Mongodb authentication inside a docker container - mongodb

This is my situation. I have a mongodb docker container instance and i need to change the admin password. Now, I have the credentials to connect to the mongodb just fine, using the host and ip and the credentials. I have access to the server via ssh and I need to change the admin password. But if i do,
mongo manager --port 27017 -u "admin" -p "--------"
--authenticationDatabase "manager"
Gives me an authentication error. And i cannot run any administration commands such as: db.auth('admin', 'password')
My question is how can i stop mongo inside the container if i do?
docker exec -it mongodb bash
Any other workaround will work. The goal is the change the password or create a new admin user to control the users and roles.
Thank you so much for the help. Please let me know if more information is needed.

Are you sure your authenticationDatabase is "manager"?
In anyway, you don't need to stop mongo proces to interact with database but authenticate a user with necessary privileges using mongo shell.
Get access to running mongo container:
$ docker exec -it «container_name» bash
Authenticate using mongo shell:
$ mongo -u admin -p 123admin --authenticationDatabase admin
Once you authenticated, run shell script to switch to database that holds user's data.
$ use admin
Run changeUserPassword command to change password:
$ db.changeUserPassword("admin", "admin123")
Thats it.

Related

Helm Kubernetes MongoDB authentification

How can we authenticate to a mongodb database created by helm stable/mongo chart (from another pod in the same cluster)?
The "one pod url" mongodb://user:password#mongodb:27017/dbname does not work because we have to authenticate to the admin pod
According to mongo documentation, we should use something like :
mongodb://user:password#mongodb-1,mongodb-2,mongodb-3:27017/dbname
but the chart only creates one service ?!
I tried also to add ?authSource=admin&replicaSet=rs0 at the url but authentication still fails..
I managed to connect with the following url (only as root) :
mongodb://root:<root_password>#mongodb.mongodb:27017/<db_name>?authSource=admin&replicaSet=rs0
with the --authenticationDatabase admin of the NOTES.txt converted to authSource=admin url parameter
Using the stable/mongodb chart and enabling the replicaSet option, you should connect to the service hostname <deployment fullname>-mongodb using the "root" user and mongodbRootPassword provided password using the --authenticationDatabase admin option (or setting authSource=admin in the connection URL). Example:
kubectl exec -it deployname-mongodb-primary-0 -- mongo dbname -u root -p rootpassword --authenticationDatabase admin
Intstead, if you set mongodbUsername, mongodbPassword and mongodbDatabase, you can connect as non-root user to the configured database; in this case, you should skip the --authenticationDatabase (or authSource=admin) option. Example:
kubectl exec -it deployname-mongodb-primary-0 -- mongo -u username -p userpassword

Log in to mongo shell without declaring authentication DB

Is it possible to login on mongo shell without declaring the authentication DB? Here's an example, i log in to our mongo server using this command
[localhost$] mongo servername:27117 -u username -p passwd admin
Is there a way to log in without explicitly adding the admin db on the command?
Each user is associated with an authentication database. So if your user is declared in admin database (and authorization activated, what MUST be done in all environment server), it's mandatory to add this param in your login command.
See authentication, and more generally security for more details and explanations.
EDIT
In case of using Connection String URI Format, you can skip authentication database param, in this case 'admin' will be used by default for authentication database, and 'test' by default as target database.
Example : (your user is created in 'admin' database.)
Here's different behaviors :
authentication against 'admin', database targeted is 'test'
$ mongo --host mongodb://user:pwd#myhost:27000
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=admin
$ mongo --host mongodb://user:pwd#myhost:27000/?authSource=admin
authentication against 'admin', database targeted is 'admin'
$ mongo --host mongodb://user:pwd#myhost:27000/admin
$ mongo --host mongodb://user:pwd#myhost:27000/admin?authSource=admin
authentication against 'test', database targeted is 'test' (will not succeed)
$ mongo --host mongodb://user:pwd#myhost:27000/test
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=test
EDIT 2
As you really need to use mongo -h -u -p notation, create your user in your 'test' database, which will be used by default in this case :
this will authenticate against 'test' database, and target 'test' database
mongo -h 199.99.99.99:27000 -u user -p pwd

Use mongorestore to restore a database to MongoDB (3.4) with --auth enabled, SASL error

