We Keep Coding

Mongo : db.auth() fails on windows

I'm trying to run a mongo instance on a windows container.
I have found this answer regarding authentication but I does not work for me
MongoDB: Server has startup warnings ''Access control is not enabled for the database''
I have a cfg file which I'm using to start mongo, my image is based on an existing mongo docker image on top of which I'm just copying my config file amd I'm trying to instruct mongo to use it. I actually don't know if it really does this, but as far as I know the base image CMD is overriden with my new CMD.
This is the dockerfile
FROM mongo:windowsservercore-1809
WORKDIR c:\
COPY .\mongod.Win.cfg .
CMD ["mongod", "--auth", "-f", "mongod.Win.cfg"]
And this is my mongod.win.cfg
storage:
dbPath: C:\data\db
journal:
enabled: true
security:
authorization: enabled
And I'm building the image in a docker-compose
invoice_db:
build:
context: ./Invoice.Db
dockerfile: ./mongo.win.Dockerfile
image: mongo:v1
container_name: invoice-db
ports:
- 27017:27017
environment:
MONGO_INITDB_ROOT_USERNAME: "admin"
MONGO_INITDB_ROOT_PASSWORD: "pass"
volumes:
- invoice-data-volume:c:\data\db
restart: unless-stopped
volumes:
invoice-data-volume:
name: invoice-data
When I ssh in the container and try to login as admin with the password pass I get this
PS C:\> mongo
MongoDB shell version v5.0.9
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("17467fb1-ecf9-426c-9041-0f15c3a47d30") }
MongoDB server version: 5.0.9
================
Warning: the "mongo" shell has been superseded by "mongosh",
which delivers improved usability and compatibility.The "mongo" shell has been deprecated and will be removed in
an upcoming release.
For installation instructions, see
https://docs.mongodb.com/mongodb-shell/install/
================
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
https://docs.mongodb.com/
Questions? Try the MongoDB Developer Community Forums
https://community.mongodb.com
> use admin
switched to db admin
> db.auth("admin", "pass")
Error: Authentication failed.
0
> db.auth("admin", passwordPrompt())
Enter password:
Error: Authentication failed.
0
>
The logs from the running container.
{"t":{"$date":"2022-07-18T23:38:10.420+03:00"},"s":"I", "c":"ACCESS", "id":20436, "ctx":"conn1","msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on admin to execute command { getCmdLineOpts: 1.0, lsid: { id: UUID("17467fb1-ecf9-426c-9041-0f15c3a47d30") }, $db: "admin" }"}}}
{"t":{"$date":"2022-07-18T23:38:18.120+03:00"},"s":"I", "c":"ACCESS", "id":20436, "ctx":"conn1","msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on admin to execute command { listCollections: 1.0, filter: {}, nameOnly: true, authorizedCollections: true, maxTimeMS: 1000.0, lsid: { id: UUID("17467fb1-ecf9-426c-9041-0f15c3a47d30") }, $db: "admin" }"}}}
{"t":{"$date":"2022-07-18T23:38:21.712+03:00"},"s":"I", "c":"ACCESS", "id":20251, "ctx":"conn1","msg":"Supported SASL mechanisms requested for unknown user","attr":{"user":{"user":"admin","db":"admin"}}}
{"t":{"$date":"2022-07-18T23:38:21.713+03:00"},"s":"I", "c":"ACCESS", "id":20249, "ctx":"conn1","msg":"Authentication failed","attr":{"mechanism":"SCRAM-SHA-1","speculative":false,"principalName":"admin","authenticationDatabase":"admin","remote":"127.0.0.1:49160","extraInfo":{},"error":"UserNotFound: Could not find user "admin" for db "admin""}}
{"t":{"$date":"2022-07-18T23:38:25.438+03:00"},"s":"I", "c":"ACCESS", "id":20436, "ctx":"conn1","msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on admin to execute command { listCollections: 1.0, filter: {}, nameOnly: true, authorizedCollections: true, maxTimeMS: 1000.0, lsid: { id: UUID("17467fb1-ecf9-426c-9041-0f15c3a47d30") }, $db: "admin" }"}}}
{"t":{"$date":"2022-07-18T23:38:32.311+03:00"},"s":"I", "c":"ACCESS", "id":20251, "ctx":"conn1","msg":"Supported SASL mechanisms requested for unknown user","attr":{"user":{"user":"admin","db":"admin"}}}
{"t":{"$date":"2022-07-18T23:38:32.312+03:00"},"s":"I", "c":"ACCESS", "id":20249, "ctx":"conn1","msg":"Authentication failed","attr":{"mechanism":"SCRAM-SHA-1","speculative":false,"principalName":"admin","authenticationDatabase":"admin","remote":"127.0.0.1:49160","extraInfo":{},"error":"UserNotFound: Could not find user "admin" for db "admin""}}
{"t":{"$date":"2022-07-18T23:38:37.028+03:00"},"s":"I", "c":"STORAGE", "id":22430, "ctx":"Checkpointer","msg":"WiredTiger message","attr":{"message":"[1658176717:28384][1272:140723313332832], WT_SESSION.checkpoint: [WT_VERB_CHECKPOINT_PROGRESS] saving checkpoint snapshot min: 34, snapshot max: 34 snapshot count: 0, oldest timestamp: (0, 0) , meta checkpoint timestamp: (0, 0) base write gen: 1"}}
{"t":{"$date":"2022-07-18T23:39:37.051+03:00"},"s":"I", "c":"STORAGE", "id":22430, "ctx":"Checkpointer","msg":"WiredTiger message","attr":{"message":"[1658176777:50893][1272:140723313332832], WT_SESSION.checkpoint: [WT_VERB_CHECKPOINT_PROGRESS] saving checkpoint snapshot min: 37, snapshot max: 37 snapshot count: 0, oldest timestamp: (0, 0) , meta checkpoint timestamp: (0, 0) base write gen: 1"}}
{"t":{"$date":"2022-07-18T23:40:37.067+03:00"},"s":"I", "c":"STORAGE", "id":22430, "ctx":"Checkpointer","msg":"WiredTiger message","attr":{"message":"[1658176837:67089][1272:140723313332832], WT_SESSION.checkpoint: [WT_VERB_CHECKPOINT_PROGRESS] saving checkpoint snapshot min: 39, snapshot max: 39 snapshot count: 0, oldest timestamp: (0, 0) , meta checkpoint timestamp: (0, 0) base write gen: 1"}}
Can someone help me figure out this ?

