing mongo) I get something like this:
MongoDB shell version: 2.4.9
connecting to: test
And then I am doing use myDatabase (where myDatabase is 99% is the same). So basically I always do some unneeded type of work. Is there a way to configure mongo, so that it will connect to myDatabase by default?
Surprised that I don't find a duplicate of this. Okay, now we have content.
From the command line, just do this:
$ mongo myDatabase
This actually is covered in the documentation, albeit down the page somewhat. No direct link but search for <db address> and the same example is there.
Of course you could have done:
$ mongo --help
MongoDB shell version: 2.4.9
usage: mongo [options] [db address] [file names (ending in .js)]
db address can be:
foo foo database on local machine
192.169.0.5/foo foo database on 192.168.0.5 machine
192.169.0.5:9999/foo foo database on 192.168.0.5 machine on port 9999
Which shows the usage along with other options you can pass in.
Another thing, not quite a default connect but a shortcut is you can do this in the .mongorc.js file:
db=db.getSiblingDB("myDatabase")
Which assigns the variable db to that database so now:
db.collection.find()
Is acting on myDatabase.
As per latest mongodb drivers, we can provide default database name in connection string like this:
1. Connect using the mongoShell
mongo "mongodb+srv://sandbox.ununu.mongodb.net/mydatabase" --username user001
2. Connect using the drivers
mongodb+srv://user001:<password>#sandbox.ununu.mongodb.net/mydatabase?retryWrites=true&w=majority
Details of parametere:
Replace mydatabase with the name of the database that connections will use by default.
sandbox.ununu.mongodb.net is your cluster name
You will be prompted for the password for the Database User,user001.
user001 is username
For more details on passing ReplicaSet, other query string parameters, etc. refer mongodb official document. document link
Usually mongodb connects to default database test. It's very simple connect to any database, we just need to specify the new database name in the mongo shell
With authentication enabled and enter password on runtime (preferred mostly)
mongo --port 27017 -u USERNAME DATABASE_NAME --authenticationDatabase admin
With authentication enabled and password supplied on shell (not recommended)
mongo --port 27017 -u USERNAME -p PASSWORD DATABASE_NAME --authenticationDatabase admin
With authentication disabled
mongo --port 27017 -u USERNAME -p PASSWORD DATABASE_NAME
The above commands will directly connect to the database which we have specified.
Note: make sure the user has the necessary privilege to perform the operations
mongosh
use admin
db.createUser({ user: "user" , pwd: "1234", roles: [ "readWrite", "dbAdmin" ] })
use metadata
db.createCollection("product")
// mongodb://user:1234#localhost:27017/metadata

AWS RDS: How to Connect to Instance

I just set up an Amazon RDS instance. I have a separate application server and I am trying to figure out how to connect to the RDS instance from my EC2 application server. On the Instance page, I have
enbdpoint: mycompany.czdv3mj7ps25.us-west-2.rds.amazonaws.com:5432
I tried to login into to psql using that address but I got
$ psql -h mycompany.czdv3mj7ps25.us-west-2.rds.amazonaws.com:5432 -U myuser -d mydb
psql: could not translate host name "mycompany.czdv3mj7ps25.us-west-2.rds.amazonaws.com:5432" to address: Name or service not known
How do I connect to the instances database? I don't see any other ip addresses in the RDS console.
You have wrong syntax. The correct syntax is:
$ psql --host mycompany.czdv3mj7ps25.us-west-2.rds.amazonaws.com --port 5432 --username myuser --dbname mydb
You have specified port information wrong in you command. the port has to be specified using --port option and not hostname:port
This syntax worked for me in the psql command line:
\connect dbname username hostname port#
If the information is correct it will take a couple seconds to process then it will ask for your password
Also make sure the security group for your instance, the outbound/inbound is setup to allow access from your IP