Using mongorestore, I am trying to restore a MongoDB database to a new server (both version are 3.4). The new server has -auth enabled, so you are required to login. The database does not exist so I want mongorestore to create it using the --db option. This works when authorization is not enabled but if I enable authorization the restore fails with the following error:
Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
I am using an admin account with the root role when I attempt the restore.
Backing up prod and restoring to dev is a fairly regular activity for us, but we can't just drop the existing database and recreate it because of the error above, not unless we disable authorization which doesn't make much sense. Is there a better way to do this/avoid the SASL errors/not have to disable auth?
I was getting the same error and while I couldn't figure out what was wrong restoring with my admin user (my hunch is a ! in the password which escaping did not help) I was able to restore by creating a new user specifically for the role.
In mongo shell:
>use admin;
>db.createUser({
user: 'restoreuser',
pwd: 'restorepwd',
roles: ['restore']
});
In terminal:
$mongorestore --host databasehost:12345 --username restoreuser --password restorepwd --authenticationDatabase admin --db targetdb ./path/to/dump/
Thanks to Adamo Tonete over at Percona, he helped us solve this problem. If you want to restore a database using your admin user with the root role, you need to specify the authentication database and user in the mongorestore command.
mongorestore --host hostname:27017 -u adminuser -p pass --authenticationDatabase admin -d TargetDatabase /Data/TargetDatabaseRestore
That tells mongo to use the admin database to authenticate the user you are passing in. If that user has the correct rights assigned, it will be able to create the new database.
First Access your db to 4366 port then run this command
mongorestore --port 4366 -u admin -p password --authenticationDatabase admin -d dealmoney /home/yash/Desktop/prodDump/teatingToProductionLastDump/dealmoney .

Mongodb replicaset creation with authentication through docker script

I am struggling to find out the solution to authenticate my mongo db replica set through docker script.I am able to achieve the target on native mongo of server but in docker image I am not able to implement the authentication.(I am able to create the replicaset on docker image as well).
I was facing the same issue, i had to do the process in a different order.
Try setting up the authentication first and then create replications.
1.start docker mongo without replica or auth
docker run --rm -p 22222:27017 -v datadb1:/data/db --name mongonew mongo:2.6
2.connect with mongo and add users you want. And make sure you add a superuser, we will use this user to initiate replication later
db.createUser({ user: "superuser", pwd: "superuser", roles: [ "userAdminAnyDatabase","readWriteAnyDatabase","dbAdminAnyDatabase","clusterAdmin" ]})
3.stop docker mongo and restart with replica and auth
docker run --rm -p 22222:27017 -v datadb1:/data/db --name mongonew mongo:2.6 --replSet replocalnew --auth
4.connect with mongo now. authenticate with the superuser we created.
db.auth("superuser","superuser");
5.now initiate replication
rs.initiate();

How do I create a new MongoDB from the command line with auth turned on?

For the purpose of wanting to create a MongoDB database in a Capistrano task, I need to figure out how to create a new database via the MongoDB shell when MongoDB is running with auth turned on.
With auth turned on the MongoDB shell can't do anything without first authenticating, but authenticating has to happen while using the admin database as far as I'm aware. So I've been connecting to it for starters like:
sudo -u mongodb mongo admin --eval "db.auth(username, password)"
And that authenticates me for further action but...at that point I need to create the database, and a user for it in the same shell session. I can't however:
sudo -u mongodb mongo admin --eval "db.auth(username, password);use new_database"
Because use database can't be used in eval. So I've tried instead:
sudo -u mongodb mongo admin --eval "db.auth(username, password);db = connect('localhost:27017/new_database')"
And that will actually get me an instance of the new database I want created but if I try to:
sudo -u mongodb mongo admin --eval "db.auth(username, password);connect('localhost:27017/new_database').addUser(new_user, new_password)"
I get an authentication error, so apparently using the connect() command forgets that I've authenticated before.
So this is where I'm stuck, trying to create a database in one line with MongoDB using auth and an admin user.
Any suggestions on how I can do this?
You can use db.getSiblingDB(name) to reference the new database and add a new account, eg:
mongo -u username -p password admin --eval "db.getSiblingDB('new_database').addUser('new_user', 'new_password');"
Now you should be able to authenticate from the command line using -u and -p:
mongo -u new_user -p new_password new_database
Beware of the fact that addUser function got deprecated since version 2.6.
Use db.createUser() and db.updateUser() instead of db.addUser() to add users to MongoDB.
Your code should be like below :
mongo -u username -p password admin --eval "db.getSiblingDB('new_database').createUser({ user : 'new_user', pwd : 'new_password', roles : [{ role: 'readWrite', db: 'new_database'}]});"