try with:
db.auth({user:"admin", pwd:"pass", mechanism:"SCRAM"})

Cannot create a mongo database with docker

I'm having trouble creating a mongo database using the docker-compose command. Docker desktop tells me that everything is up and running including the db, but all I get is the standard 'admin, config, local' not the db I want to create. Here's my docker-compose.yaml
version: '3'
services:
app:
build: ./
entrypoint: ./.docker/entrypoint.sh
ports:
- 3000:3000
volumes:
- .:/home/node/app
depends_on:
- db
db:
image: mongo:4.4.4
restart: always
volumes:
- ./.docker/dbdata:/data/db
- ./.docker/mongo:/docker-entrypoint-initdb.d
environment:
- MONGO_INITDB_ROOT_USERNAME=root
- MONGO_INITDB_ROOT_PASSWORD=root
- MONGO_INITDB_DATABASE=nest
mongo-express:
image: mongo-express
restart: always
ports:
- 8081:8081
environment:
- ME_CONFIG_MONGODB_SERVER=db
- ME_CONFIG_MONGODB_AUTH_USERNAME=root
- ME_CONFIG_MONGODB_AUTH_PASSWORD=root
- ME_CONFIG_MONGODB_ADMINUSERNAME=root
- ME_CONFIG_MONGODB_ADMINPASSWORD=root
depends_on:
- db
my init.js inside .docker/mongo
db.routes.insertMany([
{
_id: "1",
title: "Primeiro",
startPosition: {lat: -15.82594, lng: -47.92923},
endPosition: {lat: -15.82942, lng: -47.92765},
},
{
_id: "2",
title: "Segundo",
startPosition: {lat: -15.82449, lng: -47.92756},
endPosition: {lat: -15.82776, lng: -47.92621},
},
{
_id: "3",
title: "Terceiro",
startPosition: {lat: -15.82331, lng: -47.92588},
endPosition: {lat: -15.82758, lng: -47.92532},
}
]);
and my dockerfile
FROM node:14.18.1-alpine
RUN apk add --no-cache bash
RUN npm install -g #nestjs/cli
USER node
WORKDIR /home/node/app
and this is the 'error' log I get from docker when I run the nest container with mongodb, nest app and mongo express(there is actually a lot more but SO keeps thinking that it is spam for some reason.
about to fork child process, waiting until server is ready for connections.
Successfully added user: {
"user" : "root",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
Error saving history file: FileOpenFailed Unable to open() file /home/mongodb/.dbshell: No such file or directory
{"t":{"$date":"2022-06-01T19:39:15.542+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn2","msg":"Connection ended","attr":{"remote":"127.0.0.1:39304","connectionId":2,"connectionCount":0}}
/usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/init.js
{"t":{"$date":"2022-06-01T19:39:15.683+00:00"},"s":"I", "c":"NETWORK", "id":22943, "ctx":"listener","msg":"Connection accepted","attr":{"remote":"127.0.0.1:39310","connectionId":3,"connectionCount":1}}
{"t":{"$date":"2022-06-01T19:39:15.684+00:00"},"s":"I", "c":"NETWORK", "id":51800, "ctx":"conn3","msg":"client metadata","attr":{"remote":"127.0.0.1:39310","client":"conn3","doc":{"application":{"name":"MongoDB Shell"},"driver":{"name":"MongoDB Internal Client","version":"4.4.4"},"os":{"type":"Linux","name":"Ubuntu","architecture":"x86_64","version":"18.04"}}}}
{"t":{"$date":"2022-06-01T19:39:15.701+00:00"},"s":"I", "c":"STORAGE", "id":20320, "ctx":"conn3","msg":"createCollection","attr":{"namespace":"nest.routes","uuidDisposition":"generated","uuid":{"uuid":{"$uuid":"f689868e-af6d-4ec6-b555-dcf520f24788"}},"options":{}}}
{"t":{"$date":"2022-06-01T19:39:15.761+00:00"},"s":"I", "c":"INDEX", "id":20345, "ctx":"conn3","msg":"Index build: done building","attr":{"buildUUID":null,"namespace":"nest.routes","index":"_id_","commitTimestamp":{"$timestamp":{"t":0,"i":0}}}}
uncaught exception: ReferenceError: colection is not defined :
#/docker-entrypoint-initdb.d/init.js:23:1
failed to load: /docker-entrypoint-initdb.d/init.js
exiting with code -3
this is what running docker-compose ps shows
NAME COMMAND SERVICE STATUS PORTS
nest-api-app-1 "./.docker/entrypoin…" app running 0.0.0.0:3000->3000/tcp
nest-api-db-1 "docker-entrypoint.s…" db running 27017/tcp
nest-api-mongo-express-1 "tini -- /docker-ent…" mongo-express running 0.0.0.0:8081->8081/tcp
this what my docker desktop shows

