我在docker下设置Graylog2时遇到了一些麻烦。一切正常,直到我尝试使用身份验证。我得到的是永远重复的以下错误。
同时尝试root和graylog用户(在graylog和admin db中)都会得到相同的结果。
来自mongodb的日志表示两个用户都是在安装过程中创建的。但是graylog说它在数据库graylog中找不到任何graylog用户。与用户root相同。
我是MongoDB的新手,不知道身份验证的工作原理。但据我所知,在为root帐户(https://github.com/docker-library/mongo/pull/145)提供user / pw时,会激活身份验证(类似于--auth参数)。
Graylog是否有可能采用与MongoDB不同的认证机制?请参阅pasted log
中的第158行以root用户身份的错误消息
mongodb_1 | 2017-04-16T13:27:52.486+0000 I NETWORK [thread1] connection accepted from 172.18.0.4:46566 #12 (1 connection now open)
mongodb_1 | 2017-04-16T13:27:52.495+0000 I NETWORK [conn12] received client metadata from 172.18.0.4:46566 conn12: { driver: { name: "mongo-java-driver", version: "unknown" }, os: { type: "Linux", name: "Linux", architecture: "amd64", version: "4.4.0-72-generic" }, platform: "Java/Oracle Corporation/1.8.0_72-internal-b15" }
mongodb_1 | 2017-04-16T13:27:52.525+0000 I ACCESS [conn12] SCRAM-SHA-1 authentication failed for root on graylog from client 172.18.0.4:46566 ; UserNotFound: Could not find user root@graylog
mongodb_1 | 2017-04-16T13:27:52.543+0000 I - [conn12] end connection 172.18.0.4:46566 (1 connection now open)
作为graylog用户的错误消息(Full log on pastebin)
mongodb_1 | 2017-04-16T15:47:48.404+0000 I NETWORK [thread1] connection accepted from 172.18.0.4:41602 #7 (1 connection now open)
mongodb_1 | 2017-04-16T15:47:48.410+0000 I NETWORK [conn7] received client metadata from 172.18.0.4:41602 conn7: { driver: { name: "mongo-java-driver", version: "unknown" }, os: { type: "Linux", name: "Linux", architecture: "amd64", version: "4.4.0-72-generic" }, platform: "Java/Oracle Corporation/1.8.0_72-internal-b15" }
mongodb_1 | 2017-04-16T15:47:48.418+0000 I ACCESS [conn7] SCRAM-SHA-1 authentication failed for graylog on graylog from client 172.18.0.4:41602 ; UserNotFound: Could not find user graylog@graylog
mongodb_1 | 2017-04-16T15:47:48.423+0000 I - [conn7] end connection 172.18.0.4:41602 (1 connection now open)
这是我的 ./ docker-composer.yml
version: '2'
services:
mongodb:
build: ./mongodb
volumes:
- /docker/mongodb/data:/data/db
elasticsearch:
image: "elasticsearch:2"
command: "elasticsearch -Des.cluster.name='graylog'"
volumes:
- /docker/elasticsearch/data:/usr/share/elasticsearch/data
graylog:
image: graylog2/server
volumes:
- /docker/graylog/journal:/usr/share/graylog/data/journal
- /docker/graylog/config:/usr/share/graylog/data/config
environment:
#GRAYLOG_MONGODB_URI: mongodb://root:drUqGGCMh@mongodb:27017/graylog
GRAYLOG_MONGODB_URI: mongodb://graylog:vWGzncmBe9@mongodb:27017/graylog
depends_on:
- mongodb
- elasticsearch
ports:
- "9000:9000"
./的mongodb / Dockerfile
FROM mongo:3
ENV MONGO_INITDB_ROOT_USERNAME: root
ENV MONGO_INITDB_ROOT_PASSWORD: drUqGGCMh
ADD grayloguser.js /docker-entrypoint-initdb.d/grayloguser.js
./ mogodb / grayloguser.js
db.getSiblingDB('graylog');
db.createUser(
{
user: "graylog",
pwd: "vWGzncmBe9",
roles: [
{ role: "dbOwner", db: "graylog" }
]
}
);
答案 0 :(得分:1)
您的MongoDB脚本不正确。
将db.getSiblingDB('graylog')的返回值分配给变量并将其用于createUser(),或者继续使用use graylog:
graylog = db.getSiblingDB('graylog');
graylog.createUser(
{
user: "graylog",
pwd: "vWGzncmBe9",
roles: [
{ role: "dbOwner", db: "graylog" }
]
}
);
换句话说,只需坚持使用MongoDB文档:https://docs.mongodb.com/manual/tutorial/create-users/#username-password-authentication