For the purpose of wanting to create a MongoDB database in a Capistrano task, I need to figure out how to create a new database via the MongoDB shell when MongoDB is running with auth turned on.
With auth turned on the MongoDB shell can't do anything without first authenticating, but authenticating has to happen while using the admin database as far as I'm aware. So I've been connecting to it for starters like:
sudo -u mongodb mongo admin --eval "db.auth(username, password)"
And that authenticates me for further action but...at that point I need to create the database, and a user for it in the same shell session. I can't however:
sudo -u mongodb mongo admin --eval "db.auth(username, password);use new_database"
Because use database can't be used in eval. So I've tried instead:
sudo -u mongodb mongo admin --eval "db.auth(username, password);db = connect('localhost:27017/new_database')"
And that will actually get me an instance of the new database I want created but if I try to:
sudo -u mongodb mongo admin --eval "db.auth(username, password);connect('localhost:27017/new_database').addUser(new_user, new_password)"
I get an authentication error, so apparently using the connect() command forgets that I've authenticated before.
So this is where I'm stuck, trying to create a database in one line with MongoDB using auth and an admin user.
Any suggestions on how I can do this?
You can use db.getSiblingDB(name) to reference the new database and add a new account, eg:
mongo -u username -p password admin --eval "db.getSiblingDB('new_database').addUser('new_user', 'new_password');"
Now you should be able to authenticate from the command line using -u and -p:
mongo -u new_user -p new_password new_database
Beware of the fact that addUser function got deprecated since version 2.6.
Use db.createUser() and db.updateUser() instead of db.addUser() to add users to MongoDB.
Your code should be like below :
mongo -u username -p password admin --eval "db.getSiblingDB('new_database').createUser({ user : 'new_user', pwd : 'new_password', roles : [{ role: 'readWrite', db: 'new_database'}]});"
Related
This is my situation. I have a mongodb docker container instance and i need to change the admin password. Now, I have the credentials to connect to the mongodb just fine, using the host and ip and the credentials. I have access to the server via ssh and I need to change the admin password. But if i do,
mongo manager --port 27017 -u "admin" -p "--------"
--authenticationDatabase "manager"
Gives me an authentication error. And i cannot run any administration commands such as: db.auth('admin', 'password')
My question is how can i stop mongo inside the container if i do?
docker exec -it mongodb bash
Any other workaround will work. The goal is the change the password or create a new admin user to control the users and roles.
Thank you so much for the help. Please let me know if more information is needed.
Are you sure your authenticationDatabase is "manager"?
In anyway, you don't need to stop mongo proces to interact with database but authenticate a user with necessary privileges using mongo shell.
Get access to running mongo container:
$ docker exec -it «container_name» bash
Authenticate using mongo shell:
$ mongo -u admin -p 123admin --authenticationDatabase admin
Once you authenticated, run shell script to switch to database that holds user's data.
$ use admin
Run changeUserPassword command to change password:
$ db.changeUserPassword("admin", "admin123")
Thats it.
Is it possible to login on mongo shell without declaring the authentication DB? Here's an example, i log in to our mongo server using this command
[localhost$] mongo servername:27117 -u username -p passwd admin
Is there a way to log in without explicitly adding the admin db on the command?
Each user is associated with an authentication database. So if your user is declared in admin database (and authorization activated, what MUST be done in all environment server), it's mandatory to add this param in your login command.
See authentication, and more generally security for more details and explanations.
EDIT
In case of using Connection String URI Format, you can skip authentication database param, in this case 'admin' will be used by default for authentication database, and 'test' by default as target database.
Example : (your user is created in 'admin' database.)
Here's different behaviors :
authentication against 'admin', database targeted is 'test'
$ mongo --host mongodb://user:pwd#myhost:27000
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=admin
$ mongo --host mongodb://user:pwd#myhost:27000/?authSource=admin
authentication against 'admin', database targeted is 'admin'
$ mongo --host mongodb://user:pwd#myhost:27000/admin
$ mongo --host mongodb://user:pwd#myhost:27000/admin?authSource=admin
authentication against 'test', database targeted is 'test' (will not succeed)
$ mongo --host mongodb://user:pwd#myhost:27000/test
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=test
EDIT 2
As you really need to use mongo -h -u -p notation, create your user in your 'test' database, which will be used by default in this case :
this will authenticate against 'test' database, and target 'test' database
mongo -h 199.99.99.99:27000 -u user -p pwd
I am trying to restore a MongoDB on an EC2 instance. I am currently running Mongo 4.0. I am restoring a .tgz, which I then unzip, and it contains a directory with all of my files. I previously used this command:
sudo mongorestore --db newDB mongoDump-2018-07-25-0200/viboDB/
Now that I am trying to update our database, I am getting the following error.
building a list of collections to restore from mongoDump-2018-07-25/0200 dir
Failed: viboBI2.Songs: error reading database: command listCollections requires authentication
I have logged into the mongo shell, and used db.auth() to authenticate as an admin. I have tried restarting mongo as well. Any help would be appreciated!