The MongoDB container only creates a database if no database already exists. You probably already have one, which is why a new database isn't created and your initialization script isn't run.
Delete the contents of ./.docker/dbdata on the host. Then start the containers with docker-compose and Mongo should create your database for you.

Cannot configure a Mongo replicaSet from docker init script

I am trying to set up a 2 node replicaSet in docker for local development only. Single node already works fine, but there are keyfile issues when trying to add a member as part of the docker init script (NB I see the keyfile is set correctly from the logs). The same command works fine from a shell though, not via the init script.
Basically, the current config has worked fine for one node, but adding another gives the following error:
mongo_1 | {"t":{"$date":"2021-07-21T16:33:19.583+00:00"},"s":"W", "c":"REPL", "id":23724, "ctx":"ReplCoord-0","msg":"Got error response on heartbeat request","attr":{"hbStatus":{"code":13,"codeName":"Unauthorized","errmsg":"command replSetHeartbeat requires authentication"},"requestTarget":"mongo-secondary:27017","hbResp":{"ok":1.0}}}
mongo_1 | {"t":{"$date":"2021-07-21T16:33:19.583+00:00"},"s":"E", "c":"REPL", "id":21426, "ctx":"conn2","msg":"replSetInitiate failed","attr":{"error":{"code":74,"codeName":"NodeNotFound","errmsg":"replSetInitiate quorum check failed because not all proposed set members responded affirmatively: mongo-secondary:27017 failed with command replSetHeartbeat requires authentication"}}}
If I remove mongo-secondary from the set, then after startup use a shell to mongo to load the exact same config, everything works fine (they keyfile is used and the set is made with both members).
Currently my config is:
# docker-compose.yml
mongo: &MONGO
image: mongo:4.4
restart: unless-stopped
volumes:
- mongo_data:/data/db
- ./scripts/docker/mongo/001_mongo_init.js:/docker-entrypoint-initdb.d/001_mongo_init.js:ro
- ./scripts/docker/mongo/mongo-entrypoint.sh:/mongo-entrypoint
- ./conf/mongodb/mongod-config.yml:/etc/mongod.yml
entrypoint: sh /mongo-entrypoint
ports:
- 27017:27017
env_file:
- ./env/mongo.env
command: --auth --config /etc/mongod.yml
extra_hosts:
- mongo:127.0.0.1
mongo-secondary:
<<: *MONGO
volumes:
- mongo_secondary_data:/data/db
- ./scripts/docker/mongo/mongo-entrypoint.sh:/mongo-entrypoint
- ./conf/mongodb/mongod-config.yml:/etc/mongod.yml
ports:
- 27018:27017
extra_hosts:
- mongo-secondary:127.0.0.1
# mongo-entrypoint.sh
#!/bin/sh
set -eu
# Create the keyfile used for mongo replicaSet auth.
keyfile=/home/keyfile
echo "Creating replicaSet keyfile..."
echo "keyfile" > ${keyfile}
chmod 0400 $keyfile
chown mongodb $keyfile
echo "Created replicaSet keyfile."
# original entrypoint
exec docker-entrypoint.sh "$#"
// 001_mongo_init.js
function getEnv(envVar) {
const ret = run('sh', '-c', `printenv ${envVar} > /tmp/${envVar}.txt`);
if (ret !== 0) throw Error(`Value "${envVar}" is not present in the environment.`);
return cat(`/tmp/${envVar}.txt`).trim(); // NB cat leaves a \n at the end of text
}
// create replicaset
const rsconf = {
_id: getEnv('MONGODB_REPLICA_SET'),
members: [
{
_id: 0,
host: 'mongo:27017',
},
{
_id: 1,
host: 'mongo-secondary:27017',
priority: 0, // prevent from becoming master
},
],
};
rs.initiate(rsconf);
rs.conf();
// further code to create users etc.
# mongod-config.yml
---
security:
keyFile: /home/keyfile
replication:
replSetName: rs0
enableMajorityReadConcern: true

