I have a meteor app with nginx and on the same server I have a mongoDB database which have an authentication.
When I want to connect on the database in ssh, it works fine with the authentication.
But on the meteor app, I always have a 502 bad gateway error.
I think it's because the application can't connect to the database but I don't know how to connect it.
On the file /etc/init/myapp.conf , I change the mongo url :
export MONGO_URL=mongodb://user:password#127.0.0.1:27017/myapp
but I have always the same problem.
And in the file /var/log/mongodb/mongodb.log, I have these errors :
[initandlisten] connection accepted from 127.0.0.1:45266 #2680 (3 connections now open)
[conn2680] assertion 16550 not authorized for query on myapp.system.indexes ns:myapp.system.indexes query:{ ns: "myapp.users"$
[conn2680] ntoskip:0 ntoreturn:1000
[conn2680] end connection 127.0.0.1:45266 (2 connections now open)
[initandlisten] connection accepted from 127.0.0.1:45268 #2681 (3 connections now open)
[conn2681] assertion 16550 not authorized for query on myapp.system.indexes ns:myapp.system.indexes query:{ ns: "myapp.users"$
[conn2681] ntoskip:0 ntoreturn:1000
[conn2681] end connection 127.0.0.1:45268 (2 connections now open)
When I remove the authentication in the database, it works fine, but I need this authentication.
Do you know how to connect the application to the database with authentication ?
Update :
In the file /home/myapp/myapp.log, I have :
Exception in setInterval callback: MongoError: not authorized for update on myapp.users
at Object.Future.wait (/home/myapp/bundle/programs/server/node_modules/fibers/future.js:449:15)
at [object Object].<anonymous> (packages/meteor.js:213:24)
at [object Object].MongoConnection.(anonymous function) [as update] (packages/mongo/mongo_driver.js:774:49)
at [object Object].update (packages/mongo/collection.js:581:29)
at AccountsServer.Ap._expireTokens (packages/accounts-base/accounts_server.js:1115:14)
at packages/accounts-base/accounts_server.js:1204:14
at [object Object]._.extend.withValue (packages/meteor.js:1122:17)
at packages/meteor.js:445:45
at runWithEnvironment (packages/meteor.js:1176:24)
- - - - -
at Function.MongoError.create (/home/myapp/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/error.js:31:$
at toError (/home/myapp/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/utils.js:114:22)
at /home/myapp/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/collection.js:1047:60
at getLastErrorCallback (/home/myapp/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/wireprotocol/2_4_s$
at /home/theroofwebapp/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/connection/pool.js:455:18
at process._tickCallback (node.js:355:11)
Connect to mongo shell and authenticate as admin and then try below
use admin
db.system.users.update({"user" : "your_user"}, {$addToSet: {'otherDBRoles.myapp': 'readWrite'}}, false, false)
Replace your_user with your db username and myapp with the targeted database name
Here are some things for you to double check.
Make sure that you are exporting MONGO_URL wherever you are starting your Meteor app. You mentioned that you are doing your export MONGO_URL in /etc/init/myapp.conf. That doesn't sound like the correct place.
Make sure you are actually including your real username and password in the mongodb connection string and the connection string is using the correct port where mongodb is actually running. What you included in your question is a generic example but also included your app's name so its unclear if this is actually what you are using.
Double check the role you setup for the mongodb user used by your Meteor app. Make sure you at least gave the role of readWrite. Here is an example.
db.createUser(
{
user: "meteor",
pwd: "meteor",
roles: [ { role: "readWrite", db: "meteor_app" } ]
}
);
Related
I've just followed this guide on setting up Auth with Mongo DB, as well as this guide to get a user set up as an administrator.
Running mongo > use admin > show users prints the following:
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
After this, I run the server again with --auth and use the following command:
mongo -u "root" -p "xxx" --authenticationDatabase "admin"
This prints the following:
MongoDB shell version: 3.2.19
connecting to: test
2018-03-29T15:52:32.329+0200 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1441:20
#(auth):6:1
#(auth):1:2
exception: login failed
Trying to run this without the --auth parameter lets me log in just fine.
