我在OpenShift云上使用StrongLoop和MongoDB磁带,我无法使用Explorer界面查询和操作我的集合中的资源。
我创建了一个简单的模型定义并在OpenShift上部署了所有内容。 MongoDB版本是2.4.9。 MongoDB使用命令行启动:
mongod --auth -f /var/lib/openshift/<openshift-account>/mongodb//conf/mongodb.conf run
上面引用的.conf文件是:
# mongodb.conf
bind_ip = <redacted>
#port = 27017
dbpath=/var/lib/openshift/<redacted>/mongodb/data/
pidfilepath=/var/lib/openshift/<redacted>/mongodb/pid/mongodb.pid
# Enables periodic logging of CPU utilization and I/O wait
#cpu = false
# Turn on/off security. Off is currently the default
#noauth = true
# Verbose logging output.
#verbose = true
# Inspect all client data for validity on receipt (useful for
# developing drivers)
#objcheck = true
# Enable db quota management
#quota = true
# Set oplogging level where n is
# 0=off (default)
# 1=W
# 2=R
# 3=both
# 7=W+some reads
#oplog = 0
# Diagnostic/debugging option
#nocursors = true
# Ignore query hints
#nohints = true
# Disable the HTTP interface (Defaults to localhost:27018).
nohttpinterface = true
# Turns off server-side scripting. This will result in greatly limited
# functionality
#noscripting = true
# Turns off table scans. Any query that would do a table scan fails.
#notablescan = true
# Disable data file preallocation.
noprealloc = true
# Specify .ns file size for new databases.
# nssize = <size>
# Accout token for Mongo monitoring server.
#mms-token = <token>
# Server name for Mongo monitoring server.
#mms-name = <server-name>
# Ping interval for Mongo monitoring server.
#mms-interval = <seconds>
# Replication Options
# in replicated mongo databases, specify here whether this is a slave or master
#slave = true
#source = master.example.com
# Slave only: specify a single database to replicate
#only = master.example.com
# or
#master = true
#source = slave.example.com
# Address of a server to pair with.
#pairwith = <server:port>
# Address of arbiter server.
#arbiter = <server:port>
# Automatically resync if slave data is stale
#autoresync
# Custom size for replication operation log.
#oplogSize = 10
# Size limit for in-memory storage of op ids.
#opIdMem = <bytes>
# Specific configuration for openshift cartridge
smallfiles = true
quiet = true
使用Explore UI,我正在尝试对所有对象进行GET。我希望收到一个空的结果,但我收到一个访问控制错误。
{
"error": {
"name": "MongoError",
"status": 500,
"message": "not authorized for query on admin.ACL",
"stack": "MongoError: not authorized for query on admin.ACL\n at Object.toError (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/utils.js:114:11)\n at /var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/cursor.js:700:54\n at Cursor.close (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/cursor.js:989:5)\n at commandHandler (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/cursor.js:700:21)\n at /var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/db.js:1916:9\n at Server.Base._callHandler (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/connection/base.js:448:41)\n at /var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/connection/server.js:481:18\n at MongoReply.parseBody (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)\n at null.<anonymous> (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/connection/server.js:439:20)\n at emit (events.js:95:17)"
}
}
以下是请求提示的mongodb日志文件的摘录:
Thu Oct 30 08:06:56.633 [conn9] assertion 16550 not authorized for query on <redacted>.ACL ns:<redacted>.ACL query:{ $query: { model: "Media", property: { $in: [ "find", "*" ] }, accessType: { $in: [ "READ", "*" ] } }, orderby: { _id: 1 } }
Thu Oct 30 08:07:13.949 [conn13] authenticate db: admin { authenticate: 1, user: "admin", nonce: "<redacted>", key: "<redacted>" }
Thu Oct 30 08:07:14.717 [conn13] command admin.$cmd command: { listDatabases: 1 } ntoreturn:1 keyUpdates:0 locks(micros) R:458 W:106047 r:48 reslen:285 136ms
Thu Oct 30 08:07:14.826 [conn13] command admin.$cmd command: { $eval: CodeWScope( function (){ return db.getCollectionNames(); }, {}), args: {} } ntoreturn:1 keyUpdates:0 locks(micros) W:106944 reslen:92 106ms
Thu Oct 30 08:07:14.918 [conn14] authenticate db: admin { authenticate: 1, user: "admin", nonce: "<redacted>", key: "<redacted>" }
尝试使用Explorer界面在集合中创建资源时收到相同的错误。请注意,它正在验证的用户名是admin,这不是我在datasources.json中包含的用户名和凭据:
{
"db": {
"name": "db",
"connector": "memory"
},
"cloudMongoDB": {
"host": "<redacted>",
"port": "27017",
"url": "mongodb://<redacted:27017/<redacted",
"username": "<not-user-admin>",
"password": "<redacted>",
"name": "cloudMongoDB",
"connector": "mongodb",
"database": "<redacted>"
}
}
一个令人困惑的元素是datasources.json中使用的用户名和凭据不是admin(如错误日志中所列),而是另一个具有查询角色的用户,该数据库用于查询集合。管理员用户根据openshift盒式磁带默认设置。因此管理员用户无权访问目标数据库。
我可以使用我在datasources.json中使用的相同凭据从Mongo客户端工具浏览数据库,包括向数据库添加数据。
因此,似乎datasources.json中的用户名和密码未被集成到Strongloop身份验证中。我是否需要将凭证明确添加到URL中,以便将它们用于身份验证?
我有兴趣了解这条消息的含义。从资源管理器应用程序配置StrongLoop以访问MongoDB需要执行哪些用户管理步骤?
MW
使用解决方案更新: 当我将datasources.json中的url更改为表格&#34; mongodb:// username:password @ ... StrongLoop作为我的非管理员用户进行身份验证并继续前进。我在授予用户的角色中发现了一个拼写错误(&#34;正确的角色是readWrite,而我最初授予了readwrite&#34;)。一旦我修复了角色定义,我现在可以将StrongLoop资源管理器与MongoDB一起使用。
然后我从我的datasources.json中删除了url参数,发现StrongLoop使用数据库,用户名,密码来构建自己的URL并按预期连接。似乎url字段覆盖了数据源定义中的其他字段。目前,一切正常。
答案 0 :(得分:0)
感谢您的更新,我们也将澄清最后一部分文档。