For restoring the Database you need to provide authentication.
mongorestore -u USERNAME -p PASSWORD --authenticationDatabase admin -d dbNAME PATH/TO/DIRECTORY
you can also provide host and port by adding -h and --port
Using mongorestore, I am trying to restore a MongoDB database to a new server (both version are 3.4). The new server has -auth enabled, so you are required to login. The database does not exist so I want mongorestore to create it using the --db option. This works when authorization is not enabled but if I enable authorization the restore fails with the following error:
Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
I am using an admin account with the root role when I attempt the restore.
Backing up prod and restoring to dev is a fairly regular activity for us, but we can't just drop the existing database and recreate it because of the error above, not unless we disable authorization which doesn't make much sense. Is there a better way to do this/avoid the SASL errors/not have to disable auth?
I was getting the same error and while I couldn't figure out what was wrong restoring with my admin user (my hunch is a ! in the password which escaping did not help) I was able to restore by creating a new user specifically for the role.
In mongo shell:
>use admin;
>db.createUser({
user: 'restoreuser',
pwd: 'restorepwd',
roles: ['restore']
});
In terminal:
$mongorestore --host databasehost:12345 --username restoreuser --password restorepwd --authenticationDatabase admin --db targetdb ./path/to/dump/
Thanks to Adamo Tonete over at Percona, he helped us solve this problem. If you want to restore a database using your admin user with the root role, you need to specify the authentication database and user in the mongorestore command.
mongorestore --host hostname:27017 -u adminuser -p pass --authenticationDatabase admin -d TargetDatabase /Data/TargetDatabaseRestore
That tells mongo to use the admin database to authenticate the user you are passing in. If that user has the correct rights assigned, it will be able to create the new database.
First Access your db to 4366 port then run this command
mongorestore --port 4366 -u admin -p password --authenticationDatabase admin -d dealmoney /home/yash/Desktop/prodDump/teatingToProductionLastDump/dealmoney .
I am running a mongodb on a linux box. So every time I connect to it from the console (typing mongo) I get something like this:
MongoDB shell version: 2.4.9
connecting to: test
And then I am doing use myDatabase (where myDatabase is 99% is the same). So basically I always do some unneeded type of work. Is there a way to configure mongo, so that it will connect to myDatabase by default?
Surprised that I don't find a duplicate of this. Okay, now we have content.
From the command line, just do this:
$ mongo myDatabase
This actually is covered in the documentation, albeit down the page somewhat. No direct link but search for <db address> and the same example is there.
Of course you could have done:
$ mongo --help
MongoDB shell version: 2.4.9
usage: mongo [options] [db address] [file names (ending in .js)]
db address can be:
foo foo database on local machine
192.169.0.5/foo foo database on 192.168.0.5 machine
192.169.0.5:9999/foo foo database on 192.168.0.5 machine on port 9999
Which shows the usage along with other options you can pass in.
Another thing, not quite a default connect but a shortcut is you can do this in the .mongorc.js file:
db=db.getSiblingDB("myDatabase")
Which assigns the variable db to that database so now:
db.collection.find()
Is acting on myDatabase.
As per latest mongodb drivers, we can provide default database name in connection string like this:
1. Connect using the mongoShell
mongo "mongodb+srv://sandbox.ununu.mongodb.net/mydatabase" --username user001
2. Connect using the drivers
mongodb+srv://user001:<password>#sandbox.ununu.mongodb.net/mydatabase?retryWrites=true&w=majority
Details of parametere:
Replace mydatabase with the name of the database that connections will use by default.
sandbox.ununu.mongodb.net is your cluster name
You will be prompted for the password for the Database User,user001.
user001 is username
For more details on passing ReplicaSet, other query string parameters, etc. refer mongodb official document. document link
Usually mongodb connects to default database test. It's very simple connect to any database, we just need to specify the new database name in the mongo shell
With authentication enabled and enter password on runtime (preferred mostly)
mongo --port 27017 -u USERNAME DATABASE_NAME --authenticationDatabase admin
With authentication enabled and password supplied on shell (not recommended)
mongo --port 27017 -u USERNAME -p PASSWORD DATABASE_NAME --authenticationDatabase admin
With authentication disabled
mongo --port 27017 -u USERNAME -p PASSWORD DATABASE_NAME
The above commands will directly connect to the database which we have specified.
Note: make sure the user has the necessary privilege to perform the operations
mongosh
use admin
db.createUser({ user: "user" , pwd: "1234", roles: [ "readWrite", "dbAdmin" ] })
use metadata
db.createCollection("product")
// mongodb://user:1234#localhost:27017/metadata