The --auth parameter also gives me the following output in the server console:
I ACCESS [conn1] note: no users configured in admin.system.users, allowing localhost access
But I'm actually unsure about why it isn't picking up any root/admin user I create. When trying to connect with Robo 3T, the terminal prints the following:
I NETWORK [initandlisten] connection accepted from xxx:44924 #2 (2 connections now open)
I ACCESS [conn2] SCRAM-SHA-1 authentication failed for root on admin from client xxx ; UserNotFound: Could not find user root#admin
I NETWORK [conn2] end connection xxx:44924 (1 connection now open
Solution by OP.
Issue fixed by following this article.
It seems that, despite using --auth when connecting to the server, by not commenting out the line bindIp: 127.0.0.1 and adding authorization: 'enabled' to the security section in /etc/mongod.conf, I was only allowing access to the local machine - the server itself. The error messages could have been worded a bit better, but that's security. I guess.
Whilst this was a very silly oversight, no documentation I had previously looked at had covered this issue.
I am right now attempting my first Heroku deployment of a SailsJS API. My app uses SailsJS v0.11 andsails-mongo 0.11.2.
I have updated config/connections.js to include the connection information to MongoDB database I have hosted for free at Mongolab.
mongodb: {
adapter: 'sails-mongo',
url: "mongodb://db-user:password123#ds047812.mongolab.com:47812/testing-db"
}
Also updated config/models.js to point to that adapter.
module.exports.models = {
connection: 'mongodb',
migrate: 'safe'
};
This is basically all I have changed from running the code locally, when I deploy to Heroku the app crashes and I get this error...
/home/zacharyhustles/smallChangeAPI/node_modules/connect-mongo/lib/connect-mongo.js:186
throw err;
^
at Socket.emit (events.js:107:17)
2015-07-08T19:37:00.778316+00:00 app[web.1]:
at Socket.<anonymous> (/app/node_modules/connect-mongo/node_modules/mongodb/lib/mongodb/connection/connection.js:534:10)
Error: Error connecting to database: failed to connect to [localhost:27017]
How do I get rid of this, and make sure Sails does not try connecting to localhost db?
Ok, the problem was with storing sessions.
My solution was to setup a Redis database to store sessions.
In config/sessions.js make sure everything is commented out except for the method you want for session store.
Mine looked like this:
adapter: 'redis',
host: 'example.redistogo.com',
port: 1111,
db: '/redistogo',
pass: 'XXXXXYYYYYYXYXYXYYX',
This solved my posted problem, hope this helps another person out.
If I run Meteor locally it works perfectly. If I call Meteor with a MONGO_URL that has no username:password it works perfectly too. However, if I turn on the MongoDB authentication and restart and then run Meteor with the username:password set, as in MONGO_URL="mongodb://username:password#127.0.0.1:27017/meteor", then I get an authentication failure as Meteor loads. I have checked that the username and password are correct. I have read that there maybe problems with Meteor and MongoDB authentication so does anyone have any information on this? I am using the following versions:
Meteor - 1.0.3.2
MongoDB - 2.6.7 (installed via brew)
I20150304-21:48:00.597(1)? Exception in callback of async function: MongoError: auth failed
I20150304-21:48:00.598(1)? at Object.toError (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/utils.js:110:11)
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1128:31
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1843:9
I20150304-21:48:00.598(1)? at Server.Base._callHandler (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/base.js:445:41)
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:468:18
I20150304-21:48:00.598(1)? at [object Object].MongoReply.parseBody (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)
I20150304-21:48:00.599(1)? at [object Object].<anonymous> (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:426:20)
I20150304-21:48:00.599(1)? at [object Object].emit (events.js:95:17)
I20150304-21:48:00.599(1)? at [object Object].<anonymous> (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/connection_pool.js:201:13)
I20150304-21:48:00.599(1)? at [object Object].emit (events.js:98:17)
=================================================
I thought I had an answer to the above but alas not, I made suggested changes and I still could not authenticate. So, to provide more details:
I have upgraded to MonogoDB 3.0.0
I delete the database so that a brand new one was created.
