无法针对 mongo docker 容器进行身份验证
Unable to auth against mongo docker container
我已经使用官方 docker 容器创建了一个 mongo 服务器。
如果我检查容器,我会发现以下预期环境:
"StdinOnce": false,
"Env": [
"MONGO_INITDB_ROOT_USERNAME=root",
"MONGO_INITDB_ROOT_PASSWORD=xxxxx",
"MONGO_INITDB_DATABASE=unpubd",
"affinity:container==5b49b08d73960bfefe10eae7df25328f2296d9eb2c648af330e3ef75f928a289",
,
"GOSU_VERSION=1.12",
"JSYAML_VERSION=3.13.1",
"MONGO_PACKAGE=mongodb-org",
"MONGO_REPO=repo.mongodb.org",
"MONGO_MAJOR=5.0",
"MONGO_VERSION=5.0.4"
],
我的理解是,这应该创建一个名为 unpubd 的数据库,并且
具有指定密码的 root 用户。
问题是我无法对容器进行授权。
我已经尝试了三个不同的 url 都得到了相同的结果。:
mongodb://root:XXXX@localhost:27017/
mongodb://root:XXXX@localhost:27017/unpub
mongodb://root:XXXX@localhost:27017/admin
mongodb://root:XXXX@localhost:27017/unpubd?authSource=admin
MongoDart Error: Authentication failed.
我也试过 mongo 命令 shell:
use admin
var x = new Mongo('localhost');
var mydb = x.getDB('unpubd');
mydb.auth('root', 'XXXX')
Error: Authentication failed.
我不清楚 auth 数据库与我的 unpubd 数据库。
我是否使用 admin db 进行身份验证?
我假设 root 用户将能够读取 unpub 数据库?
这是我的 docker-compose 文件
version: '3.1'
networks:
unpubd:
driver: bridge
volumes:
mongodata: null
services:
mongodb:
container_name: mongo
image: mongo:latest
restart: on-failure
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
MONGO_INITDB_DATABASE: ${MONGO_INITDB_DATABASE}
volumes:
- mongodata:/data/db
networks:
- unpubd
ports:
- 27017:27017
logging:
driver: "local"
unpubd:
container_name: unpubd
image: noojee/unpubd:latest
restart: on-failure
depends_on:
- mongodb
environment:
MONGO_ROOT_USERNAME: ${MONGO_ROOT_USERNAME}
MONGO_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD}
MONGO_DATABASE: ${MONGO_DATABASE}
MONGO_HOST: ${MONGO_HOST}
MONGO_PORT: ${MONGO_PORT}
UNPUBD_PORT: ${UNPUBD_PORT}
TZ: ${TZ}
links:
- mongodb
networks:
- unpubd
ports:
- ${UNPUBD_PORT}:${UNPUBD_PORT}
logging:
driver: "local"
示例 .env 文件
MONGO_INITDB_ROOT_USERNAME=root
MONGO_INITDB_ROOT_PASSWORD=abc1234
MONGO_INITDB_DATABASE=unpubd
MONGO_DATABASE=unpubd
MONGO_ROOT_USERNAME=root
MONGO_ROOT_PASSWORD=abc1234
MONGO_DATABASE=unpubd
MONGO_HOST=mongodb
MONGO_PORT=27017
TZ=AUS Eastern Daylight Time
UNPUBD_HOST=0.0.0.0
UNPUBD_PORT=4000
我花了一秒钟才弄明白。
从日志中我可以看到,当 mongodb 启动时,它会执行以下操作:
mongo | Successfully added user: {
mongo | "user" : "root",
mongo | "roles" : [
mongo | {
mongo | "role" : "root",
mongo | "db" : "admin"
mongo | }
mongo | ]
mongo | }
如您所见,它在管理数据库中创建用户,而不是您在 MONGO_INITDB_DATABASE 中指定的用户。
查看 mongo 图像在 docker 中心的文档:
MONGO_INITDB_ROOT_USERNAME, MONGO_INITDB_ROOT_PASSWORD:
These variables, used in conjunction, create a new user and set that user's password. This user is created in the admin authentication database and given the role of root, which is a "superuser" role.
