I have a replica set on a remote host which requires authentication in order to connect. The original (root) user was created in the admin database which I have used in order to remotely connect. I building some sort of a "backup" script which copies a db into the replica set and in a later time I should be able to copy a db from the remote location into other MongoDB instances.
So I wrote the script to copy a database by connecting TO the remote location, authenticating and then running the db.runCommand using copydb: 1. It works great, no problems here.
When I try to copy a db back into my local machine that's when things go wrong, mainly because I have to authenticate as part of the copydb command. I originally tried to use the same technique (db.runCommand) but since the nonce and key authentication are messy by themselves I tried to solve the problem first by writing the commands manually into mongo's shell using db.copyDatabase, according to the documentation it should do this process for me.
This is the command:
db.copyDatabase('from_db', 'to_db', 'remote.host.example.com', 'my_user', 'my_password')
Which responds with:
{ "ok" : 0, "errmsg" : "Authentication failed.", "code" : 18 }
I tried switching roles (root, userAdmin, readWrite, ...) but nothing works. I tried creating another user inside the db I am trying to copy, but that didn't seems to do much other than change the response a little into:
{
"ok" : 0,
"errmsg" : "unable to login { ok: 0.0, code: 18, errmsg: \"Authentication failed.\" }"
}
I searched everywhere, went over anything in the manual which seemed remotely relevant and I still can't figure it out.
How am I suppose to copy a db from a remote location which requires an authentication??
Related
I'm learning MongoDB and trying to use Atlas. I created a remote cluster and tried to connect it using both MongoDB Compass and Studio 3T. However, I noticed that after connecting with Studio 3T, there was an empty database named "test" appearing in the left panel, below "admin" and "local" databases. Where did it come from? And how can I drop it? Because when I tried to drop this database, I got this error
Mongo Server error (MongoCommandException): Command failed with error 8000 (AtlasError): 'user is not allowed to do action [dropDatabase] on [test.]' on server ac-bkmhuxm-shard-00-02.w2nutv2.mongodb.net:27017.
The full response is:
{
"ok" : 0.0,
"errmsg" : "user is not allowed to do action [dropDatabase] on [test.]",
"code" : 8000.0,
"codeName" : "AtlasError"
}
After changing the roles in Atlas, I can now delete the database. However it keeps appearing when I make a new connection to MongoDB. Why is that?
Database test is the default database when you don't define anything.
Databases local, admin and config are MongoDB system internal databases, you should not touch them unless advised by MongoDB support or special admin tasks.
See also 3 default database in MongoDB
I just cloned wolkenkit-todomvc from repo. I tried to execute it with "wolkenkit start" then
docker exec -it todomvc-mongodb mongo admin
show dbs
and got
{
"operationTime" : Timestamp(1514838628, 1),
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13,
"codeName" : "Unauthorized"
}
My questions are
What is the user and password for access these container's database?
how do I access Mongodb and Postgres data from docker container?. such as
db.todos.find()
SELECT * FROM todos
To execute wolkenkit-todomvc you first need to install wolkenkit. The concrete steps depend on your platform. Refer to installing wolkenkit on macOS, installing wolkenkit on Linux, or installing wolkenkit on Windows.
Then run the application by running the following command, as described in the quick start:
$ wolkenkit start
If you want to access the database explicitly, as I assume from reading your question, e.g. to create a backup, you need to use the wolkenkit user. The password is the so-called "shared key", which is shown when running wolkenkit start. If you want to, you can also set the shared key manually, otherwise it is created randomly.
Please note that there are two databases, as you can see from the architecture of wolkenkit, one using PostgreSQL to store the events, one using MongoDB to store the denormalized lists. In the events database, there is only one large table for all the events. This is the raw data. If you are interested in the interpreted views, take a look at the MongoDB.
If you want to create a backup, backup the event store, as this is the single source of truth. The read database can be rebuilt from the event store, but not vice-versa.
Hope this helps.
PS: Please note that I am one of the authors of wolkenkit.
I'm trying to connect to MongoDB through JDBC. The connection string is like below,
mongodb://localhost:27017/games?authSource=admin
However I'm getting the following trace:
{ "ok" : 0.0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1 }", "code" : 13 }
My intention is not listing all the databases, but the user has to authenticate against admin database and can read/write on games database. What mistake I'm making here?
I want user X to authenticate against admin DB but read just games DB so not sure why it asks for listDatabase privilege.
First, I assume you are using the MongoDB Java Driver, which is actually not JDBC.
It would be helpful for you to share:
How you created your user
The Java code that you are executing
The version of mongo-java-driver and MongoDB that you are using
But based on the error, it appears that you are successfully authenticating. I strongly suspect that you are either directly calling listDatabases() or listDatabaseNames().
The other thing that does not look quite right is the fact that you are specifying authSource=admin in your MongoClientURI. But that issue should have given you an Autentication Failed error. You should be either leaving the authSource off of the connection string or specify authSource=games.
Based on what you described, when you created your user, you should have created the user in the games database (users will actually be stored in the admin database, but you would be authenticating against the games database).
I have a mongodb in a replica set running with a cloud provider called compose.io.
I just created a new Google cloud compute mongodb cluster using these instructions
I want to copy all the data in my compose database to the compute instance.
One path I have been following has led me to get a file system backup of the running database and store it locally. I have opened that database locally and executed mongodump (I didn't seem to have permission to do that against the remote database) so I have the output of mongodump and a file system copy of the database stored on my machine.
I have no idea how to get any of this in to the compute cluster I created. I don't seem to be able to run mongorestore although figuring that out is still my main path at the moment. I am getting authentication errors which may be my not getting the command right or a database configuration issue. I am not sure yet.
I tried mongorestore from my local machine to the machine holding the primary database in the replica set.
Edit:
The last thing I tried was copy scp the mongodump output on to that machine and run mongorestore there.
I got this error:
2015-01-28T23:35:40.303+0000 Creating index: { key: { _id: 1 }, ns: "admin.system.users", name: "_id_" }
Error creating index admin.system.users: 13 err: "not authorized to create index on admin.system.users"
Aborted
Now I don't seem to be able to run any commands in mongo that require any kind of privileges, such as list database. Tried passing credentials for users that existed in the original database but that is not working so far.
Here is one possible fix.
Turn off auth in mongod.conf:
# mongod.conf
#auth=false
noauth=true
Run the mongorestore, then restart mongod with auth enabled.
I'm trying to add a shard which is authenticated. So when I try to use this command
mongos> sh.addShard("xxx.xxx.xxx:27018")
I'm getting the following error.
{
"ok" : 0,
"errmsg" : "failed listing xxx.xxx.xxx:27018's
databases:{ ok: 0.0, errmsg: \"unauthorized\" }"
}
Please share your thoughts?
It is not clear on what authenticated user you are using and what all authorizations it is entitled to for your session.
I would suggest you provide following information to complete the question:
User you have authenticated with in mongo. i.e. user being used for starting mongo session or any db.auth(..) after that in the mongo shell.
db.isMaster() to confirm you are connected to appropriate mongos. i.e. in mongo shell output of following:
db.isMaster()
Assigned roles for this user in admin / config database i.e. in mongo shell output of following (by replacing the user id):
use admin
db.system.users.find({user: "ReplaceYourUserIdHere"}).pretty()
use config
db.system.users.find({user: "ReplaceYourUserIdHere"}).pretty()
This should help figure out what roles you may be missing and are required for sh.addShard operation.
Some of the operations need specific privileges and sh.addShard is one of them. You can find detailed privilege / role requirements for various operations at http://docs.mongodb.org/manual/reference/user-privileges/ .