My config file is as follows:
systemLog:
destination: file
path: /usr/local/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /usr/local/var/mongodb
net:
bindIp: 127.0.0.1
security:
authorization: enabled
On the "admin" database a "super user" has been created as follows:
use admin
db.createUser({user: "superuser", pwd: "password", roles:["root"]})use admin
I then created a user on the "meteor" database
db.auth("superuser", "password")
use meteor
db.createUser({user: "meteor", pwd: "password", roles: [{ role: "readWrite", db: "meteor"}]})
The above step generates:
Successfully added user: {
"user" : "meteor",
"roles" : [
{
"role" : "readWrite",
"db" : "meteor"
}
]
}
If I perform a db.getUsers() I get the message:
[
{
"_id" : "meteor.meteor",
"user" : "meteor",
"db" : "meteor",
"roles" : [
{
"role" : "readWrite",
"db" : "meteor"
}
]
}
]
If I comment out the two security lines in the config then I can access MongoDB from Meteor or RoboMongo without a problem - using mongodb:127.0.0.1:27017/meteor. If I uncomment the two security lines in the config then I can no longer access MongoDB from either Meteor or MongoDB - using mongodb://meteor:password#127.0.0.1:27017/meteor. In the last instance I continue to get the message that authentication failed. In the MongoDB logs I have:
authenticate db: meteor { authenticate: 1, nonce: "xxx", user: "meteor", key: "xxx" }
2015-03-08T14:34:44.909+0100 I ACCESS [conn7] Failed to authenticate meteor#meteor with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user meteor#meteor
Update
The answer below and the configuration above work on v2.6.7
I haven't seen the issues you describe and without seeing code or knowing how you "turned on" MongoDB authentication I need to guess - so let's focus on what made things work for me.
You should check where the user was created. In MongoDB there are multiple databases, each having their own users. When using your connection string
mongodb://username:password#127.0.0.1:27017/meteor
you are authenticating against the meteor database. Using a tool such as RoboMongo I'd check if the user is actually inside that database or whether you created it inside the admin (or any other) database.
As a quick rundown:
When securing MongoDB you need to set an admin account, change the mongodb.conf file that it contains the line auth = true and restart. Then using the admin account you create a new (low-privilege) db user that has only access to the meteor database. You can do this using the command line like this (code for 2.6 as this was in your questions and will be default for next Meteor version):
db.createUser(
{ user: "username",
pwd: "password",
roles: [
{ role: "readwrite", db: "meteor" }
]
})
If you run mongod on the same box as Meteor I think we can safely rule out any issues with net.port or net.bindIpconfig settings where the DB would simply not listen to requests.
If you did all this and restarted MongoDB, perhaps a meteor reset inside your projects can help fix anything.
it turns out for me was just about having special chars on the password and a dash on the username, once i made it simpler it all worked like magic :(
I had the same issue when I deployed on my new VPS.
On this new VPS, mongo version is 3.0.1
To solve the problem, a meteor update before building the package and it works
(meteor version: 1.0.4.1)
I am trying to use mongoDB MMS backup functionality. I am getting the following error when trying to connect in the "Add Host" part of the wizard.
Unable to detect host within check interval.
I have MongoDB 2.6.4 on a my Windows 7 laptop. I've created an admin user with the following privileges:
> db.createUser(
... {
... user: "admin",
... pwd: "xxx"
... roles: [
... "clusterAdmin",
... "readAnyDatabase",
... "dbAdminAnyDatabase",
... "userAdminAnyDatabase"
... ]
... }
... );
I run mongod --auth.
Now I try to connect via MMS using MONGODB-CR Auth mechanism and get the error I described above.
In the log I get many errors like the following:
[2014/10/21 09:13:59] [monitoring.info] [monitoring-agent/components/agent.go:551]
Starting 2 marshal handlers
[2014/10/21 09:14:21] [monitoring.error] [monitoring-agent/components/agent.go:314]
Failed to fetch Conf
Failure getting conf. Op: Get Err: dial tcp [I've hide the IP]:443: ConnectEx tcp:
A connection attempt failed because the connected party did not properly respond after
a period of time, or established connection failed because connected host has failed
to respond.
at monitoring-agent/components/conf.go:249
at monitoring-agent/components/agent.go:312
at mongodb.com/monitoring-agent/monitoring-agent-service.go:129
at winsvc/svc/service.go:200
at pkg/runtime/proc.c:1445
Using Robomongo 0.8.4 client I was able to log-in using the user and pass.
I want to be able for MMS to connect to my local machine and initialize a backup of the databases on my machine.
Thanks in advance.
I had this error while configuring my mongodb-mms. On my Ops Manager server I had configured my TLS connections correctly, but on the mongo server being monitored I had the incorrect TLS certificate. The log /var/log/mongodb-mms-automation/monitoring-agent.log on the agent I was trying to monitor helped me out:
[2020/04/26 02:05:47.363] [discovery.collector-mongo2:27017.error] [components/discovery.go:contexts:580] Discovery commands requiring authentication will be skipped.