Can a Mongo-Express container connect to MongoDB with TLS?

I have a mongo container, started with the requireTLS TLS mode, and a mongo-express container. Mongo-express does not seem to manage to connect to mongo using TLS.
My docker-compose.yml:
version: '3.1'
services:
mongodb1:
image : "mongo:4.2"
container_name : "mongodb-001"
ports:
- '27017:27017'
environment:
MONGO_INITDB_ROOT_USERNAME : "admin"
MONGO_INITDB_ROOT_PASSWORD : "adminpasswd"
volumes:
- "./mongo-data:/data/db"
- "./etc_mongod.conf:/etc/mongod.conf"
- "./certificates:/etc/certificates:ro"
command:
- "--tlsMode"
- "preferTLS"
- "--tlsDisabledProtocols"
- "none"
- "--tlsCertificateKeyFile"
- "/etc/certificates/certificateKey.pem"
- "--tlsCAFile"
- "/etc/certificates/CA.crt"
- "--tlsAllowConnectionsWithoutCertificates"
mongo-express:
image : "mongo-express:latest"
container_name : "mongo-express-001"
ports:
- '8081:8081'
depends_on:
- mongodb1
volumes:
- "./certificates/CA.crt:/etc/certificates/CA.crt:ro"
environment:
ME_CONFIG_MONGODB_SERVER: "mongodb-001"
ME_CONFIG_MONGODB_PORT: "27017"
ME_CONFIG_MONGODB_ENABLE_ADMIN: "false"
ME_CONFIG_MONGODB_AUTH_DATABASE: "admin"
ME_CONFIG_MONGODB_AUTH_USERNAME: "admin"
ME_CONFIG_MONGODB_AUTH_PASSWORD: "adminpasswd"
ME_CONFIG_MONGODB_ADMINUSERNAME: "admin"
ME_CONFIG_MONGODB_ADMINPASSWORD: "adminpasswd"
ME_CONFIG_SITE_SSL_ENABLED: "true"
ME_CONFIG_MONGODB_CA_FILE: "/etc/certificates/CA.crt"
...and the error message I get:
mongodb-001 | 2020-10-09T14:16:13.299+0000 I NETWORK [listener] connection accepted from 172.31.0.3:44774 #2 (1 connection now open)
mongodb-001 | 2020-10-09T14:16:13.305+0000 I NETWORK [conn2] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 172.31.0.3:44774 (connection id: 2)
mongodb-001 | 2020-10-09T14:16:13.305+0000 I NETWORK [conn2] end connection 172.31.0.3:44774 (0 connections now open)
mongo-express-001 |
mongo-express-001 | /node_modules/mongodb/lib/server.js:265
mongo-express-001 | process.nextTick(function() { throw err; })
mongo-express-001 | ^
mongo-express-001 | Error [MongoError]: connection 0 to mongodb-001:27017 closed
mongo-express-001 | at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:29:11)
mongo-express-001 | at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:200:22)
mongo-express-001 | at Object.onceWrapper (events.js:422:26)
mongo-express-001 | at Socket.emit (events.js:315:20)
mongo-express-001 | at TCP.<anonymous> (net.js:674:12)
mongo-express-001 exited with code 1
Note that:
I can connect to MongoDB using a mongo shell with the same parameters I pass to mongo-express:
mongo "mongodb://admin:adminpasswd#mongodb-001:27017/admin?authSource=admin" --tls --tlsCAFile certificates/CA.crt
If I start MongoDB in preferTLS mode, the mongo-express connection works