和
MONGO_INITDB_DATABASE:
This variable allows you to specify the name of a database to be used for creation scripts in /docker-entrypoint-initdb.d/*.js
您需要做的是创建一个脚本,将您的用户添加到您在 init 环境变量中使用的数据库中,例如:
db.createUser(
{
user: "root",
pwd: "abc1234",
roles: [ "readWrite", "dbAdmin" ]
}
)
并将其绑定到 /docker-entrypoint-initdb.d/
我已经使用官方 docker 容器创建了一个 mongo 服务器。
如果我检查容器,我会发现以下预期环境:
"StdinOnce": false,
"Env": [
"MONGO_INITDB_ROOT_USERNAME=root",
"MONGO_INITDB_ROOT_PASSWORD=xxxxx",
"MONGO_INITDB_DATABASE=unpubd",
"affinity:container==5b49b08d73960bfefe10eae7df25328f2296d9eb2c648af330e3ef75f928a289",
,
"GOSU_VERSION=1.12",
"JSYAML_VERSION=3.13.1",
"MONGO_PACKAGE=mongodb-org",
"MONGO_REPO=repo.mongodb.org",
"MONGO_MAJOR=5.0",
"MONGO_VERSION=5.0.4"
],
我的理解是,这应该创建一个名为 unpubd 的数据库,并且 具有指定密码的 root 用户。
问题是我无法对容器进行授权。 我已经尝试了三个不同的 url 都得到了相同的结果。:
mongodb://root:XXXX@localhost:27017/
mongodb://root:XXXX@localhost:27017/unpub
mongodb://root:XXXX@localhost:27017/admin
mongodb://root:XXXX@localhost:27017/unpubd?authSource=admin
MongoDart Error: Authentication failed.
我也试过 mongo 命令 shell:
use admin
var x = new Mongo('localhost');
var mydb = x.getDB('unpubd');
mydb.auth('root', 'XXXX')
Error: Authentication failed.
我不清楚 auth 数据库与我的 unpubd 数据库。 我是否使用 admin db 进行身份验证? 我假设 root 用户将能够读取 unpub 数据库?
这是我的 docker-compose 文件
version: '3.1'
networks:
unpubd:
driver: bridge
volumes:
mongodata: null
services:
mongodb:
container_name: mongo
image: mongo:latest
restart: on-failure
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
MONGO_INITDB_DATABASE: ${MONGO_INITDB_DATABASE}
volumes:
- mongodata:/data/db
networks:
- unpubd
ports:
- 27017:27017
logging:
driver: "local"
unpubd:
container_name: unpubd
image: noojee/unpubd:latest
restart: on-failure
depends_on:
- mongodb
environment:
MONGO_ROOT_USERNAME: ${MONGO_ROOT_USERNAME}
MONGO_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD}
MONGO_DATABASE: ${MONGO_DATABASE}
MONGO_HOST: ${MONGO_HOST}
MONGO_PORT: ${MONGO_PORT}
UNPUBD_PORT: ${UNPUBD_PORT}
TZ: ${TZ}
links:
- mongodb
networks:
- unpubd
ports:
- ${UNPUBD_PORT}:${UNPUBD_PORT}
logging:
driver: "local"
示例 .env 文件
MONGO_INITDB_ROOT_USERNAME=root
MONGO_INITDB_ROOT_PASSWORD=abc1234
MONGO_INITDB_DATABASE=unpubd
MONGO_DATABASE=unpubd
MONGO_ROOT_USERNAME=root
MONGO_ROOT_PASSWORD=abc1234
MONGO_DATABASE=unpubd
MONGO_HOST=mongodb
MONGO_PORT=27017
TZ=AUS Eastern Daylight Time
UNPUBD_HOST=0.0.0.0
UNPUBD_PORT=4000
我花了一秒钟才弄明白。
从日志中我可以看到,当 mongodb 启动时,它会执行以下操作:
mongo | Successfully added user: {
mongo | "user" : "root",
mongo | "roles" : [
mongo | {
mongo | "role" : "root",
mongo | "db" : "admin"
mongo | }
mongo | ]
mongo | }
如您所见,它在管理数据库中创建用户,而不是您在 MONGO_INITDB_DATABASE 中指定的用户。
查看 mongo 图像在 docker 中心的文档:
MONGO_INITDB_ROOT_USERNAME,MONGO_INITDB_ROOT_PASSWORD:These variables, used in conjunction, create a new user and set that user's password. This user is created in the admin authentication database and given the role of root, which is a "superuser" role.
和
MONGO_INITDB_DATABASE:This variable allows you to specify the name of a database to be used for creation scripts in /docker-entrypoint-initdb.d/*.js
您需要做的是创建一个脚本,将您的用户添加到您在 init 环境变量中使用的数据库中,例如:
db.createUser(
{
user: "root",
pwd: "abc1234",
roles: [ "readWrite", "dbAdmin" ]
}
)
并将其绑定到 /docker-entrypoint-initdb.d/