Failed to get connectionStatus. Err: `auth error: round trip error: (UserNotFound) Could not find user "CN=mms,OU=TestClientCertificateOrgUnit,O=TestClientCertificateOrg,L=TestClientCertificateLocality,ST=TestClientCertificateState,C=US" for db "$external"`
at monitoring-agent/components/dialing.go:442
at monitoring-agent/components/dialing.go:200
at monitoring-agent/components/dialing.go:306
at monitoring-agent/components/dialing.go:323
at louisaberger/procexec/concurrency.go:45
at src/runtime/asm_amd64.s:1357
See this page to add in your mms user so that the user can authenticate correctly (or fix your certs if it's just a mixup).
I'm trying to set password for mongodb to prevent access to db with empty login and pass (set by default).
I'm statring mongo server:
sudo ./mongod
Starting client:
./mongo
Setting password:
use admin
db.addUser("root", "root")
exit
The output is:
MongoDB shell version: 2.2.0
connecting to: test
> use admin
switched to db admin
> db.addUser("root", "root")
{
"user" : "root",
"readOnly" : false,
"pwd" : "2a8025f0885adad5a8ce0044070032b3",
"_id" : ObjectId("50c90b94e28c41a388104f64")
}
> exit
Hoever, wheh I try to auth with empty credentials (I use mViever admin UI), it still works. Otherwise, access with root/root is not avialable. What I'm doing wrong?
Also tried to start mongo server with -auth parameter, the same result:
./mongod -auth
UPD: After starting with -auth parameter can't login with any pass. Getting:
Thu Dec 13 03:27:38 uncaught exception: error {
"$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
"code" : 10057
}
Update: I dont know what's goin on...
> db.auth("root","root");
1
> ^C
bye
It can login. Let's restart ./mongod --auth and ./mongo:
MacBook-Pro-Ilya:bin ilyarusanen$ ./mongo
MongoDB shell version: 2.2.2
connecting to: test
> db.auth("root","root")
Error: { errmsg: "auth fails", ok: 0.0 }
0
> db.test.insert({"yeah":"2342"})
Fri Dec 14 08:52:05 uncaught exception: getlasterror failed: { "errmsg" : "need to login", "ok" : 0 }
> use admin
switched to db admin
> db.addUser("root","root")
Fri Dec 14 08:52:14 uncaught exception: error {
"$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
"code" : 10057
}
> db.auth("root","root")
1
Why at first it can login? Why after restarting mongo is not able to login? And why after FAILED attempt to addUser, it becomes able to login? Thanks.
UPDATE2: MongoHub seems to auth ok. However, from NodeJS I still can't login: I use such code:
mongo_db.open(function(err,data){
if(data){
data.authenticate("root", "root",function(err2,data2){
if(data2){
console.log("Database opened");
}
else{
console.log(err2);
}
});
} else {
console.log(err);
}
});
And I get:
{ [MongoError: auth fails] name: 'MongoError', errmsg: 'auth fails', ok: 0 }
But mention, MongoHub with same credentials works fine.
From your comment you mention that you are using mViewer. Version 0.9.1 of mViewer does not support authentication. According to this issue on the mViewer GitHub, this is resolved in version 0.9.2, which was targeted for release in Oct.
Before starting the node with authentication, log on to the node and add a user. Then start the node with --auth and connect to the shell without mViewer.
At this point you can connect to the admin database and authenticate your admin user:
use admin
db.auth('root', 'root')
Since you set up an admin user, which will have access to all the databases, you need to authenticate against the admin database. Once you have done this you will have access to all the databases. You will also be able to create new users on any database, or create new read only users for all the databases.
If you create a new user that has access to only one database, that user would need to use that database and db.auth(name, pass) against it.
If you create a new user that has read only access to all databases, they would use admin and then db.auth(name, pass) to gain their read only access to all databases
You can find more information on setting up authentication here and more information about setting up users here
Note: When you start a node without --auth then no authentication is enabled. This means you can connect with the shell and db.auth('root','root') but it won't do anything as far as access is concerned. MongoDB will not deny access to the databases without --auth command line option (--keyFile in sharded setups or replica sets)