tl;dr
Create a new config.js file with the following code
module.exports = {
mongodb: {
connectionOptions: {
ssl: true,
}
}
};
and mount that file in your docker compose file at /node_modules/mongo-express/config.js
Explanation
It appears to be an issue with their config.default.js file. In it, they have this
module.exports = {
mongodb: {
// if a connection string options such as server/port/etc are ignored
connectionString: mongo.connectionString || getConnectionStringFromEnvVariables(),
connectionOptions: {
// ssl: connect to the server using secure SSL
ssl: process.env.ME_CONFIG_MONGODB_SSL || mongo.ssl,
// sslValidate: validate mongod server certificate against CA
sslValidate: process.env.ME_CONFIG_MONGODB_SSLVALIDATE || true,
// sslCA: array of valid CA certificates
sslCA: sslCAFromEnv ? [sslCAFromEnv] : [],
// autoReconnect: automatically reconnect if connection is lost
autoReconnect: true,
// poolSize: size of connection pool (number of connections to use)
poolSize: 4,
}
}
You'll notice the existence of an env var that's not listed (with reason) in their documentation. ME_CONFIG_MONGODB_SSL
This is required to enable tls support. Setting the env var yourself however does nothing but throw an error and break express due to it not being cast to a Boolean. So it just reads as a string 'true' or 'false'.
This code is fixed in their npm package code, but they haven't updated their docker image since late 2021. So the only "fix" I've found for this is to create a new config.js file with the following code
module.exports = {
mongodb: {
connectionOptions: {
ssl: true,
sslValidate: true,
}
}
};
Then mount this file at /node_modules/mongo-express/config.js in your docker-compose file. It'll read these and overwrite the defaults.
Note: I added the sslValidate key:value pair as well due to the fact that it suffers from the same lack of type casting. So if you omit the ME_CONFIG_MONGODB_SSLVALIDATE env var entirely, it'll be set as true, but if you include the env var as either true or false, it'll just simply break (undefined behaviour).

Failed to connect to a mongodb docker container from mongoose on host

I'm trying to connect to mongodb running in docker from the app running on host using mongoose but it failed.
I can't use the port 27017 for the new mongodb container because it is used by other container. So I followed the guide here for setting it up using the compose.
Below are the snippets:
docker-compose.yml
version: '3'
services:
db:
image: mongo:latest
restart: always
ports:
- '8081:8081'
environment:
MONGO_INITDB_ROOT_USERNAME: root1
MONGO_INITDB_ROOT_PASSWORD: password1
But when I do docker-ps, port 27017 still there but I'm not sure if that causes an issue.
PORTS
0.0.0.0:8081->8081/tcp, 27017/tcp
Then I created a new user in admin database.
use admin
db.createUser(
{
user: "admin1",
pwd: "password2",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
server.js
const connectOption = {
useNewUrlParser: true,
user: 'admin1',
pass: 'password2',
authSource: 'admin',
}
const mongoURL = 'mongodb://localhost:8081/app1';
mongoose.connect(mongoURL, connectOption)
.then(() => console.log('MongoDB Connected'))
.catch(error => console.log(error));
And the error I received is
{
MongoNetworkError: failed to connect to server [localhost:8081] on first connect [MongoNetworkError: write EPIPE]
...
...
...
name: 'MongoNetworkError',
errorLabels: [ 'TransientTransactionError' ],
[Symbol(mongoErrorContextSymbol)]: {}
}

Assuming you're running nodejs application as a docker-compose service, in db service remove ports section (including - '8081:8081'
line). In server.js, change const mongoURL = 'mongodb://localhost:8081/app1'; to const mongoURL = 'mongodb://db:27017/app1';.
If you want to access the db from host machine, change ports 8081:8081 to <give-a-port-number>:27017.